Unifi Shadow mode
Vložit
- čas přidán 6. 08. 2024
- In this video I take a look at the configuration of Shadow mode. Currently Shadow mode operates as a hot spare but in the future it should be seemless.
▶ Ubiquiti affiliate link :
store.ui.com/us/en?a_aid=MacT...
▶ Hire us on our website
mactelecomnetworks.com/
▶ Watch my VLOG channel:
/ @mactelecomvlogs
▶ Join our Discord Channel:
/ discord
------------------------------------------------------------------------------------
Affiliates I use:
▶ VOIP.MS
www.voip.ms/en/code/Mactelecom
▶Canadian Amazon Store front:
www.amazon.ca/shop/mactelecom...
▶USA Amazon store front:
www.amazon.com/shop/macteleco...
▶NordVPN:
go.nordvpn.net/aff_c?offer_id...
------------------------------------------------------------------------------------
▶ Find us on social media:
▶ Instagram:
/ mactelecomnetworks
▶ Facebook:
/ mactelecomnetworks
▶ Twitter:
/ mactelecomn
▶ TikTok:
/ mactelecomnetworks
▶ Linkedin:
/ cody-maccallum-29311b6b
▶ Twitch:
/ frozil3
Intro 0:00
Shadow mode requirements 0:42
Configuring Shadow mode 1:31
Testing Failover 2:54
making sure config was pushed over 3:42
Final thoughts 4:03 - Věda a technologie
Not true HA but I can say that since January 2021 that I got my UDMP (I felt like a beta tester back then), the updates were very consistent and full of new features! Way to go, Ubiquiti!
Ya they have done a great job. I remember when the UDM p first came out it was a mess
As a 2020 buyer: 💯
I think Shadow Mode is a fantastic idea for say a smaller shop. For example, you could literally walk this recovery procedure through with a non-technical person on the phone to get their shop up and running again. Cody's idea of restoring from backup is a good one, although it is more technically involved and requires a login. Shadow Mode can get the environment up and running with no one logging in...
Most "non-technical" persons would not be able to figure this out (I work in IT and know this from experience)... and those that know enough to be dangerous (always one of those in every company it seems) - once they learn how to do this once, they will probably attempt to switch this anytime they have any minor Internet or network issue.. and will call you after they messed it all up or maybe switched back and forth who knows how many times (denying they did anything of course LOL). I remember one customer I was troubleshooting a network issue and part of my troubleshooting required me to hard reboot a switch since the web interface was hung... but someone there was watching over my shoulder and took note of this... literally. I went back onsite months later and noticed a nice laminated sign describing how to unplug the power on switch if there was any network issue.
I just got Shadow working. Thanks, Cody, for the tip on the Unifi Holiday sale, as this was my excuse to get an extra UDM PRO. The hard part for me was getting the new UDM Pro to update its firmware via SSH; it did not want to go to 3.2.7 immediately. My use case was wanting a way to protect my 3-year-old UDM from sudden failure and having to set up a temporary network while I waited for a replacement. Hopefully, the failover automation will get better over time; however, a hot spare is better than days of downtime. The UDM Pro added 13 watts of power draw according to the PDUPro, so that is like running a CFL full-time. Thanks again for the video I had just gotten my firmware update and was scratching my head "Now What" and this helped with the last couple of steps.
Thank you, Cody, well done. The Failover has to be automatic w/o pulling plugs or the disk though ...
This feels like an experiment that escaped from the lab, prematurely.
Seems strange they decided to sync config using a pull model on set intervals. A cleaner integration would be any saves/submits in the UI should just trigger a sync from primary to slave. Obviously this is just a start to shadow mode, and look forward to further progress.
I'm never going to do this at my house, but in the office I see it make a lot of sense. We would need to move the fiber from one UDM to the other (it's plugged directly in to the SFP+ WAN on the UDM), so a few additional manual steps would not be a problem. I'm not going to install a second failover fiber, and even if I did, I wouldn't be able to get the domains moved over, so I will always have a single point of failure anyway. For a small'ish office, this is fine.
Oh, and it's *much* better than the idiotic idea they had with the PSU setup earlier.
For the home environment doing the restore from backup method would be perfectly fine. But in my experience restoring from backup takes quite a while 15-20 minutes. you said this took 2 minutes and it doesn't require the person onsite to log into anything. That swap could easily be done by someone that listens to directions in less than 5 minutes
I wonder if they are going to make it where you can plug your main and secondary into the pdu and have your main internet plugged into that and use the fail over function from there
Still needs a ways to go.
I run a hot spare and just manually copy the configuration over from unit A to unit B on a set schedule. If unit A goes down, I can just move the LAN cable between units and everything resyncs. No swapping hard drives or waiting doe the UDM to boot (which is slow). Everything comes back online pretty quickly with my set up. I'm also looking at adding a SFP A/B switch to be able to remotely swirch between units.
