Frequently Asked Questions

First of all, you need to log in to the Domotz Portal where you can download the Domotz Agent. This then has to be installed on your NAS or Raspberry Pi, by following the instructions provided in the Portal. Once you’ve installed the Agent, you need to log in with your username and password and give your Agent a name. The Agent will then scan your network for connected devices and once that’s done, you can start using Domotz.

Simply tap on a device in the Domotz App, tap in the Name box and you’ll get an option to change the name of the device. Tap on the green check mark to save the new name.

Simply tap on a device in the Domotz App, tap in the Type box and you’ll get a list of device types to choose from. Tap on the type you want and it’ll automatically be saved.

The way the monitoring of devices work is that we send six (6) pings every 30 seconds to each device on the network. If one or more of those pings are returned, then we count this as a Heartbeat. A device can “miss” three Heartbeats without being marked as Down. If a device doesn’t return any of the pings within a two (2) minute period, then the device is marked as Down. If the device starts to respond to pings again, it gets a new Heartbeat and is marked as Up again.

Through the Alerts menu on the main view of the app you can set either ‘push’ or email notifications of Network Alerts for:

• Agent connection Lost/Recovered
• New Devices Discovered
• Missed Heartbeats Detected
• Device Goes Down
• Device Comes Up

The Domotz agent requires the following port connections to communicate properly. Please ensure that your firewall settings are updated to meet these requirements:

North America

• api-us-east-1-cell-1.domotz.com (port 443)
• portal.domotz.com (port 443)
• messaging-us-east-1-cell-1.domotz.com (port 5671)
• echo.domotz.com (ICMP)
• sshg.domotz.co, us-east-1-sshg.domotz.co, us-east-1-02-sshg.domotz.co, us-west-2-sshg.domotz.co, ap-southeast-2-sshg.domotz.co (range: 32700 - 57699 TCP) – these are required for the Remote Connection functionality.
• M-Lab based speed tests (ports 3001-3010 and 32768-65535 TCP)

The Rest of the World:

• api-eu-west-1-cell-1.domotz.com (port 443)
• portal.domotz.com (port 443)
• messaging-eu-west-1-cell-1.domotz.com (port 5671)
• echo.domotz.com (ICMP)
• sshg.domotz.co, us-east-1-sshg.domotz.co, us-east-1-02-sshg.domotz.co, us-west-2-sshg.domotz.co, ap-southeast-2-sshg.domotz.co (range: 32700 - 57699 TCP) – these are required for the Remote Connection functionality.
• M-Lab based speed tests (ports 3001-3010 and 32768-65535 TCP)

Users can install the Domotz Agent on their Windows OS.

Currently, we do not have a macOSX package that will run the Domotz Agent. However, you may install a VM on macOSX that mounts a standard Debian Linux OS and then install the Domotz agent.

Please click here to download the Windows software installation package from Domotz. If you want details on how to set this up, read more in our Domotz Help Center or contact [email protected] for additional information.

Want to learn more about how to set up the SNMP integration with Domotz?

Read more in our Help Center.

In order to migrate a Domotz Agent to new hardware or to a new Domotz Box, you will need to involve our Support team to make the switch. When you contact Support and open a case you will need to provide information about the agent you’re moving from and the agent you’re moving to.

You can provide the name or mac address of the Domotz agent you want to move by logging into your account. You will also need to provide the mac address of the new Domotz agent installed on the new hardware. Our Support team will use this information to swap the agents for you.

Here are the steps to follow:

1. Stop the Domotz Agent running on your original hardware.
2. Contact Domotz support and provide us with the name of the Agent you stopped and want to move as well as the MAC address of the new hardware
   
   NOTE: The MAC address for the Domotz agent embedded in the Luxul Router is not the same MAC as the Router itself. In order to get the MAC address of the Domotz agent to follow these steps:
1. Login in the Luxul router Web Administration page
2. Go to “Third Party Software” and select “Domotz”
3. Enable the embedded Agent service, do NOT activate the Agent yet. Retrieve the MAC address of the Domotz Agent
3. Wait until the Domotz Support team has confirmed that they have modified our system and transferred the agent configuration.
4. Start the new Domotz agent on the new hardware or just plug-in the new Domotz Box. Wait for 5 to 6 minutes.
5. Connect to the following URL from your web-browser: http://[ipaddress]:3000. The [ipaddress] is the address of the new hardware. You can get this IP Address using the Fing Network Scanner or any other network scanning tool.
6. Once you connect to the Agent, login to your Domotz account with your credentials and you will see the button “Resume Agent” which will complete the copy process of your previous configuration.

