Learn about mappings for trusted domains
- Last UpdatedFeb 12, 2025
- 1 minute read
In this deployment scenario, the Interface node and Data Archive are located in the same domain, or different but trusted domains. In the case of trusted domains, if there is one-way trust between the domains, then the direction of the trust is important. The domain with Data Archive must trust the domain with the Interface node. The objective is to map User1 to Identity1.
-
If the Windows account (User1) is a Local System account or Network Service account, map the interface node name (<Domain>\<InterfaceNodeName>$) to your PI identity (Identity1).
-
If the Windows account (User1) is a domain account, map the account (User1) to your PI identity (Identity1) as described in the earlier scenario. See Create a PI mapping for Windows account and PI identity.
-
If the Windows account (User1) is a local account, then either:
-
Change the user account for the interface to a domain account. See Task 4: Change the login credentials for your interfaces.
-
Map the account (User1) to a domain account (DomainUser1) in Windows Credential Manager on the Interface node (see Learn about Windows Credential Manager). Map DomainUser1 to Identity1 on Data Archive using PI SMT.
-
Create the same account (User1) on Data Archive with the same credentials as the account on the Interface node. Map ServerNode\User1 to Identity1 .on Data Archive using PI SMT.
Caution: Identical user accounts and passwords is a form of credential reuse. Verify identical accounts are consistent with your IT policies.
-