1. Home
  2. Device Monitoring and Management
  3. Remote Connection: HTTP/S, RDP, Telnet, SSH, TCP Tunnels

Remote Connection: HTTP/S, RDP, Telnet, SSH, TCP Tunnels

The Remote Connection features allows you to connect to a device, with a single click.

The currently supported options include:

  • Embedded Remote Connection for Web Services (HTTP, HTTPS), Remote Desktop (RDP), and Console Access (Telnet, SSH).
  • Generic TCP Tunnel for remotely connect to virtually any single device through the mean of any TCP proprietary protocol. For example, this can be used to remotely program an Home Automation system like Crestron, Lutron, Savant, Control4, etc, or to access VNC Servers, or SSH via proprietary terminal client, FTP server, Apple Airport, and many others.

Feature Access

The feature is available from the Device Details screen, by clicking on the Connect Tab, as well as from the Remote Connections & VPN Tile.

The Domotz Agent automatically identifies whether a device is running any of the supported services (by checking on the most typical ports) and makes them available as clickable items as shown in the screenshot below.

Remote Connection- HTTP:S, RDP, Telnet, SSH, TCP Tunnels screenshot 1

Create/Remove Custom Connections

The automated discovery only checks services on standard or typical ports.

It is possible that, on some devices, these services are installed on different ports. In this case, if you know the port, you can create up to 8 custom connections for each device by using the Create Custom Connection button.
Custom connections feature a red “x” button allowing you to remove the connection.

Remote Connection- HTTP:S, RDP, Telnet, SSH, TCP Tunnels screenshot 2

RDP CONNECTION: Please note that, on some versions of Windows, Remote Desktop is disabled by default. In order to successfully create a remote desktop connection, the RDP functionality must be turned on, on the target PC (via Control Panel -> System Properties -> Remote). Moreover, you might need to change the following keys in the Windows registry, in the regedit menu:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] “SecurityLayer”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
“UserAuthentication”=dword:00000000

TCP Tunnels

It is possible to create a generic TCP Tunnel, by specifying a port to be used. Domotz will open a port allowing a 3rd party software to connect to the device.

Remote Connection- HTTP:S, RDP, Telnet, SSH, TCP Tunnels screenshot 3

Once the TCP Tunnel is created and in place, you can use the endpoint Host and Port of the tunnel into your local 3rd party software to remotely connect to the end device.

Remote Connection- HTTP:S, RDP, Telnet, SSH, TCP Tunnels screenshot 4

For security reason the Tunnel will be terminated in 1 hour since the creation. However, the connection can be closed at any time (“Close connection” button) and the configuration removed (click on the “X” on the TCP direct connection icon).

Security

Security Note: When clicking the Remote Connection (either HTTP or HTTPS, SSH or Telnet, or RDP), we establish a secure channel (Encrypted Overlay Network) between your home network and our cloud and an HTTPS channel between the App (either Mobile App or WebApp). Therefore the entire communication from the App to the Agent is encrypted (and nobody can sniff the content of it). Of course, the communication between the Agent and the end-device (e.g. a WebCam), if it is over a non-secure channel (e.g. http), is not encrypted, but that is only internal to the local network (We assume you trust your network, otherwise you wouldn’t have non-encrypted services).

Moreover, if you look at the URL when opening a Remote Connection through the WebApp, and you copy and paste that URL on a different PC/Client, you won’t be able to reach the end-device.
This has been designed in order to allow people to use the Domotz App even in a non-secure location: e.g., if you are in an Internet Cafe’, over a non-secure WiFi, anybody with a little bit of IT skills can identify the URL you are connecting to (even if it is over HTTPS). But with only that URL, the hacker can’t reach your home device.

Finally, the Domotz solution for the Remote Connectivity guarantees an additional level of security, given that all the supported protocols are encrypted when the data is exposed on the public network. Therefore, even the data for the Telnet and Http Remote Connection (which, by default, are not encrypted), with the Domotz solution, they are secured on the public network by this encrypted channel.

For more details about Domotz Security, please see the Domotz Security Whitepaper.

Updated on December 2, 2020

Was this article helpful?