Ubiquiti had a secured backend - their screw-up was not doing MFA on their admin accounts. I would still like if there was an option for a local-only control panel.
If admin login is using weak credentials, it is by definition not a secure backend. Password/credential management and mandatory MFA are ALWAYS part of security due diligence for suppliers.
There are way to limit the scope of those. One set of credentials per environment for example. You can also limit the use of the these credentials by policy.
The cloud controller is a (surprisingly heavyweight) service that manages a network of unifi devices. It can run on a raspberry pi, or an x86 container / vm.
If I wanted to run it all the time, I’d try putting it in a docker container on my synology.
Instead, I have an sd card for my raspberry pi that has nothing but the controller installed. The main downsides to this are that it is easy to lose the sd card, and that the controller gathers bandwidth/usage/wifi connection reliability stats, but only when it is running. I don’t get those unless I boot up the RPi to diagnose some network issue (this has never been an issue in practice).
One advantage of the RPi setup over a synology container is that it has both a ethernet jack and a wifi adaptor. This is surprisingly helpful when bootstrapping complicated mesh topologies.
I have a UDMpro which self-hosts a controller, thou personally if i knew it couldn't be joined to another controller i'd have gotten something else so i could throw it in docker (which runs on a NUC with the storage off a synology)
Gosh. I wish I knew. This thread is rife with alternatives, so other's guess is as good as mine. The unifi wifis I have running are still good and work extremely well. So my suggestion is to keep using them, but only if you host the controller software on your own hardware (I'm using RPi 4 as stated) and only if you avoid their cloud solution(s). (This IMO).
I am still looking for alternatives when the time comes to replace mine. Which I'll be forced to replace once/if they completely nerf the self hosted on self hardware options.
The Ubiquiti controller is not needed for general operation, unless you're using a guest hotspot. Otherwise if it's offline you just lose ability to do configuration and it's data/stats logging.
Hah, that's a dream world where enabling/disabling SSID's ever worked properly.
They have a good UI, good hardware but the software seems half baked.
Originally with the switch to the "new settings", the schedules were switched between the AP's and the UDM, not sure about a dedicated cloud controller.
Still lots of pitfalls with just MFA. Text/email being the worst and TOTP being somewhat better but not great. A lot of password vaults support storing the TOTP secret so they can generate time based codes which seems reasonable when the vault is 2-3 factor protected (some do IP heuristics, passwords, tokens, PINs, etc). Unfortunately if someone gets access to the vault in it's unencrypted state you're in for a world of hurt.
Even with hardware tokens, if someone gets access to your machine while you're using it they can wait til you authenticate then use the creds proxying requests through your machine so they look legit
I run a local controller with no remote access for unifi - i would never use any networking hardware that needed a cloud controller/connection for breaches exactly like this.
Ubiquiti had a secured backend - their screw-up was not doing MFA on their admin accounts. I would still like if there was an option for a local-only control panel.