Keep existing configuration

You can continue to use your existing Data Archive security configuration for as long as you choose. There are a few things you should do immediately:

• Check custom PI API applications.

  A security loophole in earlier versions of the Data Archive server allowed world access to PI API connections, even if the authentication failed. That loophole is now closed. If you have PI API applications that rely on this loophole, they will no longer get access. This is typically only a problem for custom PI API applications. See Check for unauthenticated PI API connections.

• Protect the piadmin account with a password.

  The piadmin PI user is the Data Archive super-user account. This powerful account should be protected and should not be used regularly. If you have not already done this, be sure to at least protect piadmin with a password. See Understand how to protect piadmin in PI SMT for more information on protecting piadmin.

• Require passwords for all PI Users.

  Do not allow blank passwords. Disable logins for accounts with blank passwords. See Disable explicit logins with blank passwords.

Plan to migrate to the new security model. You can do this gradually over time. See Migrate over time. Even before you begin configuration on the Data Archive server, you can gradually perform many of the steps listed in Follow-up steps.