After learning how Shadow Mode requires manual switching of cables, I agree that it may be better to just have one on standby. I am wondering if they do it this way so Protect video will also move over to the new unit (seems like only use for HDD in a Pro/SE)? If there is an option in future to not have to swap HDD for those not running Protect (unless it stores Shadow Mode info to the drive?). But thinking about this more, if is fully automatic then there is a possibility of it false triggering and ending up worse off...having manual intervention allows someone to make the final decision.
you would only move a hard drive if you had a hard drive? why do you have a hard drive in it if it doesn't have protect?
I'm not sure why everyone seems to think a cold spare is better than a warm spare? You still need to swap wires around? would you rather your restore take 3 minutes with no login needed with the warm spare for 20 minutes to restore from a backup where you need to be onsite with a phone to "setup from backup"
@@ryancrazy1You need a hard drive installed if using Shadow Mode, even if not using protect. 3 min vs 20 min/hour is not a big deal if customer is calling us to come diagnose and fix anyways. If someone can do themselves (eg. on-premise IT) then this may be a good idea, but again this is not really good for us when instead we can have an extra UDM in stock which will statistically cover many clients without each of them having to purchase twice the equipment. Also, never want to have an on prem employee do the swap if can go onsite instead... I can see it now... as soon as I instruct someone on prem how to do this, ie. over the phone, how to swap the drive and cables over to the shadow UDM... then in the future "ANY" little blip in the internet, or problem with their computer (say website won't load, or printer not working), the first thing they will do is go swap UDMs LOL.
Ideally a HA if not shadow mode should be allowed to configure to port 8 instead of lan 9 so when primary UDMP is out of service for any reason it should be automatically taken over by shadow device . Only limitations is need two out put from ISP . Should be doable as most comes with min 2-4 ports
I wonder if you can configure 3 ports in a transit vlan. Have Internet go in one, then the other two ports go to the DM WAN ports.
Thanks!
Thanks for the super chat :)
I’m actually surprised they don’t have a software update for something like a flex mini or maybe there are working on a 2.5g flex mini? That can auto detect when in udm is down
The other thing here that really kind of annoys me is that they require the same console. 3.0 was supposed to put the pro and the se on the same firmware. Having it not sync between those two models seems like a missed opportunity to me. I’m a person that bought a pro and kinda wish I bought the se. If would be nice to have the pro as my shadow backup
Could I mix and match a UDM-SE as my primary and a UDM-PRO as my secondary in Shadow Mode?
It's cool but very very few of us would need this. It's very expensive for SMBs. It is a good option to give clients tho. Would also love to see a setup that just takes over and not have to unplug and replug.
Great video.
You are using Port 8 on primary UDM to link to shadow device. This Port 8 is the WAN2 port, can another port be used for this link.
(I use both WAN port in my current setup on the primary UDM)
If you buy a frame TV, please do a video on it. Unless they've changed the design, they can be a real pita with the split mount.
I have two of these. The mount honestly isn’t that hard to install if you read the instructions and use the included template. Once installed you can pivot the whole TV to straighten it out in case you made any mistakes with keeping the two mounts level
I agree there should not be moving cable around. If I’m traveling and the console go down what is the point to have it on shadow mode if you have to be fiscally present.
Thanks.
Hi Cody, Does the hard drive need to be installed if using an NVR for protect
It would be great if both UDM have hard drives in them and the settings get copied as well so that you don't need to change the hard drive but only the cables.
I think a better step would be first, that since the two UDM-s already linked in shadow mode at least it should take over without any manual work when you update the Console and then switch back, it's not the best that if your console updates you have at least 5-10 min downtime
Been playing with this to see if it's viable for the businesses I manage.
Like you, I don't think it's that viable compared to just keeping a spare UDM available to swap out.
My customers will still need me to head over and physically move the cables and HDD around the the spare.
I think this is a good step in the right direction, but it needs to be a seamless fail over.
Maybe they should use the power backup to host a WAN switch then you just plug the WAN into that then a wan out to both UDMs, or just make a WAN switch.
You could solve the switching issues with an aggration switch and just plug both UDMs into that.
Again, at this point just doesn't seem viable for cost savings.
Just my 2 cents
I fully agree, you would think that it would be like a HA setup and auto swap to the other unit. Installing a hard drive identical to the main unit it should just fail over to the other unit. What if you installed this unit ant you were 150K away 2 hour drive and the client was down for 3-4 hours. Justify that to them.. Hard to !
Yeah without HSRP, Dynamic routing, true tunnel support(GRE/Fully implemented IPSEC), SNMP, I can't recommend ubiquiti for business use. This isn't HA this is a warm standby unit.
@@DeadlyDragon_my clients are small businesses so they don't need all of those features.
Most of them are restaurants, taverns, or bars that need POS (point of sale), cameras, and basic networking for their employees.
@@JasonsLabVideosthey usually fail when I go on vacation, LoL
Happened twice, had to send my employee out once and the business owner the second time and walk them through it.
