How to Setup a Unifi Cloud Controller in Azure

Welcome to my in depth guide to setting up a Unifi cloud controller in Azure. If you love the great value Ubiquity products offer but want centralised cloud management like you get with Meraki products then Unifi wifi points, firewalls and switches combined with a cloud controller hosted in Azure make for a killer solution especially for the MSP’s out there looking to manage a large number of sites and devices.

Configuring a cloud controller in Azure is a fairly straight forward process but to ensure you have a successful deployment. And to ensure you avoid the mistakes I made made the following steps give a detailed step by step guide. Follow it exactly paying attention to all the notes in each step.

The steps are broken down into the following sections:

  1. Deploy a Virtual Machine (VM) into Azure.
  2. Configure VM daily backups.
  3. Install 32 bit Java RTE.
  4. Install 64 bit Java RTE.
  5. Install and configure controller software.
  6. Configure controller to start as a service.

Lets get started!

1. First things first sign into Azure and create an account if necessary and click on ‘Virtual machines’ from the left hand menu.

2. Click on ‘Add’.

3. Set the details as shown, Click ‘Create new’ to set a new resource group and set the Region to your location. Scroll down the options and continue configuring the basic options.

4. Set the username and password which will be used to access the Windows Server VM.

Click on ‘Review + create’.

5. Check over the options and click ‘Create’.

6. Wait for the VM deployment to complete, sometimes this can take a few mintues. Once complete click on ‘Go to resource’.

7. Scroll down the middle menu panel and click on ‘Backup’. Here you will configure a daily backup of the VM. If the VM error become corrupt or something goes seriously wrong after a windows update this will enable you to roll the VM back to a working version within a few minutes.

Select ‘Create New’ and create a new ‘Resource group’ and ‘backup policy’.

Click ‘Enable Backup’.

8. Click ‘Networking’ from the center menu panel and click on ‘Public IP’.

9. Click on ‘Configuration’ and set the option to for ‘Assignment’ to ‘Static’.

Click ‘Save’.

10. Click ‘Networking’ then click on the ‘Network Interface’.

11. Now we will set the local IP address of the server to be static so it stays the same all the time.

Click on ‘IP Configuration’ then click on ‘ipconfig1’.

12. Set the ‘Assignment’ to ‘Static’ and click ‘Save’.

13. Return to the VM settings menu and click on ‘Networking’ then ‘Add inbound port rule. Here you will allow connections from the internet to the VM required by the Unifi controller software to operate correctly.

14. There are several ports to open, the first is RDP which will allow you remote access to the VM so you can login to install and configure the software.

Follow the settings as shown here but replace the ‘Source IP’ to the public IP address of your office. This adds some additional security by stopping random people or bots trying to hack into your server over the internet. You can set the ‘Source IP’ to ‘Any’ if you wish just be aware if you have a weak password it will likely get broken into.

15. Repeat the last step and add the following inbound ‘security rules’.

For additional security you can set the ‘Source’ IP for port 8443 to your office Public IP address. This port allows access to the configuration web page of the controller. The Unifi controller software does have 2FA support but restricting access to specific IP addresses is a good idea.

Keep all other ports open so that devices can communicate from any location, especially if you are an MSP or manage multiple sites.

16. Now the VM is configured in Azure it’s time to connect and configure the Unifi controller software.

You can now directly connect to the VM using remote desktop to the public IP address shown in step 8. You can also connect from the VM menu by clicking on ‘Overview’, ‘Connect’ then ‘Download RDP File’.

Download and run the file and it will connect you to the VM.

Use the username and password you set in step 4 if it prompts for credentials.

17. If all is well you will connect to the VM. Give it a minute to fire up ‘Server manager’.

18. Now we need to ensure the firewall notifies us when it block an application from opening ports. We are doing this to make configuring the firewall easier but you can open the same ports from step 15. You can also create a program exception for both the 32 and 64 bit versions of Java.

I find it easier to enable firewall notification’s and unblock them when prompted. To do this click on ‘Local Server’ and then ‘Windows Firewall’.

19. Click on ‘Change notification settings’.

20. Tick the check boxes to ‘Notify me when Windows Firewall blocks a new app’ and press ‘OK’.

21. Do yourself a favor and install the Chrome browser to the server and set it to be the default browser. Internet explorer will not work out of the box.


22. Next download the latest version of the Unifi Controller


Download the installer to the servers desktop: ‘UniFi SDN Controller <Latest Version Number> for Windows’

23. Next download both the 32 bit and 64 bit offline installers for Java. At the current point in time only version 8 is supported. Download the latest release for version 8 as shown.


