This blog is for those people whose daily job is IT-related (DevOps, developers, system administrators, etc) and who are using Home Assistant at home. If you fit that description, you just might suffer from what I call: The enterprise smart home syndrome.
When working in IT, you’ll often end up having to design, build, maintain, or at least work with, all kinds of enterprise solutions. Enterprise solutions that keep everything, in the company you work for, afloat.
High availability systems, ensuring everything is always online. Being able to scale to handle spikes in concurrency. Infrastructure as code to facilitate all the previous, and fully automated continuous delivery pipelines to deploy new code releases. All interconnected by state-of-the-art networks, with advanced routing between countless VLANs.
Our jobs are cool, we make all of this happen! It is exciting and awesome! It feels so nice to have all these things that just work! However, when it comes to enterprise practices, we do tend to take our work environment into our homes.
The enterprise smart home syndrome is the art
Franck Nijhof
of overcomplicating your Home Assistant setup.
Looking at the Home Assistant Community forum, Discord Chat, the Home Assistant subreddit, and many other places, I see people bring their work into their homes. Using Kubernetes, Terraform, Ansible, and many others to set up Home Assistant in their homes. Building clusters of servers, sometimes even whole racks!
Don’t get me wrong, that is fine and all, some have a hobby at doing just this, if not: why? Really… why?
These are all solutions that add complexity and have their own issues and problems. I can’t wait to read about an mDNS repeater issue across VLANs caused by an NoT network, or weird DNS issues in their home about every other day. And let’s say it is running perfectly and never fails: You’ll still have to maintain it all! But why?
It’s your smart home system, not some SpaceX mainframe to coordinate a Mars landing.
Not just that, all those extra’s, generally result in needing more devices and resources, wasting more energy; which is bad for your wallet 💰 and bad for the planet 🌱.
Anyways, now you know what the enterprise smart home syndrome is. The solution lies within a really old and famous saying, which holds really well in this situation:
../Frenck
Does IoT VLANs fall under the unnecessary complexity heading?
You are right that sometimes we forget that simple is beautiful and efficient. I am working to pass my CISSP and CCSP and my day job is to help enterprises move safely to the cloud. Let’s say I need to keep your wise words in my head :-). And BTW thanks for all the years you spent sharing your Home Assistant passion. I still use your component structure.
Nice post, F!
Firewall rules between VLANs has definitely caused me headaches, but “playing” at home is a great tool for learning the things that help you in the real job.
House offline for a while, Vs your company offline?
Hi Frenck.
I guess, you have just put the cat among the pigeons.
In some way it makes sense to keep it simple. Oh, and there is even popular in IT world principle of YAGNI: “You aren’t gonna need it”, or in simple words: spare yourself trouble of making things (a.k.a features) you won’t need.
And trouble it is. It costs time and money. It might result in higher complexity. And yet… Well, cost is something you decide upon knowing what you get in return. Or, with what you stay, if you give up and not invest.
You itself just yesterday have written about hardware: Random stores offering dirty cheap smart devices should ring the bell. You’ll get what you pay for. So why wouldn’t one be ready to spend on design and architecture of the rest of smart home? What one can earn with it?
You mentioned yourself ci/cd pipelines. One might think it’s over complicated. Or maybe just complicated, but justified cost? What can one achieve? Let’s just think about almost every major release of HA. Of those post “this stopped working, that stopped working” and consecutive minor releases follow, to fix some of that problems. And it only concerns problems withing code delivered by HA team. And what about third party components, that almost every one of us use? Oh, of course, one can read tones of text in search for those breaking changes. But what if instead I could run pipeline against own configuration and setup and avoid problems even before upgrade? I guess, for many of us some bleeding edge new features night wait, if it can mean that our home remains operational.
How about redundancy? Well… As always, it goes to cost versus benefit. Can I accept failure? For how long? For how long my smart home can remain in non-operational state? Well, if everything I do smartly can be done in traditional, manual way (for example operating lights) I can leave with that. But when i loose thermostats, security camera feeds, it might not be acceptable. Or at least not for prolonged time.
