Wonderware InTouch Access

Anywhere Server Administrator Manual

© 2017 Schneider Electric Software, LLC. All rights reserved.
No part of this documentation shall be reproduced, stored in a ret rieval system, or transmitted by any
means, electronic, mechanical, photocopying, rec ording, or otherwise, without the prior written
permission of Schneider Electric Soft ware, LLC. No liability is assumed with respect to the use of the
information contained herein.
Although precaution has been taken in the preparation of this documentation, Schneider Electric
Software, LLC assumes no responsibility for errors or omissions. The information in this documentation
is subject to change without notice and does not represent a commitment on the part of Schneider
Electric Software, LLC. The software described in this documentation is furnished under a license
agreement. This software may be used or copied only in accordance wit h the terms of such license
agreement.
ArchestrA, A vantis, DYNS IM, eDNA, EYESIM, Foxboro, Foxboro E vo, I/A S eries, InBatch, InduS oft,
InStep, IntelaTrac, InTouch, PIPEPHASE, PRiSM, PRO/ II, PROVIS ION, ROMeo, Schneider Electric,
SIM4ME, SimCentral, SimSci, Skelta, SmartGlance, Spiral Soft ware, VIS UAL FLA RE, WindowMaker,
WindowViewer, and Wonderware are trademarks of Schneider Electric SE, its subsidiaries, and
affiliated companies. An extensive listing of Schneider Electric Soft ware, LLC trademarks can be found
at: http://software.schneider-electric.com/legal/trademarks/. All other brands may be trademarks of
their respective owners.
Schneider Electric Soft ware, LLC
26561 Rancho Park way South
Lake Forest, CA 92630 U.S.A.
(949) 727-3200
http://software.schneider-electric.com/
Publication date: 3/21/2017
Contact Us
Contact Schneider Electric Software Technical Support
Avanti s Technical Support
Listing of regional and local country contacts: http://software.schneider -electric.com/support/avantis/
Technical support: http://softwares upport.schneider-electric.com/
For A vantis.PRO, A vantis Approvals, Avantis.DSS, and Condition Manager:
 Email: support.pro@avantis.net
 Phone (8:30 a.m. to 5:00 p.m. Monday to Friday, Eastern Time):
o Toll-Free U.S. and Canada: 1-888-262-7111
o Toll-Free EMEA: 1-800-4670-6466
o Direct dial: 1-905-632-0635
For A vantis. XA:
 Email: support.xa@avantis.net
 Phone (8:30 a.m. to 5:00 p.m. Monday to Friday, Eastern Time):
o Toll-Free U.S. and Canada: 1-800-991-8000
o Toll-Free EMEA: 1-800-4670-6466
o Direct dial: 1-905-632-4122
SimSci Technical Support
Listing of regional and local country contacts: http://software.schneider -electric.com/support/simsci/
Technical support: http://softwares upport.schneider-electric.com/
 Email U.S. and Canada: support.simsci@schneider-electric.com
 Phone (USA 8:00 a.m. to 5:00 p.m. Central Time)
o Toll-Free U.S. and Canada: 1-800-746-7241
Skelta Technical Support
 Email: skelta.support@schneider-electric.com
 Phone:
o U.S.: 1-678-306-4110 Option 3
o India: 91-80-4060-2600 Option 3
Wonderware Technical Support
Listing of regional and local country contacts: https://www.wonderware.com/contact/contact -support/
Technical support: http://softwaresupport.schneider-electric.com/
 Priority email for Customer FIRS T Members: custfirstsupport @wonderware.com
 Email for customers without a support agreement: wwsupport@wonderware.com
 Phone
o Toll-Free North America and Latin Americ a: 1-800-966-3371
o Direct dial: 1-949-639-8500
InStep Technical Support
Cont act page: http://www.instepsoftware.com/contact-us
Technical support: https://support.instepsoft ware.com/
 Email: instepsupport@schneider-electric.com
 Phone (USA 8:00 a.m. to 5:00 p.m. Central Time)
o 1-312-894-7870
Schneider Electric – Smart Water Software Technical Support
 Help desk email: DK-HSO-Support@schneider-electric.com
 Help desk telephone hotline: +45 88 30 20 77 (09:00 to 16:00 Monday to Thurs day, Friday 09:00 to
15:00, Central European Time)
Contact Schneider Electric Software Learning Services
Cont act Software Learning Services for assistance regarding classes, schedule, offerings, frequently
asked questions, tuition, policies, and more.
 Email: software.training@schneider-electric.com
 Toll-Free U.S. and Canada: 1-866-998-7246
 Direct: 1-949-639-8508
 Fax: 1-949-639-1847
 Wonderware InTouch Access Anywhere Server Administrator Manual

Contents
Welcome .................................................................................................................................... 7
Documentation Conventions ...................................................................................................... 7
Technical Support ..................................................................................................................... 7

Chapter 1 Overview ............................................................................................................... 9

Architecture .............................................................................................................................. 9
RDP Compression and Acceleration ........................................................................................ 10
Licensing ................................................................................................................................ 10

Chapter 2 Installation and Configuration.......................................................................... 11

Pre-Installation Requirements .................................................................................................. 11
Adding WindowViewer to the RemoteApp List ..................................................................... 12
In Windows Server 2008 R2 ......................................................................................... 12
In Windows Server 2012 / Server 2012 R2 and Server 2016 .......................................... 13
Scaling Applications for Different Devices (Recommended) ................................................. 15
Bind Service to All Network Interfaces ................................................................................ 17
Verifying the Current Network Interfac e Configuration .................................................... 17
Post-Installation Checklist........................................................................................................ 17
Configuring a Firewall Port Exception ................................................................................. 17
Using the Command Prompt ........................................................................................ 17
Using the Windows GUI ............................................................................................... 18
Configuring a Firewall Program Exception ........................................................................... 18
In Windows Server 2008 R2............................................................................................... 18
In Windows Server 2012 / 2012 R2 and 2016 ...................................................................... 19
Getting Started Quickly............................................................................................................ 19
Configuring InTouch Access Anywhere Server .......................................................................... 21
Installation ........................................................................................................................ 21
Using the Server Configuration Console ............................................................................. 22
General....................................................................................................................... 22
Performance ............................................................................................................... 22
Communication ........................................................................................................... 23
Acceleration ................................................................................................................ 23
Security ...................................................................................................................... 23
Logging....................................................................................................................... 23
Advanced (For A dministrator Use Only) ........................................................................ 24
Uninstalling InTouch Access Anywhere Server .................................................................... 24
Updating InTouch Access Anywhere Server ........................................................................ 24
InTouch Access Anywhere Web Component ............................................................................ 24
Installation with InTouch Access Anywhere Server .............................................................. 24
Modifying the InTouch Access Anywhere Interface .............................................................. 25
Modifying the Name of the Connection ............................................................................... 25

5
Wonderware InTouch Access Anywhere Server Administrator Manual Contents

Secure Connections ................................................................................................................ 25

Secured WebSocket Communication to Remote Desktops .................................................. 26
Secured WebSocket Connection Using InTouc h Access Anywhere Secure Gateway ............ 27
Benefit of Using a Trusted Certificate .................................................................................. 27

Chapter 3 Configuring Mobile and Special Devices ....................................................... 29

Supported Browsers ................................................................................................................ 29
Using Gestures on Client Portable Devices ............................................................................... 30
Google Chromebooks ........................................................................................................ 30
Chromebook Keyboard ...................................................................................................... 30
Tablets and Smartphones .................................................................................................. 31
HTTPS Mode.......................................................................................................................... 32

Chapter 4 Advanced Configuration ................................................................................... 33

Modifying the InTouch Access Anywhere Interface .................................................................... 33
Static Configuration of the Config.js File ................................................................................... 33
Define Configuration Groups .................................................................................................... 36
Settings Precedence ............................................................................................................... 36
Passing Credentials Using Form POS T .................................................................................... 37
Embedding InTouch Access Anywhere in an iframe .................................................................. 37
Hiding InTouch Applications from InTouch Access Anywhere ..................................................... 38

Chapter 5 Known Limitations ............................................................................................. 39

Networking Limitations ............................................................................................................ 39
Browser Limitations ................................................................................................................. 39
Navigational Limitations ........................................................................................................... 40

6
 Wonderware InTouch Access Anywhere Server Administrator Manual

Welcome
® ®
Use Wonderware InTouch Access Anywhere™ to access InTouch applications hosted on Remote
Desktop Servers with HTML5-compatible web browsers. Follow the instructions in this book to begin
using InTouch Access Anywhere.
This manual assumes knowledge of the following:
 Wonderware InTouc h
 Enabling and configuring Remote Desktop Services (RDS ) on Windows operating systems
 Firewall configuration
 Web server administration
Important terminology used in this book includes the following:
 RDP - Remote Desktop Protocol. A remot e display protocol developed by Microsoft. RDP is a
standard component of Microsoft Windows.
 RDP Host - a Windows system that can be remotely accessed using Microsoft RDP, such as a
Remote Desktop Server (RDS Session Host) or Windows workstation with remot e access enabled.
 RDS - Remote Desktop Servic es, which includes the Remote Desktop Protocol (RDP).
 HTML5 - a new update to the HTML specification. Extends HTML with new feat ures and
functionality for communication, display, etc.
 WebSocket - a bi-directional, full -duplex communication mechanism introduced in the HTML5
specification.
 SSL - Secure Sockets Layer. A cryptographic protocol that provides communications security over
the Int ernet.

Documentation Conventions
This documentation uses the following conventions:

Convention Used for

Initial Capitals Paths and file names.

Bold Menus, commands, dialog box names, and dialog box

options.

Monospace Code samples and display text.

Technical Support
Wonderware Technical Support offers a variety of support options to answer any questions on
Wonderware products and their implementation.

7
Wonderware InTouch Access Anywhere Server Administrator Manual Welcome

Before you contact Technical Support, refer to the relevant section(s) in this documentation for a
possible solution to the problem. If you need to contact technical support for help, have the following
information ready:
 The type and version of the operating system you are using.
 The type and version of browser you are using.
 Details of how to recreate the problem.
 The exact wording of the error messages you saw.
 Any relevant output listing from the Log Viewer or any other diagnostic applications.
 Details of what you did to try to solve the problem(s) and your results.
 The Wonderware Technical Support case number assigned to your problem if this is an ongoing
problem.

8
 Wonderware InTouch Access Anywhere Server Administrator Manual

C HAPTER 1
Overview
In This Chapter
Architecture .................................................................................................................................... 9
RDP Compression and Acceleration .............................................................................................. 10
Licensing...................................................................................................................................... 10

Architecture
The following diagram illustrates how the different components of InTouch Access Anywhere work
together:

 The InTouch Access Anywhere Server (WebS ocket server) is installed on the same Remote
Desktop Services host where InTouch WindowViewer runs applications. The server includes a
collection of web resources (HTML files, CSS, JavaScript, images, etc.).
 The Authentication Server is installed on the safe side of the firewall and authenticates InTouch
Access Anywhere users before granting them access to InTouch applications.
 The InTouch Access Anywhere Secure Gateway is an optional server ins talled separately on a
computer in a DMZ to access InTouch applications protected by a firewall.

Tip: You may use a VPN connection instead of InTouch Access Anywhere Secure Gateway.

This is the recommended archit ecture to remotely access InTouch applications running on an HMI
SCADA network from an untrusted business network.

9
Wonderware InTouch Access Anywhere Server Administrator Manual Overview

1. Initiate a connection from the client device by directing the browser to the InTouch Access
Anywhere start page hosted on the web server (http://<machinename>:8080/). The Start.html page
is displayed in the web browser using HTTP/HTTPS.
2. The browser opens a WebSocket connection to the InTouch Access Anywhere Server, which is
running on the RDS host itself.

Note: If the optional InTouch Access Anywhere Secure Gateway is installed, an InTouch Access
Anywhere Server browser session will connect through it.

3. The InTouch Access Anywhere Server translates the WebSocket communication to and from RDP,
thus establishing a connection from the browser to the RDS host itself.
4. The browser then displays the content of the remote InTouch application.

RDP Compression and Acceleration

InTouch Access Anywhere provides RDP compression and accele ration technology to improve remote
client performance over a network. There are three main features of RDP technology:
 Image compression
Images are compressed before transmitting them to a browser for rendering. The level of
compression is dependent on the selected acceleration/quality option (a default value can be
configured by the administrator).
 Packet shaping
Packet shaping is a comput er network traffic management technique that delays some or all
datagrams to reduce lat ency and increase usable network bandwidth.
 Whole frame rendering
Whole frame rendering updates the display as a whole rat her than in blocks, as performed by
standard RDP. The benefit of whole frame rendering is especially noticeable when watching video
over slow network connections. Coupled with the other optimization features, whole frame
rendering results in a smoother video display on a browser.

Licensing
InTouch Access Anywhere is licensed for use only with InTouch WindowViewer running under an
activated InTouch 2012 R2 TSE (RDS) or newer license.
When InTouch is launched by InTouch Access Anywhere, this RDS license will be consumed per
browser session. It will be released when InTouch is closed by InTouch Access Anywhere.
Per device licenses are not supported.

10
 Wonderware InTouch Access Anywhere Server Administrator Manual

C HAPTER 2
Installation and Configuration
This chapter describes how to install and configure InTouch Access Anywhere Server. It includes
requirements that need to be met for InTouch Access Anywhere to be functional, prerequisites for
installation, and detailed information about the installation and configuration procedures.

In This Chapter
Pre-Installation Requirements ........................................................................................................ 11
Post-Installation Checklist ............................................................................................................. 17
Getting Started Quickly ................................................................................................................. 19
Configuring InTouch Access Anywhere Server ............................................................................... 21
InTouch Access Anywhere Web Component .................................................................................. 24
Secure Connections ...................................................................................................................... 25

Pre-Installation Requirements
Before installing the InTouch Access Anywhere server, verify the following requirements have been
met:
 The computer that will host the InTouc h Access Anywhere server must be running a 64 -bit version
of Windows Server support ed by InTouch 10.6 or newer.

Note: Embedded operating systems are not supported by InTouch Access Anywhere Server.

 The InTouch Access Anywhere server must be installed on the same computer that hosts InTouch
WindowViewer.
 The InTouch Access Anywhere server and the Secure Gateway must be installed on separate
computers.
 Remote Desktop Servic es must be configured on the host computer.

Important: InTouch Access Anywhere leverages RDP and translates RDP to WebS ockets. RDS
access must be enabled on the comput er hosting InTouch Access Anywhere.

 The host computer’s firewall is configured to permit inbound and outbound network traffic on port
8080.
 On host comput ers running Windows Server 2008 or 2012, the InTouch WindowViewer executable
file (view.exe) must be added to the host computer’s RemoteApp list and configured to support
command-line arguments.
 The corresponding TSE (RDS ) Concurrent license is activat ed on the host comput er.
 If upgrading to a newer version of InTouch Access Anywhere, first back up any custom
components of the existing installation, then uninstall the existing version before installing the new
version.

11
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

Adding WindowViewer to the RemoteApp List

In order to make WindowViewer accessible remotely, you must first add it to a list of RemoteA pps.
Follow the directions in the section that corresponds to the Microsoft Server OS you use to run InTouch
and host InTouch Access Anywhere.

In Windows Server 2008 R2

To install the prerequisites
1. Open the Server Manager.
2. Click the Features listing in the left pane. The Features page appears.
3. Click Add Features. The Add Features Wizard opens to the Select Features page.
4. Under Remote Server Administration Tool s, expand the Role Admini stration Tool s feature
category, and the Remote De sktop Service s Tool s feature category beneath it.
5. Select the following options:
o Remote Desktop Se ssion Host Tool s
o Remote Desktop Gateway Tools
o Remote Desktop Licensing Tool s
6. Click Next until the Confirmation page appears.
7. Click Install, and proceed as instructed to complete installation of the prerequisites.
To configure the Roles
1. In the Server Manager, click the Roles feature in the left pane. The Role s page appears.
2. Click Add Role s. The Add Role s Wizard opens to the Server Roles page.
3. Select the Remote Desktop Service s option and click Next. The Role Services page appears.
4. Select the following options:
o Remote Desktop Se ssion Host
o Remote Desktop Licensing
5. Click Next until you reach the Licensing Mode page.
6. Select the Per User option.
7. Click Next until the Confirmation page appears.
8. Click Install, and proceed as instructed to complete configuration of Roles.
To create and assign Users
1. In the Server Manager, expand the Configuration listing in the left pane, and then expand the
Local Users and Groups listing beneath it.
2. Click Users under Local Users and Groups. The Users page appears.
3. Right -click an empty space in the Users page, and then select New User.
4. Create users as needed and click Create.
5. Click Groups under Local Users and Groups. The Groups page appears.
6. Ensure that the users and groups you create are added to the Remote De sktop Users group.

12
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

To add view.exe to the RemoteApp List

1. Open the RemoteA pp Manager by clicking Start, pointing to Admini strative Tools, pointing to
Remote Desktop Service s, and then clicking RemoteApp Manager.
2. Click Add RemoteApp Program s in the Actions pane, or right-click in the RemoteApp
Programs section and select Add RemoteApp Program s. The Welcome to the Remote App
Wizard page appears.
3. Click Next. The Choose program s to add to the RemoteApp Program s li st page appears.
4. Add WindowViewer to the RemoteApp list by checking its box.

Note: If WindowViewer is not present in the list, click Browse..., navigate to view.exe, and select
view.exe.

5. Right -click the WindowViewer listing in the RemoteApp Programs section and select Properties.
The RemoteApp Properties window appears.
6. On the RemoteApp Properties window Properties tab, select the Allow any command-line
arguments option.
7. On the RemoteApp Properties window, select the User Assignment tab, and a warning appears.
Click Yes to dismiss the warning.
8. Select the All authenticated domain users option and click OK to dismiss the RemoteApp
Properties window.
9. Click OK, and then click Next to proceed through the wizard to the Review Settings page.
10. Click Finish to complet e configuration. View.exe now appears in the RemoteApp Programs list.

In Windows Server 2012 / Server 2012 R2 and Server 2016

Important: This configuration requires Active Directory (2008 R2 or newer), and the server configured
as follows must be joined to the AD domain.

To install the prerequisites

1. Open the Server Manager to the Dashboard.
2. In the Manage menu at the top right, select Add Role s and Features. The Add Role s and
Features Wizard opens to the Before You Begin page.
3. Click Next. The Installation Type page appears.
4. Select Role-based or feature-based installation and click Next. The Server Selection page
appears.
5. Select your server from the provided list and click Next. The Server Roles page appears.
6. Select Remote Desktop Service s from the list.
7. Click Next. The Features page appears.
8. Expand the Remote Server Administration Tool s feature group, and the Role Administration
Tool s group beneath it.
9. Under the Remote Desktop Services Tool s list, select the following features:
o Remote Desktop Gateway Tools
o Remote Desktop Licensing Diagnoser Tools
o Remote Desktop Licensing Tool s
10. Click Next . The Add Roles and Features Wizard appears.

13
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

11. Click Add Features twice to reach the Role Services page under Remote Acce ss.
12. Select the DirectAcce ss and VPN (RAS) option and click Next twice to reach the Role Services
page under Remote Desktop Service s.
13. Select the following features:
o Remote Desktop Connection Broker
o Remote Desktop Gateway
– Upon selection, the Add Role s and Features Wizard will appear. Click Add Features.
o Remote Desktop Licensing
o Remote Desktop Se ssion Host
– Upon selection, the Add Role s and Features Wizard will appear. Click Add Features.
o Remote Desktop Web Acce ss
– Upon selection, the Add Role s and Features Wizard will appear. Click Add Features.
14. Click Next twice to reach the Role Services page under Network Policy and Acce ss Service s.
15. Select the Network Policy Server service, and click Next. The Confirmation page appears.
16. Click Install, and proceed as instructed to complete installation of the prerequisites.

Important: If and when prompt ed, make sure to restart the server to finish installation.

To configure and deploy the server

1. Open the Server Manager.
2. From the Manage menu, click Add Roles and Features. The Add Role s and Features Wizard
opens to the Before You Begin page.
3. Click Next. The Installation Type page opens.
4. Select Remote Desktop Service s installation, and click Next.
5. On the Deployment Type page, select Quick Start, and click Next.
6. On the Deployment Scenario page, select Session Virtualization (Windows 2012) or
Session-ba sed desktop deployment (Windows 2012 R2 and 2016), and click Next.
7. On the Select server page, if your server appears in the Selected list, click Next. If it does not:
a. Select the desired server’s listing in the Server Pool list.
b. Click the right arrow bet ween the lists to add your server to the Selected list
c. Click Next.
8. On the Confirmation page, select the Re start the destination server automatically if required
option, and then click Deploy. Progress meters appear as the wizard p roceeds through
configuration steps.
9. Following configuration, the Server Manager displays the Completion page to indicate
configuration success.
To configure Collections
1. From the Server Manager, click the Remote Desktop Service s page, then click Collections. The
Collection of remotely available applications creat ed by the Quick Start Deployment Scenario
appears. If you wish to remove the default Collection, continue with the next step. Otherwise, go to
Step 3.

14
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

2. Right -click the QuickSessi oncollection listing, click Remove Collection, and then click Yes to
dismiss the confirmation prompt.
3. From the TASKS drop-down list near the top right of the Server Manager, click Create Session
Collection. The Create Collection window opens to the Before You Begin page.
4. Click Next to proceed to the Collection Name page.
5. Enter a Name to identify this Collection in the Name text field. You may also ent er a De scription in
the provided text field if you wish. When finished, click Next.
6. On the RD Session Host page, select your server from the Server Pool list, and click the right
arrow to add it to the Selected list. When finished, click Next.
7. On the User Groups page, Domain Users are given access to the Collection by default. If you
need to add other User Groups, you may click the Add... button and select them. When finished,
click Next.
8. On the User Profile Disks page, you may configure a storage location for user settings. This
tutorial will skip this step, so clear the Enable user profile disks check box, and click Next to
continue.
9. On the Confirmation page, click Create. Progress indicators appear.
10. When the progress indicators advance to completion and all steps show a Status of Succeeded,
click Close.
To publish the RemoteApp
1. From the Remote Desktop Service s page of the Server Manager, select the Collection you just
created in the Overview section.
2. From the TASKS drop-down list under the REMOTEAPP PROGRAMS section, click Publish
RemoteApp Program s. The Publi sh RemoteApp Program s window appears.
3. Find the WindowViewer listing, and select it by checking its box.

Note: If the WindowViewer listing is not present in the list, click Add Another Program... and
navigate to view.exe in the directory to which InTouch was installed.

4. With WindowViewer selected in the list, click Next.

5. From the Confirmation screen, click Publish. A progress indicator appears briefly.
6. The Completion screen appears, indicating that WindowViewer is now Published. Click Close.
7. Return to the Server Manager. Under the REMOTEAPP PROGRAMS section, right-click the
WindowViewer entry and click Edit Properties. The Propertie s window for WindowViewer
appears.
8. Click the Parameters entry at the left of the Properties window.
9. Under Command-line Parameters, select the Allow any command-line parameters option, click
OK.

Scaling Applications for Different Devices (Recommended)

Users may view applications remot ely with InTouch Access Anywhere on a variety of desktop
monitors, tablets, or mobile phones. Each monitor or mobile device has a unique native screen
resolution making it difficult to view an InTouch application developed at a single resolution.
InTouch provides Dynamic Resolution Conversion (DRC) to enable InTouch distributed applications to
run on different devices at their native screen resolutions. Each devic e can scale the application
appropriately, including scaling to a custom resolution. Application scaling occurs while WindowViewer
compiles the application and does not require WindowMaker.

