You obviously need to win the bean counters over to your side.
The three paths I see:
The cost of replacing USB ports (probably the whole computer) on the machines if no solution is found (basically point 2). Also mention the possibility of one of those USB drives making its way to the outside.
Buy new machines (or upgrade existing ones) to comply with the “only Win10” policy. This may include re-training of the employees operating those machines.
The “local responsibility” of you managing an NAS of your desired type, with the costs associated with that.
Was my first thought too, but RPIs are not really suitable for 24/7 mission critical operation.
I’ll tell you MazeFrame, I wish it was all so very simple. You got it though, replacing USB ports means replacing systems which would cost about the same as upgrading to W10. BUT, we have machines that are old enough that do not have an upgrade path to W10, there is nothing suitable that is even close to affordable; we may as well replace the machine. We are talking about ancient control hardware that has to interface with a PC. So all we have is old replacement parts, and upgrading to W10 means upgrading a ton of hardware to interface with the controller boards on the PC add in installation cost and downtime, yep aprox same cost as a new machine. Cross-over solutions don’t exist because the industry doesn’t want to support old equipment forever (even though it’s designed to last a long time).
So far the bean counter and CEO is on my side for my current idea, because a single server and router is stupid cheap in comparison. What’s $2k compared to several hundred thousand?? Even with a minor amount of time allotted for me to maintain it.
And, as I’ve mentioned, some “NEW” machines, ones that wont break the bank to buy, still run XP… This problem will never go away, because industry is very far behind what is current.
The Pi would need network access. Unless you can set up the mapped drive so the Pi can share it as a mass storage device? Has anyone done this with a mapped drive?
You know, I am liking this idea more and more as I sit here and think about it. Plug a Pi (or similar) into the workstation using peer to peer, this might require an added ethernet connection somewhere in the chain. Perhaps a USB to Eth adapter on the PC. Share a single directory on the Pi, then the machine user drags the G-code file to the Pi nice and simple. The Machine sees the Pi as mass storage and Done! This solves a ton of issues but I fear how robust it is. I could just as easily grab a small industrial SBC, I shall ponder this more.
Edit: I could also put 2 pi’s in a box so each end is seen as mass storage share files between the Pi’s heh. Sounds odd but a plain old Pi Zero x2 would do the trick as is super cheap. Nothing accessing the outside world at all… All machines and PCs would see them as mass storage.
Slightly off topic, but with how hard it would be to upgrade to win10, you should also look at getting a stock of replacement parts for the XP machines. Eventually a capacitor will fail, or something. And old parts are not getting more common.
having access to gcode != having access to winxp/win2000 system that’s driving motors moving machinery around, and is a major PITA to reinstall I’m guessing. (you have backups of those, right?)
HAVE to set this up so everything is completely transparent to my windows users. They open File Explorer in W10 and POOF,
yes. A share on your existing network has all the stuff all the users interact with. “You” (your cron…) run the winscp (or equivalent) that moves things across the firewall as soon as they show up on a server share - or wherever you want to keep these files - so that they show up available to winxp/win2000 machines.
Having network access to the gcode gives an attacker zero ability to control the machines. They have zero remote control ability in them. All the machines hard drives are completely cloned and require physical access to do anything to them (the cloned drives are locked up). If an attack could make it through and somehow damage them, it’s a few minutes of work to replace them. This is no reason to expose them but I made sure, a couple years ago, to get them all cloned (talk about cheap insurance). The gcode is also backed up in duplicate - 1 on site - 1 off site
I agree completely, we’ve already had this problem and waiting for old used equipment to show up from ebay makes ppl edgy lol
“So um when is that part coming? how long will it take to fix? make it a priority, as soon as it comes in!!!” Almost daily until the machine has new components in it.
I tried, tried as much as I can to get them to purchase backup parts…
This would require the IT dept to do something more than they want to apparently, they have already said that this is impossible, I did mention this. Now they have to save face… Politics I tell ya…
I hope you understand that I am personally not trying to be unresponsive to suggestions or even argumentative. I have put into a screwed up situation and I am probably just going to cheap out completely and make the “simplest solution” that I can think of.
Tear apart the daughter board that holds the USB port and solder in a new one.
Get a (KVM like) peripheral sharing device, and plug the existing W10 machine into it and the CNC machine into it.
Have operators copy to USB thumb drive - hit a button - get Gcode off USB drive.
No politics, no wearing out USB ports, I am not put in the middle of stupid crap, and no security issues (perceived or otherwise.) And IT can save face by saying “well that’s not what you asked us to do.”
It’s just frustrating to see small team politics forcing you to make these stupid rube goldberg setups. (what do they call it: “cutting a baby in half”? ). I’m trying to feed you arguments.
Like getting local admin, running VMs, and a second nic is ok?, but just a second nic without the other stuff is not ok, what a load of bs.
{ITDEPT,Programmers}---corpnet---[your local machine]--))) wifi (((--[bastion host e.g. pi zero w]---shopnet---[machinery]
(I used wifi above in the diagram above - as a play on “air gapping” networks — it’s not what air gapping means).
Frankly I just wouldn’t trust your IT department at this point based on what you described. It’s as if you need to protect the machines not owned by you, from IT dept incompetence, in order to not end up without a job there. That’s like next level pointy hair-ed boss stuff right there.
they dont have to let you have access to there network if you both use a shared repository
a shared repo means you dont have to connect the there machines and expose them to potential security issues.
i would suggest you use 1 windows 10 machine to set up an internal network with your old kit and another separate connection to the repo from that win 10 machine. the 1 machine YOU use to access the repo ONLY, can be used as a firewall/buffer between your old o.s’s and the repo. your old kit just access the files on the internal network rather than directly connecting to the repo itself.
sadly they are right to be wary as the old machines are easily exploited to be trusted on an open network. once your system/admin on one machine on a network no matter what hardware its on, your system/admin on the network.
so sanitise your end and then ask again. would be my 2 pence.
Risk, the frustration level is getting me close to the edge, which is why I just want something stupid simple now. We have govt projects so they get immediately claim “OLD = insecure” and “impossible” and the owner of the parent company just smiles and nods but wont allocate funds into making certain that our machines will get updated or replaced. BUT we have to make it work. Like I said, our owner is a figure head and makes no choices but we are indeed “separate.” So basically the current plan is to wait for the USB ports to completely fail, order parts and I’ll have to solder new ones on the board. They wont even order stupid board mount connectors from Digikey at $5 each… Sorry we cannot shut the machine down long enough for you to look and see what they are…&%*# me with a broom handle…
As a side note, they now want to hire me at the parent company as an IT Admin hehe… Well it is nearly double the pay, perhaps I can talk them into doing this properly.
Closer to source of money - go for it.
Also, write lots of proposal docs, get a short list of people who approve of proposal on each doc, and pretty soon you’ll be in a position where you don’t have to build consensus for every $x the company spends.
btw there’s some kind of filesystem/mass storage emulation thing for raspberry PIs running as a usb target. It sounds so janky that I never really bothered to have a proper look.
you could call the contractor and tell them to cancel the contract because it cant be fulfilled with your current hardware and the company is refusing to retool.(anon of course).
but for now grabbing a windows 10 lappy or desktop a couple of ethernet cables, and create a local network for the old kit and put a share folder in it…
then make a share folder and network to the new hardware.
finally, schedule regular uploads between the 2.
and put a firewall up stopping the old kit from connecting to the WWW and the new kit network.
should only take 20 mins if you have a win10 machine spare.
