Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Historian

TABLE OF CONTENTS

IDAS Security and Firewalls

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedAug 17, 2022
  • 2 minute read

Remote IDAS uses two-way communication:

  • The remote IDAS requests and receives configuration information from the Historian server.

  • The remote IDAS sends data collected from device interfaces to the Historian server.

    IDAS relationship with Historian client and server

AVEVA Historian provides two ways to authorize access:

  • Integrated security. IDAS computers in the same domain as the historian can be configured with integrated security. Using this model, all users and computers that access historian data are assigned membership to one of three user groups:

    • Administrators (aaAdministrators)

    • Power Users (aaPowerUsers)

    • Users (aaUsers)

  • Workgroup security. IDAS computers outside of the historian's domain can use username and password as security. This username and password must match a local user on the remote IDAS computer.

    When the IDAS is configured with this type of security, an authentication token and is defined and forwarded to the remote IDAS computer. Each time the remote computer accesses the historian, it will use the token and the historian will use it to authenticate the remote computer before allowing access.

The Historian server must be able to communicate with the remote IDAS using its HCAL TCP port (by default, port 32568). The Remote IDAS must be able to communicate with the Historian server’s HCAL TCP port (by default, port 32568).

For a Classic remote IDAS (from an AVEVA Historian version before 2017), requirements are different. A legacy remote IDAS supports only Windows integrated security. It requires consistent accounts on the Historian server and the remote IDAS:

  • On the remote IDAS, this is configured using the ArchestrA Network User utility.

  • On the Historian server, this is configured by setting the identity of the aahConfigSvc service from the Windows Services Console. The Historian server must also be able to communicate with the Remote IDAS machine using TCP/UDP ports 135 through 139 and 445.

For more information on IDAS file sharing requirements, see IDAS Store-and-Forward Capability.

Related Links
TitleResults for “How to create a CRG?”Also Available in