McCann Tech

View Original

UniFi Dream Machine Pro Review

Originally Posted: February 22nd, 2020
Last Edited: February 13th, 2021


UniFi Dream Machine Pro Review

The UniFi Dream Machine Pro (UDM-Pro) is the latest security gateway from Ubiquiti. Along with the upcoming UXG-Pro, it replaces the USG-Pro as the high-end, rackmount option in the UniFi line. It packs a lot of features into 1U, and there is a lot to discuss.

Unlike the older USG-Pro, the UDM-Pro is a UniFi OS Console, meaning it runs the UniFi network application and other UniFi software. The UDM-Pro also features two 10 Gbps SFP+ ports, an 8-port gigabit Ethernet switch, and a 3.5" hard drive bay for UniFi Protect. It can be a controller for their VoIP phone system, UniFi Talk, and their access control system, UniFi Access.

Unfortunately, all of this built-in software comes with a big downside: the UDM-Pro cannot be adopted to an external UniFi Network controller such as a Cloud Key or cloud-hosted controller. Before we get into the software, lets start with some specs.


UDM-Pro Specs

Interfaces:

  • (8) Gigabit RJ45 LAN Ports

  • (1) Gigabit RJ45 WAN Port

  • (2) 1/10 Gbps SFP+ WAN/LAN Ports

  • Management via Ethernet In-Band or Bluetooth with UniFi smartphone application

Features:

  • HDD bay for Protect Surveillance, supporting 3.5” or 2.5” drives with included screws

  • IDS/IPS throughput: 3.5 Gbps

  • Processor: Quad ARM Cortex-A57 Core at 1.7 GHz

  • System Memory: 4 GB DDR4

  • On-Board Flash Storage: 16 GB eMMC

Dimensions:

  • Width x Height x Depth:
    442.4 x 43.7 x 285.6 mm
    (17.42 x 1.72 x 11.24")

  • Weight: 3.90 kg (8.60 lb)

Power:

  • Max. Power Consumption: 33W

  • Voltage Range: 100 to 240VAC

  • Power Method: (1) Universal AC Input, 100-240VAC, 50/60 Hz

  • Redundant Power: (1) RPS DC Input

  • Power Supply: Internal 50W/12V

Package contents:

  • (2) Rackmount Brackets

  • (8) Bracket Screws

  • (4) Mounting Screws

  • (4) Cage Nuts

  • (1) Security Screw

  • (4) 2.5" HDD Screws

  • Power Cord

  • (4) Rubber Feet

Environment:

  • Temperature: -10° to 40° C (14° to 104° F)

  • Humidity: 5 to 95% Non-condensing


UDM-Pro Hardware

The UDM-Pro is a 1U appliance, made out of metal. It looks similar to the USG-Pro, with a few added features and much faster performance.

One of the most notable changes is the addition of the 1.3” touchscreen on the front. The screen displays some information about the network and the device. It allows you to view the current IP address, number of clients, current temperature and fan speed, uptime, and stats on the integrated applications like Protect and Talk. This feature was also added to the 2nd generation UniFi switches. Another change is the addition of the proprietary power port on the back, which lets you attach a UniFi Smart Power RPS for redundant power.

The two other big hardware changes are the hard drive bay and the integrated 8-port managed switch. The hard drive bay supports 3.5” and 2.5” drives to record video on with UniFi Protect, Ubiquiti’s security camera software. If you are planning on adding a hard drive, make sure to buy one that is supported. The 8-port managed gigabit switch does not support PoE, so you will need a separate PoE switch or power supplies to run access points, cameras or other PoE equipment. It also only operates at layer 2, and is limited by it’s shared 1 Gbps backplane.

Software

Since the UDM-Pro includes a built-in UniFi controller, it is capable of running the UniFi Network Management Software without an external installation or Cloud Key. The network management software is the same for all UniFi devices, and allows you to setup, configure and monitor your network through a web browser or mobile app. This allows you to manage all your UniFi devices, including access points and switches, from one interface.

The UDM-Pro runs UniFi OS, which means it can also run the UniFi Protect, UniFi Talk and UniFi Access software if needed. UniFi Protect is their network video recording software. Talk is for controlling their VoIP phones, and Access is their upcoming access control system. More on those later.

The UDM-Pro also ties into Ubiquiti’s smartphone apps for iOS and Android. The UniFi app allows you to do some of the same tasks you can do in the web interface, including setting up new devices and monitoring your network. The Protect app lets you watch and manage your security cameras. The Wifiman app lets you analyze nearby Wi-Fi networks and Bluetooth devices. All of this software is free, and it’s one of the benefits of going all in on a UniFi network.