24. OK you have all of the installers required.

First run the 32 bit installer for Java accepting all default options.

Next run the installer for the 64 bit version of Java again accepting all default options.

25. Next run the Unifi Installer package and click ‘Install’.

26. UN-TICK / Clear the tick box to ‘Start UnFi Controller after installation’. We don’t want to start up the controller just yet.

Click ‘Finish’.

27. Someone thought it was a good idea to install the files for the controller software in the users profile path! You need to move it to the route of the C drive.

Locate the ‘Ubiquiti UniFi’ folder in ‘c:\users\<username>\’.

Right click the ‘Ubiquiti UnFi’ folder and click ‘Cut’.

28. Paste the folder into the root of C:\ as shown.

This folder holds all of the files to run the controller including the database and automatic software updates we will configure later.

29. Moving the folder breaks the desktop icon so Right click the icon and click ‘Properties’.

Edit the paths in ‘Target’ and ‘Start in’ as shown and press ‘Apply’.

30. Click on the ‘Change Icon’ so you can restore the Unfi icon.

31. Click ‘Browse’ and navigate to ‘c:\Ubiquity Unfi\’ and select the icon file and click ‘Open’.

32. Now click on the Unifi desktop icon to startup the controller software.

33. Windows Firewall should prompt you to allow Java to open the ports required. Tick both boxes shown and click ‘Allow access’.

34. After a minute or so the controller should start, click ‘Launch a Browser to Manage the Network’.

35. The UniFi setup wizard will launch, set your country location and timezone and enable ‘Auto Backup’ and click ‘Next’.

36. We wont configure any devices yet, just click ‘Next’.

37. We wont configure any WiFi connections yet so click ‘Skip’.

38. Here you specify the logon credetials to the web portal and below that the username and password which will be required to access and configure devices you add to sites, WiFi points, switches and firewalls etc.

Set the options and click ‘Next’.

39. Check over the configuration details and click ‘Finish’.

40. Here you can link the cloud controller to your ubnt.com account if you have one but just click ‘Skip’ if you are not familiar with this feature since its not required.

41. The controller is now up and running but lets configure a few important options.

Click ‘Settings’ from the three dot menu as shown below.

42. Select ‘Maintenance’ from the menu and configure the ‘Data Retention’ settings as sown and click ‘Apply Changes’.

These options define how much data the controller will keep for traffic statistics. Trust me you will save yourself hassle later by setting these options as low as possible. If you really need to see traffic graphs for the last week in 5 minute increments you can increase the values at a later date.

Just be aware that this dramatically increases the size of the database and its just gets worse the more devices you add.

Its not just a storage issue but also the more statistics you save the larger the database becomes and the longer the software takes to startup. Having startup problems due to large database files is a common issue to set these as shown.

43. Next click on ‘Auto Backup’ and enable the backup and set the frequency. Set the data retention to ‘Settings only’. This is done to keep the backup file sizes to a minimum and also to speed up the restore times.

Click ‘Apply Changes’.

44. Click on ‘Controller’ and set the ‘Controller Hostname’ to any DNS name you will use to access your controller over the internet. Here I set it to ‘unifi.slashadmin.co.uk’. Set an A record with your domain name host to point to the controllers public IP found in step 8. Configure a mail server to receive alerts from the controller if you wish and click ‘Apply Changes’.

45. Close the controller software because now we are going to set the controller to run as a service. I have no idea why the installer doesn’t do this by default, for some reason its an optional step.

Open up a command prompt ‘as administrator’ and run the following commands:

cd “c:\ubiqui Unifi”

java -jar lib\ace.jar installsvc

java -jar lib\ace.jar startsvc

The output should look like the image below. Close the command prompt window.

46. Open up Services and locate the ‘UniFi Controller’ service. This now runs the Unifi controller software so that even after a server reboot the controller will start up automatically.

I like to set the service to ‘Delayed Start’ so that the server has time to startup before starting the controller software.

47. Now open a browser on your own computer and browse to the URL configured in step 45.


Alternatively you can use the public IP address of the VM from step 8.


I hope you found this guide useful! If you have any improvements or find any fault with this guide please let me know.

Leave a comment if this helped you 🙂

Author: Ian@SlashAdmin

Share This Post On
468 ad


  1. Thank you for sharing your wonderful article.

    Post a Reply
  2. Thank you so much for sharing your page. It really helps me a lot and solves all my problems. Great steps!

    Post a Reply
  3. Had trouble with the Java command at the end
    I had this responce.
    java is not recognized as an internal or external

    Post a Reply
  4. VERY helpful article! This worked perfectly – thank you!!

