A couple of thoughts. I can go into more detail on any of these if you need me to.
-When it comes to wireless, there are two ways to plan. One is for coverage, the other is for capacity. Based on the number of devices(capacity) and space(coverage) that you describe, I believe that capacity is going to the be the bigger deciding factor. Remember that wireless is like using an old-school hub. Everyone hears everything. That also means that only one client can talk to one AP at a time. This isn't a limitation of a device (Cisco vs. Netgear) this is a limitation of the physical medium (airspace). Since you are programming for mobile devices, which will only support a single stream, you should plan on 1 dual band AP per 50 devices. If you choose to only support 2.4 or 5Ghz (airspace issues with neighbor offices for instance), then plan on 1 AP per 30 devices.
-The Cisco 887 only has a 100Mb connection. If you keep with your current plan, and do all of your L3 routing on the 887, it will become a bottleneck for anything that routes between your internal networks. Examples include: Local replication for Dropbox, Wireless synching between i-devices and itunes, Copying files from machine A to B, Time machine backups, etc. etc. This bottleneck occurs because anytime data must flow from one network to another (wlan to lan) it will need to be routed, and must go out, and then back in, from the same 100Mb interface. This might not be a big deal, but I wanted to mention it, just-in-case.
-The Wireless controllers are a good idea. The initial setup takes a little while longer, but from that point on, it becomes super easy to deploy more AP's or WLAN's. I don't know anything about them from personal experience, but I have heard good things about the Meraki AP's. It is an cloud-based controller solution, which Cisco recently bought. EDIT for clarity: I don't know anything about the Meraki solution. I know A LOT about the Cisco Wireless Controllers :-).
-How are you powering your AP's? Do you plan on using VOIP in the future? Consider both of these when considering whether or not to order a switch with PoE.
-Also, just noticed, you are planning on putting a firewall in-line after the router. That further complicates your plan to route between subnets there. I would plan on purchasing an L3 switch. That would simplify the deployment considerably.
Hope this helps. Good luck.
Clean Air is enabled by default on the radios of AP that support Clean Air. It is primarily hardware based so it is 'bound' to a radio, not SSID. You can mix them (APs), but only the ones with Clean Air will do spectrum monitoring on the channel they are on and report configured events.
You enable Clean Air for a/n and b/g/n under the wireless tab at your WLC. You can configure it to report detected interference and tune what type of interference to ignore or detect. Also you can disable Clean Air on AP basis, you should see Clean Air capable field somewhere on the configuration page for the AP. This will override the global WLC setting for that AP since it is more specific.
Best Answer
For your requirement
Preferably if your DC is expanding i would suggest to go with N9k if you are not looking specific to any FC port; Regarding the technology with ACI, CISCO's APIC controller is still in its initial stage and would have many bugs initially.
For the technical answer for minimal configuration, N5k support Openflow, onePk and python; as long as you are not implementing APIC controller forget about minimal configuration in N9k; both N5k and N9k provide same functionality (keeping aside APIC controller).
Look into the hardware and choose the best, configuration minimality is always achievable by software.
btw N9k has more throughput than N5k [1.92/1.44Tbps]
HTH Buck!!