Smarthome for starters (part 3)
In the last two posts (Part 1), (Part 2) the general terms about Smarthome were explained a little. All that is important at the beginning, such as basic terms (actuators, sensors, etc.) as well as the type of hosting (where I build my smart home).
I would like to use this third part to write a little about the topic “Accessibility”.
To control the Smarthome, you must have access to this. It is possible to decide whether the Smarthome should only be accessible locally (in the own LAN) or also externally (which offers some advantages). Intermediate systems are usually used for this (or in the simplest case a port is opened at the local router).
The following article will deal with the possibilities of availability and the individual advantages and disadvantages.
Why should a smarthome be externally accessible?
At first, the question may arise, why the Smarthome wants to make accessible from outside. This is why Question will be answered first. As a result, and disadvantages are better understood and difficulties in different types of implementation.
In the optimal case, a Smarthome automatically controls everything.
Accordingly, nothing should be taken care of. Be it
light activated by radar or IR motion detector; or
the scenes lighting through certain devices (such as the TV or
Beamer) is activated automatically.
However, every smart home needs
Data and many of them. This data can be obtained in many cases by
internal sensor systems come and you still get a very extensive
Smarthome.
The following situation is now given:
It should be
Rolling shutter control are created automatically on the day
Roll shop closes when no one is home (or at least one
part lowers) and as soon as someone returns a day (and it still bright
), the shutters are moved up again.
This project is easily implemented without external access,
it is checked whether certain MAC addresses (smartphones) at WiFi Access
Point is registered and if yes, someone will be home. If
No one is logged in, the shutters are shut down.
However, this has a comfort disadvantage.
At first, the device must be in the WLAN, it is empty
nothing more. Furthermore, the range of the WiFi network must be quite large
so that you don't notice anything from down and uplifting yourself. And
Lastly, it is necessary that the smartphone always be
connects to the AP alone (WLAN should be on
Smartphone always be activated).
This results in
“only” local access an automation that works – but you
noticed when roller shutters are up/down, if necessary you are standing for a short time
always in the dark, or the roller blinds drive down when you yourself
is, but for some reason the smartphone is not registered in the WLAN
is (e.g. because it is empty).
External access allows you to build a solution that works significantly more comfortably.
Through an external (on the Internet) accessible (!safe!)
Endpoint we can send data from our devices to the Smarthome
send, such as the GPS position.
Using GPS
Zones in Smarthome (if supported), for example zones
which are 10m – 20m larger than the plot. Once
the smartphone reaches this zone, the smarthome center
informs that the smartphone (the person) is in the “home”
Zone. Then the shutters are moved up. On a WiFi
Connection is still in most households at such a distance
not to think.
This is of course a very simple
Example, but it is enough to show that by external access
more comfort can be achieved (which is usually the meaning of a smart home
is (there are other goals for Smarthomes (which sometimes do not
are compatible), but this is the topic for another
Contribution).
GPS tracking continues to allow
that the smartphone does not necessarily have to be in the WLAN, so a
empty smartphone not to make the roller shutter control one as
“not home” marked.
A GPS tracker is always an active
Sensor. The device to be tracked must be itself locations and
then forward calculated location to processing. There is no
Updates from smartphone, remains the last sent location in
Smarthome (e.g. home) – this can also behave in theory
to be amended.
Another advantage is that you have a smartphone,
which has been stolen, can pursue more or less well and
Finally, zones can also be created, for example, for work or similar
:
For couples it also opens the opportunity to see the girlfriend where the friend is driving around when this time again does not look at the phone because he has confusing and out for this reason since 10h is gone (I speak here for one friend *hust*).
Lastly, the external endpoint also offers the possibility to manually to make changes to outside. Be it the light after to switch off or control devices of all kinds (duty vacuum cleaners, washing machine etc.) and last can push messages directly on the Smartphone will be sent.
There are, of course, countless other reasons, which Explaining access – the mentioned reasons have led me to external endpoint.
How to implement this external endpoint?
The implementation of such an access can be carried out in various ways
are carried out. In the following, I would like to see the most famous possibilities
cover.
These are:
- Manufacturer Cloud (usually OEM solutions)
- Port forwarding (DynDNS)
- VPN (Proxy)
These three approaches are likely to have the greatest distribution by far.
Other implementations are technically possible (for example approaches such as
Fritz!VPN, who do not represent a truly open end-poihnt,
which problemless can be used by anyone.
This article
deals with approaches that do not lasting fixed VPN
Required connection to the home network, but basically from each
can be used from the device.
1. Manufacturer Cloud
The most widely used manufacturer cloud
Be a variant. Be it the Lidl Smarthome, Eufy or Ring, all offer
an app that will notify the user from anywhere when
something happens or all make it possible on the way
to access.
In principle, there is a main approach for this type of access.
The
purchased device is usually in an IP network (e.g. via WLAN)
and is recorded by APP with the user account of manufacturer X
connected.
The device then knows who it belongs to and sends all data,
which are required to the manufacturer server (e.g. video recordings,
Status of the device (e.g. battery status, functional condition, etc.). The
Users can then freely access this data.
The
complete initial configuration via the app, which
Server accesses and then sends the data to the camera (or the server
sends all required data to the camera).
What the data protection and trust has to mean is not subject of this post, but the recent incident of the company Eufy, which, in my opinion, was unjustified, clear the company advertises with “no data in the cloud”, but how should the images a ringing person, please come to the phone from on the way? – Thought would really help some people. This shows me but because here the implementation based on long ID’s nevertheless unhappy that I was not on strange people with my wants to leave home. Especially since this service is set and I then lose functions that may be used for buying of the product were responsible.
