Review of the UniFi Dream Machine Pro

Review of the UniFi Dream Machine Pro

Review of the UniFi Dream Machine Pro

It is Ubiquiti's latest security gateway, the UniFi Dream Machine Pro (UDM-Pro). It replaces the USG-Pro as the high-end, rackmount option for the UniFi line along with the upcoming UXG-Pro. There are many features packed into 1U, and there is a lot to discuss.

It integrates a UniFi controller instead of the older USG-Pro. Also included are two 10 Gbps SFP+ ports, an eight-port gigabit Ethernet switch, and a 3.5" hard drive bay for UniFi Protect. It can also be used to control UniFi Talk, their VoIP phone system, and UniFi Access, their access control program.

Let's start off with a few specs.

UDM-Pro Specs

INTERFACES:

(8) Gigabit RJ45 LAN Ports

(1) Gigabit RJ45 WAN Port

(2) 1/10 Gbps SFP+ WAN/LAN Ports

With the UniFi smartphone application, you can manage via Ethernet in-band or Bluetooth

FEATURES: 

HDD bay for Protect Surveillance, supporting 3.5” or 2.5” drives with included screws

IDS/IPS throughput: 3.5 Gbps

Processor: Quad ARM Cortex-A57 Core at 1.7 GHz

System Memory: 4 GB DDR4

On-Board Flash Storage: 16 GB eMMC

DIMENSIONS:

Width x Height x Depth: 

442.4 x 43.7 x 285.6 mm

(17.42 x 1.72 x 11.24")

Weight: 3.90 kg (8.60 lb)

POWER:

Max. Power Consumption: 33W

Voltage Range: 100 to 240VAC

Power Method: (1) Universal AC Input, 100-240VAC, 50/60 Hz

Redundant Power: (1) RPS DC Input

Power Supply: Internal 50W/12V

PACKAGE CONTENTS:

(2) Rackmount Brackets

(8) Bracket Screws

(4) Mounting Screws

(4) Cage Nuts

(1) Security Screw

(4) 2.5" HDD Screws

Power Cord

(4) Rubber Feet

ENVIRONMENT:

Temperature: -10° to 40° C (14° to 104° F)

Humidity: 5 to 95% Non-condensing

UDM-Pro Hardware


Metal UDM-Pros are 1U appliances. It looks similar to the USG-Pro, but has a few additional features and is significantly faster.

A notable change is the addition of a 1.3" touchscreen on the front. The screen displays some network and device information. You can view the current IP address, number of clients, temperature and fan speed, as well as statistics on integrated applications like Protect and Talk. This feature is also available on the 2nd generation UniFi switches. A proprietary power port on the back lets you connect a UniFi Smart Power RPS for redundant power. 

The hard drive bay and the integrated 8-port managed switch are the two other major hardware changes. For recording video with Ubiquiti's security camera software, UniFi Protect, the hard drive bay accepts 3.5" and 2.5" drives. If you want to add a hard drive, make sure it is compatible. To run access points, cameras, or other PoE equipment, you will need a separate PoE switch or power supply. Also, it only operates at layer 2, and has a shared 1 Gbps backplane. 

SOFTWARE

Due to the UDM-Pro's built-in UniFi controller, the UniFi Network Management Software can be run without an external installation or Cloud Key. In order to set up, configure and monitor your network, you can use a web browser or mobile app to manage UniFi devices. From one interface, you can manage all your UniFi devices, including access points and switches. 

In addition to running UniFi OS, the UDM-Pro can also run UniFi Protect, UniFi Talk, and UniFi Access software. This software records network videos. Talk is used to control their VoIP phones, and Access is their upcoming access control system. Those will be discussed later.

The UDM-Pro also integrates with Ubiquiti's smartphone apps for iOS and Android. You can use the UniFi app to perform some of the same tasks you can perform in the web interface, including setting up new devices and monitoring your network. The Protect app allows you to watch and manage your security cameras. Wifiman analyzes nearby wireless networks and  Bluetooth devices. It is one of the benefits of switching to a UniFi network that all of this software is free.

