Jump to content

Agent on Hardware compared


Recommended Posts

Hello,

 

I am looking to see if there is a description somewhere on comparing various installations and if there are features that are not available whilst they are on another.

 

In a threat some time ago (I can't find it now) it mentioned for instance that an installation on a QNAP is unable to provide full scanning across all VLANs due to the interface not being proprietary to the Agent.

 

So, I wondered if there are other such tid bits of info that are good to know when evaluating solutions to use.
i.e. having a Domotz Box vs Domotz Agent on a Raspberry Pi (dedicated) vs Agent on QNAP/Synology/ vs Agent on Windows vs Agent on Luxul...

Can one say that installing the Agent on Raspberry Pi is equal to the Domotz Box?

 

Thank you,
Tim.

 

Link to post
Share on other sites
  • 2 weeks later...
StefanA

Hi,

 

One thing i have notice is that VLAN scanning ONLY works with the Domotz Box :/ I wish I could install a VM at my hypervision cluster and get same features as the Domotz Box.

Link to post
Share on other sites
Giancarlo
On 1/22/2021 at 3:28 PM, StefanA said:

Hi,

 

One thing i have notice is that VLAN scanning ONLY works with the Domotz Box :/ I wish I could install a VM at my hypervision cluster and get same features as the Domotz Box.

 

The VLAN scan (Layer-2) should work regardless the installation of the Domotz Agent on all the hardware supported, as far as the VLAN (as a Network Interface) is created on the Hardware.

 

We provide a way to easily configure the Network Interface on the Domotz Box, via the Web Interface, because we own the network stack of the Box itself.

 

Any hardware (and OS) has its own way of configuring Network Interfaces. On a Linux VM, for instance, you would need to connect the network interfaces from the Hyper-V and then internally to the VM, configure the network interface (netplan for instance on Ubuntu).

 

There are a few references to link on how to configure VLANs depending on the Hardware/OS supported by the Domotz Agent here:

 

https://help.domotz.com/user-guide/vlan-network-interface-configuration/

 

If you still have issue having Domotz Agent scanning the VLANs, please do not hesitate to contact our Support.

On 1/14/2021 at 12:51 AM, TimAG said:

Hello,

 

I am looking to see if there is a description somewhere on comparing various installations and if there are features that are not available whilst they are on another.

 

In a threat some time ago (I can't find it now) it mentioned for instance that an installation on a QNAP is unable to provide full scanning across all VLANs due to the interface not being proprietary to the Agent.

 

So, I wondered if there are other such tid bits of info that are good to know when evaluating solutions to use.
i.e. having a Domotz Box vs Domotz Agent on a Raspberry Pi (dedicated) vs Agent on QNAP/Synology/ vs Agent on Windows vs Agent on Luxul...

Can one say that installing the Agent on Raspberry Pi is equal to the Domotz Box?

 

Thank you,
Tim.

 

 

Hi Tim,

Let me first mention that most of the features are available on all the platforms. Including the possibility of scanning cross the VLANs, as mentioned to Stefan.

The main difference with the Domotz Box for the VLANs, is that you can configure the Network Interfaces at the OS level directly from the WebInterface, when using the Domotz Box. This is because we own the network stack on the Domotz Box.

However, you can configure VLANs on any hardware, including the QNAP. Please refer to the following guide with link on the different platforms for the VLANs:

https://help.domotz.com/user-guide/vlan-network-interface-configuration/

Let's say that from the feature point of view, the biggest limitation is that on the Luxul Router, the VPN on Demand by Domotz is not available. This is a limitation of the Luxul platform (if you have any sales rep or contact with them, it would be beneficial if you mention that you are looking into that functionality): we are waiting for Luxul team to enable Domotz, with some low level commands to have the VPN on Demand working properly on the Router.

Anyway, let me provide you for instance with some differences (not only strictly feature related) between the Domotz Box and the Agent hosted on a Raspberry PI.