UDM-Pro Setup Process

The setup process is similar to other UniFi devices, and can be done through the web GUI or their smartphone app. The UDM-Pro’s default LAN IP adress is 192.168.1.1

To setup the UDM-Pro using the web interface:
-Power on the UDM-Pro, and connect your internet connection to one of the WAN ports
-Connect your computer to one of the 8 Ethernet LAN ports, and assign yourself an IP in the 192.168.1.0/24 subnet (not 192.168.1.1)
-Navigate to 192.168.1.1 in a web browser
-If you are using the Ethernet WAN 1 port and DHCP, the UDM-Pro will grab an IP automatically
-If you are not using WAN 1 and DHCP, click on advanced setup to assign the WAN port and IP address you want to use
-Name your UDM-Pro
-Login to your UI.com account, or create one. An account is required, and you must have internet connectivity
-Pick update schedule
-Pick auto optimize and run speed tests, or specify your ISP’s speed
-Choose to send analytics or not
-Use the local portal to setup users and admin access
-Install the applications you need (Protect, Talk, Access)
-Launch the UniFi software to configure your network.

The steps to setup the device through the app are similar, just make sure you have Bluetooth enabled and you are connected to the UDM-Pro in your Bluetooth settings.

Remote Management and UniFi OS: It’s Complicated

In most ways, the controller built in to the UDM and UDM-Pro acts like any other UniFi controller. The network management software is the same whether you run it from the UDM, on a Cloud Key, or installed on your own hardware. However, the UDM-Pro changes a few things compared to a traditional Cloud Key and USG network.

Things that are the same between the Cloud Key and UDM-Pro:

-They both run UniFi OS and support UniFi Talk, Access and Protect.
-The features and network functions of the network controller software are the same.
-Ubiquiti allows remote management through their own cloud management solution, which they provide for free. Here are more details on Ubiquiti’s site.
-You can setup site-to-site VPNs between UniFi networks.

Things that are different with the UDM-Pro:

-UDMs do not support multi-site management.
-The UDM-Pro is not capable of being managed by an external hosted controller or Cloud Key.
-You can access the UDM’s controller by WAN IP or Hostname.
-There are differences in how you setup site-to-site VPNs, and the Auto IPsec VPN is not supported on the UDM-Pro.

So what is UniFi OS? It’s Ubiquiti’s way to brand the controller software and additional applicaitons that Ubiquiti provides. UniFi OS currently only runs on the UDM, UDM-Pro, and Cloud Key Gen2+. If you’re interested, I have more details on UniFi OS in my UXG-Pro Preview.

UniFi OS Applications: Protect, Access and Talk

Depending on what you want from your security gateway, these additional features may be handy or not. Ubiquiti seems to be integrating more functionality into their equipment. The UniFi Dream Machine combines a security gateway, UniFi controller, access point, and a 4-port switch into one device. This makes it more like a typical all-in-one home router, but removes a lot of the flexibility that the UniFi line typically has. The UDM-Pro removes the Wi-Fi, but also integrates security cameras, VoIP phones and access control features, with the possibility for additional applications to be supported over time.

With the convenience of an integrated solution comes some compromises. First, you are stuck with Ubiquiti’s solutions if you want to use those features. You can’t control other brands of video cameras, phones or access control devices. You are also limited to what’s in the UDM-Pro for both performance and capacity. There is only one hard drive slot, with no option of RAID arrays or adding additional drives for extra recording capacity. The UDM-Pro trades flexibility for easy integration.

Ubiquiti also has an external NVR rackmount appliance if you are interested in diving deep into UniFi Protect. The Protect software is really good from what I have seen. It’s up to you whether that seems like something you want to rely on. In my opinion, these additional applications are more value-adds than anything else. Even if you don’t use them, you are still getting a good deal on a 10 Gbps-capable security gateway.

UDM-Pro Threat Management

Both the USG and UDM lines of security gateways provide a lot of built-in features to protect your network. With the slower USG and USG-Pro, enabling too many of these features drastically reduced WAN throughput. The UDM line features more powerful processors which allow you to have these features enabled, without slowing down your internet connection. If you want more details on these features and how to configure them, you can find that on Ubiquiti’s website.

