0

Feild Upgrades !

chuck streb 6 months ago in IQANrun updated by Michael Carlyle 2 weeks ago 11

I am circling back with this subject ! Even with IQANGO and IQANRUN, I am not confident I will not crash when remoting in for an upgrade. Out of 4 field upgrades, I have had 2 failed attempts. That's not a great record. 1 of those attempts when i started over actually recovered.  WE NEED A SECURE WAY OF UPDATING MACHINES. I would love to send a dongle that plugs into a USB port. We have over 65 machines in the field , it is cost prohibitive to go out into the field and update. Please , Please, Please think of a way to do this !  down load the entire program first, checksum it with a hash function, then install. Something. 

Thanks

Chuck

+3

We had problems with failed updates in the past.

This is our typical setup, communication-wise:

PC (with IQANrun) -> VPN -> 4G/Ethernet-router -> MD4

After experimenting for quite a while and sniffing the network traffic from the MD4 we saw that even though the MD4 has a static IP-address it asked our router for an IP-address (DHCP) when rebooting during an update. We solved this issue by configuring the router to lease the same IP-address as the static IP.

For example:

-MD4, Static IP: 10.0.1.3

-Configure the router to always lease the IP: 10.0.1.3 to the MD4 by MAC-address. IP - MAC-binding.

By doing this the handshaking between IQANrun on our remote PC and the MD4 continued which resulted in successful updates.

My 2 cents.

I don't know how your communication setup looks like but maybe this could fix your problem as well Chuck. I really hope so! Good luck!

so you used your own 4G/Ethernet-router  not someone next to it with a phone via bluetooth. yeah i what been looking at Ethernet bridges, wish Parker had a solution so i do have to make my own system

+1

Yes, we use the Teltonika RUT 950 with a SIM-card installed. We use WireGuard for the VPN service (Remote updates).

When we have our own service technician on site I send him the project file and he connects to the WiFi network created by the RUT 950. He then uses IQANgo to update the machine. If "my guy" is not on site this method also works with the customer's service technicians.

But I do prefer remote updates.

Teltonika RUT 950: Teltonika RUT 950

Just saw that this model is EOL but it successor would be Rut 951.

thank you for that suggestion ! it is definitely a way to go that would work. i currently have a sim onboard for IOT. I was hoping Parker would make their method more robust than it currently is.  We already have 65 units out there, thats a lot of $$ to upgrade them all

No worries Chuck!

I could only imagine your frustration at this point. We operate in Sweden and our longest trip would only be around 800 km but that was far enough for us! 

6844 miles or 11014 km to our farthest

If you implement internet-connections which are always on and that has direct access to the control system of the machine, you should be aware of the Cybersecurity-part of the Machinery regulation that will be legally binding in EU from 20 January 2027:

https://www.pilz.com/en-INT/support/law-standards-norms/manufacturer-machine-operators/machinery-regulation#:~:text=The%20EU%20Machinery%20Regulation%20will,requirements%20on%20plant%20and%20machinery.

"Cybersecurity

In a new section entitled “Protection against corruption”, the Machinery Regulation now also establishes requirements for the cybersecurity of machinery. Cybersecurity threats must not be allowed to compromise the machine’s safety functions. Manufacturers must review their existing safety concepts in this regard!"

I would like that type of permanent connection that is interfacing the Ethernet-port on our machines too, but we would have to review the new regulations carefully first to make sure the connection would fulfill the upcoming regulations.

Here is another issue ! i have to do a field update via iqanrun remote which i don't recommend as it isn't reliable.

For me to give it to client, they would have to use iqango via bluetooth also not reliable. I cannot give them IQANRUN, subscription based. so exactly how do i get an update to the client to install ?? they are in Nicaragua !  i need for them to connect to the ether-net port !

+1

I am curious to know exactly how the updating process fails for you?

We have about 400 systems in operation and we have probably updated 200 of them remotely, both in Europe and in North America. 

So far it hasn't failed a single time, although it has required some troubleshooting from time to time and it has the limitation of finding a suitable time slot and simultaneously decent signal in both ends.


Our system uses one MD4, one MC42, one MC43 and one G12 and the file size is about 25MB


We avoid changing the IQANDesign-version if not necessary to prevent firmware updates on the modules (the MD4 updates firmware very slowly over CAN).


We also make sure to test the software properly before shipping machines with it, so the updates are generally about new features and not strictly necessary.


If shipping spare computers or displays, we would load the right version of the software on the new computer/display before shipping to speed up the updating process at the customer. 

Although we have also successfully handled all the "avoid"-situations several times when updating.

For example, some resellers only use Bluetooth for updating, even at firmware change on old systems with the G11.

Updating then takes about one hour, but it works as long as you leave the phone alone next to the G11 until the process is finished.

We have even done firmware updates over internet on old G11-systems a few times.

I really would not recommended it but it has worked fine so far although painfully slow.

There is am option called 'Safe Passwords" that could be used if you need to hand over the software to a local person for some reason. I haven't used it yet myself but it might help you if you cannot avoid installing the software from a local device.

Key Challenges and Solutions:

Hardware Issues: My first major problem was a laptop with faulty Bluetooth that would freeze mid-upload. This taught me the importance of having reliable hardware before attempting remote updates.

Watchdog Timer Constraints: We only have 14 minutes to complete updates due to the watchdog timer. This creates significant time pressure and requires careful planning.

Firmware Push Triggers: I discovered that updating IQANdesign software between ANY versions (even minor ones like 7.02.01 to 7.02.03) automatically triggers a firmware push. This process takes much longer than regular updates and is easily disrupted by poor communications or interruptions.

Recovery Limitations: While the system is designed to recover from blue screen errors, I've experienced situations where this didn't work, requiring costly on-site visits.

Current Best Practices:

  1. Use Android devices - I understand Android and its a local push
  2. Email updates to site personnel - Have them use IQANgo's "Manage Files" feature
  3. File transfer process: Click the manage file to import it into IQANgo, then it becomes available under "Send"
  4. Version consistency: Use the "same" IQANdesign version to minimize upload time
  5. Remove over-the-air components when possible to reduce transfer time

Alternative Approach: One suggestion I received was to send pre-loaded computers to sites for hardware swaps - something I hadn't considered but sounds promising.

Recent Experience: My last update to Nicaragua was particularly stressful. I had to downgrade IQANdesign versions, which unfortunately triggered the firmware push issue as the version number was slightly different on iqandesign, but removing the over-the-air components helped reduce the transfer time.

While I'm still not 100% confident in remote updates, these strategies have improved my success rate significantly. 

+1

I have found that sending updates over Bluetooth is much more reliable with  my phone (iPhone 12 or 16 pro) vs. laptops or windows devices (Suface Pro 8).  We have had laptops that won't connect over Ethernet (usually due to virus protection or firewall settings locked out by IT)...when they try with their phone with the G12 it works well.