And how long will it take to restore? For a reason industry more and more adopts infrastructure asa code strategy. It simply works. It works automatically, fast and in a repeatable way. Why wouldn’t we in our smart homes benefit from this?
And those vlans… Why? Let’s think for a moment. How many of us have purely local integrations? And how many use cloud based? Just one glance at HA analytics tells a story. And we are not talking about some exceptions from the rule. Seventh position on this list is Google assistant – 21.5% of all HA initiations participating in analytics gathering. Than you got other cloud based voice assistants, and many others devices and integrations. Today even printers like to “call home”. One can’t simply ignore that. And can anyone authoritatively state, that all those are safe from vulnerabilities? Without problem I can find on Google reports on exploited (!) vulnerabilities in iot world. So it’s real. But is it a problem? Let us think for a moment. Can someone cause denial of service within our smart home rendering it unusable? Probably. Can someone hack some gadget with microphone and listen to our conversations? Probably. Watch at use using cameras? Probably. Can someone access our PC or Mac, one, that we possibly use for our work? For doing internet banking? Probably. So can investing in some level of separation between iot segment and other things be justified?
I think, we could help people make informed decisions. And than anyone could decide for itself what serve them best.
Best regards, Frenck, and thanks for starting this discussion!
Piotr
Fully agree on keeping it stupid simple. What’s the need for compleet racks, deployment pipelines or kubernetes clusters for home automation?
Don’t agree on VLAN’s, filters and mDNS don’t have a place in a home network. It’s a good practice to separate ‘trusted’ and ‘untrusted’ stuff. There are enough Internet of Shit stories out these. Missing the security aspect in your post. Can’t trust every smart home product, right?
It can be good practice, sure! And is it really needed? I honestly don’t know. It depends a bit on what devices you have I guess. More importantly, things like these are often applied by people because “it was written somewhere this is good practice”, but actually lack the know-how on how to manage such a thing. Cause many to run into all kinds of issues (or new issues over time).
I’m not saying it is all bad and all, and we should not apply these things; but we sure should think about if they are needed before we do.
../Frenck
Good point. As HA users we tend to look for information and support. We stick to blogs, youtube tutorials, fb groups etc. And you can find out there people with different skills and IT knowledge level. I guess, even among people working in IT, we tend to specialize in being developers, admins, networking specialists, security specialists… No wonder non-IT people got lost and are looking for support.
I guess, no-one would attempt to build for himself a two storey building without thorough engineering knowledge and expertise in the area of building design, material knowledge. We hire architects and builders for such work. For good reason. We do not attempt to build homes after watching some random videos and reading some random blogs.
And here comes HA, which in itself is incredible software, and an incredible initiative behind that software, that I’m grateful for to all who make it real. But nonetheless, it’s complicated and… it’s not a toy. It’s not something we can play with and toss in the corner without consequences. That’s a HOME we are talking about. Place, that keeps us and our children warm and safe.
So we give people complexity hidden under beautiful UI, perhaps even enclosed in a stylish yellow box, and expect… exactly: what do we expect?
Perhaps we are only making an illusion of simplicity…? What about safety, reliability? What about surroundings, environment, context in which we are to put this yellow box to work?
Frenck, you are right, that people lack the know-how. Being professionally in IT myself for some 30+ years I’m not afraid to say that I don’t know something. At least usually I have some awareness of the problem and can look up solutions in the right places. Non-IT people usually do not.
Don’t take me wrong. I do believe that HA is for people. But maybe we should think of a way of educating them in some areas, so they can ask the right questions and make informed decisions? Maybe there should be – on http://www.home-assistant.io site – sections dedicated to security, networking, some deployment decisions?
