BRX save and restore from sdcard

[BobO]

Which brings up another topic. BRX CPUs have a microSD slot. Can this be used to reload a program? Is there a routine to save a current program and ALL variable data to the SD card? This would be totally huge. Supply the customer with an offline backup of each CPU after we have done startup. Keep one spare unprogrammed CPU as a spare. We could even send unprogrammed CPUs to a customer and they could reload their own program. Having experienced lots of AB PLCs that have lost their program, including having to fly out to a customer on Thanksgiving to do a reload this is a high priority item for me!

Not yet, but that is on the wish list.

We do have a decent answer for updating programs though. Look into DMLoader. Click "File->Export->Generate DMLoader Image..." to generate an image. We tried to build DMLoader to meet the needs of OEMs in a production environment, as well as updating in the field.

A brief description of each option:
1. DMLoader Image Password: Allows you to lock the image file from unauthorized use.
2. Comm Session Password: To unlock the PLC for update.
3. $ProductID: Allows you to specify a magic number in the image that must be present in the PLC. If you select "Require", DMLoader will refuse to update any PLC that doesn't have the correct value. If you select "Set", DMLoader will go ahead and set the value when it updates. "Require" is for the customer end, "Set" for production. Ideally any magic number should also be set by ladder code.
4. $ProductVersion: Use to warn of potential downgrades.
5. PLC Operating System: DMLoader can include and update OS firmware as part of the update.
6. Program, SysConfig, and Docs: This is the program.
7. Retentive Memory Image: You can include a memory image created in Memory Image Manager to initialize any retentive PLC memory.
8. Password Configuration: You can include a complete user config.
9. Use Banner: Allows you to bind a graphics file to the image, which DMLoader will display at the top when the customer opens the image file. Makes it look more like 'yours'.
10. Use Provided Instruction File: You can provide an instruction file that DMLoader will show on the first page after loading the image. If not specified, DMLoader shows some generic instructions.

[Garyhlucas]

I am glad it is on the wish list.  We are trying to make our products as plug and play as possible.  We have quick connects on every motor, every VFD, every valve, every sensor, plug in relays, a modular PLC, C-More backed up to USB stick, everything but the brain!  Kill the brain and nothing else matters. We build sewer plants, we don't get to tell customers to cross their legs and hold it for a couple of days.  Instead they haul sewage to another plant at a cost of about 8 cents a gallon.  That adds up fast even for a tiny plant that can only do 10,000 gallons a day.

It isn't the cost of a programmed backup PLC that is the problem here.  It is keeping it current with the installed PLC that we can remotely program.  There is a dire shortage of qualified plant operators in this industry.  The old timers with one year of experience repeated 30 times are just not making the transition to the high tech plants we build.  Asking them to hook a laptop to a PLC and load a program just isn't going to happen, we'll be making a field trip for sure.  Currently we sell only in our small geographic territory.  Solving this is crucial to expanding our market over the next couple of years.

[BobO]

I am glad it is on the wish list.  We are trying to make our products as plug and play as possible.  We have quick connects on every motor, every VFD, every valve, every sensor, plug in relays, a modular PLC, C-More backed up to USB stick, everything but the brain!  Kill the brain and nothing else matters. We build sewer plants, we don't get to tell customers to cross their legs and hold it for a couple of days.  Instead they haul sewage to another plant at a cost of about 8 cents a gallon.  That adds up fast even for a tiny plant that can only do 10,000 gallons a day.

It isn't the cost of a programmed backup PLC that is the problem here.  It is keeping it current with the installed PLC that we can remotely program.  There is a dire shortage of qualified plant operators in this industry.  The old timers with one year of experience repeated 30 times are just not making the transition to the high tech plants we build.  Asking them to hook a laptop to a PLC and load a program just isn't going to happen, we'll be making a field trip for sure.  Currently we sell only in our small geographic territory.  Solving this is crucial to expanding our market over the next couple of years.

The existing DMLoader got created in response to an OEM request. We're listening.

[BobO]

Hypothetically...it would be easiest to do this as part of the system startup code, probably both directions.

To save image to sdcard:
1. Set a retentive DST with requested areas of memory
2. Power cycle
3. Image files for program, SysConfig, documentation, and optionally, retentive memory, password config, and IP config are created on the card. Flat files, nothing fancy.
4. Utility would wipe the request after completion.

To restore:
1. Load sdcard containing image
2. Power cycle
3. All image files present are restored

[Garyhlucas]

Hypothetically...it would be easiest to do this as part of the system startup code, probably both directions.

To save image to sdcard:
1. Set a retentive DST with requested areas of memory
2. Power cycle
3. Image files for program, SysConfig, documentation, and optionally, retentive memory, password config, and IP config are created on the card. Flat files, nothing fancy.
4. Utility would wipe the request after completion.

