The ArchestrAnaut

First off, a post to let you know we’re still here and alive.  I’ve been buried on a startup for the last few weeks on nights.  Inspiration is hard to find at 4:30 in the morning in a cave.

Anyway, a couple things I wanted to get out for our reader’s consumption.

First, if you aren’t reading Scott Whitlock’s blog over at ContactandCoil.com you are really missing out.  He spans the gamut from hard core PLC’s to deep dives in .Net all the way over to garden scale trains.  Anyway, he’s got a really neat idea (at least he wrote it up, don’t know if it’s his idea from scratch) on securing communications to your PLC networks.  The basic idea is that instead of having machines from outside the network actively connect to the PLC’s, do it in reverse.  Make the PLC actively connect to something on the other side of a one-way firewall.  Sure there are some limitations to the approach but as a start it’s a really neat idea.

http://www.contactandcoil.com/automation/industrial-automation/safer-data-collection-from-a-plc/

Second, got a lengthy comment from Roger Smith at Invensys on an older post that I thought had some great nuggets in it so I’m reposting it here for all to consume.

I stumbled across it while Googling for something else and saw my friend Howard’s name on a post.  I just HAD to see what he was up to.  After reading Andy’s post, and the responses, I thought I’d chime in on a couple of the topics discussed.

@Andy: I’m aware of the requirement for DCOM with A2 communications, but never would have thought to check to see if it had been disabled.  Thanks for posting this, I’ll try to remember it for future (re)use.  There’s a long line of people that would love to see DCOM replaced with something more firewall-friendly, like WCF, in a future release.

@Dan: I’m curious if you working with Operations 4.0 or newer?  With that version Wonderware updated the MES Client API and middleware to support WCF, in part to get some relief from DCOM heartburn.

@Howard:
1) The new virtualization guide is included on the System Platform 2012 installation image, available on the WDN support website.  Most of the content is built around discussion and examples of Hyper-V.  This is likely because it’s a feature of Server 2008 R2 OS, rather than a 3rd party application, and perhaps due in part to Wonderware’s close relationship with Microsoft.
2) The requirement to disable UAC for Vista and newer OS was introduced with App Server 3.0 and InTouch 10.0 in 2007.  It has been documented in the ReadMe.html file on the installation media for these products ever since.  Perhaps because adoption of Vista and Server 2008 OS was slow, it seems that many users didn’t discover this requirement until working with Windows 7 and Server 2008 R2 more recently.  Unfortunately, like the DCOM issue above, leaving UAC enabled results in a problem where the symptoms don’t necessarily point to the solution.
3) It was great to see you at OpsManage in Nashville!

-Roger

That’s about all for now.  Hopefully once the startups die down David and I will be back in the saddle again.

- Andy

I found a “feature” in the Alarm DB Purge/Archive utility last week.  The password entry box will only accept 9 characters.  So, if the password for the account is longer than that, you’re out of luck.

As I promised a while back I’ve started some explicit testing with IAS on VMWare VSphere (ESXi 4.1 Update 1 to be specific).  We all know the official support position of Wonderware but I wanted to prove or disprove some things to myself.

Well, I’ve come across the first thing that could bite you really hard if you are unaware.

There is a bug in the current release of ESX(i) that freezes your machine if you are running on an NFS data store and you try to remove a snapshot with CBT enabled.  While this may seem like a lot of things that have to line up, it’s actually not.  I think for most you can simplify this to if you are running NFS and you perform VM Backups with a modern software package you’re going to get caught.  By the way, CBT is changed block tracking.  It’s VSPhere’s way of tracking what data changes between backups.  This gives a huge assist to your backup software as it tries to perform differential backups.

Read the rest of this entry »

We are working with one of our customers on an application that runs via remote desktop on a terminal server but is served up on a handheld scanner device.  We have to do a lot of fancy footwork to make the user experience a little more seamless since they don’t have a mouse to click around everywhere.  Below is a repost of a comment by one of my colleagues describing an issue we had and a warning on what you should look out for.

A word of caution on SendKeys that I learned the hard way over the last month or two. Here is the scenario. You have an Archestra symbol that uses the SendKeys function to send a key sequence to a pushbutton (with an assigned hot key) on the Archestra graphic, like a close button to hide the symbol. Say this function is in a graphic data change script that is looking at a variable at the module level.

 
Figure 1.  Hide Symbol Animation on a Button using a SendKeys alias

Figure 2. Script Performing SendKeys Operation

This is actually the technique that Andy describes above that we use to programmatically “hide” symbols. Your Archestra symbol is embedded in a managed application which is deployed to a terminal server. Open up an RDP session and open the graphic that the symbol is on. Now minimize the RDP session to the taskbar. Using object viewer, set the variable in the module that causes the symbol’s datachange script to run which in turn executes the SendKeys function. Guess what happens, the processor that the InTouch application is running on will elevate to 100% and stay at 100%, every time. The View.exe process will also start leaking memory, about 40K a second. In our case the excessive CPU actually caused Suitelink to stop completely causing all kinds of problems with another application running on the terminal server. The CPU will remain pegged until you maximize the RDP session at which time it drop back to normal. I guess I understand it from a windows standpoint and I also understand that it is a very specific scenario, but a real one in any case. Wonderware tech support confirmed the scenario and recommended that SendKeys not be used in this scenario. Just something for you to consider when thinking about SendKeys.

So I’m working on migrating some modules from 3.0 SP2 to 3.1 SP2 Patch 01.   When I went to look at a built-in Active Factory trend I noticed a couple field parameters weren’t trending.  Curious. I check out my configuration and sure enough the field parameters in question weren’t historized.

Read the rest of this entry »