Last revision: 11/16/2022
This Readme provides information about AVEVA InTouch Access Anywhere 2023b, Version 23.0.100.
Security Updates
This release includes security improvements and upgradation of out of date libraries.
AVEVA™ InTouch Access Anywhere provides remote access to InTouch applications with an HTML5 Web browser running on a desktop computer or a mobile device. Any Web browser that supports HTML5 can be used as the client to view InTouch applications running on a remote desktop server. InTouch Access Anywhere enables you to select an InTouch application from a list and view it running in WindowViewer.
The InTouch Access Anywhere installation media provides the following:
This section summarizes InTouch Access Anywhere installation requirements, supported browsers, and considerations for viewing InTouch applications on mobile devices. For more detailed information, see the InTouch Access Anywhere Documentation
The following list describes the prerequisites to install the InTouch Access Anywhere Server or Secure Gateway.
For the complete list of supported Windows operating systems and SQL Server versions, see the AVEVA GCS Technology Matrix.
Important: All existing instances of InTouch Access Anywhere components must be removed from the computer before installing System Platform 2023. Earlier versions of InTouch Access Anywhere Servers cannot be modified or repaired using System Platform 2023.
Note: If you are installing InTouch Access Anywhere from System Platform 2023, the installer verifies the current, installed versions of .NET on the computer. When only earlier versions of .NET are detected, the installer automatically updates the computer to .NET 4.8.
Per-Device RDS licenses are not supported.
Important Security Requirement: Securely Deploying InTouch Access Anywhere
Direct access to the InTouch Access Anywhere Secure Gateway over the Internet is not supported. Accessing the Secure Gateway by means of a VPN tunnel for all remote connections is recommended.
InTouch Access Anywhere can be accessed from smart phones, tablets, and laptop computers that provide an HTML5-compliant web browser.
Browsers Tested with InTouch Access Anywhere
Browsers verified to work with InTouch Access Anywhere include the following:
Important: Only the browser versions listed above have been tested on the specified hardware platforms (PCs, tablets and Smart Phones). No testing has been done on HTML5 browsers running on other devices not included in the list shown above (SmartTVs, eBook Readers, or game consoles).
Functionally Compatible Browsers
Certain versions of the browsers listed above, such as:
are in theory functionally compatible with InTouch Access Anywhere. While you may be able to use these versions of the web browsers with InTouch Access Anywhere, specific behaviors are unknown because no formal testing has been conducted.
Browsers: Important Notes
Although InTouch Access Anywhere supports the listed browsers, you should review the Known Issues and Behaviors section of this Readme for issues specific to each browser.
Run-time interactions with InTouch applications can be different on mobile devices than on traditional desktop computers. For example:
When using InTouch Access Anywhere to remotely view and interact with your applications, it is important to be aware of the behavioral differences among devices, operating systems, and browsers. For the best user experience, you should become familiar with the touch interfaces in the devices you will use, and factor these differences into the design of your InTouch applications. For example:
Use the following procedures to install InTouch Access Anywhere.
If you are upgrading to a newer version of InTouch Access Anywhere Server, complete the following tasks before starting the upgrade:
To install InTouch Access Anywhere Server
Refer to the InTouch Access Anywhere Secure Gateway Administrator Manual for detailed instructions on installing InTouch Access Anywhere Secure Gateway.
Important: If you are upgrading to a newer version of InTouch Access Anywhere Secure Gateway, note any manual changes that have been made to the EricomSecureGateway.exe.Config file. These changes will need to be applied across two (2) separate configuration files after installing the new version: EricomSecureGateway.Config and EricomSecureGateway.exe.Config. Review the InTouch Access Anywhere Secure Gateway Administrator Manual for details about which configuration items reside in each configuration file.
See the InTouch Access Anywhere Secure Gateway Administrator Manual for detailed information about installing a Secure Gateway.
Secure Gateway: Important Notes
The InTouch Access Anywhere Secure Gateway does not provide two factor authentication. This can be a security concern when you directly access the InTouch Access Anywhere Server through the Internet. InTouch Access Anywhere Secure Gateway security is not designed to be directly connected to the internet. We recommend that you use a VPN as the first level of authentication when accessing the InTouch Access Anywhere Server through the Secure Gateway.
To access InTouch applications beyond a firewall you must install the Secure Gateway on a separate computer located in a DMZ.
After installing the InTouch Access Anywhere Secure Gateway, your InTouch applications will not be available in the Application Name: list box when running InTouch Access Anywhere through the gateway. To access a list of your applications, see the Secure Gateway post-installation instructions in the InTouch Access Anywhere Secure Gateway Administrator Manual.
InTouch Access Anywhere Secure Gateway is now configured to be secured by default and requires further configuration after the product is installed. You can also configure the security settings back to the same levels as in previous releases (not recommended).
The security settings are described in InTouch Access Anywhere Secure Gateway Administrator Manual (ITAA_Gateway_AdminManual.pdf), in the following sections:
TargetHostWhitelistAllowedIPv4Addresses and certificate trust must be configured before using the InTouch Access Anywhere Secure Gateway. If you do not configure TargetHostWhitelistAllowedIPv4Addresses with the white listed systems, connections to the InTouch Access Anywhere Server through the InTouch Access Anywhere Secure Gateway will fail. You will get the following error message:
"Gateway: Target Host access is not allowed for address <IP Address>."
If you do not configure the certificate trust, you will be prompted with a certificate error if the Access Anywhere Server's certificate is not recognized on the Gateway node.
InTouch Access Anywhere product documentation is provided as a set of Portable Document Files (PDF), which are located at the root of the installation media.
| InTouch Access Anywhere Product Documentation Name | File Name | 
| InTouch Access Anywhere User Guide | ITAA_UserManual.pdf | 
| InTouch Access Anywhere Server Administrator Manual | ITAA_Server_AdminManual.pdf | 
| InTouch Access Anywhere Secure Gateway Administrator Manual | ITAA_Gateway_AdminManual.pdf | 
You need Adobe Acrobat Reader DC installed on your computer to view InTouch documentation. You can download the latest version of Adobe Reader from the Adobe Corporation web site: https://get2.adobe.com/reader/.
After installing Adobe Acrobat Reader DC, double-click a PDF file with your pointing device to view the book with Adobe Reader. You can also open a PDF with the Adobe Reader Open command from the File menu.
| © 2022 AVEVA Group plc and its subsidiaries. All rights reserved. | Contact Us |