Build an InTouch Access Anywhere Secure Gateway

InTouch Access Anywhere Secure Gateway is a complementary component of InTouch Access Anywhere server. The Secure Gateway ensures secure access to InTouch ViewApps by acting as a gateway between users in remote locations and AVEVA OMI ViewApps deployed to hosts running in a control network.

Secure Gateway provides the following benefits:

• Access to InTouch applications running on an internal network using a single secure port

• Eliminates the need to purchase, install, configure, and manage a VPN

• Located in a perimeter network, also known as a DMZ, while all other resources reside securely behind an internal firewall

• Provides the ability to install a single SSL digital certificate on the Secure Gateway node instead of requiring a certificate for every host that needs to be accessed

• Compatible with HTML5 client browsers supported by InTouch Access Anywhere

The following diagram shows the recommended architecture of the Secure Gateway in a production environment. The Secure Gateway uses a single port for secured remote access to InTouch applications. All web traffic from an external business network is tunneled through a SSL-based connection of the Secure Gateway placed in a DMZ.

The Authentication server is an optional InTouch Access Anywhere component and is disabled by default. The Authentication Server provides an additional layer of security by authenticating end-users before they can contact the Access Anywhere server. When the Authentication Server is enabled, only domain users will be able to authenticate. Local system users (such as Administrator) will not be able to log on through the Authentication Server.