For a small footprint, that’s fine. For an MSP managing dozens of dental and orthodontic practices across the country, it adds up fast. Every new location meant sitting through the same sequence of configuration steps. Every policy change meant doing it over. The only way to maintain consistency was discipline and documentation, and those are fragile.

UniFi Fabrics, announced in January and officially moved to the stable branch in April 2026, is Ubiquiti’s answer to that. It’s a management layer built on top of Site Manager that lets multiple UniFi sites be grouped under a shared administrative and identity model, with centralized role-based access control, identity provider integration, policy and device templates, and more. The short version: a single control plane that treats all your sites as one system instead of a collection of independent deployments.

Here’s what that actually means in practice.

The Orchestration Engine: Blueprints and Canvas

Blueprints and Canvas are the two main tools inside the Orchestration Engine. Blueprints handle initial site deployment. You pre-provision a new site in the Fabric, and installers receive a Magic Link with instructions to bring the site up against your pre-configured settings, including custom WAN settings per site. Canvas handles ongoing configuration compliance. It contains settings that are synced to site devices and can’t be modified from within the individual site’s Network application.

That second part is where the real operational value is. Canvas settings are enforced. You configure a firewall policy, a guest network isolation rule, or a DNS server at the Fabric level and it stays that way across every site. A technician working inside a specific site’s console can’t accidentally (or intentionally) drift from the standard. For an MSP environment where you’re handing different contractors access to different sites, that’s not just convenient, it’s a compliance consideration.

Blueprints are equally useful on the deployment side. New sites can be deployed rapidly while maintaining consistent organization configuration and security standards. Scaling infrastructure is simplified through device templates and policy assignments that enable true Zero Touch Provisioning. In practice this means a new practice location can come online with your standard VLAN setup, your firewall policies, your SSID configuration, and your monitoring integrations already applied, before anyone on your team logs in. The installer follows the link, connects the hardware, and the site comes up in your Fabric.

RBAC and Identity

Fabrics provide a way to centrally manage people and assign granular permissions across multiple UniFi sites. By defining access at the Fabric level, administrators can scale both user and administrative access without duplicating configuration per site.

The permission model splits into two categories. Admin permissions control access to the UniFi management interface, ranging from full access to view-only or application-specific grants. User permissions (through the UniFi Endpoint app) cover things like One-Click WiFi, One-Click VPN, and Smart Door Access.

For MSPs, the more relevant feature is IdP integration. Administrators can bind leading identity providers, apply user-based policies, and deliver secure access through a seamless UniFi Identity experience across platforms. Security is enforced by identity, not location-specific policies. Microsoft Entra is explicitly supported. This means employee onboarding and offboarding in your client’s directory automatically propagates to UniFi access. A new employee gets provisioned in Entra, and their UniFi permissions appear. Someone leaves, their access is gone. The Identity Sync Service runs on a designated console called the Master Site, which acts as the orchestrator for people and permissions across all sites in the Fabric.

Hardware requirement worth noting: IdP binding requires one of the following consoles to be present in the Fabric: UDM Pro, UDM SE, UDM Pro Max, EFG, UNVR Pro, ENVR, or ENVR Core. UniFi OS v4.4 or newer is required. If you’re running older hardware or lower-end gateways as your primary console, plan for that before you start.

The API and Automation Layer

The Fabric API extends the platform to developers and integrators with complete documentation, Ansible support, and unified access to every connected environment through a single interface.

This one is early days, but the direction is clear. A single API endpoint that covers your entire deployment is a different thing than site-by-site API calls. If you’re building automation around UniFi or integrating it with something like N-able or a PSA tool, the Fabric API is where that work will eventually live.

The No-Licensing Part

Site Manager redefines how enterprise IT is built and managed, bringing together power, simplicity, and scalability without added licensing complexity. The future of enterprise IT is unified, scalable, and completely license-free with UniFi and the new Site Manager.

That’s Ubiquiti’s marketing language, but it’s accurate. There is no per-site licensing, no controller hosting fee, no tier you need to upgrade to in order to use Fabrics. That’s a real differentiator. The platforms that compete with this level of multi-site management capability charge for it, usually on a per-device or per-site basis that compounds fast across a large fleet.

Getting Started

Fabrics is available now on the stable branch. To get started, navigate to Site Manager, select or create a Fabric, go to Settings > Identity, and enable Consolidated People Management. From there you can optionally bind an Identity Provider for Zero-Trust networking and automated employee onboarding and offboarding.

