Need help getting started with Domotz or using RMM software to monitor and manage remote networks? These FAQs will help you answer any questions...
There are multiple ways to run the Domotz Pro Remote Network Management System on a network. Here are the options for installing the software on a network.
Please see the system requirements and supported systems at: https://www.domotz.com/knowledge-base/install-domotz.php
The Domotz agent lives on port 3000, as such, you need to add the port number to be able to access the Domotz Agent. If the device you installed the Domotz Agent is on IP address 192.168.1.100, you’d simply add: 3000 to get 192.168.1.100:3000. You should now be able to access the web UI of your Domotz Agent.
Note: If your device already has an app using port 3000, Domotz will automatically use the next available port, i.e. 3001. This works incrementally until a free port is available.
The Domotz Agent for NAS (QNAP, Synology, ReadyNAS, Raspberry Pi) or Raspberry Pi can be downloaded from the Domotz Portal at https://portal.domotz.com/login
If we do not currently support your hardware, please make a post in the Domotz Community and we’ll look into the possibility of supporting your hardware. We’re currently working on adding support for more NAS models.
First of all, you need to log in to the Domotz Portal where you can download the Domotz Agent. This then has to be installed on your NAS or Raspberry Pi, by following the instructions provided in the Portal. Once you’ve installed the Agent, you need to log in with your username and password and give your Agent a name. The Agent will then scan your network for connected devices and once that’s done, you can start using Domotz.
Simply tap on a device in the Domotz App, tap in the Name box and you’ll get an option to change the name of the device. Tap on the green check mark to save the new name.
Simply tap on a device in the Domotz App, tap in the Type box and you’ll get a list of device types to choose from. Tap on the type you want and it’ll automatically be saved.
The way the monitoring of devices work is that we send six (6) pings every 30 seconds to each device on the network. If one or more of those pings are returned, then we count this as a Heartbeat. A device can “miss” three Heartbeats without being marked as Down. If a device doesn’t return any of the pings within a two (2) minute period, then the device is marked as Down. If the device starts to respond to pings again, it gets a new Heartbeat and is marked as Up again.
Through the Alerts menu on the main view of the app you can set either ‘push’ or email notifications of Network Alerts for:
The Domotz agent requires the following port connections to communicate properly. Please ensure that your firewall settings are updated to meet these requirements:
The Rest of the World:
We recently released a Windows software installation package that includes the Domotz agent. This package will install Oracle VirtualBox (a free VM software) and the proper Domotz VM package. Virtualization will need to be enabled on Windows so that VirtualBox will run properly.
Currently, we do not have a Mac OSX package that will run the Domotz agent. However, you may install a VM on Mac OSX that mounts a standard Debian Linux OS and then install the Domotz agent. If you want details on how to set this up, contact email@example.com for additional information.
Before activating the Domotz Pro Agent the following should be set on all SNMP compatible devices:
In order to migrate a Domotz Agent to new hardware or to a new Domotz Box, you will need to involve our Support team to make the switch. When you contact Support and open a case you will need to provide information about the agent you’re moving from and the agent you’re moving to.
You can provide the name or mac address of the Domotz agent you want to move by logging into your account. You will also need to provide the mac address of the new Domotz agent installed on the new hardware. Our Support team will use this information to swap the agents for you.
Here are the steps to follow:
NOTE: A ‘lifetime license’ is in reference to the life of the product and is a non-transferable hardware license. Therefore, Agents on a Lite Lifetime license cannot be moved to new Hardware.
We have seen that many times you need to change the registry to enable external RDP connections. Go to regedit and change the following keys:
At times some additional configuration will be necessary so if this doesn’t work please contact firstname.lastname@example.org and we will provide you with more details.
Domotz is free for the first 21 days and then on a monthly subscription plan. After that it’s as low as $3 per month, depending on the service plan you select. You do not need a credit card to sign up. Domotz Pro is a professional grade product and there are 3 licensing options (Lite, Advanced, Premium). You can learn more about Pricing options at https://www.domotz.com/pricing.php
When you sign-up to Domotz Pro, you’ll get access to a free trial of the software for 21 days. This allows you significant time to explore the software’s features and learn if it meets your needs.
The free trial does not require a credit card. At the end of your 21 day free trial period, you will be notified that the trial is expiring and receive an invitation to subscribe to a Domotz payment plan.
You may decide to purchase the Domotz Pro solution at any time by adding your credit card information to your account. Domotz will provide you with monthly invoices for your active Domotz agents and your credit card on the account will be charged based upon your usage.
Your account, agents and payment plan can be managed through the Domotz Portal at: https://portal.domotz.com/login
Domotz Pro offers a host of remote network management features available to all software users including:
To see the complete list please visit https://www.domotz.com/features.php
Domotz Pro offers a number of benefits over other systems available on the market:
Most companies want to be "secure," but are failing to invest the time and resources to properly solve for it (yes, even in the MSP space). We are proud to say that, since Day 1, Domotz was built with solid security principles powering our cloud services. Security is a core pillar on which we've built our development process and we always take into consideration best practices adopted in the market to allow a secure and reliable service.
