Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI Connector Administration

Learn how to position with PI Data Collection Manager

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Learn how to position with PI Data Collection Manager

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJun 04, 2025
  • 2 minute read

PI Data Collection Manager may be positioned in either the DMZ or the control network. To make meaningful a decision on where to position PI Data Collection Manager and to understand the trade-offs, the types of communication between the PI Connector, PI Connector Relay, and PI Data Collection Manager must first be understood.

There are three types of communication:

  1. Local application administration

  2. Ecosystem administration

  3. Data communication

Each application opens a listening port for HTTPS communication for local administration; this includes serving the administration user interface and REST endpoints. The PI Connector and PI Connector Relay initiate an AMQPS connection to the PI Data Collection Manager and the connection is used for bi-directional administrative communication as a mechanism for a centralized, ecosystem administration. To clarify, the PI Connector and PI Connector Relay do not open a port to listen for administration messages. The administration messages flow through the bi-directional connection initiated by the PI Connector or PI Connector Relay to the PI Data Collection Manager. The third type of communication is data communication over AMQPS between the PI Connector and the PI Connector Relay. For information about HTTPS and AMQPS connections, see Learn about security.

A typical network configuration is the three-tiered architecture comprised of the control network, DMZ, and corporate network. An advantage of this configuration is that no ports need to be opened to allow communication from the DMZ to the control network. However, locating the PI Data Collection Manager in the DMZ allows configuration of these applications outside of the control network. This may be a concern for some customers.

PI Data Collection Manager within the DMZ

Example of a three-tiered architecture with the control network, DMZ, and corporate network.

An alternative is to locate PI Data Collection Manager in the control network. However, this adds additional complexity regarding firewall configuration. Moving PI Data Collection Manager into the control network requires allowing an inbound connection into the control network for port 5672 for PI Data Collection Manager. This is required for PI Connector Relay to initiate a connection from the DMZ to PI Data Collection Manager in the control network. Additionally, communication must be allowed to the PI System in the corporate network from the PI Data Collection Manager in the control network. PI Data Collection Manager requires read-access to PI AF and Data Archive in order to configure the data flow from the PI Connector to PI Connector Relay to PI AF and Data Archive.

PI Data Collection Manager within the control network

Alternative configuration with PI Data Collection in the control network.

Related Links
TitleResults for “How to create a CRG?”Also Available in