Anyone actually use unifi in a 50-100 person office?
Discussion
Looking at a new cat A site which doesn't currently have any structured cabling in place. Will be about 65 people to start with, but just wondering if anyone uses ubiquiti for proper commerical office space?
(This is for a standard office not involved in media or requiring any sustained high-bandwidth applications, just normal browsing and max 5 simultaneous video conferences)
(This is for a standard office not involved in media or requiring any sustained high-bandwidth applications, just normal browsing and max 5 simultaneous video conferences)
I've got a site with roughly that many academic researchers hung off a few (they are split across 2 floors) APs. AC Pros with a 6 lite thrown in for one denser area.
They mostly have wired desktops for serious stuff, but average about 1.5 devices/person on the wifi for the kind of use you describe.
I've made a point of working on the service for a couple of days and was happy with it.
How fast is the external connection?
They mostly have wired desktops for serious stuff, but average about 1.5 devices/person on the wifi for the kind of use you describe.
I've made a point of working on the service for a couple of days and was happy with it.
How fast is the external connection?
Thanks all - mesh was not a consideration - all the APs would be hardwired back to a switch. External connectivity will be 1G with 100Mbps backup. Our current usage maxes out about 30-40Mbps.
Only one thing that I'm on the fence about is zero-trust and isolating clients. Fortinet offered a complete solution for this but at 10x the price of a unifi setup without this. We are not dealing with financial data or anything like that anything that does touch customer details is via salesforce etc with nothing stored on site.
Only one thing that I'm on the fence about is zero-trust and isolating clients. Fortinet offered a complete solution for this but at 10x the price of a unifi setup without this. We are not dealing with financial data or anything like that anything that does touch customer details is via salesforce etc with nothing stored on site.
theboss said:
Not sure what exactly the fortinet solution was doing, but the Unifi setup with one of their gateways in control, will let you enable client isolation for any SSID which effectively just drops any traffic from one wireless client to any other.
Unfortuantely I don't think that helps with clients wanting to print etc. Isolation is fine for personal devices and outbound only traffic, but I don't think unifi supports RBAC/zero-trust. I’ve been involved with a couple of previous employers that have put in Unifi solutions at around that size. I’ve also put in Unifi at a local creamery, albeit they were far smaller.
As you mention, most of what was done with sensitive data was stored in the cloud, so zero privilege was less important. Most of these firms were entirely wireless too with less than 1G setups. We liked it for easy guess and portal access, which was easily manageable, as is just getting the kit.
A couple of friends have done it for their employers too, and we all run Unifi at home (different story, I know). But the ease of use for unifi, and being able to integrate other products like security cameras and the like, keeping things on prem and easily replaceable should something break was key, too.
That said sometimes it’s bloody annoying too.
As you mention, most of what was done with sensitive data was stored in the cloud, so zero privilege was less important. Most of these firms were entirely wireless too with less than 1G setups. We liked it for easy guess and portal access, which was easily manageable, as is just getting the kit.
A couple of friends have done it for their employers too, and we all run Unifi at home (different story, I know). But the ease of use for unifi, and being able to integrate other products like security cameras and the like, keeping things on prem and easily replaceable should something break was key, too.
That said sometimes it’s bloody annoying too.
JakeT said:
I’ve been involved with a couple of previous employers that have put in Unifi solutions at around that size. I’ve also put in Unifi at a local creamery, albeit they were far smaller.
As you mention, most of what was done with sensitive data was stored in the cloud, so zero privilege was less important. Most of these firms were entirely wireless too with less than 1G setups. We liked it for easy guess and portal access, which was easily manageable, as is just getting the kit.
A couple of friends have done it for their employers too, and we all run Unifi at home (different story, I know). But the ease of use for unifi, and being able to integrate other products like security cameras and the like, keeping things on prem and easily replaceable should something break was key, too.
That said sometimes it’s bloody annoying too.
Yeah it's the last client bit that worries me, although my homes and some other small hospitality businesses I've installed it in have run for years pretty much trouble free. As you mention, most of what was done with sensitive data was stored in the cloud, so zero privilege was less important. Most of these firms were entirely wireless too with less than 1G setups. We liked it for easy guess and portal access, which was easily manageable, as is just getting the kit.
A couple of friends have done it for their employers too, and we all run Unifi at home (different story, I know). But the ease of use for unifi, and being able to integrate other products like security cameras and the like, keeping things on prem and easily replaceable should something break was key, too.
That said sometimes it’s bloody annoying too.
After speaking to some other friends that have done this, I think I'm just going to install structured for most desks which is only 90GBP a drop, and have wifi for non-essential uses.
Brother D said:
After speaking to some other friends that have done this, I think I'm just going to install structured for most desks which is only 90GBP a drop, and have wifi for non-essential uses.
Magnum's first rule of network installation: if it doesn't move, cable it. That gives the best & most reliable connection to fixed locations like desks, printers, etc. It also keeps wifi traffic down and gives more bandwidth to devices that can't be cabled. You can still go 100% Ubiquiti, using their switches to handle the cabling, their access points for wifi etc.Brother D said:
Thanks all - mesh was not a consideration - all the APs would be hardwired back to a switch. External connectivity will be 1G with 100Mbps backup. Our current usage maxes out about 30-40Mbps.
Only one thing that I'm on the fence about is zero-trust and isolating clients. Fortinet offered a complete solution for this but at 10x the price of a unifi setup without this. We are not dealing with financial data or anything like that anything that does touch customer details is via salesforce etc with nothing stored on site.
I love they have span zero trust in to what was traditionally called client isolation. Only one thing that I'm on the fence about is zero-trust and isolating clients. Fortinet offered a complete solution for this but at 10x the price of a unifi setup without this. We are not dealing with financial data or anything like that anything that does touch customer details is via salesforce etc with nothing stored on site.
There is no issue doing that, just means if they need to use resources elsewhere on the network you start punching holes in it and it becomes pointless.
If everything is cloud then device isolation is fine, will stop the spread of any nasties that get in.
somouk said:
Brother D said:
Thanks all - mesh was not a consideration - all the APs would be hardwired back to a switch. External connectivity will be 1G with 100Mbps backup. Our current usage maxes out about 30-40Mbps.
Only one thing that I'm on the fence about is zero-trust and isolating clients. Fortinet offered a complete solution for this but at 10x the price of a unifi setup without this. We are not dealing with financial data or anything like that anything that does touch customer details is via salesforce etc with nothing stored on site.
I love they have span zero trust in to what was traditionally called client isolation. Only one thing that I'm on the fence about is zero-trust and isolating clients. Fortinet offered a complete solution for this but at 10x the price of a unifi setup without this. We are not dealing with financial data or anything like that anything that does touch customer details is via salesforce etc with nothing stored on site.
There is no issue doing that, just means if they need to use resources elsewhere on the network you start punching holes in it and it becomes pointless.
If everything is cloud then device isolation is fine, will stop the spread of any nasties that get in.
Brother D said:
Yeah they got hit a few years back by ransomware that infected a dev AD server which is why they want to move to zero trust so if the sales folk accept another request to open a document from prince nassem offering $10m inheritance it's not going to result in having to wipe everyone's workstations and laptops...
I've seen an org which approached this by completely isolating sales - separate firewall, separate file servers, you name it. When I asked if I was looking at the aftermath of a recent, incomplete merger, I discovered the'd had the above happen one time too many.Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff