Overview of Data Archive security
- Last UpdatedJan 13, 2023
- 1 minute read
- PI System
- PI Server 2018
- PI Server
PI Server 3.4.380 introduced Windows integrated security for the Data Archive server, allowing you to manage Data Archive authentication through Windows and Microsoft Active Directory (AD). This new security model improves Data Archive security, reduces your management workload, and provides users a single-sign on experience.
Note: The Data Archive server continues to support previous Data Archive security mechanisms. If you decide not to use Windows integrated security, then no action is required on your part. If you do choose to keep your existing security configuration, you are free to gradually migrate to the new security model at a later date.
However, although the password mechanism performs as designed, weakness exists due to the use of a proprietary cypher developed in the 1990s that has not been modified to keep up with modern cryptographic advances. In short, the explicit login as an authentication method is not secure from malicious actors. In addition, similar to explicit login authentication, PI trust authentication is a weak form of authentication and should be avoided unless technically required for application compatibility.
Related Links
- A brief look at Data Archive security
- Learn about configuring security on a new Data Archive installation
- Understand PI interface connections through PI API
- Configuring security for Data Archive upgrades
- Learn about security for Data Archive collectives
- List of required permissions for PI Server tasks
- Checklist: Configure Windows authentication for upgrades
- Checklist: Configure Windows authentication for new installations
- Tightening security
- Learn about product access permissions and configuration issues
- Understand PI MDB to AF Transition