15
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

Dynamic Resolution Conversion must be enabled for the Fit to Browser or Fit to Screen display
options to work correctly. See the Wonderware InTouch Access Anywhere User Guide for details on
display options and other Advanced Settings.

Important: You are strongly advised to run WindowViewer with DRC enabled and select the Convert
to screen video resolution option.

To configure DRC for InTouch Access Anywhere applications

Note: The following steps must be taken on the RDS host computer by an InTouch administrator.

1. Start InTouch Application Manager.

2. On the Tool s menu, click Node Properties. The Node Properties dialog box appears.
3. Click the Resolution tab.

4. Select the Allow WindowViewer to dynamically change resolution option to locally scale the
application for different device screens.
5. In the Dynamic Re solution area, select Convert to screen video resolution.
The Convert to screen video resolution enables WindowViewer to run the application at the
remot e device’s resolution. For example, if a mobile phone has an 800x600 screen and the
InTouch application was developed at 1280x1024, WindowViewer dynamically scales the
application to fit the phone's 800x600 res olution.
6. Click OK to dismiss the configuration windows.
To enable DRC for users
Note: The following steps must be taken by a system (Windows) Administrator.

1. Open the win.ini file of the InTouch user who completed the previous steps (located at
"Users\<UserName>\AppData\Local\Wonderware\Win.Ini") in a text editor such as Notepad.
2. Add the section [InTouch] (if necessary).

16
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

3. Add the line ViewApplicationResolution=2 under the [InTouch] section.

4. Save the file.
5. Copy this file to the AppData folder corresponding to each user who will use InTouch Access
Anywhere with DRC enabled.

Bind Service to All Network Interfaces

In a virtual network environment, InTouch Access Anywhere Server should use all virt ual network
interfaces, rather than just one virtual network interface controller (NIC). Net work interfaces used by
InTouch Access Anywhere Server must be accessible to the target group of users.

Verifying the Current Network Interface Configuration

As a quick test of your current network configuration, run PowerShell 3.0 and enter the following
command:
RESOLVE-DNSNAME dnsname
Example:
PS C:\Users\user1> resolve-dnsname itaatest

Post-Installation Checklist
The InTouch Access Anywhere Server installation attempts to create exceptions within the Windows
Firewall to allow the necessary net work connections.
If you experience problems connecting to InTouch Access Anywhere after installation, ensure that the
InTouch Access Anywhere Server is configured to allow connections through port 8080, and that its
executable is allowed to communic ate by configuring the W indows Firewall as follows.

Configuring a Firewall Port Exception

By default, a client (browser) connects to an InTouch Access Anywhere Server using port 8080 for
both encrypted and unencrypted WebS ocket communication. This port number can be changed using
the InTouch Access Anywhere Server Configuration utility.
To enable direct connection from the client to the InTouch Access Anywhere Server (without using the
Secure Gateway), the server must be directly accessible from the client using port 8080.
You can open a port through the firewall either through the command line, or through the Windows
firewall configuration. The command line option is presented for advanced users as a quicker way to
configure the firewall versus using the GUI.

Using the Command Prompt

To configure the firewall through the command line, first open the Windows Command Prompt and
run as an Administrator. Then, type the following command:
netsh.exe advfirewall firewall add rule name="<Description>" dir=in
action-allow protocol=TCP localport=<PortNumber>
Where:
<Description> = the description used to describe this firewall rule
<PortNumber> = the TCP port to open
For example:
netsh.exe advfirewall firewall add rule name ="Open Port 8080 for InTouch Access
Anywhere" dir=in action=allow protocol=TCP localport=8080

17
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

Using the Windows GUI

If the Windows firewall is enabled on the same computer where the InTouch Access Anywhere Server
is installed, make sure to configure it to enable the InTouc h Access Anywhere client connection.
1. Open the Windows Control Panel and then Windows Firewall.
2. Select Advanced Settings and select Inbound Rule s.
3. Click New Rule.

4. Select Port and click Next.

5. Enter the specific port: 8080.

6. Click Next and select Allow the connection.

7. Click Next and select to apply the rule on the Domain, Private, and Public net works.
8. Click Next, assign a name for the rule, and click Finish.

Configuring a Firewall Program Exception

In addition to adding an exception for connections on Port 8080, the InTouch Access Anywhere Server
program must be added to the list of programs able to communicate with the network.

In Windows Server 2008 R2

1. Open the Windows Control Panel, then click Windows Firewall. The Windows Firewall window
appears.
2. Click Allow Program Or Feature through Windows Firewall.

18
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

3. Click Allow another program....

4. Click Browse.
5. Navigate to the Wonderware InTouch Access Anywhere installation folder and double -click
AccessServer64.exe.
6. Click Add, and then click OK.

In Windows Server 2012 / 2012 R2 and 2016

1. Open the Windows Control Panel, and click Windows Firewall. The Window s Firewall window
appears.
2. Click Allow an app or feature through Windows Firewall.
3. Click Allow another app....
4. Click Browse.
5. Navigate to the Wonderware InTouch Access Anywhere installation folder and double -click
AccessServer64.exe.
6. Click Add, and then click OK.

Getting Started Quickly

A basic installation of InTouch Access Anywhere usually takes about five minutes. Make sure that all
installation prerequisites have been met before starting the installation procedure.
The following procedure ex plains the basic steps to install and begin using InTouch Access An ywhere.
1. Run the InTouch Access Anywhere Server installer.
2. Select InTouch Acce ss Anywhere Server, and click Next.
3. Click Next through all the dialog boxes, accept the End User License Agreement (EULA ), and then
click Finish.
4. Configure (or disable) the Windows Firewall for use with InTouch Access Anywhere. For details,
see Configuring a Firewall Program Exception on page 18.
5. Before using InTouch Access Anywhere to connect to your Remote Desktop server, log on using a
standard Remote Desktop Client, select an application from InTouch Application Manager, and
launch it in WindowViewer. As a best practice, take this step for every user who will access the
server.
This configures the initial setup and enables InTouch Access Anywhere clients to determine the list
of available InTouch applications.
The InTouch Access Anywhere Server can be used immediately after installation.
6. Open an HTML5-compliant browser and enter the URL of the InTouch Access Anywhere Server:
http://machinename:8080/ or http://IPaddress:8080/
This URL automatically redirects to the full URL:
http://machinename:8080/AccessAnywhere/start.html

19
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

The InTouch Access Anywhere Server port must be specified in the URL to tell the browser to use
the web server that is built into the InTouch Access Anywhere Server service. HTTPS may also be
used, but will prompt you to continue without a secured certificat e.

7. After the InTouch Access Anywhere Server web page appears, enter us er credentials and select
the InTouch application available from the host computer from the drop -down list.

8. Click the Settings icon.

Each of the listed Settings pages contain different options. You can either continue with the
populated default settings or make selections from the available options. See the Wonderware
InTouch Access Anywhere User Guide for a detailed description of each page.

20
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

9. Use the Di splay settings page to select your desired display options and screen resolution.

10. Click the back arrow twice to return to the login screen, and click Connect.
The connection dialog appears momentarily while the web browser connects to the RDS host
where the InTouch Access Anywhere Server is installed.
InTouch WindowViewer is launched at the remote node and shows the selected InTouch
application.

Note: Aft er connecting with InTouc h Access Anywhere, closing WindowViewer will log you off and end
the session. Closing the browser will leave WindowViewer running; it only disconnects you from the
session.

Configuring InTouch Access Anywhere Server

InTouch Access Anywhere Server is a server -side service that translates RDP into WebSocket
communication. The InTouch Access Anywhere Server is installed on the RDS host.
The remote client running on a browser connects to the InTouch Access Anywhere Server service
using WebSockets directly or through the Secure Gateway.

Installation
Launch the install on the desired Windows Server with Remote Desktop Servic es enabled. When
prompted, accept the License Agreement and then click Install to perform the installation. At the end of
the process, click Finish.
The InTouch Access Anywhere Server runs as a service and can be started and stopped from the
Windows Services Manager or from the InTouch Access Anywhere Configuration tool.