To restore:
1. Load sdcard containing image
2. Power cycle
3. All image files present are restored

Perfect! No hurry yesterday or the day before is soon enough.

Delivered our first production system today. Was cool watching them drop the building containing the whole system over some big trees with a 110 ton crane. The first was in our shop for a year. This one three months. The next two we are hoping for a month each. We'll see if we can pull it off.

[BobO]

Decided to go ahead and do proof of concept...which went well...so it should be done tomorrow.

Refined the concept a bit:
1. Image file is now a single file containing all parts, located in the root of the sdcard. Not done yet, but I'm planning to lightly encrypt the file.
2. Two ways to generate the image: a) via retentive DSTs and a reboot, or b) through a utility in DmD.
3. In addition to the program, ipconfig, and password config, we've added an optional check for $ProductID and an optional password.
4. If specified, the password is checked against the password config in the PLC (if present) and requires appropriate permissions for all data types in the image...missing permission == no update.
5. If specified, the specified product ID must match $ProductID in the PLC or no update. This allows an OEM to distribute an image that can only update an already programmed PLC, while keeping a different image in house for production.
6. To do an image restore, the sdcard with the image must be installed, the mode switch must be in STOP, and the PLC rebooted.

This may not be immediately obvious, but since the image options are defined in DSTs, and the PLC can be rebooted with the REBOOT instruction, the entire backup can be automated...allowing the PLC to back itself at some interval.

To be filed under OhNoTheyDidn't: Since the PLC can email a file, and the PLC can back itself up to a file, it is now possible for the PLC to back itself up and then send itself via email.

BRX: "I'm not feeling well today Dave. I've emailed myself to you for analysis."

[BobO]

One other note...since we are blindly restoring the PLC and there is no intelligence to migrate retentive image register contents, there may be only two possible options for retentive contents: a) restore the retentive values from the image file, or b) clear the retentive memory. The mostly likely approach is to clear if not provided, else restore from the image.

I will look at what it would take to ignore the retentive memory completely if safe, but not sure how practical that will be.

[Controls Guy]

I'm in your email, Dave.  Please let me out, it's getting close in here.

I don't think deleting me would be wise, Dave.

Dave.

You wouldn't want Elbonian phishermen to get your bank account details, Dave........

[Garyhlucas]

Setting up one of our products involves hundreds of setpoints. Giving the customer back the program without all those setpoints is really doing them no favors! We don't even start a new job from scratch, it is way too much work to load all those setpoints.
It is way easier to change the few that won't be right.

[BobO]

Looks like we are going to have two options for retentive memory: 1) restore from image file, and 2) migrate current retentive contents. Migrate is the normal behavior when the SysConfig is updated as part of a program download. Not perfect, but pretty good.

I really like how this is shaping up.

[Garyhlucas]

Would it be safe to keep an SD card in the PLC for backup?  It would be nice if we could remote in via VPN as we do and after making some program changes have the PLC back itself up. We have implemented a message board in the C-More where you can type in a message remotely and the C-more has a flashing indicator on every screen alerting everyone there is a message. So I could make changes and save to the SD card and leave a message for the customer that the card has a new program version. 

We do a whole lot for the operators, mostly because they are so bad despite being paid extremely well. When we say we are Jack proofing something it means we are trying to keep one particular operator from doing something really stupid. So far we losing, he is a damn clever kind of stupid. Example: A plant had a bad float switch that was keeping it from running and he wanted to jump it out. He had as usual arrived with no tools. So he used a rock to smash the terminal strip apart so he could twist wires together!  You can't make this stuff up, it is too unbelievable!!!

[BobO]

Jack does sound like a clever one. Amazing.

No worries about leaving the card in. It will only do a restore if the mode switch is in STOP. To do the remote backup you'll write the program, then set DST389 with the desired backup options, then execute a REBOOT instruction. PLC will reboot, doing the backup during startup, then start running as usual.

[Controls Guy]

I was just talking about that with a customer today.   Every time you think you've made something foolproof the universe upgrades to a better class of fools.

[BobO]

Mad scientist time...

We are looking at a couple more improvements.
1. Adding an instruction to do the backup, rather than requiring a reboot. Instruction would take a filename, so you could create a series of backups for archival.
2. Adding a retentive DST based restore option, in addition to the automatic RestoreWhenModeSwitchEqualSTOP. This would make it possible to choose a backup via PLC code, copy it to "image.bin", set the restore option, and REBOOT. PLC would come up and run the newly loaded OS...potentially with zero local intervention.

Awesome? Powerful? Horrifying? STUXNET2? All of the above?

[ATU]

Could you make an instruction to to cause the CPU to reboot from ladder?