    Please note, when you update the firmware, the new firmware will be written to the original folder (C:\Users\[username]\Ubiquiti UniFi\) and doesn’t modify the files in C:\Ubiquiti Unifi\ (which is what the service uses when it launches.

    To fix that, I used these steps to upgrade:
    1. Stop the UniFi service
    2. Cut C:\Ubiquiti UniFi folder and paste it into C:\Users\[username]\
    3. Run the UniFi firmware installer. Un-tick the Start UniFi Controller option (do NOT start the controller software)
    4. Cut the C:\Users\[username]\Ubiquiti UniFi folder and paste it back into C:\
    5. Run CMD prompt as an Administrator
    6. CD to C:\Ubiquiti UniFi folder
    7. Run: java -jar lib/ace.jar installsvc
    8. Run: java -jar lib/ace.jar startsvc
    9. Start UniFi service
    10. Login to the web admin portal
    11. Go to the Controller -> Controller Version section and confirm that you are running the new version.

    Post a Reply
    • I wish I had seen this comment sooner!! It would have saved me a ton of hassle.

      I applied an update almost immediately after I had setup our first site. It broke everything and I ended up screwing things up so badly that I just ended up rebuilding the controller and settings for our first site then factory resetting and re-adopting our equipment.

      Out of curiosity, what is the reason for moving it out of the User profile in the first place? I understand it is not normal to have a program running out of the User profile, but is there a functional reason for moving it?

      I just see this as a continuing future issue if myself or another future admin forgets and installs the update to the default directory. I’d rather not add complexity if it can be avoided.


      Post a Reply
      • It used to be a common issue that when you get to a certain number of devices and sites it caused the controller not to start up if it was in the users profile location. I had lots of support from Uniquiti who said it had to be moved to the root of C.

        Likely its not an issue anymore but you get the same issues with upgrades when someone logs in with another user account other than the one you originally installed it with.

        Post a Reply
      • It used to be that when your installation got to a certain number of devices or sites it would fail to start up so Ubiquiti recommended that I moved the folder to the root of C: to resolve the issue. Sure enough it did and never had an issue since.

        Also remember if you install it as one user make sure that future upgrades are done as the same user otherwise that causes issues with it being in another profile location.

        Never understood their logic with the install path!

        Post a Reply
  5. I am so thankful for sharing your blog and I would like to say thank you so much for sharing your blog.

    Post a Reply
  6. Thanks! You made my day! Was able to set up my first azure unifi controller within an hour!

    Post a Reply
  7. First of all great article. I plan to use it. 🙂 I wonder why you recommend they get a static ip on their server though. In my experience we can great a friendly azure url for the VM that we could use for the URL. Any reason you suggested the static vs perhaps doing the machinename.cloudapp.net /machinename ?

    Post a Reply
    • Good point. Yes you could setup a cname to the azure url if you wanted to make it more memorable for engineers when they are provisioning new kit. For us we needed a static IP mainly to allow the email to relay via our mail service. They only allow IP addresses to be entered as valid sending servers.

      Post a Reply
  8. Hi, there is no mention here of how to manage the UniFi Devices that are then on-premise on a different subnet. Taking this article literally will result in devices appearing as disconnected in the controller.

    Post a Reply
    • Hi Mark, you are incorrect. You can create a site and add as many networks as you wish. The subnet of the controller doesn’t come into it. You adopt your on prem devices into the cloud controller and configure the network you want to use.

      Post a Reply
  9. Hi Ian,
    Great article. I may just go down this route. Just curious how much this Azure VM costs per month? I assume you’re running it 24/7 of course.

    Post a Reply
  10. i have installed it succefully thankyou, But how can i get the green ssl certificate enabled.

    Post a Reply
  11. Great Guide thanks, however I am having trouble trying to scan for a unifi AP any advice?

    Post a Reply
  12. I read this article with interest. I am interested as to why a Windows Server VM was selected as opposed to one of the Linux VMs, such as Debian or Ubuntu. Of particularly relevant interest is the option to run the Alpine distro – – as Alpine is the basis for the UI rewrite of the UniFi controller.

    Post a Reply
    • Main reason is that im a windows guy. I know how to manage and fix windows.

      If I ran it on Linux then I don’t have the skills to troubleshoot or fix any potential issues.

      That the reason why I used windows but you guys can use Linux if you have those skills 🙂

      Post a Reply
  13. Thank you so much for creating this post! It worked perfectly for me. Your clear concise tutorial is fantastic!

    Post a Reply

Submit a Comment

Your email address will not be published.