Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Gateway for 2D Data

TABLE OF CONTENTS

Security Guidelines

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 24, 2025
  • 2 minute read

The Gateway processes and converts data from multiple data sources into a compatible file format that is loaded into AIM, therefore, it needs to read, write and modify both files and folders.

The following are the security best practice recommendations:

  • Use the principle of least privilege:

    • Grant the user account that is used to run the Gateway read-only access. Grant write or update access only to the specific files and folders it needs to modify. For example, within a project folder, grant read only access to Input folder, write access to Log folder and modify access to Output folder, Configuration/Mappings folder and Project file.

    • In AWS, restrict a user's access to only those AWS resources required by their IAMrole. For example, as the Gateway uses only S3 buckets, restrict the IAMrole to access only S3 bucket. Define a bucket policy to restrict access to an S3 bucket.

  • Restrict the database user account with the read-only access to the databases (or the selected tables/views) from which information needs to be read as lookup entries during transformation. It is required to avoid accidental addition, change or deletion of sensitive data.

  • If the Gateway is configured to read data from an Oracle or an SQL Server database, for example, in a lookup, then to secure the data which is in transit, configure an SSL-encrypted connection between the Gateway and the database.

  • You do not need to adjust your Firewall settings or User Account Control settings when you install or use the Gateway.

If AVEVA Cloud Storage (ACS) is used for either input or output file locations, then ensure that the Transport Layer Security (TLS 1.2) option is selected. Perform the following recommended steps:

  1. Navigate to Internet Options and then the Advanced tab.

  2. Under the Security section, select the option "Use TLS 1.2".

  3. Click Apply and OK.

If the Gateway's input source contains personal information such as an e-mail address or home address, then this may be passed through into the output EIWM, therefore ensure that it is either filtered out via transformation mappings or that the location and management of the EIWM output file complies with local legislation related to protecting personal information, such as GDPR in EU countries.

Note: If the security recommendations are not suitable for your environment, you must investigate what is the most suitable approach for your environment and apply those practices.

Related Links
TitleResults for “How to create a CRG?”Also Available in