For IT professionals
This page is to aid IT-professionals in evaluating the ezeio system for use in their network.
What is the ezeio?
ezeio is an embedded controller (picture on the right) which connects to a number of sensors via discrete I/O, low speed serial buses (ModBus/MicroLAN) or wirelessly using a narrowband short range radio. Many types of sensors are supported, such as temperature, humidity, pressure, flow, electricity (wattmeters), motion, switches and many more.
The sensor information is sent to eze System’s cloud servers for storage and analysis, using Ethernet, TCP/IP or via the cellphone network (GSM). The ezeio controller has a built-in 10/100 Ethernet connection as standard, while the GSM transceiver is optional.
What will the ezeio controller do on my network?
In order to operate, the ezeio controller needs an IP address from a DHCP server. If a DHCP server is not available, please contact eze System for alternative solutions.
The ezeio is pre-configured with names and IP addresses of the servers operated by eze System, and will attempt to connect with the servers as soon as power is applied. The server addresses can not be changed by the user.
All communication with the servers uses the UDP protocol, port 8844.
All data that is sent between the servers and the ezeio is encrypted using a unique per controller 128-bit key. Every packet is secured with multiple checksums, sequence numbering, random bytes (“salt”) and age timers to make snooping or spoofing close to impossible.
How do I set up my firewall?
Most firewalls will allow outgoing UDP traffic by default, so in most cases there is no need to open ports or make special configuration to allow the ezeio to operate.
In case UDP traffic is blocked, please allow outgoing UDP traffic to port 8844. The ezeio will expect return traffic on UDP port 28672-32767, randomized for each session. A correctly configured firewall should allow and route return traffic automatically (sometimes referred to as “stateful routing”), so usually only the outgoing port needs to be opened.
We advise against allowing traffic based on destination IP, as we continously upgrade and expand our server pool.
Can the ezeio be hacked?
While nothing is impossible, we believe it is highly unlikely.
The ezeio does not run a standard OS. All code, including the network stack, has been specially developed to perform only the task of communicating with the servers, and nothing else. There is no support for TCP messaging, and no support for any other protocol than the custom protocol used with the ezeio servers.
The ezeio uses a small ARM-type processor, but the code cannot be accessed or changed by anyone outside eze System. There is no executable loaded on startup as all the code is embedded in a flash memory inside of the CPU. Since the firmware is all internal, an attacker cannot load or execute malicious code. As noted above, communication is limited to transporting sensor data and control commands to/from the server. Any unrecognized traffic is simply ignored.
How much bandwidth will the ezeio use?
Very little. A typical installation use less than 5MB (5 million bytes) per month, counting data both to and from the controller. That’s about 10 seconds of a YouTube HD-video.
The ezeio is designed from ground up as a secure networked device, using well researched and broadly accepted methods for secure communications. It will not be “hacked” and is immune to viruses and trojans, and most importantly, it will not cause harm to your network .
If you have any questions, please contact us.