Replacing SmartThings API with OpenHAB + OpenHAB-cloud

a) Yes, i’ve searched the forum and spent a lot of time reading first, b) i’m not looking to replace a single SmartThings hub.

Not sure what’s going on with Samsung, but i’m not liking what i’m seeing at all. I’ve spent a year or so developing around their API for multi-dwelling unit (MDU) applications which rely on separate Z-Wave/Zigbee hubs for different apartments. Apparently they are no longer going to be producing hardware and only focusing on the cloud service (src: https://community.smartthings.com/t/smartthings-hardware-being-sold-off-to-aeotec/207707).

The hub is no longer available to buy anywhere, the Aeotec replacement doesn’t seem to be available anywhere either, and Samsung aren’t exactly forthcoming with information. They are supposed to be releasing a web platform of the service in addition to the mobile app, although the mobile app doesn’t work with any of the Samsung phones we have. Most of this is fairly understandable, as there’s no real business model for hosting massive infrastructure for other people to use for free.

Bottom line is Samsung are not a particularly reliable support partner or any good at understanding how a SaaS platform needs to work.

What i’m looking to do is replace, let’s say, 20 SmartThings hubs with 20 Raspberry Pi v4 units which have a OpenHABian and Z-Wave hardware add-on. The tech headache is painful up-front, but it’s opens up a new range of possibilities, like better integration with LG, Soundtouch, wifi lightbulbs etc.

Ideally i’d like to be able to access the MikroTik router the PI is plugged into, as their RouterOS system has a TCP-based API.

I need to be able to receive notifications from each of those OpenHAB installs, and be able to send them commands. I’m not having a lot of luck with either Z-Wave or Zigbee at the moment.

At that point, i have two choices:

1. Use the OpenHAB-cloud add-on for remote control, or:

2. Open nGrok (https://ngrok.com/) tunnels on the Pi to access the admin panels and REST API.

Questions, as i’m fairly new to OpenHAB and still uncovering some of its capabilities:

A. Does anyone have any experience putting something like this together?
B. Is the OpenHAB-cloud package actually maintained (looks abandoned)?
C. Can one cloud remote connect to 20 OpenHAB servers and distinguish them?
D. Can OpenHAB publish events to a Websocket message broker like Centrifugo or Crossbar?
E. Can OpenHAB-cloud broadcast events/changes and/or receive commands to OpenHAB - if so, how does that work in practice?
D. Does OpenHAB-cloud have a REST API (can’t see anything in the repo)? Or does it simply forward calls to the OpenHAB device?

What i’m trying to determine is the mechanics of removing the SmartThings API to create an alternative doing practically the same thing. I know most posts about home automation are about local-only control for personal use, but my query is exactly the opposite - how to achieve centralised remote control of multiple devices.

Thanks in advance for any input!

Just be aware that OH is free and open source operated by volunteers. As soon as you are throwing expectations for SaaS red flags and alarms should be going off. I only say this to level set your expectations. There is a lot of support here on the forum and the developers are responsive but you are largely on your own. There is no warranty. There is no guarantee.

Not REST or anything higher level? That’s unfortunate. You’ll likely be doing most of the work to integrate that yourself if you can’t find some script or program on GitHub that supports it. There does not appear to be an openHAB binding already created that works with this.

You have far more than just those two options.

• Use a third party messaging service like Telegram.
• Use a VPN so all your instances can see each other and you can interact with them through the VPN
• Expose your instances to the Internet using a reverse proxy and good authentication configured on the reverse proxy

I’m sure there are many more.

Something of this scale? Very few if any. And for those who have set up something of this scale they are usually completely independent (i.e. don’t have your requirement to get alerts from all of them). Remember, this is a home automation software built and maintained by volunteers. It’s not suitable (IMHO) for most commercial or industrial applications.

Yes it’s maintained. But again, it’s open source maintained by volunteers and right now the main focus of those volunteers is building openHAB 3.

Yes of course. The instance of the cloud server running at myopenhab.org manages tens of thousands of OH instances. That’s not going to be your problem though. You will need a separate account for each of your OH instances. You can only have one OH instance per account.

Out-of-the-box I think the answer is no. It natively supports SSE and has a REST API. It has an add-on for MQTT and HTTP. But I’m unaware of any support for websockets. That doesn’t mean one couldn’t add a binding that supports that.

