You are not registered yet. Please click here to register!


 
 
plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
 
Try our online PLC Simulator- FREE.  Click here now to try it.

---------->>>>>Get FREE PLC Programming Tips

New Here? Please read this important info!!!


Go Back   PLCS.net - Interactive Q & A > PLCS.net - Interactive Q & A > LIVE PLC Questions And Answers

PLC training tools sale

Reply
 
Thread Tools Display Modes
Old March 25th, 2020, 03:14 PM   #1
harryting
Lifetime Supporting Member
United States

harryting is offline
 
harryting's Avatar
 
Join Date: May 2002
Location: Puget Sound
Posts: 2,154
Survey: How does your organization manage laptops

I hope you folks can provide me with some ideas and suggestions on how to manage your programming laptops while still keep in line with your security and compliance requirement.

Please chip in especially if you work in regulated environment in USA.
  1. Keep two or more computers, one for office work and another for control work.
  2. Use one computer but keep control programs on VM
  3. One computer only, put everything on it.

I think it goes without saying that we can't work without local-admin right but that's getting harder and harder to get granted, if one is using an IT issued PC. Using a separate PC doesn't necessary get one away from compliance requirement either. Rather than having IT push out whatever they seems "fit". I want to take a more proactive approach and give them a few options to consider.

Thanks,
  Reply With Quote
Old March 25th, 2020, 03:40 PM   #2
mk42
Member
United States

mk42 is offline
 
Join Date: Jun 2013
Location: MI
Posts: 2,349
Use one computer. I put control programs in host (and VMs as needed). IT issued a VM with all company stuff (outlook, VPN, etc). Main comp can never be on company office network, but IT only gets to apply policies to (mess with) VM. To get IT VM to connect to network, we either use VPN, or connect via USB wifi or ethernet dongle.
  Reply With Quote
Old March 25th, 2020, 04:00 PM   #3
BobB
Lifetime Supporting Member
Australia

BobB is offline
 
BobB's Avatar
 
Join Date: Jun 2002
Location: Sydney
Posts: 4,364
I am my own IT person - easy! LOL A friend of mine works for Caterpillar and they will not allow VMs at all because the IT people cannot get into it. They will not allow VMs.
__________________
The Old Pfhaart

  Reply With Quote
Old March 25th, 2020, 04:13 PM   #4
dmroeder
Lifetime Supporting Member
United States

dmroeder is offline
 
dmroeder's Avatar
 
Join Date: Apr 2006
Location: Vancouver, WA
Posts: 2,324
We get one laptop with a docking station and 2 monitors. It's really up to each individual as to how the laptop is configured regarding the use of VM's or not. I personally keep all of my automation software in VM's.

I have ran into so many of our end users where IT departments have them so locked down, they almost cannot do their jobs. At one plant, they were not allowed to even change their own IP address. It seems the thought process is to save people from themselves. My view is to let people do their job. We should be encouraging people to be better at what they do, not inhibiting them. It's hard to get people to be better at networking, for example, if we lock their machines down to the point where they can't learn.

Fortunately, our IT lets us do us.
  Reply With Quote
Old March 25th, 2020, 04:50 PM   #5
harryting
Lifetime Supporting Member
United States

harryting is offline
 
harryting's Avatar
 
Join Date: May 2002
Location: Puget Sound
Posts: 2,154
Quote:
Originally Posted by mk42 View Post
Use one computer. I put control programs in host (and VMs as needed). IT issued a VM with all company stuff (outlook, VPN, etc). Main comp can never be on company office network, but IT only gets to apply policies to (mess with) VM. To get IT VM to connect to network, we either use VPN, or connect via USB wifi or ethernet dongle.
Interesting, that's the opposite of what I would thought. So you have full control including admin right over the host, I assume?