NOTE: A ‘lifetime license’ (discontinued in January 2019) is in reference to the life of the product and is a non-transferable hardware license. Therefore, Agents on a Lite Lifetime license cannot be moved to new Hardware.

We have seen that many times you need to change the registry to enable external RDP connections. Go to regedit and change the following keys:

• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
• “SecurityLayer”=dword:00000001
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
• “UserAuthentication”=dword:00000000

At times some additional configuration will be necessary so if this doesn’t work please contact [email protected] and we will provide you with more details.

Domotz includes a very easy-to-understand subscription pricing model where you only pay $23/month for monitoring one entire /22 network (and additional Vlans) with a configured Domotz Agent: each Domotz Agent sufficient to monitor one entire network. If you are planning to share access to your colleagues, it's free to add unlimited team members to Domotz Standard Account. There are no hidden costs and you can monitor and manage all of the devices on your network using one single Domotz Agent. Domotz is free for the first 14 days and then on a monthly subscription plan. You do not need a credit card to sign up. You can learn more about Pricing options at https://www.domotz.com/pricing.php

When you sign-up to Domotz, you’ll get access to a free trial of the software. This allows you significant time to explore the software’s features and learn if it meets your needs.

The free trial does not require a credit card. At the end of your free trial period, you will be notified that the trial is expiring and receive an invitation to subscribe to a Domotz payment plan.

You may decide to purchase the Domotz solution at any time by adding your credit card information to your account. Domotz will provide you with monthly invoices for your active Domotz agents and your credit card on the account will be charged based upon your usage.

Your account, agents and payment plan can be managed through the Domotz Portal at: https://portal.domotz.com/login

Domotz offers a host of remote network management features available to all software users including:

• Network and Device Monitoring: Monitoring of an unlimited number of devices per network, SNMP monitoring, Multi-VLAN/Subnet support, latency, and automated network mapping.
• Network and Device Alerts: Alerts can be configured for network status, device offline and new device discovered. Unlimited alerts can be configured per agent.
• Network Diagnostics: Speed tests, internet health, network history log, Ethernet port monitoring.
• Power Management: Remote Power management, Power Reboot, PoE, Wake-on-LAN, support for Network Switches & PDUs.
• Remote Device Access: Remote access is support for Web, Console and Remote Desktop connections. The supported protocols include; HTTP, HTTPs, RDP, and Telnet connections.
• Automation System Integration: Built-in support for automation systems (Control4, Crestron, Lutron, AMX) and many more coming soon.
• Manufacturer Support: Integration Companies can also share a remote network with hardware manufacturers for a more effective and streamlined troubleshooting session.
• Multi-Protocol Support: the software supports IP, Cresnet and ZigBee protocols and there are plans to add more protocols in the future.
• Team Management: Different levels of access for team members in an organization. Add/delete team members and assign roles.

To see the complete list please visit https://www.domotz.com/features.php

Domotz offers a number of benefits over other systems available on the market:

• Monitoring via MAC address: Domotz monitors and tracks devices by MAC address rather than by IP address.
• User-friendly GUI: our system is entirely focused around mobile and user-friendliness
• Unlimited devices: no limit to the number of devices that can be monitored. We charge a flat, transparent service fee whereas other systems charge per device or alert
• Security and encryption: When you connect to a device remotely, we create a secure and unique ssh tunnel. With many other systems, you are given a web link, which can be copied and sent to anyone.
• Remote connectivity: our software supports RDP/SSH and Telnet connection
• Remote power management: We support a variety of IP controllable power plugs (digital logger, watt box, APC…) and we are adding more every week.
• Cheaper Hardware: We offer cheaper and even free hardware options for installing the software
• Network Diagnostics: In addition to providing speed tests, we also offer Internet Health checks to diagnose network health.

Most companies want to be "secure," but are failing to invest the time and resources to properly solve for it (yes, even in the MSP space). We are proud to say that, since Day 1, Domotz was built with solid security principles powering our cloud services. Security is a core pillar on which we've built our development process and we always take into consideration best practices adopted in the market to allow a secure and reliable service.

