Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Gateway for SmartPlant 3D

TABLE OF CONTENTS

Security Guidelines

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 17, 2025
  • 2 minute read

The Gateway processes and converts data from multiple data sources into a compatible file format, which is loaded into AIM. It therefore needs to read data from servers and write the transformed data into files and folders, for which the following security best practices are recommended:

  • Use the principle of least privilege:

    • Grant the user account that is used to run the Gateway only read access. Grant write or update access only to the specific files and folders it needs to modify. For example, within a project folder, you can grant:

      • Read-only access to Input folder

      • Write access to Log folder

      • Modify access to Output folder, Configuration/Mappings folder and Project file.

    • Restrict the database user account with the read-only access to the databases (or the selected tables/views) from which information needs to be read as lookup entries during transformation. It is required to avoid accidental addition, change or deletion of sensitive data.

    • In AWS, restrict a user's access to only those AWS resources required by their IAMrole. For example, as the Gateway uses only S3 buckets, you can restrict the IAMrole to access only S3 bucket. You can also define a bucket policy to restrict access to an S3 bucket.

  • If the Gateway is configured to read data from an Oracle or an SQL Server database, for example, in a lookup, then to secure the data which is in transit, you can configure an SSL-encrypted connection between the Gateway and the database.

  • You do not need to adjust your Firewall settings or User Account Control settings when you install or use the Gateway.

    Notes:

  • If the security recommendations are not suitable for your environment, you must investigate what is the most suitable approach for your environment and apply those practices.

  • If AVEVA Cloud Storage (ACS) is used for output file locations, then ensure that the Transport Layer Security (TLS 1.2) option is selected. Perform the following recommended steps:

    1. Navigate to Internet Options and then Advanced tab.

    2. Under Security section, select the option "Use TLS 1.2".

    3. Click Apply, and then OK.

  • If your data needs to comply with local legislation related to protecting personal information, such as GDPR in EU countries, then be aware of any personal information such as e-mail or home addresses that may be in the input source. Either filter them out via transformation mappings or ensure the location and management of the EIWM output file comply with local legislation.

Related Links
TitleResults for “How to create a CRG?”Also Available in