UDM-PRO SETUP PROCESS

Using the web GUI or the UniFi smartphone app, the setup process is similar to that of other UniFi devices. The UDM-Pro’s default LAN IP adress is 192.168.1.1

To setup the UDM-Pro using the web interface:

  • -Power on UDM-Pro and connect your internet connection to a WAN port
  • -Connect your computer to one of the 8 Ethernet LAN ports, and assign yourself an IP in the 192.168.1.0/24 subnet (not 192.168.1.1)
  • -Navigate to 192.168.1.1 in a web browser
  • -If you have the Ethernet WAN port 1 connected via DHCP, the UDM-Pro will automatically pick up an IP address
  • -If you do not use WAN 1 and DHCP, click on advanced setup and select the WAN port and IP address you want to use
  • -Name your UDM-Pro
  • -Login to your UI.com account, or create one. A web connection is required, and you must have a UI.com account. 
  • -Pick update schedule 
  • -Optimize automatically and run speed tests, or specify your ISP's speed 
  • -Choose to send analytics or not
  • -Use the local portal to set up users and administrators
  • -Install the applications you need (Protect, Talk, Access)
  • -Launch the UniFi configuration software. 

You can also set up the UDM-Pro using the app. Just make sure you have Bluetooth enabled and connected to the UDM-Pro through your Bluetooth settings. 

REMOTE MANAGEMENT AND UNIFI OS: IT’S COMPLICATED

Most of the time, the controller built into the UDM and UDM-Pro works just like any other UniFi controller. Regardless of whether you use the UDM, a Cloud Key, or your own hardware, the network management software remains the same. The UDM-Pro network, however, has a few differences from a traditional Cloud Key and USG network.

Things that are the same between the Cloud Key and UDM-Pro:

-They support UniFi Talk, Access, and Protect as well as UniFi OS.

-The network functions and features of the network controller software are the same.

-Ubiquiti offers a free cloud management solution that allows remote management. Click here for more information.

-You can create site-to-site VPNs between UniFi networks.

Things that are different with the UDM-Pro:

-UDMs don't support managing multiple sites.

-The Cloud Key or external hosted controller cannot be managed by the UDM-Pro.

-You can access the UDM’s controller by WAN IP or Hostname.

-Setting up site-to-site VPNs differs, and the UDM-Pro doesn't support Auto IPsec VPN.

What exactly is UniFi OS? Ubiquiti uses it to brand its controller software and additional Ubiquiti applications. UniFi OS is currently only compatible with UDM, UDM-Pro, and Cloud Key Gen2+. I have more details about UniFi OS in my UXG-Pro preview.

UNIFI OS APPLICATIONS: PROTECT, ACCESS AND TALK

Depending on what you need from your security gateway, these additional features may or may not be useful. Ubiquiti's equipment seems to be becoming more and more functional. An access point, UniFi controller, security gateway, and 4-port switch all combine into one unifying device - called UniFi Dream Machine. In this way, it becomes more like a typical all-in-one router, but it loses a lot of the flexibility that UniFi typically provides. While the UDM-Pro removes Wi-Fi, it integrates security cameras, VoIP phones, and access control features, with the possibility of adding additional applications in the future.

Integrated solutions come with some compromises. If you want to use those features, you must use Ubiquiti's solutions. Other brands of video cameras, phones, or access control devices cannot be controlled. Performance and capacity are also restricted to what's in the UDM-Pro. Only one hard drive slot is available, and there is no option to add additional drives to increase recording capacity. Integration is the trade-off.

If you wish to dive deep into UniFi Protect, Ubiquiti also offers an external NVR rackmount appliance. From what I have seen, the Protect software is really good. If that sounds like something you want to rely on, it's up to you. These additional applications are, in my opinion, the most valuable. You are still getting a good deal on a 10 Gbps security gateway even if you don't use them. 

UDM-Pro Threat Management

The USG and UDM security gateways offer a lot of built-in security features. Using too many of these features on the slower USG and USG-Pro drastically reduced WAN throughput. Due to the more powerful processors in the UDM line, you can have these features enabled without affecting your internet speed. For more information on these features and how to configure them, visit Ubiquiti's website. 

