Hi, I’m the Climate Action lead at Cardiff Met university, and we are dissatisfied with our current commercial systems for monitoring our systems.
I am a huge open source fan and I discussed HA with my line manager yesterday. Then it got us wondering whether anybody else had used the system on a large scale…and thinking that a university would be a great place to test this functionality.
I did a search and couldn’t find anything similar in the topics (apologies if I missed anything). I posted on Mastodon yesterday and had some really interesting feedback. The initial response was that it probably won’t work at an institution level, but there didn’t seem to be any show-stoppers…
Very grateful for any feedback on this, particularly on whether we could work collaboratively with HA or others on a research project to test the functionality in a real life large scale setting
It depends on the use case really.
The normal show stopper with HA is the lack of user access control, which does not really exist.
If all people that use it is trusted users, then the biggest issue is gone.
This should be ok for us, we have our head of estates and energy manager who would be the ones with the login, and there is a high level of trust, so hopefully that would be fine
Imagine all those keen and resourceful students running around modifying your yaml code. Running it off a Raspberry Pi with a SDCard. Across your carefully firewalled LAN with multiple buildings and subnets.
Sorry, hard NO!
Please go talk to head of corporate IT support with your proposal. Sincerely, they will tell you why this is a VERY BAD IDEA.
You will NOT save any money once you factor in support time and reliability. Quite the opposite.
Note: This question comes up time to time here for commercial applications of HomeAssistant. Your newly discovered enthusiasm is not borne of extended experience.
The hard part is securing HA, because HA does not come with much security in that way.
It will probably mean a VLAN for HA and all devices connected to it and no interactive screens for ubtrusted users, so plain screens with no touch functionality and the computer module secured, so keyboard and mouse can not be connected.
Anybody that need to be able to change a setting in HA will pretty much be able to change ALL settings in HA.
You can allow ubtrusted users to change settings through limited devices, like a remote, a wall thermostat, a button and so on.
These devices can be configured to do just one thing on activation and the user can not override it.
I have similar system running on public schools, where the temperature in rooms and windows can be controlled with Zigbee buttons and a screen shows the current setting and other information, but the screen is only informational.
The biggest problem was nicked radiator thermostat, but it was solved with Homematic IP thermostat in those areas, which require a QR code to be paired and it is not printed on th device itself.
If you are not happy with your vendor, go back and ask them why their solutions do not meet your needs any more. An upgrade may be all you need.
Who will provide support for your open source environment? Can your research labs wait a month for an update to fix a bug that hit overnight when you updated? Will they have your personal phone number to call when things go wrong, and a missing semicolon in a configuration file destroys a multiyear research project?
Talk to procurement, issue a RFT, and let the industry give you a robust range of solutions to your carefully thought out list of requirements.
No free lunches. No easy solutions. In industry, and education, cheap is usually nasty. You get what you pay for.
Relying on these forums full of volunteers with varying skill levels, to provide support, often supported by LLMs issuing incorrect outdated slop for advice? Yeah/naah.
Stability and maintainability will also be an issue. In a university, you do not want to read up on monthly breaking changes, rely on community members to fix your problems, etc. At this scale it pays off to have a closed ecosystem where the manufacturer can be held accountable. Make sure you have a good SLA.
Unless research, tinkering and experimenting is what you want it for. If things are allowed to break down every once in a while. Then there is no better platform.
PS. Open source does not imply Community driven. There are great Open Source platforms with proper support. But community driven is a risk in business settings. You need a service partner who is in control to fix problems. If they point at the community as being out of their control you are toast. The same if manufacturers do not guarantee their API.
Thanks to you and all other contributors. Plenty of sound advice. Perhaps we need to look for an alternative commercial solution, but if I find anything relevant to large users that is also open source I will post here in case others are looking for similar
I wouldn’t rule out HA completely just yet. A small HA pilot may help you develop your use case and requirements for wider deployment.
Generally you need to consider a few things at a minimum.
Functionality - Does it do what you need to get the data and insights you’re looking for?
Scale - Can it scale to the number of sensors and database records you need now and any potential growth you envisage.
Performance at Scale - Even if it can scale will it perform as you need at that scale. Many datasheets will tell you something supports 1000s of users or connections but in reality good performance can only be had at a fraction of those numbers and with not all the features turned on.
Security - Can you make the system secure while still provide the access and functionality you need. You can secure anything by locking it in a room with no access to anything. The challenge is when you start to grant access.
Ongoing support and development - A platform may suit your needs now. but if it proves a success, what else will your constituents come asking for? Also, what guarantee’s will you get on support and software fixes for the complete lifecycle. Even big tech companies can have a ‘change of direction’ that leaves some customs high and dry.
My name is Nathan and I work for a company that specializes in providing IT to universities. We operate in the states but have a division in Britain (they’ll be at BETT)
I’m a huge HA superfan but I’m also an ex performance and Identity engineer. And everything about that part re: school/university IT says no. And a hard no unfortunately. Not without a serious rewrite.
It will fail nearly every security requirement your It department has (or should have ITIL was created in Europe so I have no doubt you have these requirements as well.) about securing the platform and RBAC. (tell them it doesn’t support RBAC or LDAP auth and it’s game over…). At least in most states in the US a (building management system (BMS) would be required to follow whatever base security assessment is required for infrastructure, usually from CISA or NIST… And there we hit the first wall. No auth beyond the main gate. Everyone’s essentially an admin with a shared user memory space
You really need to go for a commercial BMS. And I agree with whomever said go back to your current vendor and challenge them on your issues or call a reseller who can help you with your search.
There is absolutely ZERO way I am recommending this for a commercial (Uni) install. Sorry
As you can see you get some different opinions, which will a due to the missing precision on how you intend to use it.
There are many pitfalls here that will render a HA solution unsuited.
It’s not very clear from your post what you would need from the system. I work at a university myself as a researcher and building management here is wayy too complex to handle with HA, in the sense that many people need access to it and the lack of RBAC rules it out immediately.
I think if your situation is similar to what @WallyR describes, you’d be OK. If only one or two trusted people actually get access to any of the dashboards and for the rest it is just passive information screens and buttons. I highly doubt that will be the case for a university building though.
Basically, if there is any chance that anyone who is not authorized to shut down the entire building at will can gain access to the UI… don’t do it. I don’t know how it is in the UK, but here in NL there have been some high-profile ransomware cases that shut down entire universities for days, you’re a target. In a public building, people may have physical access to devices connected to your instance. It’s a very different ballgame from a home.
Here is the rub. Call in experts in your area of expertise. Somebody has walked this path before you. Build on their knowledge. You don’t want to end up being sidetracked to becoming the local HomeAssistant expert. There are only so many hours in the day.