Here is a complete overview of the Security and Privacy principles Domotz has in place, with a focus on the encryptions adopted both at rest and transfer level (you might be concern about how data is treated during the transferring or how data is stored in our Cloud infrastructure).

Please find our Security and Encryption Principles on our WebSite:

Domotz Security Standards

Note: We have updated this document with particular reference to the Remote Connect functionality we introduced at the end of 2017 (the Open TCP - Remote Connection). We have protected the end–point of the SSH/SSL tunnels allowing only connections coming from a specific calling public IP (which initializes the Remote Connection), and with regard to the Two-Factor authentication mechanism.

This FAQ is a great place to start! We have lots of resources in this section pertaining to the security practices that Domotz has put into place. You can also contact our support team with additional questions.

Some of your customers may have concerns with a solution based in the Cloud. Please find the following white-paper we prepared to address those concerns:

Cloud Security Whitepaper

The Domotz platform is adopted by many enterprise companies, retail and restaurant chains, local and national government agencies, Law jurisdictions and more. These organizations have conducted their own security and risk assessments, perform Penetration Tests against all the components of our infrastructure (Agent, Cloud and App), and put Domotz under intense scrutiny throughout their due diligence processes.

Every single Domotz user benefits from these relationships because all additional security improvements as a result of these assessments are deployed across the platform.

Finally, it is worth mentioning the existing Case Study for Domotz Custoner, Identytech. Identytech provides it's worldwide customers with best-in- class complete identity management solutions – financial services, healthcare, and schools.

Our Domotz Box is based on the Ubuntu Core OS (by Canonical), which inherits the following benefits:

• Lighter and more secure OS
• Complete, transactional and automatic upgrades are guaranteed for the Domotz Agent software
• The SNAP packaging technology (built into the Ubuntu Core OS) guarantee automatic upgrades of the OS and Kernel level (this is very important from a security perspective).

If you want more details about the security of the Ubuntu Core OS, please have a look at this white-paper:

Ubuntu Core – Security Whitepaper

Please read our blog post about different techniques used for remote access:

Remote Access Security

Yes, we do! We are in the business of providing you with a service, not of selling your information. That is why we charge a monthly fee for our services. The privacy policy for our website can be found at https://www.domotz.com/product-privacy-policy.php

We operate under US, UK, and European Privacy laws and take privacy very seriously. You will always be 100% in control of what data, if any, you ever want to share to the outside world. It is not just a promise, it’s the law.

We send diagnostic and identification data of your electronic devices (such as, for example, IP address, MAC, online status, network speed) to our servers on the cloud with the sole purpose of letting you access such information from anywhere via your mobile or web app. We normally store such data for a month by default in case you want to review historical information on your network, and you are able to decrease such time in your user settings.

Domotz allows full control of who is enabled to see or access your network. You can turn access on and off at your discretion for any individual you invite via the collaboration dashboard on the Domotz App. You also get notified by email or mobile notification every time an external party accesses any of your devices.

Domotz has adopted administrative, physical, and technical industry-standards (including encryption, firewalls, and SSL) to safeguard the security of our services and to protect the confidentiality of personally identifiable information. When designing and developing our solution we adopted the principle of Least Privilege.

Moreover, since the early phases of development, we have engaged independent bodies to perform continuous security assessments and penetration testing and we continue to do so on a recurring basis. On a practical level, your data in the Domotz cloud is as safe in as other mainstream cloud services, such as iCloud or Dropbox. We actually built our cloud solution on top of the best and most common practices with regard to security: as compared to other competitors in the same market (Home Automation), we believe that we have also stressed more than others on the security aspects.

Cloud Infrastructure

The Domotz solution relies on very strict perimeter security policies. E.g. only the required standard communication ports are open to the public, while we use a different communication channel for the management. We have implemented multiple levels of firewalls keeping the front-end servers (with no-data) completely segregated from the back-end servers (managing customer data). To protect systems and data in the Domotz cloud, we adopt the “Defense in Depth” principle, which focuses on implementing several layers of security to guard against cyber threats or, in the unfortunate case of a cyber compromise, to quickly detect and mitigate its effects.

Therefore, we have got an automatic monitoring system which alerts the Domotz IT department if any strange behavior or anomalies (such as an intrusion) happens on our systems. Finally, we have engaged external and independent bodies to perform continuous security assessments and penetration testing in order to guarantee the highest level of security for our cloud solution.

