• PI Security Suggestion Compilation

    Part of a PI administrator's job is to make sure that the PI system is as reasonably secure as possible. However, sometimes, it is PI itself that must be made more secure. This post compiles many of the security-...
    Kenneth_Barber
    last modified by Kenneth_Barber
  • TLS best practices for PI Web API

    This post is intended to provide a brief, high-level description of Transport Layer Security (TLS) best practices as they relate to PI Web API. Microsoft and leading browsers are pushing to deprecate any security...
    Kenneth_Barber
    created by Kenneth_Barber
  • How to Create a Certificate Using Your Enterprise CA for PI Web-based Products

    Preamble Both PI Web API and PI Vision require an SSL certificate upon installation. The default installation will create a self-signed certificate, but users will see an ugly certificate error when navigating to it. ...
    Kenneth_Barber
    created by Kenneth_Barber
  • How to configure a custom SSL Certificate

    HTTPS has become the default configuration in the installation of PI Vision, and it is mandatory to use an SSL Certificate with HTTPS. These instructions guide on how to configure a custom certificate to use with PI V...
    Kenneth_Barber
    created by Kenneth_Barber
  • Certificates and PI Connector Relay

    Hello,   Overview: This post reviews information relating to the use of certificate(s) with the PI Connector Relay and OMF applications based upon questions from customers and partners.   Components require...
    Kenneth_Barber
    created by Kenneth_Barber
  • PI Connector and OPC UA Security

    In the last OPC UA blog post I wrote, Migrating from OPC DA to OPC UA, Roger Palmen mentioned the 'security and management puzzle' that many have used as a reason to delay the move from OPC DA to OPC UA. Hopefull...
    Kenneth_Barber
    created by Kenneth_Barber
  • Securing PI Web API with a CA issued certificate

    Some recent experiences with using the PI Web API highlighted to me the benefits of using CA issued (read non self-signed) SSL certificates, even on a development system. One of the most obvious to me was how to prope...
    Kenneth_Barber
    created by Kenneth_Barber
  • PI Vision Security Recommendations

    Use Case According to PI Vision 3.x Installation guide, some features require Kerberos Constrained Delegation.   Kerberos constrained delegation must be configured between the PI Vision application server and th...
    Kenneth_Barber
    created by Kenneth_Barber
  • Manually Managing SSL Certificates

    If you follow the OSIsoft installation guides, SSL certificates for PI Vision, PI Web API etc. require installation or changing through the OSIsoft installer for the Program. However, i find the certificate validation...
    Kenneth_Barber
    created by Kenneth_Barber
  • Hall of Thanks

    OSIsoft thanks all individuals ethically reporting security issues in our products or services. Contact us - Report a Security Vulnerability.     Each name represents an individual or organization who has...
    lmlcoch
    last modified by lmlcoch
  • S4x20 presentation on Security Questionnaires

    Hello security advocates from S4x20 and on PI Square.  Today's discussion about security questionnaires for industrial control systems at the prestigious S4 conference was well attended with requests for a copy p...
    Bryan Owen
    created by Bryan Owen
  • PI World Cyber Security Workshop

    Cyber security is constantly in the news today – often with more hype than useful information!   The PI World Cyber Security Workshop is organized to provide straight talk about concerns and especially tho...
    Bryan Owen
    created by Bryan Owen
  • Check out the PI Security Audit Tools on GitHub

    In an effort to demystify PI security and help our customers assess the security posture of their systems, we’ve developed a tool to help baseline the security configuration of PI System components in the form o...
    hpaul
    last modified by hpaul
  • Introduction to group Managed Service Accounts

    Although introduced in Windows Server 2012, the Group Managed Service Account (gMSA) still has low adoption within our customer base. This blog post aims to highlight benefits of gMSAs, discuss how to deploy and use t...
    lmlcoch
    last modified by lmlcoch
  • Security trends and highlights from S4x19

    S4 may well be the ‘Davos’ for those who strive to improve modern society by addressing digital hazards affecting industrial automation systems. Technology professionals and industrial security thought lea...
    Bryan Owen
    created by Bryan Owen
  • Security Workshop, Take 2 in Dallas!

    We're doing it again.  This time in Dallas!  On November 13th, OSIsoft is hosting the Texas Regional Seminar in Dallas, TX.  There will a be a good mix of talks on our product roadmap and customer succe...
    Brian
    last modified by Brian
  • Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors

    US-CERT released the alert, Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors, on Thursday, March 15th.  The technical alert includes indicators of compromise (IOCs), te...
    hpaul
    created by hpaul
  • Interested in attacking the PI System? Come to S4!

    We share this special invitation to the Digital Bond S4x19 ICS Security Conference sponsored by OSIsoft, LLC.   The S4x19 conference is taking place in Miami Beach, January 15-17, 2019.  The three-day even...
    Brian
    created by Brian
  • Security Workshop in D.C.

    Coming this month on August 21-22, OSIsoft is hosting a Super Regional Seminar.  This is a special two day event taking place in Washington D.C.  There will a be a good mix of talks on our product roadmap, c...
    Brian
    last modified by Brian
  • Configuration as Code for PI System Security: Introducing PI Security DSC

    As a PI System administrator, do you want to: use the same mechanism to secure both the OS and the applications running on it? maintain a baseline across numerous nodes and sites? have functional documentation that...
    hpaul
    created by hpaul