Disgusted with new trends forcing equipment to internet cloud connected

**Ampster** · 01-29-2022, 08:43 PM

I have an Enphase system.. If I use a VPN will that reduce the risk?
I am not sure what the risk is of data from my micros getting into the hands of others?

**cgetut** · 01-29-2022, 08:58 PM

A VPN under my own control ls my preferred way to access any system that I would own . But model that Enphase is rolling out requires the systems to connect to their cloud for you to be able to control it. You are not controlling it directly, you are sending requests to their servers to ask them for permissions to change settings on your equipment. They require that connection or you can't control them (Enphase won't let you). And even the reporting systems that USED to be able to be queried locally with no cloud requirement are about to be locked down behind a cloud token that expires every so many days.

Under no circumstances, control or query, should cloud be an absolute requirement. For every system of this magnitude and importance and zero trust model should something that homeowners are allowed to enforce. Meaning that no one connects to it from the outside without the owner knowing about it and opening it up.

Enphase is making the argument that you can't update firmware or get support if you do this. That is the entire point. That even Enphase should not be able to connect to, manipulate, or change the system in any way unless the owner lets them in to do it. And that is just not happening, it's going the exact opposite direction , not just by enphase.

It will only change if people get a clue and start demanding that they be able to directly control the equipment on isolated networks that can be set up using a zero trust model.

**Mike90250** · 01-29-2022, 11:03 PM

Originally posted by Ampster

I have an Enphase system.. If I use a VPN will that reduce the risk?
I am not sure what the risk is of data from my micros getting into the hands of others?

it's not the risk of your data escaping, its the inability to control the gear you bought, without someone else being in the middle. and if the net goes down, eventually so does your system. Hmm, why would they do that ? And insist on it?

And a total joke for rural areas, yesterday, verizon had 8 cell towers shut down over a 2 county area here.

Internet service interruption caused by vandalism, local ISP says

https://www.pressdemocrat.com/article/news/eight-cell-towers-offline-in-mendocino-county/

Several cellphone towers were knocked offline and service was down for several hours Thursday in Cloverdale and communities in Mendocino and Lake counties

**peakbagger** · 01-30-2022, 07:39 AM

Probably the number one problem on grid tied systems, I see on forums are communication problems between the gateway and the manufacturers. And the variation where the original installer is out of the picture and the "owner" cannot make changes to the configuration as they are not the installer.

IMHO, the reason for the requirement is strictly commercial, the big trend is hybrid systems with batteries that can be dispatched to the grid. The utilities have no interest in dealing with dispatch of individual systems so they require them to be aggregated and dispatched by a third party, like a manufacturer that now has an ongoing stream of revenue by keeping a portion of the incentives paid for grid dispatch. This can change their business model where they can lose money on upfront sales of equipment in exchange for a long-term stream of revenue.

**heimdm** · 01-30-2022, 10:14 AM

The move to cloud based services has been going on for quite awhile at this point. I have seen on the enterprise/commerical side tons of times where a perfect fine product, they just end of life and stop supporting to get you to buy a new version of the same product. Eventually, they then, prevent the older version from connecting to the cloud platform because the old system just doesn't have the same capabilities.. and it is supposedly in your best interest.

As peakbagger as eluded to it's important to be the installer to your own system in whatever management portal. This is one of the reasons why Generac was hard no for my system build. I never trust a dealer or integrator will be there when I need them. Eventually cloud services always try to move from free to paid. Creating that reoccuring revenue stream is key especially for publicly traded companies. I ended DIY'ing my Solar Edge install, I believe you can do the same for Enphase as well. All of my monitoring is done via the TCP Modbus API and home assistant -- my monitoring platform is 100% local. The only thing I don't get is per-panel performance data. Does Enphase have a local API? Despite all of that being local, the only way to make configuration changes to the inverter themselves is via the IOS/Android setApp connecting via the inverter access point.

**bcroe** · 01-30-2022, 09:01 PM

All the above are reasons I am vey happy to keep my system completly removed
from any kind of external computer system. My pair of Fronius IG+ inverters
faithfully belt out 30,000 KWH a year, and I have a set of new spares just in case
they finally quit. Who cares if a single panel varies when the system is maxed
out? Outdoor wiring can fault, but that can be spotted immediately. Troubleshooting
electrical power went on for a century before the PC came along, I have no
sympathy for those who are lost without a readout.

As mentioned, the trend continues toward centralizing control of everything, cost
cutting every past service, with revenue streams attached. Bruce Roe

**J.P.M.** · 01-30-2022, 11:30 PM

Originally posted by bcroe

troubleshooting electrical power went on for a century before the pc came along, i have no
sympathy for those who are lost without a readout.

