Prepare egress destinations
- Last UpdatedFeb 04, 2025
- 3 minute read
- PI System
- Adapter for DNP3 1.2
- Adapters
CONNECT data services and AVEVA PI Server destinations may require additional configuration to receive OMF messages.
CONNECT data services
To prepare CONNECT data services to receive messages from the adapter, create an connection in CONNECT data services. Creating an connection results in an available endpoint that can be used by the adapter egress mechanism.
Complete the following steps:
-
Create a Client.
The Client Id and Client Secret will be used for the corresponding properties in the egress configuration.
-
Create an OMF type Connection.
The connection should link the created client to an existing namespace where the data will be stored.
The OMF Endpoint for the connection will be used as the egress configuration Endpoint property.
AVEVA PI Server
To prepare a AVEVA PI Server to receive messages from the adapter, a PI Web API endpoint must be available.
Complete the following steps:
-
Install PI Web API and enable the Open Message Format () Services feature.
-
During configuration, choose an database and PI Data Archive where metadata and data will be stored.
-
The account used in an egress configuration needs permissions to create elements, element templates, and PI points.
-
-
Configure PI Web API to use Basic, and/or OIDC authentication. For more information about how to configure these settings, see the following topic in the PI Web API User Guide: Configure installation settings.
Definition: Kerberos, is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
Kerberos is the only authentication mechanism that is enabled by default in PI Web API. Kerberos provides per-user security that is native to Windows and Active Directory, and that is well supported in Microsoft clients. Kerberos does not rely on credentials being transmitted across the wire, which makes it ideal for use with untrusted connections.
Use of Kerberos authentication requires the correct configuration of Active Directory delegation for the account hosting the PI Web API service in Active Directory. Correctly configured delegation requires that an Active Directory Domain Administrator grant delegation privileges to the account hosting PI Web API (or in the case of the default virtual service account, to the computer account of the computer hosting PI Web API). Correctly configured delegation also requires that Service Principal Names be correctly set on the account hosting PI Web API. Refer to 'a0 Commonly encountered problems 'a0 for detailed steps for resolving issues related to Kerberos delegation.
For complete steps, as well as best practices and recommendations, see the Authentication methods topic in the PI Web API User Guide.
Note: The certificate used by PI Web API must be trusted by the device running the adapter, otherwise the egress configuration ValidateEndpointCertificate property needs to be set to false (this can be the case with a self-signed certificate but should only be used for testing purposes). To continue to send egress messages to the PI Web API endpoint after upgrading PI Web API, restart the adapter service.
Edge Data Store
To prepare Edge Data Store to receive OMF messages from the adapter, both applications need to be installed on the same machine.
For an example of how to configure the adapter to egress data to Edge Data Store, refer to Configure data endpoints.