Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Mobile Operator

TABLE OF CONTENTS

Security Requirements

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 25, 2025
  • 3 minute read

The following are the security requirements that you must consider when working with the AVEVA Mobile Operator applications.

  • For AVEVA Mobile Operator applications, we recommend you to configure either TLS 1.2 or both TLS 1.2 and TLS 1.3 to ensure secure communication.

    Note: TLS 1.3 cannot operate independently.

  • We recommend you to use Force Protocol Encryption on the SQL Server. For more information, see the Microsoft documentation on configuring SQL Server Database Engine for encrypting connections.

  • Important: The following are important security recommendations to remember before using the Mobile Operator App:

    • You must install all the required security updates applicable to the Operating System on which the AVEVA Mobile Operator applications are running to ensure that no vulnerabilities are exploited. We recommend all systems running the Mobile Operator app to be up to date with the latest operating systems and framework patches. For more information on applicable security patches, refer to Microsoft Security Update Guide. The target .NET Framework for AVEVA Mobile Operator applications is .NET Framework 4.8 and .NET 8.0.

    • As a security practice, we recommend that you use a secure authentication setting to unlock the device on which the Mobile Operator app is running. From AVEVA Mobile Operator 2020 R2 SP1 or later, if you unlock your Android device using face authentication, you cannot use the Mobile Operator app .

    • As a security practice, we recommend using Azure AD as the Identity Provider.

  • WARNING: To avoid any security issues when using the Certificate Based Authentication, we recommend you to use Certificate Based Authentication only on dedicated devices. If you are using the Certificate Based Authentication on shared devices, then ensure that you exercise due diligence in managing the certificates.

  • The following services are provided with Mobile Operator application. To run these services, the service user must have at least a 'Modify' permission to the folders of the executable file. However, for some of the services, the service user may require additional permissions that are specified next to the service name in the list.

    • Mobile Operator ArchestrA Update Service [Additional permissions: Access to the ArchestrA Integration Web Service address.]

    • Mobile Operator Data Transformation Service

    • Mobile Operator Historian Online Update Service

    • Mobile Operator Historian On-Premise Update Service

    • Mobile Operator Data Server [Additional permissions: Access to the Data Server address.]

    • Mobile Operator Scheduler Service

    • Mobile Operator Synchronization Service [Additional permissions: Access to Certificate's private key configured in the Synchronization service.]

    • Mobile Operator Sdk Service [Additional permissions: Access to 'HttpBindingAddress [ For example, http://+:9762/SdkService/]' and 'CustomBindingAddress [For example, http://+:9700/SdkService/]'].

      Note: For using the SDK services, it is recommended that you use 'HTTPS'. Make sure that you perform all the steps required for using HTTPS, such as Certificate Binding and providing access to the certificate.

    • Mobile Operator PI System Update Service

  • Antivirus software should be installed on all machines, particularly the server machine from which mobile attachments will be accessed. Ensure that the attachment directory is scanned.

  • We recommend that all the mobile devices are password protected. Ensure that appropriate authentication is required for accessing mobile devices and the resources within. For more info refer NIST publication 'Guidelines for Managing the Security of Mobile Devices in the Enterprise' available at the National Institute of Standards and Technology website.

  • For Windows UWP devices, ensure that the device encryption is enabled by using BitLocker to mitigate the risk of data loss in case of device being stolen or lost. To know more about BitLocker, see the Microsoft documentation.

  • We recommend using the AVEVA Mobile Operator UWP app with only a single user account under a single Windows identity.

  • For Microsoft Entra ID users, the authentication in the mobile app occurs via embedded browser. To make sure that the embedded browser is secure, you must ensure that the Microsoft Edge WebView2 Runtime app and default browsers (WebView app for Android, Microsoft Edge Webview2 Runtime app for UWP, and Safari for iOS) are always up-to-date.

  • For Microsoft Entra ID users, it is important to log out of the mobile app before the end of the shift or when you close the app.

  • The AVEVA Mobile Operator UWP app (version 6.1) redistributes Microsoft.Web.WebView2 (Webview2 SDK). Additionally, AVEVA Mobile Operator UWP app (version 6.1) is bundled with the Platform Common Services (PCS) 8.1.3 software, which redistributes Microsoft.Web.WebView2 (Webview2 SDK). In this release, AVEVA has not disabled the Microsoft Defender SmartScreen for either the AVEVA Mobile Operator UWP app (version 6.1) or PCS 8.1.3. The Microsoft Defender SmartScreen feature collects and transmits user information to Microsoft. For more information, refer to Microsoft documentation.

TitleResults for “How to create a CRG?”Also Available in