Here is a complete overview of the Security and Privacy principles Domotz has in place, with a focus on the encryptions adopted both at rest and transfer level (you might be concern about how data is treated during the transferring or how data is stored in our Cloud infrastructure).
Please find our Security and Encryption Principles on our WebSite:
Note: We have updated this document with particular reference to the Remote Connect functionality we introduced at the end of 2017 (the Open TCP - Remote Connection). We have protected the end–point of the SSH/SSL tunnels allowing only connections coming from a specific calling public IP (which initializes the Remote Connection), and with regard to the Two-Factor authentication mechanism.
This FAQ is a great place to start! We have lots of resources in this section pertaining to the security practices that Domotz has put into place. You can also contact our support team with additional questions.
Some of your customers may have concerns with a solution based in the Cloud. Please find the following white-paper we prepared to address those concerns:
The Domotz platform is adopted by many enterprise companies, retail and restaurant chains, local and national government agencies, Law jurisdictions and more. These organizations have conducted their own security and risk assessments, perform Penetration Tests against all the components of our infrastructure (Agent, Cloud and App), and put Domotz under intense scrutiny throughout their due diligence processes.
Every single Domotz user benefits from these relationships because all additional security improvements as a result of these assessments are deployed across the platform.
Finally, it is worth mentioning the existing Case Study for Domotz Custoner, Identytech. Identytech provides it's worldwide customers with best-in- class complete identity management solutions – financial services, healthcare, and schools.
Our Domotz Box is based on the Ubuntu Core OS (by Canonical), which inherits the following benefits:
If you want more details about the security of the Ubuntu Core OS, please have a look at this white-paper:
Please read our blog post about different techniques used for remote access:
We operate under US, UK, and European Privacy laws and take privacy very seriously. You will always be 100% in control of what data, if any, you ever want to share to the outside world. It is not just a promise, it’s the law.
We send diagnostic and identification data of your electronic devices (such as, for example, IP address, MAC, online status, network speed) to our servers on the cloud with the sole purpose of letting you access such information from anywhere via your mobile or web app. We normally store such data for a month by default in case you want to review historical information on your network, and you are able to decrease such time in your user settings.
Domotz allows full control of who is enabled to see or access your network. You can turn access on and off at your discretion for any individual you invite via the collaboration dashboard on the Domotz App. You also get notified by email or mobile notification every time an external party accesses any of your devices.
Domotz has adopted administrative, physical, and technical industry-standards (including encryption, firewalls, and SSL) to safeguard the security of our services and to protect the confidentiality of personally identifiable information. When designing and developing our solution we adopted the principle of Least Privilege.
Moreover, since the early phases of development, we have engaged independent bodies to perform continuous security assessments and penetration testing and we continue to do so on a recurring basis. On a practical level, your data in the Domotz cloud is as safe in as other mainstream cloud services, such as iCloud or Dropbox. We actually built our cloud solution on top of the best and most common practices with regard to security: as compared to other competitors in the same market (Home Automation), we believe that we have also stressed more than others on the security aspects.
The Domotz solution relies on very strict perimeter security policies. E.g. only the required standard communication ports are open to the public, while we use a different communication channel for the management. We have implemented multiple levels of firewalls keeping the front-end servers (with no-data) completely segregated from the back-end servers (managing customer data). To protect systems and data in the Domotz cloud, we adopt the “Defense in Depth” principle, which focuses on implementing several layers of security to guard against cyber threats or, in the unfortunate case of a cyber compromise, to quickly detect and mitigate its effects.
Therefore, we have got an automatic monitoring system which alerts the Domotz IT department if any strange behavior or anomalies (such as an intrusion) happens on our systems. Finally, we have engaged external and independent bodies to perform continuous security assessments and penetration testing in order to guarantee the highest level of security for our cloud solution.
Account Password Management
The standard creation of an account is based on a common practice: during the creation of an account, we do not allow the user to insert short passwords, and we also provide a ranking of the strength of the password chosen, though the user is free to use a weak one.
Passwords are never sent over emails, and you can't change your account password if you do not have access to your email inbox. As a matter of fact, if you forget the password, Domotz sends a token link to your email box to change the password (we don't send you the new one directly). And you will also receive an email as soon as you change the password (so that you can spot if somebody else has changed your password).
Under no circumstances do we store your password in clear text. All user passwords are encrypted with the highest security standards (SHA2-512).
Client Communication with Domotz Cloud
All communications between the Domotz App (either the Mobile App or Portal-WebApp) are established over a secure HTTPS channel (HyperText Transfer Protocol over Secure Socket Layer). As you can see from your Web Browser when connecting to the Domotz Portal or Web App, there is a Green Lock near to the URL, which means that the connection is certified to be secure.
