We bet on UniFi (Ubiquiti’s networking line, the WiFi access points and switches sitting in the comms cupboard) as our default SME network stack about two years ago. The pitch was always the same: enterprise feature set, sensible price point, single controller for the lot, decent enough hardware that we wouldn’t be back to swap it in 18 months. For the most part that’s held up. We’ve deployed it in offices from 8 seats to about 180, retail sites, a couple of warehouses, and one rather entertaining listed-building project where every cable run had to be approved by a conservation officer.

What we’d keep

The U6 and U7 access point (AP, the WiFi box on the wall or ceiling) line on most office floors. WiFi 6 was the sweet spot for the SME budget when we started, and the U7 generation since has been a clean upgrade: better client density, sensible roaming behaviour, no surprises on the firmware side. Where we’ve gone back to a U6 site to upgrade, the swap-out has been about as boring as a network upgrade ever gets, which is what you want.

The PoE switches (PoE, power-over-Ethernet, the standard that lets a single network cable carry both data and power). The 24-port and 48-port models with full PoE+ have done what they say on the tin. We’ve had two switches fail in two years across all sites; both arrived dead-on-arrival, neither went bad in service, better than we expected, frankly.

The controller model. A single UniFi Cloud Gateway (the small box that runs the network’s brain and lets us see all the kit in one place), or a Dream Machine Pro on bigger sites, running the controller for a building is straightforward, gives us decent remote visibility, and means we’re not paying a separate licence fee per AP. Compared to running an on-prem controller for a competitor product, the operational overhead is much lower.

Adopting on the first day, not the last. This sounds basic, but every site where we adopted devices into the controller as soon as they came out of the box went smoothly. The two sites where we deferred adoption to the end of the install, for reasons that seemed sensible at the time, were the ones where we ended up debugging things at 9 PM on a Friday.

What we’d swap

The early-generation gateway choices on bigger sites. We put a Dream Machine Pro into one client at the 120-seat mark and it’s been working hard ever since: not failing, but never quite breathing easy either. With hindsight, anything north of 100 seats wants the bigger gateway from day one. The price difference is real but the headroom matters, and “real-time threat management” features eat CPU more than the spec sheet implies.

The cameras, mostly. UniFi Protect is a nice product, but in most cases it isn’t the right one for an SME that takes physical security seriously, particularly anything with regulatory or insurance dimensions. We’ve deployed Protect at a few sites and it does the job for general-purpose monitoring. We don’t put it in any more where the client has compliance needs around retention, audit trails, or third-party monitoring, because the integration story isn’t there yet.

Mixing too many AP generations on one site. This was a deployment mistake on our side more than a product issue. We had one site that grew over 14 months and ended up with U6 Pro, U6 Lite, and one U7 Pro on the same controller. The behaviour was fine but the troubleshooting got harder than it needed to. Now we standardise within a site, and only mix generations across sites.

The doorbell and access products. We’ve tested them and wouldn’t put them in client estates yet: too much management overhead, not enough integration with the things SMEs actually use for access control.

What’s coming next

A few things we’re tracking.

WiFi 7. The U7 line is shipping at sensible prices and the chipset story has matured. For sites doing a refresh from WiFi 5, we’re skipping the WiFi 6 generation and going straight to WiFi 7. For WiFi 6 sites under three years old, there’s no compelling reason to swap yet.

UISP and the cellular failover side. Useful for the increasing number of clients running hybrid offices or multi-site setups. The integration with the main UniFi controller is still rougher than it should be, but it’s improving.

Identity-driven SSIDs. The capability has been there for a while, but the deployment story is getting cleaner. Connecting WiFi access to Entra-joined laptops (Microsoft cloud-managed devices) without separate certificates is a real workflow improvement for SMEs.

What we see on the ground

Three patterns worth calling out because they catch people.

Switch port budgeting is always too tight. Nobody plans for the third printer that arrives six months in, the meeting-room AV refresh that adds four ports, or the structured cabling somebody forgot to spec for the storage cupboard. We now spec switches with a 30% headroom by default, not 10%. That’s saved us at least three back-pocket switch orders.

Cable-run quality matters more than the AP model. A U7 Pro fed by a 15-year-old Cat 5e run through a damp riser will underperform a U6 fed by a clean Cat 6 run. We’ve started insisting on cable certification before the AP install, because the failure mode otherwise is “WiFi is still slow after the upgrade” and a long, awkward investigation.

Firmware discipline. UniFi firmware has been mostly good but it has off days, so we don’t auto-update production sites. We test on our own lab gear, hold for a couple of weeks, then roll forward. Twice in the last two years that discipline has saved a client from a bad release.

Practical implication for SMEs

If you’re sitting on a 5-to-7-year-old network and looking at a refresh, UniFi is still our recommended default for most SMEs. It isn’t the right answer in every case (heavy regulated environments, very large estates, anywhere with unusual segmentation requirements may want a different vendor) but for the typical 20-to-200-seat office, the value-to-capability ratio is hard to beat.

The thing we’d say to anyone planning the move themselves: spec the cabling properly, spec the gateway one tier up from what feels right, and standardise generations within a site. The product is good; the deployment discipline is what makes the difference between a network that just works and a network that’s an active project for two years.

That’s our Managed Services practice. We design the refresh, do the install, and run the network on an ongoing basis where that’s helpful.

The networks we walk into where the previous installer cut corners have a predictable shape: under-specced switch in a hot cupboard, two failing APs starving the rest, a controller nobody can log into because the previous admin left, and a staff team who’ve stopped raising tickets because “the WiFi is rubbish” is just the climate. That’s a longer rip-and-replace than the original install would have been if it had been done properly. The refresh is your chance to set the next seven years up to be boring. Get the spec right while it’s a fresh sheet of paper.

Thinking about a network refresh and not sure whether to stick or twist? Drop us a note at info@jmopartners.co.uk. One of us will read it.

JMO|Partners · Enterprise IT, sized for SMEs.