21
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

An additional service called serviceInstaller is installed to monitor changes in InTouch applications

available on the node and update the InTouch Access Anywhere Start.html file accordingly. This
updates the InTouch Applications drop-down list that appears when pointing to an InTouch Access
Anywhere Server.

ServiceInstaller is configured to run automatically on system startup. If the service is stopped or is

unable to listen on its default port (8080), clients cannot connect to that host. Make sure to configure
firewalls and proxies bet ween the end point devices and the server-side component to enable
communication using port 8080, or use the InTouch Access Anywhere Secure Gateway.

Note: InTouch Access Anywhere Server cannot be installed on computers in which the host name
contains non-English characters. Also, InTouch Access Anywhere Server and InTouch Ac cess
Anywhere Secure Gateway cannot be installed on the same comput er.

Using the Server Configuration Console

The Server Configuration console presents a series of tabs that enable an administrator to configure
various settings of the server service.
You can launch the InTouch Access Anywhere Server Configuration tool from the Start\Wonderware
Program Group (in Windows 2012 / 2012 R2) or from the All Program s\Wonderware\InTouch
Acce ss Anywhere Server Program Group (in Windows 2008 R2).
In general, changing the InTouch Access Anywhere Server configuration is not required. It is
recommended to use the default settings.

Note: It is recommended to hide the Server Configuration application from end users to prevent
unexpected changes to the server's settings.

The following sections describe the different configuration tabs of the InTouc h Access Anywhere
Server.

General
The General tab provides functions to start and stop the InTouch Access Anywhere Server service.
For certain configuration changes, a service restart is required. This page also displays the number of
active InTouch Access Anywhere S erver client sessions connected to this computer.

Note: Whenever the InTouch Access Anywhere Server service is restarted, all sessions on the server
are disconnected.

Performance
The Performance tab displays current performance statistics related to InTouch Access Anywhere
connections.

22
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

Communication
The Communi cation page provides options to change the InTouch Access Anywhere Server port and
the address of the host comput er running RDS.
When using an InTouch Access Anywhere Server listening port other than the default (8080), the port
number must be explicitly specified in the client address field (for example, http://<machine
name>:5678/ ).
When running InTouch Access Anywhere Server on a computer with multiple net work cards, change
the RDP host address. Change this address from localhost to the IP or DNS address of the network
card that has RDP access to the system.
Changes to either setting require a service restart. This can be done vi a the General tab or using the
Windows Service Manager.

Note: If you change the port number, ensure that you make the corresponding changes to the config.js
file’s "wsport" setting. For more information, see Static Configuration of the Config.js File on page 33

Acceleration
The Acceleration tab provides options to change the Acceleration/Quality level and disable dynamic
compression.
When the Override client acceleration/quality settings check box is selected, all sessions use the
configured setting, and all client settings are ignored. When selecting or clearing this setting, the
service must be restarted for the change to become effective. When the setting is enabled, changing
the acceleration level does not require a servic e restart, but active users must reconnect to use the
new setting.
Dynamic Compression identifies small graphical objects on the screen (such as toolbar icons, task bar
icons, Start Menu icons, etc.) and compresses them. The most quality compression occurs when
image quality is set to Low and the best quality compression occurs when image quality is set to higher
than Low. All other graphical objects are compressed at the selected quality. This provides the visual
impression of a high quality remote desktop session.
By default, this feature is enabled. To disable, clear the Use dynamic compre ssion box.

Security
This page configures the InTouch Access Anywhere Server security settings.

Note: InTouch Access Anywhere provides integrated 128-bit SSL encryption. For best performance,
set the host's RDP Security Encryption level to Low and change the Encrypt InTouch Access
Anywhere communication to Always. Using this configuration, InTouch Access Anywhere SSL
encryption will be us ed instead of the RDP encryption. Do not set this if users will be connecting
directly to RDP regularly, as those sessions will end up using Low encry ption.

To use a custom or trusted certificate, enter the thumbprint ID in the Certificate Thumbprint text box
and click Apply. The certificate’s properties will then appear.

Note: When installing a trusted certific ate, the DNS address of the InTouch Access Anywhere Server
must match the certificate name. If wildcard certificate is used, the domain must match. For example, if
the certificate is for *.acme.com, the server name must end wit h acme.com.

Logging
This tab provides functions to enable/disable cert ain logging features. Technical Support may request
a debugging log for diagnostic purposes. The debugging log is enabled here.

23
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

Advanced (For Administrator Use Only)

This page provides access to advanced Server settings that are stored in the system's registry.
Export Settings exports the InTouch Access Anywhere Server Registry key to the user's home folder
(for example, My Documents).
Import Settings imports previously saved InTouch Access Anywhere Server Registry settings.
Advanced Configuration opens the Registry Editor.

Uninstalling InTouch Access Anywhere Server

InTouch Access Anywhere can be uninstalled by launching setup.exe from the installation media and
selecting to Remove the InTouch Access Anywhere Server component.
You can also uninstall the InTouch Access Anywhere Server from the Control Panel.
To uninstall:
1. Open the Control Panel.
2. Select the Programs and Features item.
Navigate to the InTouch Access Anywhere Server from the list of programs and features.
3. Right click the InTouch Access Anywhere Server.
4. Select Uninstall/Change.
5. The Modify, Repair or Remove Installation Wizard will appear.
6. Select Remove.
The InTouch Access Anywhere Server will be uninstalled.

Updating InTouch Access Anywhere Server

In order to update an InTouch Access Anywhere installation, you must back up any customizations and
uninstall InTouch Access Anywhere before installing the latest version.

InTouch Access Anywhere Web Component

The web component contains the resources used by a web browser to display an interface for the user
to connect to an InTouch application. These resources include HTML pages, JavaSc ripts, CSS files,
and graphic images. Review Advanced Configuration on page 33 to modify the appearance and
behavior of the web component interface.

Installation with InTouch Access Anywhere Server

The InTouch Access Anywhere web components are automatically installed with InTouch Access
Anywhere Server. The web components are locat ed in the InTouch Access Anywhere Server folder,
which by default is:
<drive letter>:\Program Files (x86)\Wonderware\InTouch Access Anywhere
Server\WebS erver\AccessAnywhere

Note: Your installation may be located elsewhere depending on selections made during the installation
process.

24
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

Modifying the InTouch Access Anywhere Interface

The InTouch Access Anywhere Server start page includes a group of images. All standard images can
be edited and replaced with custom images. Keep the replacement images as close to the same
dimensions as the original images. The following is the default logo image:

The default path to the resources folder where the images are stored is:
C:\Program Files (x86)\Wonderware\ InTouch Access Anywhere
Server\WebS erver\AccessAnywhere\resources

Note: Backup the resources folder before making any modifications. To roll -back to the original files,
simply copy the original resources folder back to the original location.

InTouch Access Anywhere image files that are commonly customized include the following:

File Name Description

Ericom.jpg Logo image at the upper left -hand corner of

the InTouch Access Anywhere Server
landing page.

\images\Background-neuronal.jpg Background image for the InTouch Access

Anywhere Server landing page.

Note: Unless instructed by our Support group, customizations performed on the InTouch Access
Anywhere page not herein described are not supported.

Modifying the Name of the Connection

The InTouch Access Anywhere connection name uses the RDS host node name by default. The
connection name can be modified to a custom string.
To change the connection's name:
1. Open the config.js file and add the name setting if it does not exist.
2. Set the name setting to the desired string enclosed in quot ation marks.

Note: The name setting may also be set using the following cookie: EAN_name.

3. After setting the name paramet er, the new label will appear in the connection's browser tab and in
the Establishing connection dialog box.

Secure Connections
This section describes secure connection communication between WebSockets to both remote
desktops and to the InTouch Access Anywhere Secure Gateway.

