NetEdit Scan Network

[MarkTTU]

Something just occurred to me while working on a customer's equipment via VPN.  It sure would be nice if I could scan network without doing it via broadcast.  Broadcast is great most of the time, but routers (even VPN routers) will kill the broadcast packets so NetEdit is useless remotely.  It would be great if I could tell NetEdit to scan a subnet...  I realize it would be slow, but it would also be oh so useful if I could just ask it to scan the class C I know is at the other end of my VPN connection right now.

[BobO]

Interesting thought, and could easily be done. But...

...the justification for not using a point-to-point connection is that we must use an "addressed broadcast" in NetEdit to allow configuration of unconfigured devices. With a point-to-point connection it would be possible to remotely unconfigure a device...and have no way to put things back the way they were without making a trip to the facility.

That said, the ECOM100 has a built in web server that does allow a point-to-point connection to remotely shoot yourself in the foot...so it isn't unprecedented. I have until now resisted suggestions to support point-to-point access with NetEdit, not because it is impossible or even difficult, but because I didn't want to incur the wrath of ADC's and Host's technical support staff for intentionally distributing to the customer base a length of rope suitable to ruin one's day.

This does seem to be a recurring theme though, so perhaps I should reconsider my position. If more people can gain benefit than those who get hurt, it is worth the pain it might cause. The difficulty is in determining the pro/con ratio prior to making a change...and our general policy when we don't know the impact is to err on the side of safety and do nothing.

Any comments from the tech team?

[MarkTTU]

I completely understand your hesitance to distribute something the end user could so easily use to shoot themselves in the foot with, but it would be really useful for me and probably several others.  What about putting a switch in an ini file that enables this behaviour; then you can control who has the knowledge and if someone is playing around with an ini file they can't really get to mad when they break something...  I've never looked to see if NetEdit even has an ini file, but another useful thing in there would be a timeout value; for several of my VPN connections I can have ping times in the 4-5 second range, perfectly good connection, but slow and I've had to crank DS and C-More up to 10s timeout to get by (which works perfectly by the way).

[BobO]

No ini file, but perhaps a command line switch. You'd have to mean to turn the feature on, and in doing so would accept the reponsibility for the outcome. Right now it'd be far too simple to unconfigure an ECOM from halfway around the world...not a 10 minute drive to the plant, but a 14 hour flight to another country...and I am very hesitant to make such power available without a signed note from your mother...

[MarkTTU]

No ini file, but perhaps a command line switch. You'd have to mean to turn the feature on, and in doing so would accept the reponsibility for the outcome.

Command line switch would be excellent.  No way to "accidentally" turn the feature on.

Right now it'd be far too simple to unconfigure an ECOM from halfway around the world...not a 10 minute drive to the plant, but a 14 hour flight to another country.

Yep, yep, I completely understand.  I have customers that are a 20 minute drive from the office and some that are a 20 hour flight plus another couple hours drive.  In neither case would I like to jack up an ECOM remotely, but in both cases it sure would be nice to avoid the travel time to do simple changes.

I am very hesitant to make such power available without a signed note from your mother...

Where should she send it? 

[MikeMc]

How about support for both methods. This way netedit can be used remotely but if the remote ecom is unconfigured (like the client has swapped it) then the client can still access it to program in the address. Right now I would like to be able to look at networks to see who needs firmware updates and such but cannot access them. I even have the problem in some of the wireless radios that we use having builtin routers so we cannot access the ecom to do firmware updates without going to the PLC (about 200 ft but a pain in the....). Maybe Netedit could be made read only in this mode so nothing critical like the IP or ID cannot be changed when running in the non-broadcast mode.

Mike

[jsatkanpak]

This has been an issue for us as well.  We all use VPN to support our operations during "off hours".  At this point, we're just VNC-ing into our workstations and connecting to the PLCs "locally", but the screen refresh rates can make troubleshooting a real pain. 

Certainly, this kind of option should be disabled by default, and the concept of falling back to Broadcast mode if an unconfigured/improperly configured device is found is an excellent idea.  On the whole, thought, it would probably make a lot of our lives easier to have the option in NetEdit.

[BobO]

Moving to and from a broadcast mode is simple. The problem is that by using a point-to-point connection you can easily de-configure a remote device and render it invisible, after which you must be physically present to fix it or at least VPN'ed. Not a biggy from 200 feet away, but a tremendous pain from 200 miles away.

We have generally avoided adding things like this out of respect for AutomationDirect's tech team...and they generally prefer that we not do stuff that can cause someone serious pain. I would still consider adding a command line option to enable point-to-point connections, I just haven't done any work on NetEdit lately. I tend to get dragged in there every 6 months or a year for some maintenance, but haven't been in there lately. I'll certainly give it some thought next time I'm in the code.