I am coming to Hubitat from Iris and need to be able to control my lights, etc... when I am not at home. I also need to be able to check on things at home via motion sensors and smoke/co detectors. Can these things be done with Hubitat or do I have to send the hub back and ask for a refund?
I'm slightly overwhelmed with this whole ordeal with Iris and really need this to be as easy as possible.
I have a dashboard that I use to monitor the outside lights around the house. I can turn them on or off using that dashboard as well but I don't find that necessary as the rules seem to be reliable.
What I do for monitoring motion and key doors/gates is to use Pushover which sends a push message to my phone. So I can know when something moves on my carport or porch or if someone opens a gate.
Both of these are pretty easy to do. The dashboard is a built in feature. Pushover requires a one-time purchase of the client software for the phone - as I recall it was about five dollars.
Administer the system? Let me pose something... so let's say I am at work and want to turn lights on at the house before I get home? Or let's say that I want to be able to see if one of the motion detectors is showing movement in the house... are these things possible?
The website does state something to the gist of Mobile Access...
Yes you can do those things with the built in Dashboard app. Works really well for that. You just setup a tile for the different things you want to control. You can also setup pushover to send you notifications when things happen. Example, your phone gets a push notification if motion is detected at your house.
The antiquated web interface in the dashboard is about to get a huge makeover. Yes an app is in the works. I have no idea when it is going to be released, but I have a feeling its going to be soon. A few people on this forum have mentioned they were already accidentally able to download it.
Just do a search in this forum for Pushover. It takes a little effort to setup, but works really well once configured. Ive been using it for close to a year and works 100% of the time.
Word of caution. Based on how the security for dashboards works I would highly recommend you not allow devices such as door locks and garage door openers to be added to your dashboards.
Administer the System = building Automations, Pairing/Joining devices, creating a whole new Dashboard and adding tiles to dashboards. Once you have it built.... you become a User of the System.
Clicking dashboard buttons, looking at status of dashboard icons, etc. are all USER activities.
Want to add a Lutron SmartBridge PRO and pair some pico's --> that's an admin function. You must be 'home' to do that. A VPN will bring you 'home' from wherever you are and then you can admin the system all to pieces.
In other words, everything IS possible, but you really do want the separation of Admin from Use.
Want something 'stronger' than dashboard for your needs, there's an App for that... Maker API.
It is, but the terminology differences might be overwhelming at this early stage of your transition.
A lot of products mix the Admin in with the User experience to the detriment of both. I know when I was using Staples Connect and then when using SmartThings, I tried to show my wife how to solve simple things... very often she found herself in the admin side of things and I always feared I'd find half the config blown away. Lucky for me she discarded the app one day and has never found any reason to look at a dashboard. I'd be happy to put a Dashboard link onto my kid's iPads, but without the ability to break everything, they'd discard it pretty rapidly too.
I'm curious as to why you say this... Are you suggesting that there are security issues with Hubitat? Is there something I should be concerned about? Would it be best for me to stop now and return Hubitat and go to another home automation platform?
I do not see any security risk using Hubitat’s Dashboard remotely. All traffic is encrypted and is routed through Hubitat’s secure cloud endpoint server.
My concern is with the dashboards ONLY. Everything we're talking about here (creating/changing/deleting devices/rules/apps) is all local on your network and the access to your hub is authenticated.
For Dashboards, however, my understanding (someone please correct me if I'm wrong):
The cloud enabled dashboards have all access (including security token) built into the URL. Here's an example:
If I were to post my actual link, there's nothing stopping anyone from accessing the dashboard. So if you were to publish a dashboard that contained door locks or garage door openers (for example), anyone with the link could operate your locks and openers.
While it's true that all of the DATA is encrypted. The metadata, including the URL you are requesting data from is NOT encrypted. So then you're left with the encrypted nature of the network you're on. So how hard is it to get your link? Over a cellular connection, pretty tough, it's an encrypted network connection. Over an open WiFi hotspot (say, while sipping coffee at Starbucks), it's trivial. Anyone on the network with a sniffer can see your initial requests which would expose the URL.
I also suggest that you consider sharptools.io which allows you to create and use dashboards of Hubitat devices. Easy to use, easy to change, and looks great.
Actually, this is not true. When using https, the url is also encrypted. As long as you don’t give the URL away, you’re fine.
Specifically, this section...
Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying HTTP protocol can be encrypted. This includes the request URL (which particular web page was requested), query parameters, headers, and cookies (which often contain identity information about the user). However, because host (website) addresses and [port](https://en.m.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers) numbers are necessarily part of the underlying [TCP/IP](https://en.m.wikipedia.org/wiki/TCP/IP) protocols, HTTPS cannot protect their disclosure. In practice this means that even on a correctly configured web server, eavesdroppers can infer the IP address and port number of the web server (sometimes even the domain name e.g. www.example.org, but not the rest of the URL) that one is communicating with, as well as the amount (data transferred) and duration (length of session) of the communication, though not the content of the communication.[[4]](https://en.m.wikipedia.org/wiki/HTTPS#cite_note-httpse-4)