This means that the entire communication between the Domotz App and the Cloud is over a secure channel (encrypted). Your account password is only transmitted over this secure channel to monitor and act on your home network (or your client's networks).
You are the only user that can interact with your network unless you "Invite a guest" to manage that network. You are always entitled to revoke this invitation at any moment you want so that the invited guest can't act anymore on your monitored network. Only the owner of a specific agent (network) can invite or revoke guests on his network.
Agent Communication with Domotz Cloud
All the commands to the Agent (e.g. switch on/off power plugs, etc) are sent over a secure channel (AMQPS - Advanced Message Queuing Protocol over Secure Socket Layer). Each agent/network has its own private channel, and this channel can only be accessed by that specific agent (the user/password is created at the moment of the Agent configuration, and it's only stored on premises on your Domotz device.
The Domotz solution does not increase the possible attack surface of the Home Network since all the communications are established from within the Home Network toward the cloud. It creates encrypted and temporary overlay networks from within the Home Network to the Cloud. Therefore, no additional ports should be opened to the outside.
Remote Connect Functionality
When clicking the Remote Connection (it is either HTTP or HTTPS, SSH or Telnet, RDP or VNC), we establish a secure channel (Encrypted Overlay Network) between your home network and our cloud and an HTTPS channel between the App (either Mobile App or Web App). So the entire communication from the App to the Agent is encrypted (and nobody can sniff the content of it). Of course, the communication between the Agent and the end-device (e.g. a WebCam), if it is over a non-secure channel (e.g. HTTP), is not encrypted, but that is only internal to the local network (We assume you trust your network, otherwise you won't have non-encrypted services).
With our mechanism, you simply can't sniff that traffic. Moreover, as stated above, with Domotz solution you do not need to open any port on the Home Router to access your home devices remotely; as a matter of fact, opening ports on the Router (which usually do not offer trusted security features) increase the risks of being attacked, since most of the malicious attacks start from a scan of the potential attack surface.
Finally, the Domotz solution for the Remote Connectivity guarantees an additional level of security, given that all the supported protocols are encrypted when the data is exposed to the public network. Therefore, even the data for the Telnet and HTTP Remote Connection (which, by default, are not encrypted), with the Domotz solution are secured on the public network by this encrypted channels.
PDUs, Smart Plugs, and SNMP community passwords
Some PDUs, or Smart Plugs or SNMP devices are password protected. In order to allow our users to remotely control their devices, we ask through the App the user/password to act on that specific device. The user/password is transmitted to our Cloud over a secure channel (HTTPS), and from our Cloud to the Agent over a secure channel as well (AMQPS).
In order to have a better experience, we ask for the password just one time (unless you change the password on your device, of course). However, we do not store the password in clear in our Cloud. We store the password encrypted and password protected, so that a possible hacker attack which might get access to the database (though we believe nobody will be able to do that), will never be able to decrypt that password.
Domotz PRO enhances the features of existing home automation systems because in addition to controlling it also provides monitoring functionalities.
Domotz has also established key partnerships with leading Home Automation System manufacturers including Luxul, Crestron, Nuvo and many more will be announced in the coming months.
Visit the Domotz forum page on Automation System Support for an up-to-date list of supported controllers.
Domotz does support multi-VLAN configurations which enable you to monitor devices on different VLANs. We recommend using Domotz Hardware for multi-VLAN monitoring because we can ensure performance. You can get more information from this post on our forum at https://community.domotz.com/index.php?/topic/164-how-to-configure-support-for-multiple-vlans/#comment-597
Domotz Pro currently supports a wide range of IP controllable plugs and PDUs including:
For more information and the latest up to date list please visit our page on Supported PDUs and Smart Plugs
Domotz Pro currently supports Automated Switch Port Mapping Features & Power over Ethernet (PoE) for the following Managed Network Switches:
For more information and the latest up to date list please visit our page on Supported Managed Network Switches
Domotz Pro presently supports the following software re-bootable devices:
For more information and the latest up to date list please visit our page on Supported Soft Re-bootable Devices.
The currently supported options include Web Services (HTTP, HTTPS), Remote Desktop (RDP), and Telnet connections.
For standard devices and network switches, the data we show will depend on the weather we explicitly support the device or not and is broken down into information we can display, and device capabilities we can manipulate. Default SNMP data is broken down into two types on Domotz:
Automatically gathered SNMP data.
For all standard SNMP devices we display:
For fully supported network switches, in addition to the data listed above, the following are available if supported by the device:
Custom SNMP data retrieved via OIDs
For all devices that publish SNMP data, we have introduced Domotz Eyes which can be configured as SNMP Sensors to monitor SNMP data available via custom OIDs. You can then create Alerts based on these SNMP Sensor values.
To get help with Domotz Pro, you can contact our support team. Our support team is ready and available to answer any questions about installing Domotz. Just shoot us an email on: email@example.com and someone will get back to you as soon possible.
You may also be able to find the answer to your question online in one of the following resources.User Guide Community Forum Knowledge Base