25
Wonderware InTouch Access Anywhere Server Administrator Manual Installation and Configuration

Secured WebSocket Communication to Remote Desktops

The InTouch Access Anywhere Server installation includes a self-signed certificate for secure SSL
connections. Some browsers, such as Google Chrome, allow self-signed certificates for SSL-enc rypted
WebSocket connections.
Opera browsers will notify the user that the server certificate is not signed and prompt the user to
continue. Chrome OS, Safari 5.x, and Firefox do not allow secure SSL connections using a self-signed
certificate.
In order to provide connectivity from these browsers, a trusted certificate must be imported into the
InTouch Access Anywhere Server or into the InTouch Ac cess Anywhere Secure Gateway if it is being
used as a proxy for InTouch Access Anywhere Server. A trusted certific ate must be purchased from a
trusted certificat e authority (for example, VeriSign).

Note: The DNS address of the InTouch Access Anywhere Server or Secure Gateway server must
match the certificate name. If a wildcard certificate is being used, the domain must match. For
example, if the certificat e is for *.acme.com, the server name must end with acme.com.

To import a trusted certificate into the InTouch Access Anywhere Server, perform the following steps
using the Micros oft Certificate Manager.
1. Show the Windows Command Prompt running as an Administrator.
2. Type certmgr.msc to show the Certificate Manager.
3. Import the trusted certificate to the Computer (Personal\Certificates) store.

4. Mark the certificate as exportable during the import.

26
Installation and Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

5. Go to the Certific ate's Details tab and highli ght the Thumbprint.

6. Copy the thumbprint (Ctrl+c).

7. Stop the InTouch Access Anywhere Server service.
8. Using the Command Prompt (cmd.exe), go to the folder that contains AccessServer64.exe.
9. Run: AccessServer64.exe/genbincert <thumbprint of certificate to export enclosed in quotation
marks>.
The following is an example import command with thumbprint in quotation marks:

10. After importing the thumbprint, a notific ation appears confirming the B IN certificate has been
successfully created.
11. Start the InTouch Access Anywhere Server service and it will be ready for use.

Secured WebSocket Connection Using InTouch Access Anywhere

Secure Gateway
The connection between a browser client and the InTouch Access Anywhere Secure Gateway is
always secured. The InTouch Access Anywhere Secure Gat eway is installed with a self -signed
certificate by default, but supports trusted certificates as well. Refer to InTouch Access Anywhere
Secure Gateway Administrator Manual for instructions to install and configure certificates for use with
InTouch Access Anywhere.

Benefit of Using a Trusted Certificate

Cert ain browsers permit HTTPS or SSL connections only when a trusted certificat e is present. Install a
trusted certificat e in the InTouch Access Anywhere Secure Gateway or InTouch Access Anywhere
Server to ensure safe and reliable connections from a wide range of web browsers.A trusted certifi cate
must be purc hased from a trusted certificate authority (i.e., VeriSign).

27
 Wonderware InTouch Access Anywhere Server Administrator Manual

C HAPTER 3
Configuring Mobile and Special Devices
This chapter provides information on supported brows ers, and information regarding specific behavior
of mobile devices, and special devices like tablets.

In This Chapter
Supported Browsers ..................................................................................................................... 29
Using Gestures on Client Portable Devices .................................................................................... 30
HTTPS Mode ............................................................................................................................... 32

Supported Browsers
Browsers Tested with InTouch Access Anywhere
 Microsoft Internet Explorer 11
 Microsoft Edge
 Firefox version 47
 Safari version 8
 Chrome version 51
 Opera version 38
Functionally Compatible Browsers
This list includes HTML5 browsers that should be compatible functionally with InTouch Access
Anywhere, but have not been tested.
 Microsoft Internet Explorer 10 if connected through Secure Gateway
 Firefox versions 6 and higher
 Safari versions 5 and higher
 Chrome versions 12 and higher
 Opera versions 11 and higher
Refer to the InTouch Access Anywhere Readme for more information regarding tested and supported
browsers.
Older versions of Firefox and Opera require WebS ocket support to be manually enabled in the browser
configuration.
Multiple InTouch Access Anywhere sessions can be opened in different tabs wit hin the web browser,
or in different brows er windows. When a session is not in use (its tab or window is not displayed) it will
reduce its CPU and memory utilization.

Note: Each InTouch Access Anywhere session consumes an RDP session and an InTouch TSE
license.

29
Wonderware InTouch Access Anywhere Server Administrator Manual Configuring Mobile and Special Devices

Using Gestures on Client Portable Devices

Google Chromebooks
InTouch Access Anywhere operates on Google Chromebook and Chromebox just like it does with a
Google Chrome browser. The following are tips to keep in mind when using InTouch Access Anywhere
with a Chromebook or Chromebox.

Function How to Perform

Mouse Left-click Click the Chromebook trackpad wit h one

finger.

Mouse Right-click Click the Chromebook trackpad wit h two

fingers.

Scrolling a document or Drag two fingers on the Chromebook trackpad

website up or down to scroll.

Configure Chromebook In the address field, enter:

chrome://settings.

Chromebook Keyboard
The Chromebook keyboard lacks several keys that are used by Windows. ChromeOS provides
standard mappings that use existing keys with the ALT button to represent certain missing keys.
InTouch Access Anywhere supports these key combinations:

Command Key Combination

Delet e (DE L) ALT+B ackspace

Page Up ALT+ Up

Page Down ALT+ Down

Home CTRL+ALT+ Up

End CTRL+ALT+ Down

In addition, InTouch Access Anywhere provides special non -standard mappings for additional key
combinations on ChromeOS.

Command Key Combination

F1 CTRL+1

F2, ..., F12 CTRL+2, ..., 12

ALT+ TAB ALT+"

ALT+S HIFT+ TAB ALT+S HIFT+’

CTRL+Home CTRL+ALT+Left

30
Configuring Mobile and Special Devices Wonderware InTouch Access Anywhere Server Administrator Manual

Command Key Combination

CTRL+End CTRL+ALT+ Right

Tablets and Smartphones

InTouch Access Anywhere can operate on tablets or smartphones with an HTML5 compliant browser
(see list of brows ers in InTouch Access Anywhere Readme ). Browser versions that have been tested
and their specific behaviors are detailed in the InTouch Access Anywhere User Guide.
When you design InTouch applications for use with InTouch Access Anywhere, remember that touch
devic es have different interface requirements and capabilities than a keyboard and mouse. For
example, input animations should not invok e an InTouch or Windows keyboard, as mobile devices
have their own.
Touch gestures accomplish the tasks that a mouse would on a desktop or a laptop. Built -in soft ware
keyboards are used instead of physical keyboards. Because there is no mouse, certain mouse eve nts
do not have equivalents on touch devices. Soft ware keyboards in mobile devices do not have F1 -F12,
CTRL, or ALT keys. When using InTouch Access Anywhere to view your applications remotely, it is
important to be aware of these differences.
With existing InTouc h applic ations that make use of mouse events and keys or key combinations
without supported equivalents, you may need to modify your application to use alternate application
events.
The following list provides tips on using InTouch Access Anywhere f rom a tablet or smartphone device
without a physical keyboard and mous e. Functionality will vary across different devices and certain
commands may not be available.
 Single Tap performs a left mouse click.
 Single long Tap performs a right mous e click.
 Tap + Hold + Drag performs a select then drag/scroll function.
 Double Tap, or tapping once with two fingers, performs a mouse double-click.
 Tap with three fingers sends Back command to a remote browser.
 Swipe down with three fingers is Page Up.
 Swipe up with three fingers is Page Down.
 Drag left or right with three fingers performs a left arrow and right arrow respectively.
 Tap the keyboard icon (upper right-hand corner of window) to open/close the virtual keyboard.

 Swipe and pinch gestures will apply to the InTouc h Access Anywhere session (for example, pinch
in to perform a zoom in).

31
Wonderware InTouch Access Anywhere Server Administrator Manual Configuring Mobile and Special Devices

Note: (iOS only) When saving an InTouch Access Anywhere icon to the iOS desktop, the shortcut will
open the InTouch Access Anywhere session in full -screen mode. The browser's toolbar will be hidden
to make more remote desktop area available.