Told them next time I'm going on vacation, I'm going somewhere where there's no cell coverage.
@@nightbladexxx as well as tunnels back from the branches to a central office. Which means you have to deal with routing. Now you could do static routing for all of that. But that is prone to errors and does not scale with your business. Hence dynamic routing through OSPF. They really need to add dynamic routing. And for monitoring of your clients SNMP is the defacto standard.
Do you know if we can use UDM SE as primary and UDM PRO as a shadow?
could you just run both udms to isp and set the backup udm into failover mode so that when primary udm goes down it switches wan on backup udm from shadow to isp?
Confused. You will need a Hard drive in the UDM SE drive bay to do Shadow Mode? Why?
The main device needs one, then it's needs to be swapped on failure of the main.
If you’re not using protect on the udm you probably can omit this step. I’m sure it’s just for you to have all your old recordings… although to me it would make more sense that they would get copied periodically
It's early and doesn't make much sense now but I can see the potential going forward. Not sure that the UDMPro target market will spend the $ for the redundancy tho.... Still glad to see them add/develop the feature..
True, but as an implementer, you could at least price the option for your client if they would like...
@@Moonraker11 Most MSPs don's use Ubiqiti products for routers. In the small business space I see most users being too cheap to opt for it. But as u say, at least it's an option so that is a good thing.
Greetings from Austria! Great clip Cody! Does anyone have further information, how this will work together with Virtual Router Redundancy on Power Distribution Pro?
How long does it take to actually fail over when you initiate the failover. I might have not let it sync fast enough but mines been sitting for over 1 hour now. I may have not waited long enough for the sync process as it was just a lab setup for testing the concept. But i was thinking I might just stick with my offline unit that I update periodically, it would have been a faster switch over. At least the client could technically do that and then I can always just restore the last backup to it as I keep a copy at my office every time we make any changes and then put the current config on it that way..
Unfortunately, with Shadow hardware running you have the problem that the integrated power supply has also been active for many hours before it is used. So it's not really a failsafe.
Wait so you cant use an se and pro together in shadow mode?
I agree they need to make it active/standby or active/active. Then you can architect these in a redundant topology with your WAN circuits landing on edge switches. What frustrates me with Ubiquiti is they work on features like this but we still lack BASIC features like OSPF, LACP, and the ability to view the actual routing table from Unifi - these are assumed basic features of products that the UDM is marketed to compete with. If Ubiquiti wants to compete in the SDWAN market they need to add these things or they are going to get over looked. and YES ive talked companies out of Ubiquiti because of these exact limitations. Dont get me wrong, I love Ubiquiti I think they are unbeatable for the cost and dont charge you a license fee to use Unifi, but in the real world when a company comes to a VAR and they want reliability, redundancy, and ease of use Ubiquiti is not a top contender at all.. This is still prosumer gear and they still have A LOT to get sorted out if they want to be enterprise grade
😮
Will this work with UXG's?
Although a niche idea, I see this as nothing more than a money grab to sell more UDMs. There are some questions though.
1. Why do you need to swap hard drives? Especially if you have a HDD in both UDM and the UDM Pro SE has an SSD in it. Also, not everyone uses a HDD (those with a separate NVR)
2. If you do have a HDD in them, why would it matter if you have a UDM Pro and a UDM Pro SE? Considering they run the same version of the software.
3. Shadow Mode? This is in simple terms, just cloning the software, instead of downloading a periodic backup of the config file and using it at the setup of another UDM.
If you take the switching of the HDDs out of the equation, theoretically you could use shadow mode on any Unifi gateway all the way back to the USG. Again, a money grab to sell more.
Curious to know what others think and hope we have a good conversation.
This makes no sense to me. The nomenclature should be, have another as a spare. There is nothing “shadow” about it. In time it will get better and more “automated” I’m sure.
Waiting for the future updates and can you please do a video once it’s has been updated please
100% will be doing a follow up
@@MactelecomNetworks thank you so much bro. Can’t wait it. Hopefully it comes soon.
@@MactelecomNetworkswill be great when it's truly a deployable solution in the MSP / integrator space.
The real question that needs to be asked is, why is there a demon spawn sitting on the network gear?
What is the purpose of this if you have to interact with it..
I think they have better future goals for it. Right now, it seems easier to just keep a spare handy
Seems just to be a quick shelf spare solution (sell more gear for minimal engineering & programming costs in their business) that some semi-knowledgeable customers could handle themselves, but easier / better solutions already exist. He'll, you could have a poe switch and the new UX available and within 15 minutes be back up and running vs. this. Nice step, but not anything to write my small customers about. Yet.
They need to allow UDM Pro UDM-SE for shadow mode. Pure greed by not allowing that to happen
First
Sorry for saying anything negativ but I have place 15 phones calls for a business proposal and no reply response or anything . CZcams videos are great but on the business side im wondering if service even exist.