As mentioned, the trend continues toward centralizing control of everything, cost
cutting every past service, with revenue streams attached. Bruce roe

fwiw, +1.

J.p.m.

**cgetut** · 01-31-2022, 10:39 AM

Originally posted by bcroe

All the above are reasons I am vey happy to keep my system completly removed
from any kind of external computer system. My pair of Fronius IG+ inverters
faithfully belt out 30,000 KWH a year, and I have a set of new spares just in case
they finally quit. Who cares if a single panel varies when the system is maxed
out? Outdoor wiring can fault, but that can be spotted immediately. Troubleshooting
electrical power went on for a century before the PC came along, I have no
sympathy for those who are lost without a readout.

As mentioned, the trend continues toward centralizing control of everything, cost
cutting every past service, with revenue streams attached. Bruce Roe

But the whole point of this is that people need to stop accepting the systems with cloud only command and control. The only way it will ever change is if people start throwing a tantrum about the ridiculous "requirement" to do so. Again, there is a reason why this isn't done in enterprise, industrial and commercial controls, it is simply a security joke to have equipment like this permanently connected to the internet. It is absolutely ludicrous that homeowners are not allowed to configured their home wifi and equipment networks to be zero trust including not trusting the manufacturer unless there is a legitimate, fully documented need to do so, and then opened up only for the duration of that task.

This doesn't mean the system is uncontrollable over a network, it means that requires extra steps that the owner allows or disallows. I dont want to NOT have a grid tied solar system with battery, but I will not ask permission from the mothership servers to make changes to equipment behind my firewall, from a toaster or garage door opener to a solar system.

**J.P.M.** · 01-31-2022, 11:45 AM

Originally posted by cgetut

But the whole point of this is that people need to stop accepting the systems with cloud only command and control. The only way it will ever change is if people start throwing a tantrum about the ridiculous "requirement" to do so. Again, there is a reason why this isn't done in enterprise, industrial and commercial controls, it is simply a security joke to have equipment like this permanently connected to the internet. It is absolutely ludicrous that homeowners are not allowed to configured their home wifi and equipment networks to be zero trust including not trusting the manufacturer unless there is a legitimate, fully documented need to do so, and then opened up only for the duration of that task.

This doesn't mean the system is uncontrollable over a network, it means that requires extra steps that the owner allows or disallows. I dont want to NOT have a grid tied solar system with battery, but I will not ask permission from the mothership servers to make changes to equipment behind my firewall, from a toaster or garage door opener to a solar system.

While I think I'm in general agreement with what you write, given the idea that most folks with residential PV are pretty much clueless with respect to what you are writing about, any ideas about how to create the critical mass of protest or actions that might cause PV providers to change their ways besides tantrums or is this just a bitch session?

Maybe some discussion about why as well as how all this change is occurring in the first place might be helpful.

**soby** · 01-31-2022, 06:04 PM

Let me be the devil's advocate here:

These companies are warranting their equipment for 10-25 years. Let's think of some scenarios:

1) You call them up in 2042 and say, "Hey, SolarEdge, three of my panels stopped producing yesterday and it's probably your microinverters that died. Send me replacements since I'm in year 22 of the 25 year warranty period!"
This is a tricky support situation except for the fact that they already have access to the microinverter data and can determine what's going on remotely. One (out of 31) of my microinverters died due to infant mortality within a month and my installer, SolarEdge and I could all see the data showing the slow demise of that microinverter. They sent a new one and we sent back the dead one.

2) You call them up in 2029 and say, "Hey, LG Chem, my battery has completely died since all the lights are off and it's reporting an error through the SolarEdge inverter."
So they have a qualified tech come and determine that the voltage on the battery dropped irreparably low for some reason and the whole things needs to be replaced... except that SolarEdge already has all of the battery usage history and determines that someone created a battery charging profile that prevents the battery from ever charging. Whoever did that is at fault and not LG Chem or SolarEdge.

It all comes down to warranty support and remote troubleshooting. These companies want the data to understand the failure modes and don't want to have to count on you to take good notes or pull logs when needed.

**Ampster** · 01-31-2022, 10:45 PM

I agree, it is a balance between warranty support and all the other issues. I self installed 23 IQ7 micros and one never generated energy. A few clicks on the web site and my claim was filed and a few days later the tech was able to confirm the issue and sent a new micro and an RMA for return of the faulty micro. My roof guy changed them out in a few minutes for no charge. Worked for me. The cloud also gives me access to remote monitoring without having to open a port on my router for remote access which I am sure I would do incorrectly an inadvertently open my network to the world.

