Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

TABLE OF CONTENTS

Learn about other security configurations

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 12, 2025
  • 2 minute read

If you do not have access to AD or if your access is limited in some way, then you have the following options for configuring authentication:

  • Use Local Windows Security: You can use local Windows security for authentication, rather than AD. There are two disadvantages to this:

    • Local Windows security uses NTLM for authentication, which is not as secure as Kerberos (AD uses Kerberos).

    • Extra configuration is required. The Windows user accounts on the Data Archive must exactly match the accounts on each client workstation. If you have a lot of client workstations with a lot of users, then Windows authentication might not be a good choice for you.

  • However, authenticating through local Windows security is still far more secure than authenticating through PI trusts or PI user accounts. See Use local Windows security.

  • Use a Combination of Local Windows Security and AD: If you want to use AD for authentication but are not able to configure AD groups to meet your needs, then consider this workaround. You can use local Windows groups to organize AD users. Then map the local groups to your PI identities. See Understand local Windows security with AD.

  • Use Windows Credential Manager: Consider using this option for scenarios where one machine is in one domain and the other machine is in another domain. You can still use a combination of local account and AD for this scenario. See Learn about Windows Credential Manager.

  • Use PI Password Authentication: If you cannot use local Windows security or AD for authentication, only two authentication methods are available: Data Archive user accounts/passwords and PI trusts. Typically you configure user authentication through PI user accounts. Use PI groups to group the users so that you do not need to define access permissions for each individual user. See Use PI users and PI groups.

    Note: Increasing number of our client applications require Windows authentication and PI mappings, and are not viable with PI password authentication.

TitleResults for “How to create a CRG?”Also Available in