Create trusts

When creating trusts, you have many options. Following is a simple and secure approach, creating a trust for the following applications:

• PI Interface for OPC DA

• PI Interface Configuration Utility (PI ICU)

• Buffering

  Note: AVEVA discourages using highly-privileged identities, users, or groups in PI trusts for interfaces. Avoid using the piadmin super-user and piadmins group. The recommended best practice for Data Archive security is to create an identity, user, or group that has only the access rights which are necessary for the interface, PI ICU, or buffering to operate.

To create each of these trusts using PI System Management Tools, connect to the Data Archive server and perform the following steps:

1. Select Security and choose Mappings & Trusts.

2. On the Trusts tab, right-click and choose New Trust.

   The Add Trust wizard opens.

3. Specify a meaningful name and description for the trust.

4. Configure settings as follows:

   Trust	Type	Application Name	Network Path	PI User
   PI Interface for OPC DA	PI API application	OPCpE	Name of the interface node or IP address plus netmask 255.255.255.255	Identity with access rights to the PI points for the interface. Enabled by the datasecurity attribute.
   PI ICU	PI API application	PI-ICU.exe	Name of the interface node or IP address plus netmask 255.255.255.255	Dedicated PI identity with the precise permissions required (database read access, read ptsecurity and read-write permission for OPC points)
   Buffering	PI API application	Bufserv: APIBE PIBufss: Pibufss.exe	Name of the interface node or IP address, plus netmask 255.255.255.255	Buffering service identity with necessary access rights for the PI points for all interfaces on the interface node.