Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Historian

TABLE OF CONTENTS

IDAS security and firewalls

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 04, 2025
  • 2 minute read

  • Remote IDAS uses two-way communication:The remote IDAS requests and receives configuration information from the Historian server.

  • The remote IDAS sends data collected from device interfaces to the Historian server.

IDAS relationship with Historian client and server

AVEVA Historian provides two ways to authorize access:

  • Integrated security. IDAS computers in the same domain as the Historian can be configured with integrated security. Using this model, all users and computers that access Historian data are assigned membership to one of the following user groups:

    • Administrators (aaAdministrators)

    • Power Users (aaPowerUsers)

    • Replication Users (aaReplicationUsers)

    • Users (aaUsers)

  • Workgroup security. IDAS computers outside of the Historian's domain can use username and password as security. This username and password must match a local user on the server node, and must be provided in the format <server node hostname>/<user name>.

    When the IDAS is configured with this type of security, an authentication token and is defined and forwarded to the remote IDAS computer. Each time the remote computer accesses the Historian, it will use the token and the Historian will use it to authenticate the remote computer before allowing access.

The remote IDAS must be able to communicate with the Historian server’s HCAL TCP port (by default, port 32568 for Historian versions 2023 and earlier, or port 32565 for Historian versions 2023 R2 and later).

For remote IDAS versions 2020 R2 and earlier, the Historian must be able to communicate with the remote IDAS using its HCAL TCP port 32568.

For a Classic remote IDAS (from an AVEVA Historian version before 2017), requirements are different. A legacy remote IDAS supports only Windows integrated security. It requires consistent accounts on the Historian server and the remote IDAS:

  • On the remote IDAS, this is configured using the ArchestrA Network User utility.

  • On the Historian server, this is configured by setting the identity of the aahConfigSvc service from the Windows Services Console. The Historian server must also be able to communicate with the Remote IDAS machine using TCP/UDP ports 135 through 139 and 445.

For more information on IDAS file sharing requirements, see IDAS store-and-forward capability.

Related Links
TitleResults for “How to create a CRG?”Also Available in