The openHAB Cloud is pretty much just a proxy for the SSE, web server, and REST API of your openHAB instance. That’s all it really does. Given that, as previously mentioned, openHAB’s SSE publishes all the events that occur on openHAB. It receives commands and updates to Items via REST API calls. And all of that can be proxied by the Cloud instance for external authenticated clients.

See above, the latter.

I think using openHAB you’ll need to come up with an alternative architecture or approach. The openHAB Cloud server provides far less than SmartThings’ cloud service does, largely because openHAB is designed to be independent and work without any cloud services.

That’s because that’s the problem openHAB is designed to solve. It’s not built to be commercial or industrial grade. Can you achieve what you are after? Probably. But it’s going to require more work than I think you will expect. It’s also going to require some trial and error and workarounds to achieve a solution that meets your requirements.

The (cloud account) credentials that you provide will route requests to the openHAB instance that is associated with that account - you have a management interface for those accounts that’s separate. And you’re seeking consolidation between instances, like receiving events from all of them at the same time on a single event source, then you’ll want to consider a custom solution because that’s not how openHAB Cloud was designed, it was designed for individual use - 1 cloud account, 1 instance.

(Of course equating individual use to a single instance is somewhat a shortcut, a lot of people have secondary homes and so forth, but now you can’t have them both under a single account, it could be a valuable enhacement though).

@ysc Thanks! That’s exactly what i needed to know - whether it is a “personal” remote engine or able to do a more enterprise-y setup.

Thanks so much for taking the time to write up such a detailed reply. Really helpful!

Caveat emptor, yes. I think the issue here is going to be the level of control, because if Samsung go a bit nutty it leaves you vulnerable. At least with OpenHAB you have a lot of ability to hack around problems. I do understand the use case for OpenHAB itself, so i’m looking to work around it to produce some comparable, even if it’s not perfect at all.

Home Assistant has a very basic adaptor for MikroTik, and a uPnP one. The RouterOS API is essential a TCP connection with commands mimicking its’s CLI. It’s such a fantastic system though.

The VPN and reverse proxies aren’t an option unfortunately, and not just for privacy/security reasons. Each unit has its own router (so yes, 20 routers) which the Pi units are connected to as a DHCP client - so they are behind NAT and any firewall rules. We have to tunnel out over that. One of the problems there is Ngrok doesn’t allow fixed subdomains for TCP, so the port numbers are random.

I don’t see why that prevents openVPN from working. I have an RPi at my dad’s house 100 miles away with exactly the same restrictions. It connects to the OpenVPN server I control and I can see it and it can see my MQTT broker just fine. You’d have to allow the connection to the VPN port on the firewall but that’s about it.

That’s a very interesting idea. Would you mind sharing the setup? Might be helpful others too.

Actually I’ve just added a new feature to openHABian. It’s using the (free) Tailscale demon and their (commercial) service to interconnect units. It’s essentially a framework to manage WireGuard tunnels.
Great thing is it takes care of all that encapsulation stuff to run a unit behind a NAT firewall.
Here’s an explanation. For personal use, their service is also free of charge.

@mstormi VERY interesting, thank you!

I tried it out using a free 3-connection account with OpenVPN Cloud, and it seemed to work OK. OpenVPN3 didn’t appear to be supported on Buster though, despite it being in the list (“no package called openvpn3”).

The process was pretty simple: create a network with some users, add a few devices per user, download the .ovpn config file and rename it to .conf in the program’s dir. Test with openvpn --config /etc/openvpn/blah.conf and then just do systemctl enable openvpn@blah to make it run at boot. Everything’s on the same network, so the VPS server can make calls directly into the services (yes!!!). Assuming every MDU has its own VPN for separation and security, scaling isn’t too tricky.

Tailscale looks incredibly powerful, and that blog goes into a lot of detail about the problems with normal VPNs. I definitely want to compare these two properly.

Both of these look fine for personal networks of 10 or less devices. OpenVPN Cloud is free for personal, as is Tailscale. But it’s a bit like Home Assistant after that, and starts to cost heavily. As i understand it this morning from reading, Wireguard is designed to out-perform OpenVPN, but the latter is arguably better known and trusted by IT techs (i’m a dev, so i don’t want to have to be dealing with this).