The recommended approach (and worth doing before you get deep into it) is to make sure a single company-managed UI account owns all your sites. It’s not strictly required to use Fabrics, but it simplifies RBAC and is required for the Site Magic SD-WAN feature if that’s on your roadmap.

The Ubiquiti Academy also has material covering how Fabrics is deployed and operated at scale. If you’re setting this up for the first time across a large fleet, start there.

Resources:

• Introducing UniFi Fabrics: https://blog.ui.com/article/introducing-unifi-fabrics

• The New Site Manager, Now Official: https://blog.ui.com/article/officially-bringing-unifi-fabrics

• Getting Started with UniFi Fabrics (Help Center): https://help.ui.com/hc/en-us/articles/30979808349463-Getting-Started-with-UniFi-Fabrics

• Managing Fabric People, Roles, and Permissions: https://help.ui.com/hc/en-us/articles/31557407384343-Managing-UniFi-Fabric-People-Roles-and-Permissions

That’s the short version. The longer version is more interesting.

The Detour That Made Sense Later

A few years behind the green apron, then a move that looked completely unrelated on paper: operations management at U-Haul. If that sounds like a wrong turn, it wasn’t. That job taught me how to troubleshoot systems under pressure when someone is standing in front of you, frustrated, and the clock is moving. That skill transfers directly to IT support. It just wasn’t obvious at the time.

At some point, with the support of my family, I made the decision to go all in on technology. I enrolled at Tennessee College of Applied Technology and started stacking credentials. CompTIA A+, Network+, Security+. Then Microsoft’s Azure Fundamentals, 365 Fundamentals, and Security, Compliance, and Identity (SC-900). No four-year program, no shortcut. Just focused study and a clear direction.

That path led to Impact360, a managed service provider handling technology for dental and orthodontic practices across the country. The platform I work in shows 5,545 managed endpoints across our client base as of this morning. (Pulled that number directly from our RMM tool before writing this sentence.) Workstations, servers, imaging equipment PCs, and everything in between, spread across 50+ practices where downtime is measured in patients, not just lost productivity.

What the Day-to-Day Actually Looks Like

The practices we support run software most people outside this vertical have never heard of: Dolphin Management, OrthoTrac, Dentrix. They have dedicated imaging systems for dental X-rays. They run Remote Desktop Services so multiple users can share a single application instance across a server. They have VoIP phones, Cisco Meraki firewalls, UniFi access points, and SentinelOne doing behavioral detection on every endpoint.

When something breaks in that stack, the front desk can’t check patients in. The doctor can’t pull up treatment records. The X-ray system won’t capture. That’s the environment I work in every day, and it’s a surprisingly complex one for an industry that doesn’t generate a lot of written IT content.

I’ve built custom software to solve a port-conflict problem that shows up in Dolphin Management’s RDS deployments. I’ve scripted BitLocker auditing across the fleet and found compliance rates well below what anyone would have guessed. I’ve done full VLAN schemas for practice networks from the ground up, configured Meraki warm spare HA setups, and worked through the kind of vendor-specific failures that don’t appear in any official documentation.

Why I’m Writing

I’ve always had a knack for writing. Not in the “always wanted to be a writer” sense. More in the “I notice when a sentence is wrong and I can’t move on until I fix it” sense. It’s just something that comes naturally, and for a long time I didn’t have a dedicated outlet for it.

This is that outlet.

The blog lives under the Syght Ventures brand, which is the umbrella for the work I put out publicly. What you’ll find here is field-level IT content with enough detail to be useful, not career advice listicles or surface-level takes on industry news.

That means posts about the dental and orthodontic IT vertical, which is genuinely underserved in written content considering how complex it is. It also means posts about the broader technology world. Apple, Microsoft, Anthropic, OpenAI, Google, and all the things those companies are building that shape the environments practitioners like me work in every day. AI is changing what managed services looks like. I have opinions about where that goes, and I know how to write them down clearly.

What to Expect

Some posts will be technical walkthroughs of specific problems and how they got solved. Others will be field notes from working across a large fleet. Some will be commentary on tech industry news and what it means for people actually working in IT, not just watching it from the outside.

Posts go out when there’s something worth writing about. Not on a schedule.

If this is the kind of content you’re looking for, the subscribe button is right below.

Found me on LinkedIn first? The shorter takes go there. Full posts live here.

Subscribe now

Subscribe now