Does Unifi allow you a great deal of control over BYOD devices?
It depends entirely on how much you want to control them, it is more limited to blocking them or unblocking them. You have the standard guest portals and user codes for access for periods of time etc.
Guests can be isolated so that they can't access anything except the internet etc.
But the traffic control is all by VLAN, as for VLANs need constant attention, since when, sounds like someone is hyping up a product that stops the need for VLANs using some rules on the controller, since all traffic is routed there. Personally I prefer none school owned devices entirely separate from our network though, on its own VLAN.
Future proofing is always an issue, it is difficult to answer that. If in 5 years time there is a sudden increase in demand on the wireless, then unify would need replacing probably, but then if it cost you 5k now, then is that a massive problem? in 5 years time, there will likely be new wireless protocols, running at faster speeds, that none of today's access points can support. Your choice may well be you spend 5-10k every 5 years on a new wireless with decent technology (unify) but not the best, or you spend 50k every 10 years on the best now. The best now, will probably be better for the next 5 years, then it would become on par for the next couple and then probably worse for the final three. It also costs you 30k more over 10 years.
Its a budget and technology balancing act.
I'm not completely sold on the inherent security of VLAN's either, http://www.cisco.com/en/US/products/....shtml#wp39054, there are plenty of articles like this from vendors that maintain VLANs were never meant to be used for security purposes but simply as broadcast domains? Or is this all overkill?