Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

TABLE OF CONTENTS

Security for the PI MDB to AF Link feature

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 21, 2025
  • 2 minute read

A failover cluster that includes PI AF server components requires that you complete these configuration steps to enable the PI MDB to AF Link feature.

  • Create and configure a domain group to support PI MDB to AF Link.

  • If you are configuring PI MDB migration to the target PI AF server (machine hosting PI AF application service) for the first time, run the PI MDB to AF Migration Wizard and specify the domain group on the wizard's AF Information page. The wizard will set the correct permissions for the domain group on the PI AF server.

  • If the Wizard was already run prior to the cluster installation, then the following manual steps are required.

    This domain group must have:

    • Read, read data, write, write data, delete and admin access to the target PI AF database and the PI AF element to which the MDB is migrated.

    • Read, write, delete and admin access to the Categories collection on the target PI AF database.

    • Edit the AFGroupSID property under MDB - >%OSI - >MDBAFMigrationData to point to the SID of the newly created domain group. Use the Mappings & Trusts tool in PI SMT to find this SID.

  • We recommend that the PI AF Link Subsystem be run under a domain account. This domain account must be added to the domain group that is created to support PI MDB to AF Link. We also recommend that you set the password on this domain account to not expire.

    This domain group must have:

    • Read and write permissions on pi\dat and pi\log folders.

    • Read and execute on pi\bin and pi\bin\piaflink.exe.

      Note: The default installation of PI AF Link subsystem is to run as NT AUTHORITY\NetworkService. This default is not ideal for a PI AF cluster installation. If for some reason the PI AF Link Subsystem must continue to run as NT AUTHORITY\NetworkService, add the computer name of the Data Archive machine to the new domain group. If the Data Archive is configured as a cluster (for Data Archive 2015), add the computer names of both the Data Archive machines to the new domain group.

For more details on configuring security for PI AF Link System on PI AF server to allow MDB migration and synchronization, refer to the Access Permissions for Migration and Synchronization section in the PI MDB to PI AF Transition Guide.

.

TitleResults for “How to create a CRG?”Also Available in