theitprofessor Posted May 9, 2023 Posted May 9, 2023 This is a philosophical/technical security question/discussion. With PGC shutdown now the only means of controlling a Polyglot device which doesn't have an open local API is to poke holes from some third party webhook through my firewall into PG3x. Coming from a guy who has spend 35 years in IT, I don't trust those 3rd parties to keep there internet facing systems safe and secure. Yes I know the same thing could be said of the code on the devices I put in my home but these are different to me. One is the work of bad actors trying to do harm in the code of the device and the other is a lack of time, effort, and money it takes to keep a public facing service safe and secure. Michel shutdown PGC for security reasons, isn't poking these holes in the firewall to my local PG3x just as bad or worse?
Javi Posted May 9, 2023 Posted May 9, 2023 UD Mobile now has remote access to PG3x from Portal. Android is in production iOS is in beta testing 1
MrBill Posted May 9, 2023 Posted May 9, 2023 What are you trying to do exactly? If you trying to reach the IoX API, you can do that via the portal. Log into my.isy.io > Select Tool > Information > ISY Information > URL to ISY You will be asked for credentials, don't supply the normal admin console credentials instead supply portal credentials. Same holds true if you use the long ISY url to open the admin console remotely through the portal. 1
theitprofessor Posted May 9, 2023 Author Posted May 9, 2023 (edited) That's cool Javi, but that's not the same thing. UDM is talking "to" the portal and PG3x is talking "to: the portal. Those are both outbound communications from inside my network out to the internet to a joining place, the portal. I don't have to poke any inbound holes in my firewall for that to happen. This is about some other non UDI company communicating inbound to my local PG3x in order to enable the services of a node server. I'm looking for others thoughts on that from a security standpoint from those who are security minded. Edited May 9, 2023 by theitprofessor
theitprofessor Posted May 9, 2023 Author Posted May 9, 2023 Hi MrBill, no that's not it. Please read my response to Javi and see if that explains it better. If not, I will come back with more detail.
Geddy Posted May 9, 2023 Posted May 9, 2023 29 minutes ago, theitprofessor said: This is about some other non UDI company communicating inbound to my local PG3x in order to enable the services of a node server. Nothing is inbound. At least I don't think so. Since you have to setup the connection from the PG3x node server side it's making the link directly with the other system and updating on the short or long poll schedule. PG3x node servers are run locally on the eisy or Polisy. They connect directly to the service they are designed for. Nothin is needing to blindly communicate back to the PG3x service. Are there specific node servers that you're interested in to ask specific questions about? Otherwise, I think you're assuming something that isn't happening.
Javi Posted May 9, 2023 Posted May 9, 2023 The other company would need a service similar to Portal if their service needs an inbound connection to equipment/services inside your network. What equipment/service are you trying to connect? Your UD equipment establishes a persistent connection to Portal. This allows your UD equipment to accept inbound commands using the same persistent connection. So non-UD equipment, such as a Sprinkler Controller, to be controlled from a remote location if it can be controlled by your UD equipment.
theitprofessor Posted May 9, 2023 Author Posted May 9, 2023 Rachio, the only way to get that to fully work on PG3x is to poke a hole in my firewall from their web service to my PG3x. I'm not sure that's a very good idea.
bpwwer Posted May 9, 2023 Posted May 9, 2023 Yes, Rachio is one (probably of only a couple) that require opening a port. We've recently added the ability to route webhooks through the Portal so that opening a port isn't necessary. Instead, Rachio would be configured to a unique URL for the Portal system and the Portal would relay that to the node server via a secure remote connection. But as I don't think the original Rachio author is actively maintaining the node server, someone would have to take on the task to re-write to use the new webhooks API. Rachio allowing for local control would be even better. People have been asking for that for almost 7 years now: https://community.rachio.com/t/api-call-to-local-sprinkler-ip/4152/12 1 2
bgrubb1 Posted May 9, 2023 Posted May 9, 2023 I dont see how to access P3X on my polisy from the portal Do I need to turn something on to access ?
bgrubb1 Posted May 10, 2023 Posted May 10, 2023 i think I figured it out "from the portal" means the AC via the cloud. Not via UD mobile
theitprofessor Posted May 10, 2023 Author Posted May 10, 2023 Good to know about the new feature to the portal and thanks. Now just need someone to take on the Rachio NS.
Javi Posted May 10, 2023 Posted May 10, 2023 3 hours ago, bgrubb1 said: i think I figured it out "from the portal" means the AC via the cloud. Not via UD mobile Currently remote configuration ot PG3x and it's Node Servers is only available from UD Mobile. We don't (yet) have a remote web version.
Recommended Posts