Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Vision™

TABLE OF CONTENTS

PI Vision application pools and service account

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedNov 14, 2022
  • 2 minute read

The AVEVA PI Vision installation creates the following application pools and Windows services.

The application pools run under Windows service accounts that have appropriate access permissions across the PI System:

  • PIVisionAdminAppPool runs the administration website, located at https://webServer/PIVision/Admin

  • PIVisionServiceAppPool runs the main AVEVA PI Vision application website, located at https://webServer/PIVision

  • PIVisionUtilityAppPool runs the AVEVA PI Vision utility services, located at https://webServer/PIVision/Utility

For these application pools, the Maximum Worker Processes field must be set to 1 in the Internet Information Services (IIS) Manager configuration.

The AVEVA PI Vision application pools and service accounts run under the AVEVA PI Vision service account. This is the account that AVEVA PI Vision uses to connect to the Data Archive and PI AF servers. For client users to see PI System data, the AVEVA PI Vision service account needs appropriate access to these servers.

When you install AVEVA PI Vision, the installation kit by default sets the service accounts to the machine account of the application server itself and sets the accounts for each service as follows:

Service

Account

PIVisionAdminAppPool

NT Authority\Network Service

PIVisionServiceAppPool

NT Authority\Network Service

PIVisionUtilityAppPool

NT Authority\Network Service

The AVEVA PI Vision service account in this configuration is the server machine Active Directory account. Typically, this account is named domain\server-name$. For example, MyEnterprise\PIVisionServer$.

For security reasons, we recommend that you instead create a domain account for the AVEVA PI Vision services:

  1. Change the AVEVA PI Vision service account to a dedicated domain account. See Create a service account for PI Vision.

  2. Configure the application pools and services to run under this account. See Configure PI Vision application pools to use the PI Vision service account.

    Caution: We strongly recommend that you create a domain account for the AVEVA PI Vision services. If you use the machine account, all the applications running on the application server computer have access permissions on the SQL server, Data Archive server, and PI AF server machines. This is a security risk. At a minimum, consider removing some or all of the other applications running on this computer.

TitleResults for “How to create a CRG?”Also Available in