Understanding UniFi Cloud Architecture

UniFi uses a hybrid cloud architecture that keeps the control plane local while providing centralized, license-free management through UniFi Site Manager. This design allows UniFi devices and applications to be managed directly by a local control plane—ensuring performance, availability, and data ownership—while still enabling secure remote access and centralized visibility across sites.

UniFi’s architecture is built to scale from single-site deployments to large, globally distributed environments without requiring a fully cloud-hosted control plane. For a full introduction to UniFi, learn more here.

How UniFi Cloud Architecture Works

At a high level, UniFi separates where the control plane runs from how sites are accessed and managed.

UniFi’s lightweight, secure cloud automatically aggregates all UniFi deployments that an administrator owns or has been granted administrative access to. From there, UniFi Site Manager brokers a direct connection between the administrator and each site’s control plane, presenting all sites through a single, unified interface.

This approach delivers the benefits of cloud-based remote access and centralized, multi-site management—while ensuring that data, configurations, and control remain on the local or chosen control plane, not in the cloud.

Control Plane Options

UniFi supports multiple control plane deployment models to meet different operational and architectural needs:

• Cloud Gateway: A firewall and SD-WAN appliance that runs the UniFi control plane software locally to manage devices at a site. 
• CloudKey: A dedicated hardware appliance designed to run the UniFi control plane software. 
• UniFi OS Server: Allows you to self-host the UniFi control plane on your own hardware. 
• Official UniFi Hosting: The UniFi control plane is hosted in Ubiquiti’s cloud infrastructure. 
• Network Video Recorder (NVR): A UniFi control plane optimized for managing cameras and door access control in physical security deployments.

Control Plane Uniformity

Regardless of which control plane option is used, the management experience in UniFi Site Manager is identical. Administrators can mix and match control plane types without changing how sites are accessed, managed, or operated.

As a result, deploying many independent control planes—such as Cloud Gateways running UniFi locally at each site—is functionally and administratively equivalent to managing a single centralized UniFi OS Server. In many cases, this distributed model is even simpler to operate, as it enables automatic Layer 2 device discovery at each site and removes the need to route management traffic back to a central data center.

By abstracting control plane location, Site Manager allows organizations to choose the architecture that best fits their operational and networking requirements—without impacting the day-to-day management experience.

UniFi Devices & Applications

UniFi provides a suite of applications that run on the control plane and manage corresponding devices:

1. Network: Firewalls, WiFi access points, and switches with SD-WAN capabilities for efficient traffic routing.
2. Protect: AI-powered security cameras with motion detection, event-based recording, and alarm integrations.
3. Access: Ethernet-based access control for doors, gates, and elevators, featuring biometric authentication and remote unlock.
4. Talk: A VoIP system with call automation, IVR (interactive voice response), and multi-site compatibility.
5. Connect: Management for digital signage, EV chargers, and smart lighting systems.

Each application manages its respective devices locally through the control plane, while remaining centrally accessible through Site Manager.

Getting Started With Site Manager

For a detailed overview of Site Manager features, workflows, and management capabilities, see UniFi Site Manager Overview.