Migrating Ubiquiti Unifi Controllers and Sites


So after all this toying around with the Ubiquiti Unifi Cloud Key, and knowing I have all my sites in a cloud controller on EC2, it was time to see what migrating controllers would look like.  I decided to try out the process of moving controllers to see what it might look like.  What I discovered was a few interesting tidbits and I am now conflicted where I want to run my controller(s) going forward.  Take a read and let me know what you think about my new dilemma.  I will mention all of this feedback I already sent to UBNT-Brandon before I put the post together.  I wanted to make sure they had the feedback first since some of the experience was the first time it was not over the top awesome.  It’s not horrible, but it can use a little TLC.

Unifi Controller Backup and Restore

Suffice to say this is the only way to really manage any migration process.  You will backup the controller and restore it onto another one.  This process is surprisingly simple for sure.  I don’t think anyone could have made the process easier.  Just log into you controller under Maintenance and you will see the backup and restore sections.


Click backup to download the .UNF file and then go to the other controller and select it to restore and boom….done…..mostly.  What I mean is there is a couple of things to understand about this process especially if you are like me trying to restore a three site controller to individual cloud keys.

  • Backup is “Entire Controller” – it does not allow for single site export so it is all or nothing.  Sites are moved as is so there is no way to grab the site you want or restore a site to a new controller’s “Default” location.  You see the challenge of de-consolidating three hosted sites to individual keys?
  • Backup does not appear to capture the map files and configurations, but does appear to grab custom portal files if you have configured them and the other contents of the site directory
  • There is no automated backup Policy/process to offsite locations like S3/DropBox/GoogleDrive.  Today I run Crashplan on my EC2 controller to capture all files in the directories and have files located offsite.  I cannot do that with the Cloud Key…..so if I migrate how do I keep regular backups?
  • Cloud Key MicroSD Backup is non-existent message board posts indicate this is for “Future use, but local backup would still need an automated schedule preferably.
  • Restores appear to hand on “processing” screen – Not sure if this was just me, but I did try it a couple times and just had to eventually re-log in to the controller after at least 15-20 minutes.

Once the controller was restored, in my case I deleted the other sites since on this controller my personal site was already the “Default” and outside of the missing map data, everything worked fine.  IN fact the local devices registered with the new controller in the same site automatically.  When I asked UBNT-Brandon he said that was most likely because the controller searched out devices, found them, and those device MAC addresses were already registered in the controllers MongoDB so poof…..registered.

Local Unifi Controller Cloud Key vs Cloud Based Unifi Controller

That’s a lot of “Cloud” and “Controller” in the same title.  The point being which is the right option for me?  To be perfectly honest I am not sure.  i have this well running very stable EC2 Unifi Cloud Controller which has advantages and disadvantages.  Really same goes for the Unifi Cloud Key, so which one is the right direction?  Let’s look at some of those pros and cons in my use case.  remember I have two sites I manage for other people.

Unifi EC2 Cloud Controller

100% Public, easy access for other managed sites to update site filesOngoing OS patches
Can run Linux Backup software for files….but not UniFi Controller formatDevices disconnect if no internet access
Remote admins can access directly with local controller accountsMonthly Cost of hosting and SSL cert
Uses UBNT Federated Cloud
Consistant UI performance

Unifi Cloud Key

InexpensiveRequires VPN or to alter controller files
Uses UBNT Federated Cloud to aggregate users/controllersRemote admins need to use UBNT cloud and jump to controller
Local device access so rare managed device disconnectsNo 3rd party backup capability
Remote Clients can access directly with local controller accountsAll updates done by UBNT
UI Tunneled performance determined by local Line speed

So Which One?!

Honestly I am torn.  There are for me enough advantages and disadvantages to each.  Really the no remote access to the controller for a remote customer is a big deal at least for me.  I can SSH into the EC2 controller and modify configuration files for a customer and push the update.  So can I really get 100% off the EC2 Unifi Controller?  Do I need to just maintain both, but what’s the real value in that.  Thoughts?  Help a guy out on this one! 🙂

About Chris Colotti

Chris is active on the VMUG and event speaking circuit and is available for many events if you want to reach out and ask. Previously to this he spent close to a decade working for VMware as a Principal Architect. Previous to his nine plus years at VMware, Chris was a System Administrator that evolved his career into a data center architect. Chris spends a lot of time mentoring co-workers and friends on the benefits of personal growth and professional development. Chris is also amongst the first VMware Certified Design Experts (VCDX#37), and author of multiple white papers. In his spare time he helps his wife Julie run her promotional products as the accountant, book keeper, and IT Support. Chris also believes in both a healthy body and healthy mind, and has become heavily involved with fitness as a Diamond Team Beachbody Coach using P90X and other Beachbody Programs. Although Technology is his day job, Chris is passionate about fitness after losing 60 pounds himself in the last few years.


  1. I don’t know when this article was posted but UBNT just opened up their own hosted controllers. That option makes by far the most sense to me.

  2. Hi Chris:

    You say: “UniFi Cloud Key -> Disadvantages -> Remote admins need to use UBNT cloud and jump to controller”

    At each site with a CK configure DHCP to reserve address e.g. x.x.x.2 for CK, configure port forwarding for TCP ports 8080,8443 to address x.x.x.2, and configure DDNS to publish public IP address of router e.g. myrouter.ddns.net.

    Web browse to https://myrouter.ddns.net:8443 to connect to CK authentication page without help of UBNT cloud. Bookmark that URL.

    I hope this helps. Thanks. /criss

    • The goal of UBNT cloud is to not require opening up a firewall port directly to your controller, and it works for that. Of course you can always open up ports and access the Cloud Key directly, but there is no need to do that and there is a lot of challenges/issues putting a valid certificate on the CK. The UBNT cloud has valid certs and works without knocking holes in the firewall. You can obviously do that, but there is no need to that’s the point of the UBNT cloud.

Leave a Reply

Your email address will not be published. Required fields are marked *