TN Insight017 Preparation for Using AVEVA Insight
Description
This article from InSource shows how to prepare your existing systems to begin publishing data to the AVEVA Insight Cloud platform.
- Author: Chris Selph
- Published: 8/20/2020
- Applies to: AVEVA Insight
Introduction
There are many scenarios that apply when getting ready to publish data to Insight from your facility. This article covers the basics in the most encountered scenarios. Doesn't cover your scenario? Give us a call and we will get you going.
Create your Insight Account and Solution
The first step is to create an account and Insight solution. Navigate to https://online.wonderware.com/
Click "Sign Up for Trial" and fill out the required fields. You will receive an email with the info required to login and create your first solution.
Note that doing this from the PC that will be hosting the Publisher is a good test of network connectivity.
Networking
Internet connectivity is a requirement for at least one of the computers acting as a data source for the Historian Publisher application.
You will need Port 443 opened in your firewall for outbound HTTP and HTTPS IP traffic.
Need more information on cyber-security and protecting your data? Check out our security site...
The following endpoints may need to be white listed if you run into issues
Endpoint URLs used by AVEVA Insight Publisher
If you are running AVEVA Insight Publisher behind a firewall or web proxy, you will need to allow outbound connections to these endpoint URLs:
Required endpoints
Endpoint URL |
Description |
· https://online.wonderware.com (U.S. sign-ins), or · https://online.wonderware.eu (Europe sign-ins), or · https://online.wonderware.net.au (Australia sign-ins), or |
This is the Wonderware Online website URL which contains the API called to run part of the data source creation workflow. It also generates some Historian Publisher screens. |
This is required for user validation at sign-in. |
|
· https://nch.online.wonderware.com (U.S. sign-ins), or · https://nch.online.wonderware.eu: (Europe sign-ins), or · https://nch-au.online.wonderware.com (Australia sign-ins) |
This is the only endpoint URL used after publishing is done. |
This is use by the website and Publisher. |
Optional endpoints
Endpoint URL |
Description |
· https://www.google-analytics.com |
These are all used for Google analytics monitoring. |
These are used to download some Google fonts (including Roboto and some NOTO fonts). |
Architectures with a DMZ
Download and use DMZ Secure Link
DMZ Secure Link is a forward-proxy component that supports secure architectures like the one illustrated here.
Here, separate control and business networks each have a secure firewall. The two firewalls are separated by a DMZ. Communication from one network to the other must go through the DMZ via specific software, in this case provided by DMZ Secure Link. DMZ Secure Link helps you bridge the "no direct communication" policy implied by the DMZ while maintaining security. DMZ Secure Link permits access only to sites specifically used by Insight and blocks attempts to access other sites. DMZ Secure Link runs on a computer that is separate from the one running AVEVA Publisher and the one accessing AVEVA Insight. DMZ Secure link must be on the computer acting as the bridge for either the publisher or Insight computer to the internet. For example, in the diagram on the right, the center DMZ computer would run DMZ Secure Link. DMZ Secure Link requires Windows 7 SP1 32-bit or newer. To download and install DMZ Secure Link Follow the prompts to install it. Note: Multiple instances can be chained together if needed -- for example, if there are DMZs, or as an alternative to the general web proxy at the top of the diagram. |
To configure DMZ Secure Link
1. Run DMZ Secure Link.
2. On the Incoming Connections page, specify the IP address and port that can be used by AVEVA Publisher.
This port, located on the DMZ Secure Link computer, is used to listen to internet traffic. AVEVA Publisher sends its internet communications to this port. DMZ Secure Link receives internet communication through this port and sends outbound communications through port 443.
If your computer is configured with multiple local IP addresses, you can chose to "Accept connections from all local addresses" or just a specific one.
<image009.gif>
3. Follow the on-screen prompts to complete your configuration.
To configure internet settings for Publisher
1. On the computer you use to run Insight Publisher, open the Windows Control Panel.
2. Select Internet Options.
3. Select the Connections tab, and then select LAN Settings.
4. Type the IP address and port number for the computer running DMZ Secure Link.
Now you can use Insight Publisher to publish your data to Insight.
Data Source Identification
There can be a wide variety of data sources that can be published to the Insight platform. Here are some examples.
InTouch
Publishing from InTouch apps requires that you have an InTouch application that has tags identified for Publishing by enabling the "Log Data" checkbox in the tagname dictionary. Each InTouch PC runtime will need to have internet connectivity. More Information...
On Premise Historian
Create a list of tags that you want to publish. These tags will be selected for publishing when configuring the Replication Server to the Insight cloud historian. More information...
Publishing via DA Server | OI Server | OPC Server
Data can be published from control systems directly as long as you have the appropriate driver. A tag definition file must be created so the Historian Publisher knows the names of tags, the driver name, the controller item name etc. More information...
Custom applications and file based publishing
There are several ways to upload data in "batches" in formats like CSV and JSON as well as using the Insight API. More information...
User Identification
Identify a list of users you will grant access to the system including whether they will have Administrator access.
Tag Aliases
Tags will be named exactly as they are in InTouch, historian etc and will have a datasource prefix. You can assign user friendly aliases to your tags to make search and identification easier using the Insight Tagname Dictionary.
Tag Location
Tags can be grouped in a hierarchy like Plant1/Area1/Mahine1. Create this list and assign these in the Insight Tagname Dictionary. More information...
Access to tags by a user can be controlled via location. More information...