Port requirements for PI AF Server
- Last UpdatedOct 03, 2024
- 2 minute read
- PI System
- PI Server 2018
- PI Server
|
Functionality |
Remote application |
Protocol |
Port |
Direction (1) |
Local application |
Service |
|---|---|---|---|---|---|---|
|
Use SQL Server to host the PI AF SQL Server database |
PI AF server |
TCP |
1433 (2) |
Inbound |
SQL Server |
SQL Server |
|
Use SQL Server browser to remotely identify SQL instances |
PI AF server |
UDP |
1434 (3) |
Inbound |
SQL Server |
SQL Server |
|
Access, create, and modify the SQL database remotely during installation. |
PI AF server |
TCP |
445 |
Inbound |
SQL Server |
PI AF application service |
|
Enable PI AF server and the PI Server Install kit to connect to SQL Server |
SQL Server |
TCP |
Dynamic |
Outbound |
PI AF server |
PI AF application service |
|
Use SMB to search for local accounts to manage mappings remotely through PI client |
Domain Controller |
TCP |
445 (4) |
Outbound |
PI client |
PI AF application service |
|
Authentication - SPN registration |
Domain Controller |
TCP/UDP |
135 |
Outbound |
PI AF server |
PI AF application service |
|
Authentication - Kerberos |
Key Distribution Center |
TCP/UDP |
88 |
Outbound |
PI client |
PI AF application service |
|
Authentication - NTLM |
Domain Controller |
TCP/UDP |
Dynamic |
Outbound |
PI AF server |
PI AF application service |
|
Use LDAP to perform cross-domain authentication |
Domain Controller |
TCP/UDP |
389 (5) |
Outbound |
PI client |
PI AF application service |
(1) Direction is in relation to the computer where the local application is running. For example, Outbound means that firewall rules for the local application node must allow traffic to leave the local application and be directed towards the remote node; Inbound means that firewall rules for the local application node must accept incoming connections from the remote node.
(2) Can be configured to use a dynamic port. By default named instances, including SQL Server Express, are configured to use dynamic ports.
(3) SQL Browser is optional. See the Microsoft article SQL Server Browser Service.
(4) Alternatively, you can also use port 139 if NetBIOS is enabled. SMB is used when the Windows user group/object picker is opened. The SMB connection directs to the node requested by the user, so this is not a hard requirement to browse users on the .
(5) Allowing outbound connections from the client through port 389 is necessary if the client is on one domain and the on a different domain. This is necessary for the client to contact the domain controller on the remote domain through the LDAP protocol.
Port requirements for base functionality
|
Functionality |
Remote application |
Protocol |
Port |
Direction |
Local application |
Service |
|---|---|---|---|---|---|---|
|
PI AF SDK Client connections to PI AF server |
PI AF SDK clients (for example, PI System Explorer or PI Vision) |
TCP |
5457 |
Inbound |
PI AF server |
PI AF application service |
|
PI SQL for PI AF Client connections to PI AF server |
PI SQL for AF clients (for example, PI OLEDB Enterprise or PI Vision 1.x) |
TCP |
5459 |
Inbound |
PI AF server |
PI AF application service |