HTTPS Mode
For environments where WebSockets support is not available, InTouch Access Anywhere can work in
HTTPS mode to transmit data by HTTPS only. HTTPS mode is used only if WebSockets support is not
available. WebSockets will be used when available as it will pro vide better performanc e. InTouch
Access Anywhere Secure Gat eway requires HTTPS mode when using an Internet Explorer web page
browser or any SSL VPNs that only proxy HTTPS traffic.
To enable HTTPS mode, the InTouch Access Anywhere Sec ure Gateway is require d. The InTouch
Access Anywhere Server web pages must be delivered using the web server built into the InTouch
Access Anywhere Secure Gat eway (files are locat ed under the Webserver\ InTouch Access Anywhere
folder).
Complete the following procedure to enable InTouch Access Anywhere for HTTPS support.
1. Install the InTouch Access Anywhere Server on the desired RDS host.
2. Install the Secure Gateway on a separate comput er located in a DMZ. The Secure Gat eway must
be installed on a server that is accessible by the target end-user group(s).
3. To connect to the InTouch Access Anywhere Server using HTTPS, enter the InTouch Access
Anywhere URL of the Secure Gateway (the Secure Gateway includes the InTouch Access
Anywhere web component ): https://<securegatewayaddress>/InTouch Access Anywhere/start.html
4. Enter the parameters of the target InTouch Access Anywhere Server in the start.html page.
5. After connecting by HTTPS mode, a '-' character appears as a prefix of the address in the brows er
tab.

Note: HTTPS mode requires a browser that supports the HTML 5 Canvas. Older browsers, such as
Microsoft Internet Explorer 8 (or earlier), do not support the HTML 5 Canvas.

32
 Wonderware InTouch Access Anywhere Server Administrator Manual

C HAPTER 4
Advanced Configuration
In This Chapter
Modifying the InTouch Access Anywhere Interface ......................................................................... 33
Static Configuration of the Config.js File ......................................................................................... 33
Define Configuration Groups ......................................................................................................... 36
Settings Precedence ..................................................................................................................... 36
Passing Credentials Using Form POS T .......................................................................................... 37
Embedding InTouch Access Anywhere in an iframe ........................................................................ 37
Hiding InTouch Applications from InTouch Access Anywhere .......................................................... 38

Modifying the InTouch Access Anywhere Interface

Some images can be modified in order to customize the appearance of the interface. The following
graphics, which are stored in the "resources" sub-folder of the InTouch Access Anywhere Web Server
installation (by default, "C:\Program Files (x86)\Wonderware\InTouc h Access Anywhere
Server\WebS erver\AccessAnywhere\resources"), are most commonly modified:

Note: Back up the re source s folder before making any modifications. You may then undo the changes
by copying the backup to its original loc ation.

File Description

ericom.jpg Logo image displayed at top left of InTouch

Access Anywhere interface

Note: An experienced web developer can customize more graphics, though these modifications are
not supported by Wonderware support.

Static Configuration of the Config.js File

An administrator can modify configuration settings of InTouch Access Anywhere by editing its config.js
file that is installed as part of the InTouch Access Anywhere web component. This is a JavaScript file
that can be modified using any text editor.

Important: Always create a backup before making any changes to the config.js file.

Most configuration settings in the config.js file have the following format:
name: value,

33
Wonderware InTouch Access Anywhere Server Administrator Manual Ad vanced Configuration

A value can be a number, a flag (true or false), or text enclosed in quotation marks. Some settings are
prefixed by a double slash (//), whic h means they are disabled. Remove the double slash to assign a
value to a setting. JavaScript rules apply in this file and certain characters need to be escaped (for
example, backslash).
After the settings are configured, save the file and restart the server.
The config.js file contains the following configuration settings. Setting names are case sensitive. When
settings are specified using cookies, setting names are prefixed by EAN_.

address Address of InTouch Access Anywhere Server. This is always

blank for the standard configuration.
audiomode 0 enables audio redirection (default).
1 plays audio on remote computer.
2 disables audio redirection.
blaze_acceleration True determines if RDP acceleration is used.
blaze_image_quality Sets the quality level using a numeric. For example: 40 (fair
quality), 75, 95 (best).
dialogTimeoutMinutes Time out period, in minutes, aft er which an inactive dialog is
automatically closed and the session is logged off. The time out
period is relevant only for dialogs that have a log off button.
disableToolbar True (default); set to False to disable the toolbar, whic h contains
shortcut icons and file functions, that appears within an InTouch
Access Anywhere session window.
domain The name of the domain against which the user name and
password are authenticated to grant access to the Remot e
Desktop session.
encryption False determines if encryption is enabled from the client to the
InTouch Access Anywhere server.
endURL URL to open to after the InTouch Access Anywhere session has
ended (# value closes window).
If there is a prefix with the symbol ^ then this sets the value of
window.location instead of top.location. This is useful when the
InTouch Access Anywhere session is embedded in a frame.
fulladdress Address of RDP host. This is always blank for the standard
configuration.

gateway_address Defines the address and port of the Secure Gateway.

For example: secure.acme.com:4343
gwport The default gateway port that will be used if it is not explicitly
specified in the address field.

34
Ad vanced Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

hidden A comma or space-separat ed list of field names as they appear in

config.js. For example, "username,password,domain". The listed
fields are hidden to prevent the user from modifying them.
To hide a button, such as the Advanced button, prefix the button
text with the word show. For example,
"showAdvanced,showAbout" hides both the Advanced and
About buttons.
All hidden variables will ignore previously saved settings.

leaveMessage The message shown to the user after navigating away from an
active session.

minDesktopWidth Sets the minimum desktop width (in pixels) that InTouch Access
Anywhere will display. The default is 800, which may not display
as expected or desired on devices with a display width below 800
pixels.
minDesktopHeight Sets the minimum desktop height (in pixels) that InTouch Access
Anywhere will display. The default is 600, which may not display
as expected or desired on devices with a display height below
600 pixels.
minSendInterval Specifies the minimum duration between mouse position
messages sent from the client when the mouse button is pressed.
Units are in milliseconds.
name Defines a custom string for the connection name. By default, the
RDP host address is used.
noHTTPS By default, InTouch Access Anywhere first attempts to connect
using WebSockets. If the Secure Gateway is used with InTouch
Access Anywhere, the connection will fall back to HTTPS when
WebSockets are not available. If this setting is set to true, only
WebSockets will be used and HTTPS fallback will be disabled.
onlyHTTPS By default, InTouch Access Anywhere first attempts to connect
using WebSockets. If the Secure Gateway is used with InTouch
Access Anywhere, the connection will fall back to HTTPS when
WebSockets are not available. If this setting is set to true, HTTPS
is used immediat ely.
overrideS aved False (default) settings that the user changes are preserved
between sessions and override values set in config.js. Change to
true for config.js to override preserved settings.
reconnectOnDropped True (default) automatically reconnects a session after recovering
from a net work outage. Set to False to disable this behavior.

resolution Sets the resolution size of the InTouch Access Anywhere screen.
The value set must be a valid option under the InTouc h Access
Anywhere screen resolution setting. For example: "1024,768".
For Full Screen, use: screen.
sessionTimeoutMinutes Time out period, in minutes, aft er which an inactive session is
disconnected. The time out period resets automatically whenever
the user clicks on the keyboard or a mouse button. The default
value is 0, which disables this feature.

35
Wonderware InTouch Access Anywhere Server Administrator Manual Ad vanced Configuration

settings (URL parameter Name of the Configuration Group to be used.

only)

settingsURL URL of the connection settings file.

use_gateway False (default), set to true to use a Secure Gateway for remote
access.

wsport The default WebSocket port that will be used by the client. The
value specified in the file (8080 by default) is used for both
encrypted and unencrypted WebSocket communic ation. The user
can override this value by explicitly specifying another port
address in the client user int erface (UI).
For backward compatibility with older versions of InTouch Access
Anywhere Server, this behavior can be modified. If singlePort is
set to false, then the port value specified is only for encrypted
communication. The value specified in the file plus one (8081 by
default) will be used for unencrypted WebS ocket communication.

