UniFi Dream Machine Pro: Much Machine, Missing Dream

The change in course for Ubiquiti has resulted in new products that address performance deficiencies or limitations yet aren’t baked to a standard that feels fit for mass consumption. Functionality that is available within the prior line of security gateways either incurs a performance penalty when enabled or doesn’t quite operate as advertised. The advent of new, high performance hardware in the Dream Machine line is combined with the potential promise of integrating functions which previously required multiple components from their solution stack.

The base Dream Machine integrates an AP, security gateway and “cloud controller” into an aesthetically pleasing form factor. This product may be a perfect replacement in single site/home environments. However, the Dream Machine’s inability to integrate with a Cloud Key or alternative multi-site management solution will make the management layer more complex than it needs to be. Moving from a UniFi Secure Gateway to a Dream Machine also eliminates Auto IPSec VTI VPN integration. Part of the problem stems from the transition to UniFi OS. The overhaul of the underlying operating system that will power future UniFi devices hasn’t been done in a manner that enables a pain-free transition.

It was apparent that a lot of attention went into the packaging and design of the Dream Machine Pro that we purchased. There’s a pull tab on the back of the box for the unit in question.

Upon removal of the tab, the foam inserts that secure the device are very high quality. The accessories kit is nestled in the available space embedded in the foam.

Removing the Dream Machine Pro from the packaging material shows the 8 copper ports, 2 SFP+ ports, hard drive bay and 1.3 inch touch screen display on the front of the unit.

The screen protector needs to be peeled off of the front of the display and the hard drive carrier needs to be ejected to remove it’s protective peel entirely. Opening the accessory box reveals the rack ears, screws for mounting, power cable and adhesive feet if the UDM Pro will be deployed on a desktop.

Physical preparation and installation was simple. With the unit rack-mounted in our wiring closet, the challenges began to occur. Detection of the Dream Machine Pro within the iOS UniFi app was instantaneous. The guided setup process worked well until the final steps when an error occurred. Two reboots later, the process completed and we went through the documented procedure to transition from a prior controller to the integrated controller within the Dream Machine. This process didn’t work as advertised. We’re not alone in our experience with the shortcomings of this transition. It ultimately ended up being faster to re-establish our networks and associated configurations manually. If you’ve got a complex network design with multiple VLANs, firewall rules or other custom integrations, you may benefit from a newer beta controller for the Dream Machine Pro.

As Crosstalk Solutions opened the unit to highlight significant changes to the internal design and cooling of this product, we’ll simply point you in the direction of their excellent video. The slots above the ports and drive bay incur less turbulence than the prior air-cooled gateway solutions. Noise levels are acceptable to the degree that modification won’t be necessary. The deep dimensions of the Dream Machine Pro may present an issue if a short-depth rack is in use. We were forced to upgrade our rack previously during the implementation of the PoE 48-port UniFi Switch. The Dream Machine Pro is about twice as deep as the USG Pro 4.

In the previously noted video, all of the bells and whistles were enabled related to IPS and Geo IP filtering. In practical application of a fully fresh setup, we’re disappointed to report that Geo IP filtering is broken. Errors related to hardware offload, which do not pertain to the Dream Machine line, are all that appear near the top of the interface. Furthermore, use of Smart Queues for slower WAN connections continues to create problems as it did in the USG lineup. Setting static values for eighty percent of guaranteed or validated upload and download rates worked for about two or three days. Afterward, our experienced speeds crawled to twenty five percent of the established settings. As soon as we disabled Smart Queues, things went back to normal.

Availability of the Dream Machine Pro has been affected by events in the region where it’s manufactured. The fact that this $350 USD device doesn’t maintain feature parity with the outgoing stack is an absolute disappointment. The inability to define multiple sites on the integrated controller will add complexities to the administration of the solution set. While we’d theorize that Ubiquiti’s vision will encompass multiple controllers that roll up to a singular web-based management plane, the lack of forethought to allow UDM devices to integrate with Cloud Keys or cloud-provisioned controllers during such a top-down product stack transition is simply a slap in the face to customers that have adopted a single pane of glass.

While it’s still early days for the Dream Machine line, there’s an obvious theme related to the product team not understanding its end markets. There are also missed opportunities with some of the design decisions. The absence of PoE ports on both the Dream Machine and Dream Machine Pro ensures that smaller setups will still require injectors or an adjunct switch with PoE capability. The absence of feature parity between the Dream Machine controller and the Cloud Key eliminates some functions at best and results in management pain points at worst.

Ideally, Ubiquiti would have done better had they introduced transitional models; the USG and USG Pro 4 with more potent processors and potential memory upgrades would have assisted in addressing throughput with security-related features enabled. These upgrades would have moved the needle to enable the adoption of faster connectivity without breaking the current model. Alas, ripping the band-aid off and diving into a not-yet-feature-complete replacement is going to do more harm than good. After more than seven years in the UniFi ecosystem, we’re evaluating our move to a competing platform that offers better consistency from a roadmap and architectural perspective.