Once you have the IP of the OpenHAB box and can reach the REST API, you’re good. It’s relatively easy to build an API on top of that like SmartThings’ version. Something like https://traefik.io/ is helpful.

Now the next step in dealing with replacing SmartThings - and you’re basically replacing the hub as well - is the Z-Wave and Zigbee problem. I’ve got the Z-Wave Me Pi module (no Zigbee, buggy) to test, and have been running with the GoControl USB (ugly as hell, discontinued, Zigbee doesn’t work).

OpenHAB seems really buggy with these protocols and hardware, but maybe that’s just my own lack of understanding. That said, the sheer list of things it has on top is fantastic. Remote access is the key to making it work at enterprise level IMO. Once you can SSH in, you can add new things to 100 boxes if you wanted to.

Well both are site2site VPNs so if you have 10+ sites you will have outgrown that “personal” use case and have become a commercial provider, won’t you ? So IMHO just fair to charge for it then and IIRC is wasn’t really expensive something like $20 a month (I am in no way associated with that company).

openHABian also has an option to install and configure a standalone WireGuard (without the Tailscale management framework) so if you don’t mind to do the config works you can also go with that for free.

openHABian also has an option to install a preconfigured nginx (although you would probably not need that if you have the VPN).

Not at all - that’s your lack of experience there. I have been running an openHAB RaZberry myself for years and still do.

Oh it’s definitely meant to be commercial grade, for sure. It’s worth pointing out that Tailscale requires an identity provider like Gmail, Office365 etc and doesn’t do individual accounts. But it’s all the same thing really: enabling remote access so web apps can talk to the device or interface itself. One location, like a block of apartments, means 3-4 VPN connections per unit, meaning potentially 500-1000 VPN endpoints to manage.

That inhibits its scalability in a big way. Personally i have a huge problem with these big tech companies and the data they process, so i’d like to avoid them if possible.

Couple of other things:

1. Remote persistence: how easy is it to get OpenHAB to store its settings remotely in something like Mongo or Redis? Should be just a case of changing the host? Or better to store locally and mirror/replica to a remote?

2. Remote logging: does the logger support anything like Graylog Extended Log Format (GELF) so you can send output to a server like Seq (https://datalust.co/seq)?

The Z-Wave Pi module (Razberry2) is driving me absolutely mad. Trying to get either the USB to work on both ports, or the serial module to work as one, seems to be a real uphill struggle.

Isn’t there a SmartThings binding for OH where you could use your hubs as zwave controllers feeding OH? That should make migration a little less painful.

I use VSCode remote development for accessing remote sites all you have to do is forward the port in the router.

Just change the host

Also this may be of some use.

Just connects to the hub i think, which is what i want to get away from. But appreciate the suggestion!

Thanks for those! Is the remote essentially a P2P kinda arrangement?

I am not sure it is fully baked yet. No encryption. I have OH2 and OH3 running in Docker containers on the same host. The remote OpenHAB binding keeps losing connection.

It removes the Samsung cloud component from the equation and lets you migrate away from the hubs after you get more familiar with OH.

It uses http and the same REST API used by the user interfaces. I understand it also receives events from the OH2 server.

From a dev perspective for others looking at doing this, the theory of replacing SmartThings API is relatively simplistic.

Let’s say you have 100 OpenHAB devices, each of them on a VPN with a reachable IP. As long as you know the IPs and can identify which device is which, you can map user accounts with them. So in creating an API, you need your users to be associated with, or have permissions to, one or more devices - each with a JWT token to authenticate with.

If our VPN IP range of our devices is 10.0.0.1 - 10.0.0.100, the calls are easy:

GET http://10.0.0.1:8080/rest/items/My_Item" --> user A has permissions on this
GET http://10.0.0.2:8080/rest/items/Another_Item" --> user A has permissions on this also
GET http://10.0.0.3:8080/rest/items/Other_Item" --> user B has permissions on this
GET http://10.0.0.4:8080/rest/items/Random_Item" --> user C has permissions on this
// and so on

All that’s required is to know which host URL to call, as the parent API is a wrapper around the OpenHAB API.