WARNI NG! Do not attempt to modify config.js settings not listed here unless directed by our Technical
Support department.

Define Configuration Groups

All users share configuration settings specified in the config.js configuration file. Special settings can
override global settings for certain groups of users. Multiple configuration groups are defined in the
configuration file.
For example, if the Marketing group needs clipboard redirection and printing enabled, change config.js
as follows:
var defaults = { / this already exists in the file
…
"Marketing": {// bold text are new additions
printing:true,
clipboard:true
},
};

Note: The quotation marks surrounding Marketing must be identical. If necessary, delete them and
re-type them if the text was copied from another source. Also, the last setting of the configuration group
should not have a ',' at the end. This comma is placed after the closing bracket '}'.

In the URL to be used by the Marketing group, add the settings paramet er:
http://<machine name>:8080/InTouch Access Anywhere/start.html? se ttings=Marketing

Settings Precedence
When an InTouch Access Anywhere client starts, it reads configuration information from a variety of
sources. If two or more sources contain different values for the same setting, the value used by
InTouch Access Anywhere is determined by the following prec edence order:
Highest Precedence to Lowest Precedence
 URL parameters

36
Ad vanced Configuration Wonderware InTouch Access Anywhere Server Administrator Manual

 Cookies
 Saved settings from previous session
 config.js
For example, if the gateway_address is specified to be "server1" in config.js but "server2" in a cookie
(EAN_ gateway_address), then the value "server2" will be used.
If the setting override Saved is set to true in config.js, then any settings predefined in the config.js file
will override previously used settings, and the precedence order will change slightly:
Highest Precedence to Lowest Precedence
 URL parameters
 Cookies
 config.js
 Saved settings from previous session

Note: These settings become effective only after the user starts a new session. In some cases, the
local browser must be closed and reopened before changes become effective. The local brows er
cache may also need to be cleared.

Passing Credentials Using Form POST

User credentials can be passed to InTouch Access Anywhere using the form POS T method. This
functionality is used to provide SSO (single sign-on) from an outside source that has already
authenticated the us er (such as an SSL VPN).

Note: You cannot embed InTouch Access Anywhere or InTouch Access Anywhere Sec ure Gateway
within a web page that requires cross site scripting.

The InTouch Access Anywhere Secure Gateway is required in order to use form POS T with InTouch
Access Anywhere. Refer to InTouch Access Anywhere Secure Gateway Administrator’s Manual for
detailed instructions.

Embedding InTouch Access Anywhere in an iframe

To embed InTouch Access Anywhere within a third -party web page using the iframe mechanism, place
an iframe tag within the containing page, and have the S RC attribute of the iframe reference the
InTouch Access Anywhere URL.
For example:
<body>
<h1>Embedded InTouch Access Anywhere</h1>
<iframe src="http://127.0.0.1:8080/AccessAnywhere/start.html"
style="width:1024px; height:768px"></iframe>
</body>
When an InTouch Access Anywhere session ends, it can be configured to send the browser to a
specified URL using the endURL setting.
 Specify a simple URL to redirect the iframe.
 Prefix the URL with ^ to redirect the iframe's parent (container).
 Prefix the URL with $ to redirect the top-most container.
 Specify # and the URL will close the brows er tab.

37
Wonderware InTouch Access Anywhere Server Administrator Manual Ad vanced Configuration

Hiding InTouch Applications from InTouch Access Anywhere

By default, all available InTouch applications are accessible by InTouch Access Anywhere.
You can hide an InTouch application from the list of applications provided by the InTouch Access
Anywhere Server start page.
To hide an InTouch application
1. Browse to the location of the InTouch application in Windows Explorer.
2. Open the intouch.ini file in a text editor, such as Not epad.
3. Find or create the entry ITAAAccessCode under the [InTouch] section:
 To hide the application, set ITAAAccessCode=0 as shown below.

 To display the application, set ITAAAccessCode=1. Note that this setting is unnecessary to
display the application unless it exists and is set to 0.
4. Save the file under its original filename.

38
 Wonderware InTouch Access Anywhere Server Administrator Manual

C HAPTER 5
Known Limitations
This chapter describes known behaviors and limitations of InTouch Access Anywhere when viewing an
InTouch application on a portable devic e. Refer to the InTouc h Access Anywhere ReadMe for a more
detailed list of current known issues in InTouc h Access Anywhere.

In This Chapter
Networking Limitations .................................................................................................................. 39
Browser Limitations....................................................................................................................... 39
Navigational Limitations ................................................................................................................ 40

Networking Limitations
 Network quality
Network quality will impact the performance of InTouch Access Anywhere running on mobile
devic es. Long lat encies, limited bandwidth, and poor Wi-Fi coverage of the working area will
impact user experience.
We recommend that in the menu of your application you add a heartbeat or a clock that displays
time, including seconds, that helps visualize good connectivity.
 InTouch Access Anywhere does not support WindowMaker
InTouch WindowMaker is not support ed in a Remote Desktop environment. Therefore, InTouch
Access Anywhere does not support InTouch WindowMaker. To prevent users from attempting to
start WindowMaker from WindowViewer, do not install a license that enables WindowMaker and
hide the Fast Switch menu bar in your InTouch applications.

Browser Limitations
 Browser Extension Conflicts
Browser extensions and tool bars may inject JavaScript code into web pages, which can adversely
impact the behavior of cert ain web pages. If InTouch Access Anywhere is not working properly,
disable or uninstall any active browser extensions or tool bars. Restart the web browser after
uninstalling or disabling an extension, and clear the local browser cache, to ensure that it is no
longer active.
 HTTPS and SSL Encryption
When the InTouch Access Anywhere page is delivered to the web browser using HTTPS, the SSL
encryption setting will be checked by default. Modern browsers usually require WebS ocket
connections to be encrypted when launched from pages that are delivered using HTTPS.
 Zooming in Browsers
Using the CTRL+ and CTRL- hotkeys to zoom only works with Int ernet Explorer 10.

39
Wonderware InTouch Access Anywhere Server Administrator Manual Known Limitations

Navigational Limitations
 Mouse E vents
When designing your applications, keep in mind that certain mouse events do not have an
equivalent behavior on a touch mobile device, including the following:
o While Left Key Down
o On Right Key Down
o While Right Key Down
o On Right Double Click
o On Right Up
o Mouse Center click
o Pushbutton> Discrete Value>Direct
Other mouse events are triggered with a gesture you must learn. For example, in many mobile
devic es a mouse over event is triggered by a tap on the screen.
 Right Click on Mac
To perform a right-click on Mac OS X system: Command+ left-click.
 Left Click on iPad
A single tap does not consistently toggle the state of a pus h button. Tap and hold to toggle a push
button.
 Scroll Bars
In some cases, moving a scroll bar in a touch environment can be difficult, particularly when the
devic e has a small screen. As an alternative, try touching the empty area of a scroll bar in the
direction you want to move.
 Dialog Boxes
Dragging and dropping a dialog box can also be difficult on a touc h device with a small screen. We
recommend that you use a stylus to perform thes e operations for better precision, if possible.
 Using Software Key boards
InTouch provides the ability to invoke an InTouch keyboard or the Windows On Screen Keyboard
from Input Animations. When designing applications to be accessed by InTouch Access Anywhere
from mobile devices, keep in mind that these devices have their own software keyboards optimized
for their specific form and size. In these cases, invoking the InTouch or the Windows keyboards
from your application is not needed. In general, users have a better experience using a device
software keyboard.
Also, keep in mind that soft ware keyboards in mobile devices in most cases do not have certain
keys available in a physical keyboard, such as F1 -F12, CTRL, or ALT. If you already have an
application that uses Key Scripts associated with some of these keys, modify your application to
use alternate available, supported keys.
Some key combinations may not be available through your mobile devic e, such as Shift+<letter>,
CTRL+Shift, CTRL+ALT.

40