Network architecture

  1. All 'on-site' operations are fully independent from network or internet connection.
  2. When user is connecting from local network, all communication between mobile phone / tablet and control unit is performed within local network. Fully independent from internet connection.
  3. When user is connecting remotely (outside LAN) TapHome Cloud server is used to initiate and securely forward data between user and control unit (public IP address is not required). All decisions are left on control unit. Also, it is possible to setup remote connection without using TapHome servers. 

Online vs Offline

TapHome provides the best of 2 worlds: fully functional and autonomous in offline mode, with possibility to setup custom remote access (DynDNS, static IP, VPN), and zero-configuration and safety of remote access via internet.

Offline mode
(local network)
Online mode
(remote access)
Basic usage
e.g. Change temperature, Switch the light
Initial setup(tick)(error)
Configuration everything
e.g. Modules, Smart Rules, Access, Permissions, Statistics, Expose devices, Bus scanning, etc.
Firmware updates (modules, control unit)(tick)(tick)
Storage of historical datalimited to 3 hours(tick) unlimited

Global vs local accounts

Global accounts are the preferred way of connecting to location. It is unique combination of email and password. If forgotten, password can be reset by sending temporary password to user's email.
e.g.: / password

Local accounts are predefined by owner of the installation, and can be reused, e.g. hotel room.
e.g. admin / admin, room432 / uQ492i

Global account


Local account

e.g. admin / admin

Possibility to login without creating personalised account(error)(tick) Useful for hotel rooms
Possibility to reset forgotten password(tick)(error)
Possibility to change password(tick)(tick)
Possibility to switch between installations(tick)(error)
No internet access required on initial login
(independence on TapHome servers)

Check Users and Permissions for more info.

Local connection

Mobile app inside LAN

Mobile appNo intermediate serverControl unit

Listens to broadcasts of control unit to quickly connect to it, even if its IP address was changed

  • HTTP socket, Port 80
← Direct communication → 

Control unit broadcasts its identification data for fast detection for apps in local network

  • Port 80
  • IP address is obtained by router via its DHCP service
  • Possible to create autonomous remote access using Dynamic DNS, Static IP or VPN

Tunnelling server

Provides bridge between app outside local network and control unit. No data is stored on this server, it only provides secure tunnel between client applications (that are not present in local network) and control unit.

Mobile app outside LAN

Mobile appMicrosoft Azure CloudControl unit

App outside local network initiates safe connection with tunnelling server

  • HTTPS socket, port 443
  • SSL encryption


  • Provides basic authentication
  • Minimalistic infrastructure, therefore costs are extremely low and this service can be offered for free

Control unit initiates safe connection with tunnelling server

  • HTTPS socket, port 443
  • SSL encryption
    • Not visible on internet, therefore almost zero probability of internet attack
First login using global account (email and password)


  • Authentication of email and password
  • Get list of available locations
Control unit has final word to accept or decline connection from global account

Storage of historical data

When you enable storing of values or statistics of specified devices, short-term data are stored inside control unit for a limited time. If control unit is connected to internet, it collects the data, optimizes it and sends it to Storage Cloud Server.

Table below shows how long the data is stored:

Instant valuesup to 5 hoursUnlimited
Hourly statisticsup to 7 daysUnlimited
Daily statisticsup to 365 daysUnlimited

Advantages of a cloud backend

  1. No IP address setup is required, it is not necessary to go into router settings
  2. Internet provider or router can be changed with no need to change anything in configuration
  3. Highest possible security, customer’s IP address is not visible from public Internet
  4. Perfect uptime and global reachability. TapHome uses Microsoft Azure, one of the best cloud providers in the world.

TapHome provides cloud backend for free.

Alternative connectivity scenarios

  • Setup static IP address in DHCP settings of the router and use Dyn DNS service to connect directly
  • VPN can be used as well
  • Core can be completely disconnected from local network and it would be controlled with light / blind switches or Multi-zone Controller.

Service server

  • Update of Linux components of control unit
  • Automatic bi-weekly backups
  • Encrypted connection, port 23