Need An Alternative to Ubiquiti Setup

[GlorifiedPaperShuffler]

So in two weeks, I'll be closing on a new house. All the paperwork's been signed, and I'm looking forward to becoming a homeowner after years of renting.

 

I had it all planned out. Gonna run CAT-6A Ethernet indoors and outdoors. Full suite of Ubiquiti products, from UniFi Dream Machine Pro, UniFi APs, UniFi POE switches, UniFi Protect cameras, etc. etc.

Then a couple days back, Ubiquiti comes out and announces EOL on some products, leaving a bunch of very angry users and vendors.

 

That kinda shook my confidence in Ubiquiti, and in my planned setup. Perhaps it isn't such a bright idea to go all-in on one single manufacturer?

Worse, further research into the Dream Machine Pro revealed a litany of network breaking bugs (one user's Dream Machine Pro apparently likes to occasionally disable all its ports).

 

I don't run a business, so I don't need 100% uptime. This network is for my own home use. But I don't want to deal with problems that I can avoid.

 

Basically, I need help planning a new network and CCTV suite. I was pointed at Ubiquiti's products via LTT's videos, so I'm not familiar with other manufacturers.

 

What I need from my network:

1. A WiFi "mesh". I don't want a true mesh network, where some WiFi bandwidth is used by APs to as a backhaul. I just want full coverage all over my house, from the basement, to the bedroom, to my backyard, all running off the Ethernet infrastructure I'll be laying down, with enough throughput to stream 4K video from my Unraid NAS, and move huge files between devices.
2. Intrusion detection and prevention - A firewall. I currently have a pfsense SG-3100 router, and it's "alright". It's just way too complicated to do anything. I remember spending a few hours just trying to get Destiny 2 to run properly. Optional but nice - a pretty dashboard to show if the Russians are trying to get into my network or something.
3. DPI, or at least, the ability to gather statistics on what devices on my network are doing.
4. Some way to isolate IoT devices from the general network, like a VLAN. I'll be running a HomeKit suite of devices, so I'd like these IoT devices to be able to communicate with some hubs (Apple TV, Pod, iPad), but nothing else unless I periodically allow it for updates.

What I need from my CCTV (estimated 5-6 cameras):

1. PoE powered cameras, to minimize the amount of wiring I'll need to add. I don't want completely wireless cameras either.
2. 4K resolution for some cameras, full HD for others. If the cameras catch anything, I'd like to be able to identify the perps. Blurry video is not acceptable.
3. Some intelligence built into the system, where it only records if movement is detected in specified areas of the camera's view.
4. Good IR range for nightvision.
5. Local NVR recording only. I'd prefer not to have my system upload anything to anywhere else besides my home NVR.

Any suggestions? Thanks in advance.

[brwainer]

While I agree that UI's recent handling of the Unifi Video was a bit hamfisted, they did give a bit more notice than some people claim - when Unifi Protect came out, I thought it was very clear that Unifi Video would only have the barest of feature improvements, and they were really only continuing to support it because they didn't have a Protect solution available for more than a handful of cameras. The only part of the Unifi Video EOL I think is wrong, is turning off the cloud portal too soon - but that doesn't mean that those surveillance systems will stop working. The whole point of how UI builds their systems, is that in general if the cloud goes away it may be a little less convenient, but the controller still does what it always did.

 

For what you are looking for, Unifi really does have the best overall package. The 1.7.3 firmware for the UDMP is supposedly very good (I don't have a UDMP so I can't comment). That being said, here are some other options (and in general, they are going to be more expensive, but are from much larger and established networking companies):

 

Networking:

• Aruba InstantOn - Has the basics for wireless and switching that you are looking for - does not have any firewall. Has some basic DPI, but only for the wireless clients (The DPI is done on the APs). The major downside is that InstantOn relies completely on Aruba's cloud server, which is free (yay!) but you are at their mercy to not shut it down (boo!). The APs do nothing without the cloud. The switches can either be operated in cloud mode, where they have limited features, or local mode where they are nearly indistinguishable from the regular Aruba switches, which are very good enterprise class devices.
• Ruckus Unleashed - Similar to Aruba InstantOn, except the controller runs on one of your APs (it gets backed up by the other APs, and another will take over if the main one is offline). Also, the DPI is a bit better because Ruckus has more experience doing this than Aruba. But the DPI still only runs on the APs, so you won't see any wired clients data there. As for the switches, Ruckus does things completely different from Aruba. The switches maintain all of their functionality if you log into them directly, but the core functions you would want (seeing what devices are on which port, changing the VLAN settings of a port, etc) are available in the controller alongside the APs. Basically, any change you make in the controller is applied to the switches as if you had logged into the switch and made that change yourself, and anything that the controller doesn't know about is left untouched.
• Untangle Firewall - This is the perfect solution for someone who wants IDS/IPS, DPI, and many other powerful features but without a massive headache to manage. They offer a home license for $50/year which gives you all the same feature set that they sell to businesses at many times that price. Here's a good video about it:
  and there is a live demo at: http://demo.untangle.com/admin/index.do

Surveillance:

• Synology Surveillance Station - this is an application that can be run on most (any?) Synology NAS. They have certain models which are fine-tuned for it. It will work with almost any camera, but they do require a one-time per-camera license. I think these two videos are helpful: https://www.youtube.com/watch?v=RBPm9VBWLd4 and https://www.youtube.com/watch?v=wAkV_fWOMFU

Like you, I was considering moving to all-Unifi for my next big upgrade. However, at this point I'm planning on Ruckus switches and APs, Untangle Firewall, and for surveillance I'm actually going open source with ZoneMinder - but this is mainly because I have used it for years, partially in a professional setting.