Configure PI Buffer Subsystem security

PI Buffer Subsystem needs both an operating system account to run the buffering service, and an appropriate Data Archive security configuration to communicate with servers receiving buffered data.

When you install or upgrade to PI Buffer Subsystem 4.3 or later, you will have an opportunity to configure the items below using the Buffering Manager wizard. After installing PI Buffer Subsystem 4.3 or later, you need to use the Windows Services snap-in to choose an account for the PI Buffer Subsystem service, but you can change the settings in steps 2 and 3 below when you use Buffering Manager to add a server (File > Add Server).

1. Choose the operating system account that the PI Buffer Subsystem service will use to log on to the buffered node.

   You can use the NT Service/pubufss account, which is the default configuration, or choose a domain account with the permissions listed in Operating system permissions for buffering. The advantages and disadvantages of each are described in PI Buffer Subsystem and service logon accounts.

2. Choose a PI identity, PI user, or PI group to be used by PI Buffer Subsystem when it connects to Data Archive. The PI identity, PI user, or PI group must have the permissions listed in PI Data Archive permissions for buffering.

3. Configure Windows authentication (PI mapping) or PI trusts so that PI Buffer Subsystem can authenticate with Data Archive using the chosen PI identity, PI user, or PI group. Remember that the buffered application also requires a PI mapping or PI trust. For recommendations, see PI Data Archive authentication and buffering.