Account Password Management

The standard creation of an account is based on a common practice: during the creation of an account, we do not allow the user to insert short passwords, and we also provide a ranking of the strength of the password chosen, though the user is free to use a weak one.

Passwords are never sent over emails, and you can't change your account password if you do not have access to your email inbox. As a matter of fact, if you forget the password, Domotz sends a token link to your email box to change the password (we don't send you the new one directly). And you will also receive an email as soon as you change the password (so that you can spot if somebody else has changed your password).

Under no circumstances do we store your password in clear text. All user passwords are encrypted with the highest security standards (SHA2-512).

Client Communication with Domotz Cloud

All communications between the Domotz App (either the Mobile App or Portal-WebApp) are established over a secure HTTPS channel (HyperText Transfer Protocol over Secure Socket Layer). As you can see from your Web Browser when connecting to the Domotz Portal or Web App, there is a Green Lock near to the URL, which means that the connection is certified to be secure.

This means that the entire communication between the Domotz App and the Cloud is over a secure channel (encrypted). Your account password is only transmitted over this secure channel to monitor and act on your home network (or your client's networks).

You are the only user that can interact with your network unless you "Invite a guest" to manage that network. You are always entitled to revoke this invitation at any moment you want so that the invited guest can't act anymore on your monitored network. Only the owner of a specific agent (network) can invite or revoke guests on his network.

Agent Communication with Domotz Cloud

All the commands to the Agent (e.g. switch on/off power plugs, etc) are sent over a secure channel (AMQPS - Advanced Message Queuing Protocol over Secure Socket Layer). Each agent/network has its own private channel, and this channel can only be accessed by that specific agent (the user/password is created at the moment of the Agent configuration, and it's only stored on premises on your Domotz device.

The Domotz solution does not increase the possible attack surface of the Home Network since all the communications are established from within the Home Network toward the cloud. It creates encrypted and temporary overlay networks from within the Home Network to the Cloud. Therefore, no additional ports should be opened to the outside.

Remote Connect Functionality

When clicking the Remote Connection (it is either HTTP or HTTPS, SSH or Telnet, RDP or VNC), we establish a secure channel (Encrypted Overlay Network) between your home network and our cloud and an HTTPS channel between the App (either Mobile App or Web App). So the entire communication from the App to the Agent is encrypted (and nobody can sniff the content of it). Of course, the communication between the Agent and the end-device (e.g. a WebCam), if it is over a non-secure channel (e.g. HTTP), is not encrypted, but that is only internal to the local network (We assume you trust your network, otherwise you won't have non-encrypted services).

With our mechanism, you simply can't sniff that traffic. Moreover, as stated above, with Domotz solution you do not need to open any port on the Home Router to access your home devices remotely; as a matter of fact, opening ports on the Router (which usually do not offer trusted security features) increase the risks of being attacked, since most of the malicious attacks start from a scan of the potential attack surface.

Finally, the Domotz solution for the Remote Connectivity guarantees an additional level of security, given that all the supported protocols are encrypted when the data is exposed to the public network. Therefore, even the data for the Telnet and HTTP Remote Connection (which, by default, are not encrypted), with the Domotz solution are secured on the public network by this encrypted channels.

PDUs, Smart Plugs, and SNMP community passwords

Some PDUs, or Smart Plugs or SNMP devices are password protected. In order to allow our users to remotely control their devices, we ask through the App the user/password to act on that specific device. The user/password is transmitted to our Cloud over a secure channel (HTTPS), and from our Cloud to the Agent over a secure channel as well (AMQPS).

In order to have a better experience, we ask for the password just one time (unless you change the password on your device, of course). However, we do not store the password in clear in our Cloud. We store the password encrypted and password protected, so that a possible hacker attack which might get access to the database (though we believe nobody will be able to do that), will never be able to decrypt that password.

Domotz enhances the features of existing home automation systems because in addition to controlling it also provides monitoring functionalities.

Domotz has also established key partnerships with leading Home Automation System manufacturers including Luxul, Crestron, Nuvo and many more will be announced in the coming months.

Visit the Domotz forum page on Automation System Support for an up-to-date list of supported controllers.

