We use the Ubiquiti UniFi Controller (now in version 5.8.24 stable candidate release) to run our networks. Our best practice suggestion is to have 2 virtual machines – a production and a development role which alternate after each release – and then use a DNS service such as DYN for assigning the active machine to be the controller.
Of course, Ubiquiti always recommends a backup before versioning up and this is wise advice. However my experience is that sometimes you don’t recognize what is going wrong until you are into the new build for a couple of days. So we have worked our way around that problem by creating two (2) virtual Windows environments at Amazon EC2 space. The method we followed was to create 2 equal environments – Windows, Java, UniFi controller 5.7.23 running identical management sets of data; and then we updated one of the machines to 5.8.24; after the update and testing the machine we updated the DYN software to point to the updated UniFi controller. The DNS update by DYN is not instantaneous so we left the 5.7.23 machine running for 48 hours before turning off the controller and the virtual machine. We took a baseline backup of both 5.7.23 and 5.8.24 machines post upgrade.
The development machine (now the 5.7.23) will remain off while we test the production (now the 5.8.24) machine. Assuming everything goes as planned the next stop for the 5.7.23 machine will be an upgrade to the next stable candidate release after 5.8.24; and then the present 5.8.24 machine will become the development machine.
By spinning up the 2nd virtual machine we have made rollbacks of stable release candidates possible by simply changing the DNS information.
P.S. Be sure to use complicated and lengthy passwords. My personal advice use a password generator to generate both your username and your password. And go for the complicated passwords 15+ characters of alphanumeric and special characters. And always use two factor authentication if it is offered.