Skip to main content
InSource Solutions

TN Insight017 Preparation for Using AVEVA Insight

Description

This article from InSource shows how to prepare your existing systems to begin publishing data to the AVEVA Insight Cloud platform.

  • Author: Chris Selph
  • Published: 8/20/2020
  • Applies to: AVEVA Insight

Introduction

There are many scenarios that apply when getting ready to publish data to Insight from your facility. This article covers the basics in the most encountered scenarios. Doesn't cover your scenario? Give us a call and we will get you going.

Create your Insight Account and Solution

The first step is to create an account and Insight solution. Navigate to https://online.wonderware.com/

Click "Sign Up for Trial" and fill out the required fields. You will receive an email with the info required to login and create your first solution. 

Note that doing this from the PC that will be hosting the Publisher is a good test of network connectivity.

Networking

Internet connectivity is a requirement for at least one of the computers acting as a data source for the Historian Publisher application. 

You will need Port 443 opened in your firewall for outbound HTTP and HTTPS IP traffic. 

Need more information on cyber-security and protecting your data? Check out our security site...

The following endpoints may need to be white listed if you run into issues

Endpoint URLs used by AVEVA Insight Publisher

If you are running AVEVA Insight Publisher behind a firewall or web proxy, you will need to allow outbound connections to these endpoint URLs:

Required endpoints

 

Endpoint URL

Description

·         https://online.wonderware.com (U.S. sign-ins), or

·         https://online.wonderware.eu (Europe sign-ins), or

·         https://online.wonderware.net.au (Australia sign-ins), or

This is the Wonderware Online website URL which contains the API called to run part of the data source creation workflow. It also generates some Historian Publisher screens.

·         https://signin.connect.aveva.com, and

·         https://identity.connect.aveva.com

This is required for user validation at sign-in.

·         https://nch.online.wonderware.com (U.S. sign-ins), or

·         https://nch.online.wonderware.eu: (Europe sign-ins), or

·         https://nch-au.online.wonderware.com (Australia sign-ins)

This is the only endpoint URL used after publishing is done.

·         https://cdn.connect.aveva.com

This is use by the website and Publisher.

 

Optional endpoints

 

Endpoint URL

Description

·         https://www.google-analytics.com

·         https://stats.g.doubleclick.net

·         https://www.google.com

These are all used for Google analytics monitoring.

·         https://fonts.googleapis.com

·         https://fonts.gstatic.com

These are used to download some Google fonts (including Roboto and some NOTO fonts).

 

 

Architectures with a DMZ

 

Download and use DMZ Secure Link

DMZ Secure Link is a forward-proxy component that supports secure architectures like the one illustrated here.

Here, separate control and business networks each have a secure firewall. The two firewalls are separated by a DMZ.

Communication from one network to the other must go through the DMZ via specific software, in this case provided by DMZ Secure Link.

DMZ Secure Link helps you bridge the "no direct communication" policy implied by the DMZ while maintaining security.

DMZ Secure Link permits access only to sites specifically used by Insight and blocks attempts to access other sites.

DMZ Secure Link runs on a computer that is separate from the one running AVEVA Publisher and the one accessing AVEVA Insight. DMZ Secure link must be on the computer acting as the bridge for either the publisher or Insight computer to the internet. For example, in the diagram on the right, the center DMZ computer would run DMZ Secure Link.

DMZ Secure Link requires Windows 7 SP1 32-bit or newer.

To download and install DMZ Secure Link

Download Link

Follow the prompts to install it.

Note: Multiple instances can be chained together if needed -- for example, if there are DMZs, or as an alternative to the general web proxy at the top of the diagram.

1.jpg

To configure DMZ Secure Link

1.       Run DMZ Secure Link.

2.       On the Incoming Connections page, specify the IP address and port that can be used by AVEVA Publisher.

This port, located on the DMZ Secure Link computer, is used to listen to internet traffic. AVEVA Publisher sends its internet communications to this port. DMZ Secure Link receives internet communication through this port and sends outbound communications through port 443.

If your computer is configured with multiple local IP addresses, you can chose to "Accept connections from all local addresses" or just a specific one.

<image009.gif>

3.       Follow the on-screen prompts to complete your configuration.

To configure internet settings for Publisher

1.       On the computer you use to run Insight Publisher, open the Windows Control Panel.

2.       Select Internet Options.

3.       Select the Connections tab, and then select LAN Settings.

4.       Type the IP address and port number for the computer running DMZ Secure Link.

Now you can use Insight Publisher to publish your data to Insight.

Data Source Identification

There can be a wide variety of data sources that can be published to the Insight platform. Here are some examples.

2.png

 

InTouch

Publishing from InTouch apps requires that you have an InTouch application that has tags identified for Publishing by enabling the "Log Data" checkbox in the tagname dictionary. Each InTouch PC runtime will need to have internet connectivity.  More Information...

On Premise Historian

Create a list of tags that you want to publish. These tags will be selected for publishing when configuring the Replication Server to the Insight cloud historian. More information...

Publishing via DA Server | OI Server | OPC Server

Data can be published from control systems directly as long as you have the appropriate driver. A tag definition file must be created so the Historian Publisher knows the names of tags, the driver name, the controller item name etc. More information...

Custom applications and file based publishing

There are several ways to upload data in "batches" in formats like CSV and JSON as well as using the Insight API. More information...

User Identification

Identify a list of users you will grant access to the system including whether they will have Administrator access.

Tag Aliases

Tags will be named exactly as they are in InTouch, historian etc and will have a datasource prefix. You can assign user friendly aliases to your tags to make search and identification easier using the Insight Tagname Dictionary.

Tag Location

Tags can be grouped in a hierarchy like Plant1/Area1/Mahine1. Create this list and assign these in the Insight Tagname Dictionary. More information...

Access to tags by a user can be controlled via location. More information...