All in all, the manufacturer's blind is, however, the
simplest solution. The cloud is due to the mostly large
Manufacturer’s infrastructure (mostly any AWS, Azure hatched)
always online and also powerful. Service technology can be used
also rely on the manufacturer (as long as the services are of course
).
Here, however, the disadvantage is that usually only one manufacturer
support. There are a few approaches that break up a little
and the “China fleet” á la Tuya really helped. In
Normally it is possible to use all Tuya devices in a rebranded app
integration. Accordingly, all manufacturers which Tuya OEM
Use hardware/software, be managed and controlled in an app.
However, if it goes towards the “name manufacturer”, then it is usually more difficult...
Two. Port forwarding (DynDNS)
The port release known from Minecraft times on the router...
This solution is maximally simple and is set up in a few minutes, but also has some disadvantages.
The port release on a router is done quickly, usually via the web interface, the corresponding router at your home. Once you can use the public address of your router access the released port and the service behind it.
The disadvantage of this procedure is that you may have every X hours
(usually 24 hours) assigned a new address from your provider
and therefore your IP address will change. This varies from
Operators and in my case I have a fixed
public IP address and I can optionally as “Data Protection Feature”
activate the IP.
In the event that this is not available
is, there is also so-called. DynDNS Services. These provide a fixed endpoint
Address. This then leads to the dynamic IP of the router which
held up to date by a client program (e.g. directly on the router)
will. The router sends for this during each change (or periodically)
required data, such as the current public IP address and the
DynDNS provider will keep the address up to date on the DNS server.
Here's the advantage that without a manufacturer in between can directly access various devices, as you can effectively all Services can be released which are required. No data go to other persons, apart from the local IP address, which the DynDNS provider forcedly needed.
A disadvantage here is that a port on the router directly into the own home network is open. This is not bad by se, should but will be kept in mind, especially if you do not more needed.
3. VPN (Proxy)
The last possibility presented in this post (and my
According to the best), the VPN tunnel is a third system
and a proxy server.
This option requires some configuration and causes extra costs. But has some advantages.
First of all
can be a public SSL certificate
use which does not generate warnings in usual browsers.
Furthermore, the target system (in this case in the home network) will never be
to be made publicly available, but only through
Proxy is achieved. In case of damage, it may be accepted
does not happen much (if the server itself is taken over)
of course different).
In addition, the proxy
Possibility to use authentication before the target system, which
unauthorized access to the site itself makes difficult. In my
Example is therefore necessary for a user name and password for my proxy
and then with my Homeassistant username, password and one
Second factor. Lastly, only certain users can
Use interface (one with a 2 factor).
The disadvantage of this solution is, of course, the expense and the costs. The server not only needs to be set up but constantly maintained and it is also necessary to pay for this. Last is also the latency somewhat larger (because the procedure is as follows: proxy -> VPN -> Router -> Homeassistant), but this falls in the daily Never use. Only in real-time applications with MQTT-Over-VPN is likely to be the subject.
Advantages and disadvantages of external access
As initially written, an external endpoint has some advantages
compared to a closed system, just in terms of comfort helps
this enormous. However, there are also no disadvantages to be underestimated. It
is always possible that something goes wrong. Both
Manufacturer Cloud, as well as the self-placed Smarthome system can
have weaknesses, so can possibly Damage or aliens
People can enter the home network or the home control system.
Accordingly,
the direct access of such a solution is always a little
Risky. But also the use of a proxy does not protect
completely against such problems. Vulnerabilities in proxy, server and in
the Smarthome solution represents potential security risks
I would like to point out that we have to look at it. For people with Shodan a little
made warm, it is a light badly protected smarthome
to locate and then a little in private
Looking at households and possibly controlling their lamps and gates/doors... –
You should make sure that you don't
happens.
But also functionally such a solution can be
tendential risk that is not even technical
must. In the event that you can get through automation, for example
when the door controls the Smarthome (e.g. by an RFID)
Beacon, as soon as this is detected by the smartphone, the door opens) –
If automation works by whatever reason
and you don't have any keys or anything, you don't come
more in the apartment.
Just in time when the technology is good
work, you tend to rely on technology and
lets the key at home, but this should be
be thoughtful. Such a system can quickly fail (for example
due to the defect of a power supply or voltage failure). Straight ahead
critical points of the house should always be secured and one
itself should always allow a backup access. This can be
simple organizational measures, such as the
to give neighbors a replacement key or also technically through a
redundate backup, whatever this may look like.
A
external endpoint can create many possibilities and quickly awakens
the impression that you can always rely on technology, this
should always be questioned critically. It happens quickly that
you look at your own technology as “better” and “100% safe” because
months or even years nothing happened. It's just one
only failure at a bad time is necessary, then nothing is possible
more.
But here is not just something abstract like the front door
also means a heating control without manual possibility for
Control, only logically linked lighting (as with me) and some
other, can quickly cause disadvantages. As an example I had
a few days ago no light for almost 10 hours, because in a
Memory upgrades despite backups my systems no longer advanced
are. Importing backups has cost a lot of time, but in the
I couldn't control time in my apartment. I got it
with time much too much to rely on my technology (consequently,
it wasn’t possible – I was the
fundamental risks conscious, but it can also be done by simple things
how a memory upgrade happens that nothing goes anymore).
Final
To summarize this article, I can say that an external
Access is basically a good thing. However, in each
Case be secured.
The possibilities of such access
are comfortable and quite an enrichment, but should
never automations are used which critical areas of the
control life (access to housing, gas and water supply as well as
Power supply). At least there should always be the possibility
to be able to manually intervene or execute a replacement plan, which
does not depend on the services of the automation system.
Back…