Best regards,
Piotr
Great post @Frenck, I’m a solutions architect by day, and did catch myself doing needlessly complex implementations which required more and more troubleshooting. I too have since adopted the principle of KISS (keep it simple, stupid). With everything I do now, I ask ‘can my wife use it if I suddenly wasn’t here’
Automations are great but stuff has to be able to work independently of any automation.
I used to run all sorts, now reduced down to a single NUC that runs HA/Z2M etc. low power, great performance and low maintenance!
👎
👍😃
../Frenck
Home assistant alone is allready a pain to maintain with over 500 devices connected to it. not once did i manage to update HA without something that stopped working. Not to mention the drama you get when making it even more complex.
I guess the vlan part could be something to setup. But on the other hand i buy mostly local devices and block them from the internet on my router. But still i have no clue what home assistant is doing in the background. Its doing supervisor updates without me being able to block them. thats allready something i very much hate. I have no control over what it is doing at that point. For all i know someone at nabu casa is upgrading HA to setup a backdoor without me being able to stop it. By the way this really must be fixed Frenck! Stop pushing updates that people cant turn off. for a fully local system this is a pain in the ass. Its almost like windows pushing these god damn updates that you just cant stop from happening. if i dont want to update supervisor give me the option to do so!
I fully agree, i also started to bring servers at home, managed switches and stuff, but it took lots of time to manage and had not really that much effect.
In newer days, energy became more and more expensive here so i reduced everything to one Intel NUC (Celeron based) and my Synology 918+, for network it all runs fine with the Fritz!Box I got from my cable provider.
Its not professional – i know. But its okay.
More often I think about the opposite, bringing Home Assistant to work… 🙂
This hits (smart)home!. But in my defense, I’m using separate VLANs to stop third party smart devices phoning home (looking at you, Tuya). Some of the complex stuff actually helps saving power, like measuring temp/humidity combined with user input to determine the ideal climate settings, or turning off lights when certain conditions are met. Switching off devices, spinning down VM’s and apply power plans on my servers to keep the homelab power consumption in check.
HA is Monitoring my entire homelab using powershell and REST API’s, which in my case is simpler than using a separate monitoring tool like Zabbix, Icinga or Nagios.
👍
It does. You can even refuse issues when HA and the devices are on the same VLAN/subnet. All you have to do is have a flat L2 and put all devices there, and mention VLAN. It’s automatically unsupported. Just needs a person who is completely oblivious to networking, yet thinking is some sort of an expert.
For every complex problem there is an answer that is clear, simple, and wrong.
Have you considered that just maybe people use Home Assistant to control things that are not their “Home”? Things that might actually be important?
The only reason people want an enterprise deployment, is because they want to sleep at night.
Let’s look at Home Assistant. It used to be possible to configure everything via YAML and you could generate a new deployment of Home Assistant without any manual intervention. Today, you have the completely retarded concept of “Config flows” that are almost designed to annoy people that need to automate it.
So, literally all you did with introducing that feature was to make automation harder and Home Assistant setups that require automated deployment (I’d argue that every user would benefit from this, even if they are ignorant as fuck).
The backup feature in Home Assistant Core doesn’t have a restore functionality for the same deployment option, which is just about the most evil feature design I have ever seen.
There are people that have developed a Google Drive backup add-on that only works for HASS, which means that you have split the community, which is a ridiculously stupid thing to do. Do you see the developers of VIM or Emacs do that?
What you need, is someone to tell you the truth, but unfortunately, you seem to have developed the habit of making everyone hate you. Just admit that slowly getting rid of YAML for configuration was a mistake and make sure that anything that can be configured via the GUI can also be configured via YAML. Until then, I will just see you as someone that has lost his marbles.
I don’t doubt for a second that you will censor this, because that’s ultimately who you are, right?
If it ain’t broke, it ain’t complicated enough 🙂 But seriously, I actually do this and I don’t do k8s as a job – I’ve learned so much about k8s, networking, security – it is a hobby for me.