Quote:
Originally Posted by BobB View Post
I am my own IT person - easy! LOL A friend of mine works for Caterpillar and they will not allow VMs at all because the IT people cannot get into it. They will not allow VMs.
If they don't allow VM. Does your friend have admin-right? Can S/he change IP address, for example?
  Reply With Quote
Old March 25th, 2020, 05:09 PM   #6
BobB
Lifetime Supporting Member
Australia

BobB is offline
 
BobB's Avatar
 
Join Date: Jun 2002
Location: Sydney
Posts: 4,364
Some can - some cannot change IP addresses.
__________________
The Old Pfhaart

  Reply With Quote
Old March 25th, 2020, 05:59 PM   #7
mbartoli
Member
United States

mbartoli is offline
 
Join Date: Sep 2007
Location: Cape Canaveral, FL
Posts: 182
They have us locked down for configuration with the corporate laptops... ONLY IT-installed software for the masses gets there. For programming, I get to buy whatever I want... within reason! Ne'er the twain shall meet.
__________________
Mark

Those who say it cannot be done shouldn't interrupt the people doing it.
  Reply With Quote
Old March 25th, 2020, 06:27 PM   #8
harryting
Lifetime Supporting Member
United States

harryting is offline
 
harryting's Avatar
 
Join Date: May 2002
Location: Puget Sound
Posts: 2,154
Quote:
Originally Posted by mbartoli View Post
They have us locked down for configuration with the corporate laptops... ONLY IT-installed software for the masses gets there. For programming, I get to buy whatever I want... within reason! Ne'er the twain shall meet.
To clarify, you use your "own" (non-IT) laptop for control work but you are allowed to put whatever you want on it, correct?
  Reply With Quote
Old March 25th, 2020, 08:21 PM   #9
mk42
Member
United States

mk42 is offline
 
Join Date: Jun 2013
Location: MI
Posts: 2,349
Quote:
Originally Posted by harryting View Post
Interesting, that's the opposite of what I would thought. So you have full control including admin right over the host, I assume?

100% full control, which is why our team likes it so much. IT literally doesn't even know the laptop exists, they just know that I'm running their VM on SOMETHING. I mean, they probably could know, if they cared. But I don't think they do.

It does mean I have to do a lot of IT tasks on my own: re-imaging if needed, managing software, handling backups. I used to have my own antivirus program, but lately I've just been relying on windows defender. I have a folder on my host that I share with the IT VM for when I need to pass files back and forth (say if someone emails me a PLC project). Sometime drag and drop/copypaste/etc don't work as well as they should between host & VM.
  Reply With Quote
Old March 26th, 2020, 12:30 AM   #10
harryting
Lifetime Supporting Member
United States

harryting is offline
 
harryting's Avatar
 
Join Date: May 2002
Location: Puget Sound
Posts: 2,154
For those who use the VM. What do you use and how much hassle it is to change IP when needed?
  Reply With Quote
Old March 26th, 2020, 01:03 AM   #11
dmroeder
Lifetime Supporting Member
United States

dmroeder is offline
 
dmroeder's Avatar
 
Join Date: Apr 2006
Location: Vancouver, WA
Posts: 2,324
Quote:
Originally Posted by harryting View Post
For those who use the VM. What do you use and how much hassle it is to change IP when needed?
I use VirtualBox. There are two man configurations regarding networking, as usual, there are advantages and disadvantages.

Bridged vs NAT

[Rockwell centric view coming...]

Bridged maps an adapter directly into the VM. The disadvantage is that you then need to assign both your host and your VM an IP address on the subnet you are talking to. The advantage is that in RSLinx, the Ethernet I/P driver will function properly, discovering devices on the subnet.

The advantage of NAT is that you leave the VM's adapter set to DHCP, so you only have to assign your host an IP address. The VM will automatically map to the devices that the host can see. For example. you host is talking to devices on a 192.16.1.x subnet. VirtualBox, when you adpater is set for DHCP will have some IP address like 10.0.2.15 or something like that. You ping a device like 192.168.1.10 from you VM, it will so the mapping automagically. The downside is that the Ethernet I/P driver will not work, you have to use the Ethernet Devices driver, So you have to type the IP addresses in manually.

I work for an OEM, where our PLC's are typically configured as 192.168.1.10, so using NAT is what works best for me. Even so, I can put multiple common IP addresses in the Ethernet IP devices driver, allowing me to leave my VM alone and assign only my host an IP address.

The most efficient configuration depends a bit on what network configurations you are commonly connecting to...
  Reply With Quote
Old March 26th, 2020, 06:20 AM   #12
mbartoli
Member
United States

mbartoli is offline
 
Join Date: Sep 2007
Location: Cape Canaveral, FL
Posts: 182
Quote:
Originally Posted by harryting View Post
To clarify, you use your "own" (non-IT) laptop for control work but you are allowed to put whatever you want on it, correct?

Basically, yes, but within limits. For configuration control, we only install system-specific packages and utilities. There are specific requirements for the systems we buy. We don't get carte blanche for "whatever you want". In years past, I have seen laptops with games, music and video players, etc. installed. Not anymore.
__________________
Mark

Those who say it cannot be done shouldn't interrupt the people doing it.

Last edited by mbartoli; March 26th, 2020 at 06:22 AM.
  Reply With Quote
Old March 26th, 2020, 07:02 AM   #13
janner_10
Lifetime Supporting Member
United Kingdom

janner_10 is online now
 
Join Date: Dec 2014
Location: Tewkesbury
Posts: 944
We control our own kit, we buy what we want and configure it as we wish, so thats not very helpful to you.

We have supplied laptops to customers for control work. Usually a quote is beefed up to cover the charge and it's installed with software they need (which they also supply), it keeps IT well out of the loop for them I guess.
  Reply With Quote
Old March 26th, 2020, 08:30 AM   #14
parky
Member
United Kingdom

parky is offline
 
parky's Avatar
 
Join Date: Oct 2004
Location: Midlands
Posts: 1,654
Before my last position I worked closely with the IT Dept. and they supplied me with a laptop with local admin rights so could configure almost anything I wanted providing it was not logged onto my works domain. I could get to any PLC, HMI but not the Scada systems using the local account, using the domain I could remotely access the Scada systems with passwords that gave me pretty good access to drill down. We had a good relationship (difficult at first but after a disastrous network card replacement by IT who replaced a system with two cards with one) They realised that my knowledge combined with theirs was the way to go. As I mentioned, I actually had two laptops one was not configured by IT but I was allowed to connect to the network (they knew when I was using it). To ensure that the laptop was compatible, it was ordered as per their standard but with a legacy com port as were many others so in an emergency there would be one around, the PC was backed up every week, all my PLC & other files were backed up every week to the servers and every month I created an image and stored it on a portable drive and a copy on the site servers. Most site users had laptops/desktops where everything was nobbled i.e. USB drives/CD's etc. and the move was to thin clients. This was an unusual arrangement as IT do not generally like engineers but it worked like a dream.
So if you can get IT on-board then it is worth it, ensure you regularly take an image and have some sort of file backup procedure and naming convention.
I have not had to do a restore for some years and not sure what some licencing systems will do i.e. requiring CPU Ser No's etc. but had no problems in the past.
  Reply With Quote
Old March 26th, 2020, 09:34 AM   #15
dogleg43
Member
United States

dogleg43 is offline
 
Join Date: Dec 2005
Location: Indiana
Posts: 398
Quote:
Originally Posted by BobB View Post
I am my own IT person - easy! LOL A friend of mine works for Caterpillar and they will not allow VMs at all because the IT people cannot get into it. They will not allow VMs.
I did a lot of contracting work for a large GM plant whose electricians could be a real ornery bunch. One day the IT staff locked down down the plant floor computers so much that maintenance could barely do their jobs. The next day when IT showed up for work the ends had been cut off of all of their desktop mice (mouses??).

IT decided to restore some of the functionality to maintenance’s computers the following day. It was GREAT!!
  Reply With Quote
Reply
Jump to Live PLC Question and Answer Forum

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
Security Survey for Automation/Control Engineers Anthony Murray LIVE PLC Questions And Answers 2 March 20th, 2013 07:52 AM
Laptop survey PLBoudette LIVE PLC Questions And Answers 2 May 30th, 2012 12:33 PM
New Laptops and serial ports n_lev LIVE PLC Questions And Answers 27 November 23rd, 2009 02:41 PM
Functioning Serial Ports on New Laptops Foghorn22 LIVE PLC Questions And Answers 18 March 27th, 2005 03:11 PM
RSLogix 500, move project between laptops jdbrandt LIVE PLC Questions And Answers 0 November 30th, 2004 09:48 AM


All times are GMT -5. The time now is 01:37 AM.


.