{"id":4954,"date":"2016-05-11T12:45:23","date_gmt":"2016-05-11T16:45:23","guid":{"rendered":"http:\/\/chriscolotti.us\/?p=4954"},"modified":"2016-05-11T11:01:27","modified_gmt":"2016-05-11T15:01:27","slug":"using-ubiquiti-unifi-controller-federated-cloud","status":"publish","type":"post","link":"https:\/\/chriscolotti.us\/technology\/using-ubiquiti-unifi-controller-federated-cloud\/","title":{"rendered":"Using The The Ubiquiti Unifi Controller Federated Cloud"},"content":{"rendered":"
<\/a><\/p>\n Continuing on with some of my recent posts I wanted to put some quick information out there about the Ubiquiti operated Unifi Federated Cloud. \u00a0There are multiple ways to run the Unifi Controller I have talked about. \u00a0You can run a public cloud based option, locally on windows, Mac, or Linux, or most recently on the Unifi Cloud Key<\/a>. \u00a0Something all these options share is the ability to federate them into a cloud view located at http:\/\/unifi.ubnt.com<\/a> that is operated and maintained by Ubiquiti. \u00a0There are a few things I’ve played with thus far that people may find of interest.<\/p>\n <\/p>\n The first thing you need to do is create a login at\u00a0http:\/\/unifi.ubnt.com<\/a> or use an existing one. \u00a0Once you login you will not see much, but once your account is created you can connect any number of Unifi Controllers to it. \u00a0Log into the Unifi Controller click “Cloud Access” on the left side.<\/p>\n <\/a><\/p>\n Click “Enable Cloud Access” and you will be asked for the credentials you just setup and click “Enable Cloud Access”<\/p>\n <\/a><\/p>\n Once complete the Unifi Controller will show it’s connected and you have the option of removing or disabling access. \u00a0Basically that’s it to get it connected.<\/p>\n <\/a><\/p>\n Once you have competed this you can log back into\u00a0http:\/\/unifi.ubnt.com<\/a>\u00a0and see the Unifi Controllers you have connected. \u00a0In the case below you can see both a software based install and a Unifi Cloud Key.<\/p>\n <\/a><\/p>\n Once you get things connected there is a couple interesting things about the way the architecture appears to work. \u00a0Initially what you notice is you can see dashboard information about not only a controller but all sites configured in that controller.<\/p>\n <\/a><\/p>\n This is useful for basic information, but what is really cool is you can click “Launch Site” and be connected to the controller. \u00a0The way this works is it first tries a direct connection. \u00a0So if you are on the LAN where the controller IP is located, as in the case with a local Cloud Key, you will be directed to that local IP address and connected. \u00a0If you are NOT local to it the site uses WebRTC<\/a> to tunnel to the controller. \u00a0So even if your external to your LAN based controller you can still connect to it securely without any port forwarding rules. \u00a0That’s pretty cool and just works, with some exceptions I’ll speak to in a bit.<\/p>\n There are really two ways to add additional administrators depending on how they will connect.<\/p>\n As best I can tell you can add people to both, but I have not tried to see if there is any username conflicts. \u00a0What happens is a little different depending on how you add the new administrator. \u00a0If you log into the Unifi Controller and click “Admins” on the left side you are presented with a few options.<\/p>\n <\/a><\/p>\n Let me try to explain the difference the little check box marked “Invite to SDN” does. \u00a0If you UNCHECK this box this will send an E-Mail directly from the controller. \u00a0 The email the user is sent will contain the direct controller’s URL to accept the invitation. \u00a0It is worth noting this requires that SMTP server settings are configured in the Unifi Controller. \u00a0When they click the local link the controller must be locally accessible and then they will create what appears to be a local password. \u00a0They will then have access directly to the controller.<\/p>\n If you check the “Invite to SDN” box they will be sent an email with a link to unifi.ubnt.com where they can use an existing account or create a new one to access the controller. \u00a0This does NOT appear to create any ‘local’ account with a password. \u00a0They must connect first to the UBNT cloud to then be connected to the controller with an SSO hook.<\/p>\n I will continue testing this with the help of a few people to confirm that the user accounts are in fact separate and maybe provide some feedback to Ubiquiti. \u00a0It feels a little confusing and kludgy at the moment. \u00a0I suspect like everything they do it will get better over time.<\/p>\n The Unifi Federated Cloud is Mobile formatted, however you cannot actually “Launch” site from iOS as it does not support WebRTC. \u00a0Android does and it should work from those devices. \u00a0The screen below shows the Unifi Federated Cloud from an iOS browser.<\/p>\nConnecting to the Ubiquiti Unifi Cloud<\/h3>\n
Working with the Unifi Federated Cloud<\/h3>\n
Adding Additional Administrators<\/h3>\n
\n
Mobile Access Using Unifi Federated Cloud<\/h3>\n