IDS/IPS THROUGHPUT: 

USG: 85 Mbps

USG-Pro: 250 Mbps

USG-XG: 1 Gbps

UDM: 850 Mbps

UDM-Pro: 3.5 Gbps

DPI and smart queues will limit further 

FEATURES:

Intrusion detection and prevention

L7 deep packet inspection

Geo IP filtering

Auto-scanning of endpoints to identify vulnerabilities

Honeypot to detect malware

Block malicious IP addresses

TOR access should be restricted

"Family" mode for adult sites, malicious domains, and DNS filters

Whitelist certain IP addresses

UDM-PRO REDUNDANCY

A few different forms of redundancy are offered by Ubiquiti, but they have some limitations. UDM-Pro supports dual WANs with failover. When the service is restored, the failover from primary to backup will take around 10 seconds. The lack of load balancing is a major drawback of their dual WAN support. It is not possible to use both WAN connections at the same time, so one of your connections will be unused. It might be possible to fix this with a future software update, but Ubiquiti has not enabled this yet.

In addition to LTE failover, another option for a secondary Internet connection is Unifi LTE ($199). Currently, it is only available in the United States, and uses AT&T's network. It costs $15 for the first GB, then $10 per GB thereafter. In addition to the UDM line, the UniFi LTE is also available on the USG.

You cannot have more than one IP address on a single WAN connection. Editing JSON files was possible on the USG and USG-Pro, but not on the UDM or UDM-Pro. UDM does not support editing JSON files. The difference is in the CPU architecture and operating system. 

There is also the redundant issue of power. In addition to supporting USP-RPS for secondary power, it is also compatible with 2nd generation Pro switches. With the USP-RPS, up to six devices can be protected from sudden power failure. If the internal AC/DC power supply fails, these devices will still get power from the RPS and your network will continue to operate as usual. It costs $399 for the USP-RPS, which is a proprietary solution. It's not much for enterprise-grade equipment, but it's expensive for homes or small businesses. As with much of Ubiquiti's product line, it exists in the murky space between.

Who is the UDM-Pro for?

Ubiquiti's new UniFi products include the UDM-Pro. Costing $379, it offers a variety of features. With deep packet inspection on, it allows for 8 Gbps of throughput, and with IDS/IPS on, 3.5 Gbps. Using a security gateway and network controller, it integrates a security camera NVR, access control and VoIP phone system. The device offers plenty of features, and it has more than enough performance for most small-to-medium-sized networks.

These features, however, come at the cost of flexibility. UniFi's flexibility is one of the reasons they are so popular with WISPs, MSPs, and home lab enthusiasts. It combines a lot of functionality into one box, which is both a benefit and a limitation. A single box containing your network, access control, security cameras, and VoIP system makes you really reliant on it. Small businesses that utilize all of these features must hope that they are 100% reliable. Unlike enterprise gear, Ubiquiti doesn't offer 24/7/365 support, which helps keep prices low. The UDM Pro must also be repaired or replaced if it breaks. 

In its advertising for the UDM-Pro, Ubiquiti specifically mentions small and medium businesses. It may be an appealing option for some. Using all the features and depending on them full time would be a huge risk for me, even with Ubiquiti's redundant features.

I became more confused as I researched the UDM-Pro. Despite its overkill for home users, it falls short in many ways for business users. At first glance, the features may seem promising. It advertises redundant power, but that requires a proprietary box that costs $399 and isn't available yet. Despite having dual WAN ports with failover, it does not allow load balancing between them. It has an integrated controller, but one that comes with restrictions that weren't there before. It allows remote management, but only with Ubiquiti's service. 

In terms of the overall package, it's compelling. Most of the additional features come with a lot of qualifications and asterisks. Currently, the UDM-Pro is the best replacement you can get for your USG or USG-Pro. If you can live with the limitations of the UDM-Pro, it's a fantastic device. The UDM-Pro is still a capable 10 Gbps router for $379, even if you don't plan on using its additional applications and features. This alone is worth it. You might be better off waiting for the true successor to the USG-Pro, the UXG-Pro, if you don't want the integrated switch, controller, and application features.