question

paul-campbell avatar image
paul-campbell asked

Where do I start? VEBus/VEDirect/BLE/UART/MQTT

Long story short. Given local IT security policies I have to disable VRM Portal. Definitely it's write access but possibly it's read access too.

I fear this will be made difficult by the exact reasons (I believe) it needs to be blocked.

As I understand it, the communications between the Venus device and VRM is binary and opague. The basic mechanism seems to be an "OTA Flash". Not on my network. I am open to discussion on this, but I run a strictly cloud free smart network.

So the options as I see it are:

a) Run VRM Portal locally.

b) Replace VRM Portals interface with VE-Configure to run locally.

c) Replace the configuration abilities required with custom software accessing the underlying protocols.

d) Get a VEConfigure file parser/writer and get local access to the OTA Flash process on Venus or the VEBus device.

I need to be able to configure both VEBus (Multiplus) and VEDirect (SmartSolar).

I have tools and experience to handle, RS485, UART, BLE and most common internet protocols/standards.

So far I have mined the VEBus and VEDirect data via MQTT, so I have my own metrics in grafana and python.

I just need a few pointers in the best place to start looking for "Write" APIs for the config entries, or as mentioned a config parsers and the flash process for same.

Does MQTT have many writable registers? Is there useful documentation?

Is the SmartSolar (et. al) BLE protocol have documentation?

VRMcommunication protocolvebus
2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

2 Answers
semlohnhoj avatar image
semlohnhoj answered ·

Rather than engineering all of that wouldn't it just be easier to put the Venus device in an isolated local network?

1 comment
2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

paul-campbell avatar image paul-campbell commented ·

You mean a VLAN just for the victron gear where it has internet access but not access to the rest of the network?

I don't see the point. It does not prevent unauthorised access to the equipment by a bad actor on the internet. Nor does it provide access to the device in a power cut or an internet outage. That alone is a safety hazard!

I do not trust Victron software, I don't trust anyones software. I would not trust that a compromised VRM portal could be used to access the underlying Venus device and the root shell.

As to the engineering. Meh. It's my trade. Those devices which arrive with "Cloudware" get opened, soldered, UART hacked and their firmware removed. I'd rather not do that with Victron, regardless of whether I trust it or not, it works and I'd like to keep it that way.

Work equipment/PCs/laptops DO indeed go on an isolated network, for both's sake. There are even "legal" aspects to my security given my day job in banks.

Further.

As my day job I can tell you, to create a bespoke automation and monitoring system for a single instance, custom network is about 1/1000th the effort it would be to create the same automation and monitoring system for a "general eco-system and user base". So, while companies like Victron can maybe put 100 Engineers behind the task, they will still produce a 10th the functionality a single engineer can do on a bespoke, focuses project with a greatly reduced set of variables and complications.

Put another way. In 1 day I created a dash board which far, far exceeds what VRM portal provides.

VEConfigure is my next target for the same treatment.



0 Likes 0 ·
semlohnhoj avatar image
semlohnhoj answered ·

I guess it's personal preference and your ability to balance risk against effort.

1 comment
2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

paul-campbell avatar image paul-campbell commented ·
Risk and control.

If I want a quirky bizarre and uncommon feature for my local set up. I can request Victron implement it for me.... and I can wait.... and I can wait....

Or... I can just write it myself.

All I need is documentation and a bit of guidance on which APIs are easiest to work with.


0 Likes 0 ·

Related Resources

Additional resources still need to be added for this topic

VRM login page

VRM documentation

VRM API documentation

How to change the Owner of a VRM installation