**solardreamer** · 02-01-2022, 01:50 AM

Originally posted by cgetut

I was 75% done with negotiations and planning with an installer to Enphase micro-inverters and their battery system installed along with a 18KW solar grid and luckily I did my homework and found that Enphase was just on the cusp of releasing new firmware for most of their devices that requires cloud based control systems. Meaning I would have to ask permission from servers that I don't control to be able to control equipment at my home behind my firewall. They are also implementing this and have started threatening void of warranties if you block this firmware from loading despite protections from the Magnuson Moss warranty act that prevents them from doing so.

There is a huge reason why industrial control systems in use are considered a joke security wise if they require an internet connected cloud system to be able to control those systems. I work in the IT security field and cannot in good conscience install any system that requires the usage of off site servers to be able to control and get reporting for my system. It truly is a security joke, but a very bad one. Before I started with Enphase I had a quote for a Generac system that also required the same thing.

People with a security clue have to start standing and pushing back against this crap. Yes, it should be something available to users who don't to control this themselves, but in any other case it should not be forced on users. It really is the equivalent of buying a home and your real estate agent insisting that you not get a key to your own home and that you must ask them for permission to come and go. Also the security of the system is much greater when there is a zero trust model in place. This is the same model that any good industry or commercial site uses for control systems. A home owner should not be forced to trust the maker of any system they choose. There should be no connection to the system possible unless the owner of the system is aware of it and there is a documented need for even the manufacturer to connect to the equipment. Then the homeowner would allow them access for support or a firmware upgrade.

The cloud security model is a joke and people need to wake up.

For me, there are related but separate issues here:

#1. Requiring Internet based access and control
#2. *Only* providing Internet based based access and control

#1 is actually required by UL1741SA/CA Rule 21 for grid-tied inverters when connected to the grid so it's not under vendor control. #2 is really where some vendors have clearly gone too far IMHO. Enphase is a particularly egregious example in completely eliminating direct LAN access and control by owners via unwanted firmware updates without any owner approval or choice. It appears to be motivated by a desire to monetize their cloud services and I would like to see the courts decide if it's a violation of Magnuson Moss warranty act.

I don't have any issue for #1 as long as it's done securely for POCO's and Enphase to do necessary monitoring, support and grid safety control. #2 is completely unacceptable to me. I certainly would not consider Enphase for upgrades or new systems again until they restore unrestricted LAN access for owners without requiring their cloud service.

**bcroe** · 02-01-2022, 10:43 AM

Originally posted by soby

Let me be the devil's advocate here:

These companies are warranting their equipment for 10-25 years.

Your Results May Vary. But my experience with warrantees and guarantees is
so poor, esp in recent times, that the warrantee is NOT even a consideration in
a purchase. Mostly likely I can always return something that is faulty when
delivered, the chances diminish rapidly with time, no matter what is written on
the paper. I have many stories... Bruce Roe

**oregon_phil** · 02-01-2022, 03:22 PM

Originally posted by solardreamer

For me, there are related but separate issues here:

#1. Requiring Internet based access and control
#2. *Only* providing Internet based based access and control

#1 is actually required by UL1741SA/CA Rule 21 for grid-tied inverters when connected to the grid so it's not under vendor control. #2 is really where some vendors have clearly gone too far IMHO. Enphase is a particularly egregious example in completely eliminating direct LAN access and control by owners via unwanted firmware updates without any owner approval or choice. It appears to be motivated by a desire to monetize their cloud services and I would like to see the courts decide if it's a violation of Magnuson Moss warranty act.

I don't have any issue for #1 as long as it's done securely for POCO's and Enphase to do necessary monitoring, support and grid safety control. #2 is completely unacceptable to me. I certainly would not consider Enphase for upgrades or new systems again until they restore unrestricted LAN access for owners without requiring their cloud service.

Scenario #2 is also unacceptable to me. Making people aware of the issue (like on this forum) and directing dollars away from companies forcing cloud based access and control (like the OP did) is one thing that can be done.

Most consumers only want a fancy webpage and don't understand if that webpage is the cloud or their local network. I have my solar equipment on its own subnet and block all internet traffic to and from the equipment. An SMA inverter can live on a local network without internet access. More to the OP's point, I can still access and control my equipment locally upgrading firmware if and when I want. I also use Home Assistant and can access SMA's data through their local API. For my application, SMA's string inverter was a good choice after all.

Disgusted with new trends forcing equipment to internet cloud connected

Disgusted with new trends forcing equipment to internet cloud connected

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment