A couple of thoughts. I can go into more detail on any of these if you need me to.
-When it comes to wireless, there are two ways to plan. One is for coverage, the other is for capacity. Based on the number of devices(capacity) and space(coverage) that you describe, I believe that capacity is going to the be the bigger deciding factor. Remember that wireless is like using an old-school hub. Everyone hears everything. That also means that only one client can talk to one AP at a time. This isn't a limitation of a device (Cisco vs. Netgear) this is a limitation of the physical medium (airspace). Since you are programming for mobile devices, which will only support a single stream, you should plan on 1 dual band AP per 50 devices. If you choose to only support 2.4 or 5Ghz (airspace issues with neighbor offices for instance), then plan on 1 AP per 30 devices.
-The Cisco 887 only has a 100Mb connection. If you keep with your current plan, and do all of your L3 routing on the 887, it will become a bottleneck for anything that routes between your internal networks. Examples include: Local replication for Dropbox, Wireless synching between i-devices and itunes, Copying files from machine A to B, Time machine backups, etc. etc. This bottleneck occurs because anytime data must flow from one network to another (wlan to lan) it will need to be routed, and must go out, and then back in, from the same 100Mb interface. This might not be a big deal, but I wanted to mention it, just-in-case.
-The Wireless controllers are a good idea. The initial setup takes a little while longer, but from that point on, it becomes super easy to deploy more AP's or WLAN's. I don't know anything about them from personal experience, but I have heard good things about the Meraki AP's. It is an cloud-based controller solution, which Cisco recently bought. EDIT for clarity: I don't know anything about the Meraki solution. I know A LOT about the Cisco Wireless Controllers :-).
-How are you powering your AP's? Do you plan on using VOIP in the future? Consider both of these when considering whether or not to order a switch with PoE.
-Also, just noticed, you are planning on putting a firewall in-line after the router. That further complicates your plan to route between subnets there. I would plan on purchasing an L3 switch. That would simplify the deployment considerably.
Hope this helps. Good luck.
I would like to setup some sort of staging/prep area for pre-configuring the new access points, conducting inventory, tagging with asset tags, sorting AP by final deployment area, and so on.
In setting up this staging area, is there a better way to prime these AP's quickly and easily? Or are we already doing this in the most efficient manner?
NOTE: I am assuming you're already familiar with loading MIBs on a Windows / Linux machine, and using snmpwalk / snmpset... if not, please let me know
I recently discovered how well you can manage Cisco's LWAPs through the AIRESPACE-WIRELESS-MIB, in fact I have mostly forsaken our WCS in favor of managing our LWAPs with the MIB (we have a couple hundred LWAPs spread across multiple WLCs at our facility).
Since you know Perl, you could write a loop to poll your WLCs for the new LWAPs; then the script reacts accordingly when it sees a new LWAP mac-address on a WLC.
Using SNMP to manage LWAPs has been helpful, since I can automatically react to changes in LWAP to WLC mappings, as well as when an AP drops offline or gets large error / user counts. I usually poll them all every 15 minutes and record who is on them, as well as recording what LWAPs are on each controller. The WLC is powerful, but I like building custom-reaction scripts and reports.
Best Answer
While controller appliances are still sold, there are a number of trends that are becoming popular, among these cloud based solutions and virtualized solutions. While this is a bit off topic, there are also enterprise vendors looking at implementing SDN concepts in wireless...but that is another discussion and we have yet to see how that will play out.
Additionally, vendors are pushing more of what has been controller based "intelligence" to the access point, including roaming and policy enforcement decisions. This is largely a factor due to concerns about the potential bandwidth needs necessary to tunnel all the traffic from 802.11ac access points back to the controller. While the implementation is specific to vendors, this typically takes the form of a "control connection" between the controller and AP, while the data is dropped off directly from the AP to the local network.
Even so, there will continue to be a need for some sort of "controller" functionality in some form. For example, something to act as the NAS for 802.1X authentications. It simply doesn't make sense to configure each access point as a RADIUS client on your RADIUS server to function as a NAS individually.
No matter how the industry develops, no good enterprise class wireless system will exist without a management platform that will manage configurations, provide AP updates, and collect data to provide reporting and troubleshooting, so these aspects of controllers will also remain in some form.
You mention Aruba, but they also have non-controller based solutions, namely their "Instant Access Point" solution. While a newer offering, this is an example of a move away from the controller appliance model.
Cisco has acquired the Meraki cloud based solution to add to their product line. Aerohive runs either in the cloud or as a virtual appliance (also sold as a hardware appliance if you like).
Ubiquiti's solution provides a low entry point financially, but as with many things this comes at a cost even if it isn't in capital. The software they provide does take care of a number of these important factors, but only to a degree as they are not as fully featured as other vendors products and doesn't have as many configuration options (which can be important in a deployment). It also isn't nearly as polished a solution.
It is not my intent to knock Ubiquiti, it is a decent product. I have deployed it at several client sites.
Ultimately, you need to look at the features and performance you need/want to find the solution that fits your needs and budget best. There are many wireless vendors and only you can decide what is "right" for your organization. I would recommend calling and talking to several vendors as they will be happy to demonstrate their features and even let you evaluate their products. Keep in mind that they will all "market" their product as the best, so you will have to do some independent research to figure out which of their carefully selected feature highlights are mostly smoke and mirrors.