Not sure why this is controversial. Boilers have an on/off switch, and when your company manages a large number of buildings, you automate and centralize on/off for efficiency's sake, no?
That fair enough, but in this case the heating system is directly attached to the internet. The correct way of designing something like this is having the heating system as one system and the management system as another.
The management system can then receive information and MAYBE control some aspects of the heating system. If you remove or crash the management system, the heating system just reverts back to being a "dumb" heating system.
My question is: Why in the name of all that is holy does the heating system stop working just because the remote management interface decides to reboot?
This has to be design by the same idiots that believe that an in car infotainment system should be hooked up to the drive computer in a Jeep.
There are other methods to prevent such occurrences: furnaces have "flame out of bounds" sensors and/or chimney flow sensors: this is very good at preventing the furnace from starting a fire of its own.
If there's already a fire present, whether furnace decides to stop operating or not is usually irrelevant (you can get a gas leak from a damaged furnace even if it's off). I do not see why _remote_ control should be able to prevent a fire from starting: whatever is remotely controlling this furnace doesn't have more data than the furnace itself.
So, circumvent your furnace control logic to burn at max rate when it receives no commands from it remote controller, then go somewhere for a week. Engineers are stupid people, you know.
The management system can then receive information and MAYBE control some aspects of the heating system. If you remove or crash the management system, the heating system just reverts back to being a "dumb" heating system.
My question is: Why in the name of all that is holy does the heating system stop working just because the remote management interface decides to reboot?
This has to be design by the same idiots that believe that an in car infotainment system should be hooked up to the drive computer in a Jeep.