Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

Learn about products that connect to Data Archive through a trust

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Learn about products that connect to Data Archive through a trust

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 12, 2025
  • 2 minute read

Prior to the availability of PI API 2016 for Windows Integrated Security, most interfaces connected to PI using a PI trust. Client applications also connected through a PI trust due to Windows authentication not being supported through PI API.

If you upgrade to the latest version of Data Archive, your existing PI trusts continue to work. The exception is that custom applications might have been accessing the Data Archive server through wrongly-configured trusts and might no longer be able to connect. See Check for unauthenticated PI API connections for more information.

Starting with the availability of PI API 2016 for Windows Integrated Security, support for Windows authentication is extended to all PI API-based client applications, including all Windows-based PI interface. Linux or UNIX-based interfaces are NOT supported. As a result, if your PI API-based application supports Windows Integrated Security, we recommend that you upgrade to PI API 2016 for Windows Integrated Security, and upgrade your authentication model to Windows authentication. This involves migrating any existing PI trusts to Windows authentication. See Understand how to configure PI interface connections using PI mappings.

If you have trusts defined against the piadmin super-user account, it is a good security practice to migrate these to a different PI identity, PI user, or PI group. See Understand how to protect piadmin in PI SMT. You will need to configure appropriate access permissions. Typically, for all relevant points, a PI interface needs:

  • Write access for point data

  • Read access for point configuration

  • Read access to PIPOINT in the Database Security window of PI SMT, unless the interface supports point creation, in which case it needs read/write access

    Note: In older versions of Data Archive, you could not define a PI trust against a PI group. This restriction no longer applies. For PI Server 3.4.380 and later, you can define a PI trust against a PI identity, a PI user, or a PI group.

If you are implementing a new AVEVA™ PI System™ using the latest version of Data Archive, follow the instructions in Configure PI interface connections using PI trusts.

TitleResults for “How to create a CRG?”Also Available in