Jump to content

Polisy remote access options


JBanaszak

Recommended Posts

Hello all.  I am a few months from relocating to warmer climates for the winter and leaving my ISY/Polisy to watch over things at the main house for several months.  I am trying to come up with the best option to access my Polisy remotely to respond to power failures, do routine updates, restart node servers, etc.

I would like expert input from this group in two areas:

  1. Do I have a complete list of viable options
  2. Pros, cons, comments on viability, and direct experience with any of the options

In the order of my level of expertise, I can see (or imagine) the following options for remote access to the Polisy:

A. Direct port forwarding to the Polisy.  I have tried this and it works as expected.  I am aware of the security risks but have a pretty robust firewall solution and ports open for other reasons.  This is the simplest solution (for me with my current knowledge) but more or less defeats the purpose of keeping ISY/Polisy communications on the local network

B. Running a VNC server somewhere on my network and using remote access to that device to login to the Polisy locally.  I have some experience in this area from managing industrial products requiring remote access.  It would be easy for me to set up on a repurposed Mac mini or similar.  Would it be possible to run a VNC server on Polisy itself?

C. Use network resources and ISY programs to run SSH commands on the Polisy over the local network, which I could then manage/control via Portal access to the AC.  Now I am getting out of my league…..is this possible?  If so, where could I learn more about it?

D. Ask nicely/hope/convince UDI to add Polisy control (e.g., reboot, update, restart node server, etc.) to the node server menu in the AC, which can be accessed remotely via the Portal.  Now I am really dreaming as I do not know the level of effort required on their end, if this is on the roadmap already, high enough priority, etc. (or if it is even possible, although I suspect it could be since we can already send other commands like query, etc.)

E. Ask nicely/hope/convince UDI to add Polisy remote access to the Portal.  Same uncertainties as outlined in D.

F. Other options?

Thank you in advance for ideas, comments, and suggestions.

Jim

Link to comment
Share on other sites

1 hour ago, JBanaszak said:

A. Direct port forwarding to the Polisy.  I have tried this and it works as expected.  I am aware of the security risks but have a pretty robust firewall solution and ports open for other reasons.  This is the simplest solution (for me with my current knowledge) but more or less defeats the purpose of keeping ISY/Polisy communications on the local network

B. Running a VNC server somewhere on my network and using remote access to that device to login to the Polisy locally.  I have some experience in this area from managing industrial products requiring remote access.  It would be easy for me to set up on a repurposed Mac mini or similar.  Would it be possible to run a VNC server on Polisy itself?

For option A: I highly recommend opening random high numbered ports like 51734 for example ( port numbers max at 65535 ) that redirect to the intended localip:port.   It's not as safe as a better option, but large carriers do shut down port scanners that are scanning many ports, so playing hide and seek does add quite a bit more security than actually opening port 443 or 4443(a common 443 replacement), or say 80, 8080, etc-- or any port below about 5000 where port hunters will hunt.

Option B: I actually have an ISY program that boots (turns on power to) a windows computer and runs a script on my ubiquiti router to open (port forward) a pre-determined high numbered port that redirects to 3389 (RDP).  This was my sole answer for accessing the admin console on vacations before I had portal.  At the time I also had a WiFI plugstrip connected via my nextdoor neighbors WiFi to reboot the cable modem.   Since I now only take an iPad (no laptop) when I travel this method is still how I access the admin console should I need. 

Option F: VPN is actually the best solution, I run one directly on my ubiquiti router.

Link to comment
Share on other sites

You can run the VPN server on the router, on an RPi, on a NAS device, or some other always-on network node. Ensure that the host device is powered by an UPS, as should your router, Polisy, ISY, and other network-critical devices.

I'm recommending OpenVPN.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...