• PI Security Suggestion Compilation

    Part of a PI administrator's job is to make sure that the PI system is as reasonably secure as possible. However, sometimes, it is PI itself that must be made more secure. This post compiles many of the security-...
    last modified by Kenneth_Barber
  • TLS best practices for PI Web API

    This post is intended to provide a brief, high-level description of Transport Layer Security (TLS) best practices as they relate to PI Web API. Microsoft and leading browsers are pushing to deprecate any security...
    created by Kenneth_Barber
  • How to Create a Certificate Using Your Enterprise CA for PI Web-based Products

    Preamble Both PI Web API and PI Vision require an SSL certificate upon installation. The default installation will create a self-signed certificate, but users will see an ugly certificate error when navigating to it. ...
    created by Kenneth_Barber
  • How to configure a custom SSL Certificate

    HTTPS has become the default configuration in the installation of PI Vision, and it is mandatory to use an SSL Certificate with HTTPS. These instructions guide on how to configure a custom certificate to use with PI V...
    created by Kenneth_Barber
  • Certificates and PI Connector Relay

    Hello,   Overview: This post reviews information relating to the use of certificate(s) with the PI Connector Relay and OMF applications based upon questions from customers and partners.   Components require...
    created by Kenneth_Barber
  • PI Connector and OPC UA Security

    In the last OPC UA blog post I wrote, Migrating from OPC DA to OPC UA, Roger Palmen mentioned the 'security and management puzzle' that many have used as a reason to delay the move from OPC DA to OPC UA. Hopefull...
    created by Kenneth_Barber
  • Securing PI Web API with a CA issued certificate

    Some recent experiences with using the PI Web API highlighted to me the benefits of using CA issued (read non self-signed) SSL certificates, even on a development system. One of the most obvious to me was how to prope...
    created by Kenneth_Barber
  • PI Vision Security Recommendations

    Use Case According to PI Vision 3.x Installation guide, some features require Kerberos Constrained Delegation.   Kerberos constrained delegation must be configured between the PI Vision application server and th...
    created by Kenneth_Barber
  • Setting up precision of the output value in AF Expression Analysis

    Hello Team, Good day !!   I have observed a strange behavior of System Explorer in designing analysis. Details are as below. You can see in below snip that the ‘Input Value’ attribute has the valu...
  • Manually Managing SSL Certificates

    If you follow the OSIsoft installation guides, SSL certificates for PI Vision, PI Web API etc. require installation or changing through the OSIsoft installer for the Program. However, i find the certificate validation...
    created by Kenneth_Barber
  • Hall of Thanks

    OSIsoft thanks all individuals ethically reporting security issues in our products or services. Contact us - Report a Security Vulnerability.     Each name represents an individual or organization who has...
    last modified by lmlcoch
  • PI Security Audit Tool

    Have there been any updates or developments to the PI Security Audit Tool? In 2017 there was a OSIsoft UC 2017 Lab presentation for "Using and Building The PI Security Audit Tools, a tool to baseline your PI system se...
    last modified by robertballjr
  • No write Access - Secure Object 

    Hello Everyone!   We have created PI Engineers Domain group, Mapped with "PI Engineers" Identity and Provided "PI POINT" Read and Write Permission on Point Security and Data Security. but still Our End users fro...
    last modified by AKASH MISAL
  • PI Buffering issue

    When i tried to add data server I am getting the pop up error as "Object reference not set to an instance of an object".   I have modified the PI client,ini file with PI server list and filebuffer path. ...
    created by mohbaba
  • Connect to PIVision without user name and password

    It's there a way to connect to PI Vision with a token? right now I'm sending the credentials in the URL like this: username:password@site.com/PIVision/#/Display/67?mode=kiosk&hidetoolbar
    last modified by raulcantu
  • S4x20 presentation on Security Questionnaires

    Hello security advocates from S4x20 and on PI Square.  Today's discussion about security questionnaires for industrial control systems at the prestigious S4 conference was well attended with requests for a copy p...
    Bryan Owen
    created by Bryan Owen
  • Non simplistic security model in PI DA

    Hi,   I have learned that one identity can have multiple Windows AD SIDs (user or group for example) mapped to it. One Windows AD SID however may only be mapped to one PI Identity.   Does this...
    last modified by CameronLee
  • Security Improvements for PI Vision Displays

    Hi Everyone,   Would like to gather your ideas on what security methods I can apply regarding the access of our PI Vision Displays. Besides using Windows Authentication and applying SSL Certificates to each of o...
    last modified by pocholo.mendoza
  • PI World Cyber Security Workshop

    Cyber security is constantly in the news today – often with more hype than useful information!   The PI World Cyber Security Workshop is organized to provide straight talk about concerns and especially tho...
    Bryan Owen
    created by Bryan Owen
  • Check out the PI Security Audit Tools on GitHub

    In an effort to demystify PI security and help our customers assess the security posture of their systems, we’ve developed a tool to help baseline the security configuration of PI System components in the form o...
    last modified by hpaul