Configure security for PI Buffer Subsystem

If security is already configured for PI Buffer Subsystem on the selected Data Archive server, the existing configuration is shown in the PI Data Archive Security pane. If the connection test is successful, you are finished configuring security for this server.

If needed, you can configure or change the authentication method or PI identity that PI Buffer Subsystem uses to connect to Data Archive. You cannot modify an existing PI mapping or PI trust from this pane, but you can create a new one and use it instead.

During upgrades only, you can also change the Windows account used to run the buffering service. For increased security, we recommend a dedicated Windows user account.

PI Buffer Subsystem security requirements

For each Data Archive server or collective that will receive buffered data, PI Buffer Subsystem needs a PI identity, PI user, or PI group. This defines its identity and permissions when it connects to the server. It also needs a PI mapping (for Windows authentication) or a PI trust so it can successfully authenticate using the selected PI identity, PI user, or PI group.

Should I use a PI mapping or a PI trust?

PI mappings are recommended because they are more secure than a PI trust. A PI mapping requires PI Buffer Subsystem to authenticate with Data Archive using Windows authentication. Create a PI trust if you are not using Windows authentication or if you are sending data to PI Server version 3.4.375, which does not support PI mappings.

Note: If the PI mapping or PI trust cannot be created because you are not logged in with appropriate credentials, create the mapping or trust on the server using PI System Management Tools (PI SMT).