IDS/IPS Throughput:

  • USG: 85 Mbps

  • USG-Pro: 250 Mbps

  • USG-XG: 1 Gbps

  • UDM: 850 Mbps

  • UDM-Pro: 3.5 Gbps

  • DPI and smart queues will limit further

Features:

  • Intrusion detection and prevention

  • L7 deep packet inspection

  • Geo IP filtering

  • Auto scanning of endpoints to ID vulnerabilities

  • Built in honeypot to detect malware

  • Restrict access to malicious IPs

  • Restrict access to TOR

  • DNS filters for adult sites, malicious domains, "family" mode

  • Whitelist certain IPs

UDM-Pro Redundancy

Ubiquiti advertises a few different forms of redundancy, but they come with some limitations. The UDM-Pro supports dual WAN with failover. Failing from primary to backup takes around 10 seconds, and will fail back to primary when service is restored. One major downside to their dual WAN support is the lack of load balancing. There is no way to use both WAN connections at the same time, meaning one of your internet connections will be unused. This could hypothetically be fixed with a future software update, but that isn’t something Ubiquiti has enabled yet.

Another option for a secondary Internet connection is to use LTE failover, which requires Unifi LTE ($199). It is only available in the United States, and uses AT&T’s network. It costs $15 for first GB, then $10 per GB after that. The UniFi LTE is not exclusive to the UDM line, it is supported on the USG as well.

Another restriction is that you cannot have multiple IP addresses on a single WAN connection. This was possible by editing JSON files on the USG and USG-Pro, but isn’t possible on the UDM or UDM-Pro. In fact, anything that involved editing JSON files is not possible with the UDM line. This is due to the CPU architecture and operating system differences.

Power is another redundant aspect. It supports the USP-RPS for secondary power, just like the 2nd generation Pro switches. The USP-RPS can protect up to six devices from sudden power supply failure. In the event of an internal AC/DC power supply failure, those devices get their power from the RPS and your network will continue to operate with no interruption in service. Unfortunately, the USP-RPS is a proprietary solution, and it costs $399. That is nothing for enterprise-grade equipment, but expensive for home or small business use. Like a lot of what Ubiquiti makes, it exists in the murky space between.

Who is the UDM-Pro for?

The UDM-Pro is part of Ubiquiti’s new line of UniFi products. For $379, it combines multiple functions into one convenient package. It allows for 8 Gbps of throughput with deep packet inspection on, or 3.5 Gbps with IDS/IPS on. It integrates a security camera NVR, access control and a VoIP phone system with a security gateway and a network controller. It certainly doesn’t lack features, and has more than enough performance for most small-to-medium sized networks.

See this Amazon product in the original post

Unfortunately, with those features comes a lack the flexibility. The flexibility of the UniFi line is part of why they are so popular with WISPs, MSPs, and home lab enthusiasts. It ties a lot of functionality into one box, which is a benefit, but also a liability. Putting your network, access control, security cameras and VoIP system into one box makes you really dependent on that one box. If you are a small business fully utilizing all of these features, you have to hope that it is 100% reliable. Ubiquiti doesn’t offer the type of 24/7/365 support you would get from enterprise gear, which helps keeps the price down. It also means that if the UDM Pro breaks, it’s on you to get it fixed or replaced.

Ubiquiti specifically mentions small to medium businesses on their advertising for the UDM-Pro. For some, it could be a good option. I would have a lot of reservations fully utilizing all the features and depending on them full time, even with the redundant features Ubiquiti promises.

The more I researched the UDM-Pro, the more confused I got. It seems like overkill for home users, but it falls short in a lot of ways for business needs. The features look good, until you start to look closer. It advertises redundant power, but that requires a $399 proprietary box which isn’t released yet. It has dual WAN ports with failover, but no way to load balance between them. It features an integrated controller, but one that comes with restrictions that weren’t around before. It allows for remote management, but only with Ubiquiti’s service.

When it comes to the overall package, it’s compelling. The downside to a lot of the additional features is there are a lot of qualifications and asterisks. If you are in the market to replace your USG or USG-Pro, the UDM-Pro is the best you can get right now. If the limitations of the UDM-Pro don’t affect you, it’s an amazing device. Even if you don't plan on using the additional applications and features of the UDM-Pro, this is still a 10 Gbps capable router for $379. That alone is worth the price of entry. For those that don’t want the integrated switch, controller, or application features, you might be better off waiting for the true successor to the USG-Pro, the UXG-Pro.

Other Ubiquiti Guides and Reviews

If you have more questions about Ubiquiti or anything in this post, leave a comment or contact me. I will do my best to point you in the right direction, or help in any way I can.