First of all, please note that SD card for Raspberry Pi usually last for a few months, depending on the quality. We usually recommend implementing a more stable and convenient solution, especially considering that this is a system that is supposed to be always online, especially when you outside of your network. Note that there are other 5-6 additional benefits of using the Domotz Box versus the Domotz Agent hosted on the Raspberry Pi. Just to list some:

- faster: the Domotz Box, implementing a 1Gbps network card, can perform speed tests on faster networks. Even though latest Pi has also a Network Card of 1Gbps, they are mounted on USB, which is limiting the speed.
- reliability: the Domotz Box implements eMMC for the storage (vs SD card on the Raspberry Pi). The SD card usually tends to corrupt. In our experience, the SD card of a Pi might get corrupted after 1 year, requiring the physical replacement of it, with therefore an onsite visit (voiding the savings offered by a Remote Management system)
- maintenance: the Domotz Box is offered with additional software used for the provisioning. Through the provisioning channel, we can guarantee a completely automatic and transactional upgrade of the software on the Domotz Box (without the intervention of the operator). On the other hand, on the Raspberry Pi, you will be responsible for maintaining the required upgrades of the software (for the additional functionalities, bug fixes, and security patches). Moreover, the Domotz Box also allows the automatic and transactional upgrade at the OS and Kernel level (again, very important especially to maintain the system very secure)
- security: third party companies (contracted by Domotz) perform periodic penetration tests against the Domotz Box to guarantee the security of the system
- usability: even though it is possible to configure VLANs on your personal Raspberry Pi, the configuration on multiple VLANs on the Domotz Box is very easy and achievable through the Web Interface.
- functionalities: the blocking internet feature (part of the parental control package offered through Violet - the customer-facing app) is only available when the Domotz Agent is running in the Domotz Box or in the Luxul Router. This is due to some proprietary software for that functionality that cannot be released as Open Source as the rest of the Domotz Agent (in the case of the Router, it uses some low level calls to the Router functionalities). Other functionalities (such as the VPN on Demand) on the other hand are not available when the Domotz agent is hosted on the Luxul Router. In this case, the limitation is due to the fact that Luxul (as a company) has not provided Domotz with access to the low-level libraries and features to perform routing for the VPN on Demand.

I hope this helps with your research.

 

If you are looking to build your own hardware with the Domotz Agent on it, we are happy to support this. Our recommendations are:

 

1. Chose an hardware with a reliable storage device (e.g. BegleBoneBlack or other maker boards with eMMC)

2. Use an OS which supports completely transactional and automatic upgrade of the software (e.g. Ubuntu Core and the SNAP Packages)

3. Make sure you make the HW and the OS as safe as possible

 

Link to post
Share on other sites

@Giancarlo Wow, some interesting things you brought to light that I have not seen before.

- reliability: not much to say here except I didn't even think about the SD cards not holding up
- maintenance: Is this in writing somewhere other than this post?  This in itself sells the Domotz box for me.  Is this also that case for the TrendNet Domotz Pro box?
- security: Another seller.  This is huge.  This really needs to be more forefront and present.  Are these reports available for our clients that need it for auditing purposes? Does this also cover the TrendNet box?  
- functionalities: We don't use any of what you spoke of but again another reason to have the box.

 

I think if these items were more documented it would stop all the nonsense of some complaints I have seen out there of how the box is over priced etc.  It's not all about the hardware.  The services that come with it are really what should be hyped! 

Link to post
Share on other sites
Giancarlo
On 1/30/2021 at 6:42 AM, Larry said:

@Giancarlo Wow, some interesting things you brought to light that I have not seen before.

- reliability: not much to say here except I didn't even think about the SD cards not holding up
- maintenance: Is this in writing somewhere other than this post?  This in itself sells the Domotz box for me.  Is this also that case for the TrendNet Domotz Pro box?
- security: Another seller.  This is huge.  This really needs to be more forefront and present.  Are these reports available for our clients that need it for auditing purposes? Does this also cover the TrendNet box?  
- functionalities: We don't use any of what you spoke of but again another reason to have the box.

 

I think if these items were more documented it would stop all the nonsense of some complaints I have seen out there of how the box is over priced etc.  It's not all about the hardware.  The services that come with it are really what should be hyped! 

 

Hi Larry, the Domotz Box is same as the TrendNet Domotz Box. Same technology. They are based on the same Ubuntu Core OS, and Snap technology.

 

There are some notes documented about the VLANs and capability offered with that. There is also some documentation around the security of our Box (in the Security WhitePaper we have on the site). 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...