Overview

Plant SCADA Access Anywhere provides remote access to Plant SCADA clients using any HTML5 web browser running on a desktop computer or a mobile device.

Any browser that supports an HTML5 canvas can be used as the client to view Plant SCADA. HTML5 WebSockets are typically required for Plant SCADA Access Anywhere.

Architecture

The following diagram illustrates how the different components of Plant SCADA Access Anywhere work together:

Note: Any Plant SCADA Access Anywhere Server browser sessions that originate from a location beyond the SCADA network will connect through the optional Plant SCADA Access Anywhere Secure Gateway. If the client is on the SCADA network, it can connect directly to the Plant SCADA Access Anywhere Server or via the Secure Gateway.

For more information about the Access Anywhere Secure Gateway, refer to the Access Anywhere Secure Gateway Installation and Configuration Guide.

Important: Using the Secure Gateway to connect to your SCADA system from an external network may expose your SCADA system to unauthorized access. It is recommended that you use the Secure Gateway in conjunction with other measures to help protect your system.

This is the recommended architecture to remotely access Plant SCADA clients running on an HMI/SCADA network from an untrusted business network.

• The Plant SCADA Access Anywhere Server (WebSocket Server) is installed on the same RDP host where the AVEVA Plant SCADA client runs. The server includes a collection of web resources (HTML files, CSS, JavaScript, images, etc.).

• The Plant SCADA Access Anywhere Secure Gateway is an optional server installed separately on a computer in a DMZ to access Plant SCADA behind a firewall.

• The Plant SCADA Access Anywhere Authentication Server performs authentication services for Plant SCADA Access Anywhere. It is recommended that the Authentication Server be installed separately to the Secure Gateway within the SCADA network.