Domotz does support multi-VLAN configurations which enable you to monitor devices on different VLANs. We recommend using Domotz Hardware for multi-VLAN monitoring because we can ensure performance. You can get more information from this post on our forum at https://community.domotz.com/index.php?/topic/164-how-to-configure-support-for-multiple-vlans/#comment-597

Domotz currently supports a wide range of IP controllable plugs and PDUs including:

• APC
• Amcrest
• Aten
• Baytech
• Belkin WeMo
• Crestron
• CyberPower
• Digital-Loggers
• Edimax
• eyePower Limited
• Gude
• JJPlus
• Keene Electronics
• Kankun
• Liberty AV
• Lindy
• Luxul
• Middle Atlantic
• Millson
• Orvibo/Wiwo
• Pakedge
• Panamax/Bluebolt
• Raritan
• SnapAV
• SurgeX
• Synaccess
• Time2
• Tripp-Lite
• Ubiquiti/Unifi
• WISPP

For more information and the latest up to date list please visit our page on Supported PDUs and Smart Plugs

Domotz currently supports Automated Switch Port Mapping Features & Power over Ethernet (PoE) for the following Managed Network Switches:

Luxul

• AMS-2616P
• AMS-4424P
• AMS-1208P

Cisco

• Cisco SG-xxx
• Catalyst 2960
• Catalyst 3560
• Catalyst 3650
• Catalyst 3750

NETGEAR

• GS728TP

Planet

• SGSW-24040P4

Araknis

• AN-300-SW-8-POE

Ubiquiti

• EdgeSwitch models (needs SNMP read to be set to public)
• Unifi models (needs SNMP read to be set to public)

Pakedge

• SX-24P16

For more information and the latest up to date list please visit our page on Supported Managed Network Switches

Domotz presently supports the following software re-bootable devices:

Araknis

• PoE Switches

Chromecast

• Chromecast1
• Chromecast2

Control4

• Main Controllers
• Secondary controllers with a prefix (HC[*] and EA[*])
• Touch Panels

Crestron

• DM
• MC
• PR
• TSW
• PAC2M
• PYNG-HUB
• CP3
• CP3N
• DIN-AP3
• SWAMP
• TPMC-9L

Draytek

• P1100

NuVo

• P100
• P3100

Pakedge

• PoE Switches

Planet

• PoE Switches

Sonos

• All Models

Ubiquiti

• PoE Switches

Yamaha

• WXC-50
• RX-V479
• RX-V579
• RX-A550
• HTR-4068
• TSR-5790
• RX-S601
• RX-V679
• RX-A750
• RX-V779
• RX-A850
• RX-A1050
• RX-V1079
• RX-A2050
• RX-V2079
• RX-A3050
• RX-V3079
• HTR-6068
• TSR-7790
• RX-AS710
• CX-A5100
• R-N602
• NX-N500
• CD-NT670
• ISX-80
• WX-030
• SRT-1500
• YSP-1600
• YSP-5600
• RX-V481
• RX-V581
• RX-A660
• HTR-4069
• HTR-5069
• TSR-5810
• RX-V681
• RX-A760
• RX-V781
• RX-A860
• RX-A1060
• RX-V1081
• RX-A2060
• RX-V2081
• RX-A3060
• RX-V3081
• TSR-7810
• WXA-50/WXC-50
• R-N402
• CRX-N470
• ISX-18
• WX-010
• YAS-306
• YAS-706
• YSP-2700

For more information and the latest up to date list please visit our page on Supported Soft Re-bootable Devices.

The currently supported options include Web Services (HTTP, HTTPS), Remote Desktop (RDP), and Telnet connections.

For standard devices and network switches, the data we show will depend on the weather we explicitly support the device or not and is broken down into information we can display, and device capabilities we can manipulate. Default SNMP data is broken down into two types on Domotz:

• Automatically gathered SNMP data
• Custom SNMP data retrieved based on OIDs

Automatically gathered SNMP data.

For all standard SNMP devices we display:

• info: inbound/outbound traffic
• info: admin and operation status
• info: incoming/outgoing errors and packed discards
• info: name and description of the port
• info: device name, system description, and system model
• capability: Ability to customize/edit the SNMP community strings (read/write).

For fully supported network switches, in addition to the data listed above, the following are available if supported by the device:

• Info: Automatic port mapping
• Info: PoE Status (where applicable)
• capability: PoE commands (on/off and reboot where supported)

Custom SNMP data retrieved via OIDs

For all devices that publish SNMP data, we have introduced Domotz Eyes which can be configured as SNMP Sensors to monitor SNMP data available via custom OIDs. You can then create Alerts based on these SNMP Sensor values.