10 Replies Latest reply on Jul 19, 2016 2:23 AM by XMPro_Gavin

    Connecting to PI System

    XMPro_Gavin

      Hi ,

       

      I have installed AF Server , Data Archive Server in one Computer .

       

      I have written a C# Program to connect to PI System and to get data . If I execute this program in the same server where I have PI , I am able to connect and do operations.

       

      I wanted to execute my Program in a different system and from there I want to connect to the PI System on a different Server .

       

      Could you let me know if this is possible or not , if possible what are the options we have to connect.

       

      Thanks for your positive support.

        • Re: Connecting to PI System
          John Messinger

          Hi Gavin,

          Yes, this is not only possible, but is how all of the client applications from OSIsoft behave. The same method you use to connect to a local PI System can be used to connect to a remote PI System. The basic examples that come with the AFSDK documentation are a good start with this:

          Connecting to a PI AF Server

          The key thing when connecting to remote servers is that your application has sufficient permissions to access the data you want. There are different ways of handling this, such as passing a NetworkCredential object when you explicitly call PISystem.Connect(), or running your application under specific credentials (like a Windows service running under a domain account for example). I would generally opt for the second of these options so that I don't need to either hardcode credential information, or write additional code to capture current credentials, unless I'm writing an application intended to be used by multiple users.

          4 of 4 people found this helpful
            • Re: Connecting to PI System
              gregor

              Hello John,

               

              Please allow me to complement your answer with the maybe obvious. If the code does not include providing specific credentials, the application will attempt authenticating with the credentials of the user executing the process.

              • Re: Connecting to PI System
                XMPro_Gavin

                Hi John ,

                 

                Thanks for the reply.

                 

                I am new to AF SDK and trying to understand how we can connect to a PI Server from a client machine .

                 

                I understand from your reply that  we can connect to a PI Server from a client machine using Network Credentials.

                Using Network Credentials we can pass in the username, password and domain name . But I am not sure where do we mention which server  to connect to .

                 

                For eg:-

                My PI Server / AF Server was installed on the machine  'OSIServer' and the Instance Name is 'AFInstance'

                My AF Client Server machine is 'OSIClient' from which I am trying to connect to AFInstance on OSIServer machine . Both the server and the client are in the same network.

                 

                I understand we can pass in the username  , password and domain infromation . But not sure where I will configure or mention the server to connect to from my client

                 

                As I am new to AFSDK , I might be missing some context or knowledge and looking for the ways . Could you please mention the steps if I am missing any information.

                Do we need to configure any specific tool / provide specific access on my client machine to connect to the server.

                 

                Thanks John for your positive support .

                  • Re: Connecting to PI System
                    John Messinger

                    Hi Gavin,

                    Main thing you need on the client machine is an entry in the Known Servers table for either AF or PI. If you can connect to the required AF server using PI System Explorer on your client machine, and can connect to the PI Data Archive using the PISDK Utility, then no further specific configuration is needed on the client.

                    In your AFSDK code, you will be working with two object types - a PISystems object, and a PISystem object. The first represents the collection of known PISystems (or AF servers) - this is what you would see in the PI AF Servers list in PI System Explorer. The second object (PISystem) is a specific instance of an AF server. So your initial connection code might look a bit like the following:

                    var piSystems = new PISystems();
                    var piSystem = piSystems["MyAFServer"];
                    piSystem.Connect();
                    

                     

                    The piSystems variable represents the collection of known AF servers, and the piSystem variable is initialised to a specific server instance. This bit of code could even be shortened to

                     

                    var piSystem = new PISystems()["MyAFServer"];
                    

                     

                    Then when you call the Connect() method on your PISystem instance, you can decide whether to pass a NetworkCredential object, or as in the example above, implicitly pass the credentials of the user executing the code.

                    Regards,

                    John

                      • Re: Connecting to PI System
                        XMPro_Gavin

                        Hi John ,

                         

                        Thanks for your reply . I tried different options , had a bit of luck in progressing but not completely able to solve the problem.

                         

                        Let me explain the example , I am working on

                         

                        Client App Domain : local      , user : alapati

                        AF Server Domain : data365 , user : dataadmin

                         

                        As explained above the App Server is in a different domain than the AF Server .

                         

                        From the AF Server I am able to connect using PI System Explorer and PI SDK Utility

                         

                        From the Client App Server , I am able to connect using the PI System Explorer . In the PI System Explorer I mentioned the AF Server details and the port , using the windows credentials of AF Server ( data365/dataadmin) I am able to connect to  AF Server using client PI System Explorer . From client PI System Explorer , I am able to see the data for element attributes as well .

                         

                        From the Client App Server , I am not able to connect to PI SDK Utility . I am trying the option Connect as and providing the data365/dataadmin account and password and getting access denied error . When I checked in the log file on the server , I see the following error.

                         

                        Unsuccessful login  ID: 373. Address: 60.242.200.60. Name: PISDKUtility.exe(2208):Method: Explicit Login. Error: [-12001] Name Not Found in PInt, pinetmgr, , , , , , , , , , ,

                         

                        I tried from my client c# application code to connect and to get values from data archive server.

                         

                        NetworkCredential credential = new NetworkCredential("dataadmin", "zzzzz" , "data365");

                        PISystems = new PISystems();

                        PISystem MySystem = PISystems["osiserver"];

                        MySystem.Connect(credential);

                         

                        I am able to successfully connect and get the needed database , templates ..etc .  from AF Server

                         

                        But when using the method

                         

                        IEnumerable<AFValues> values = attributes.Data.RecordedValues(timeRange, AFBoundaryType.Inside, null, false, pageConfig, 0);

                         

                        I am getting the following error

                         

                        Windows authentication trial failed because the authentication method was not tried. Trust authentication trial failed because insufficient privilege to access the PI Data Archive.

                         

                        Using the PI System Management Tool , I created a new Identity and mapped the identitiy to the user on the server domain account . Also created a Trust to allow connections from Client App Server and Provided Domain and User Account . But still when calling the above method (attributes.Data.RecordedValues(timeRange, AFBoundaryType.Inside, null, false, pageConfig, 0); I can check in the server logs instead of the network credentials passed in to connect to the PISystem , the client user details who is running the code  is being sent .

                        In this case I can check in the server log :

                         

                        7/18/2016 12:28:36.90762 PM, , Information, Unsuccessful login  ID: 408. Address: 60.242.200.60. Name: ConsoleApplication3.vshost.exe(41904):remote. Credentials used: local\alapati. Method: Trust. Error: [-10413] No trust relation for this request, pinetmgr, , , , , , , , , , ,

                        7/18/2016 12:28:36.90746 PM, , Debug, Trust request from: \|alapati|10.1.1.10|ConsoleApplication3.vshost.exe failed: [-10413] No trust relation for this request (0), pibasess,

                        , , , , , , , , , ,

                         

                        I tried all differet options but not able to get the values for the attributes using AFSDK , it always sending in local user account instead of Network user details.

                         

                        I think , I am missing some configuration or some knowledge Gap . Could you please assist in what I  am doing wrong here / what I am missing .

                         

                        Thanks John for your positive support and responses .

                  • Re: Connecting to PI System
                    Marcos Vainer Loeff

                    Hi Gavin,

                     

                    I am not sure if this is the case but if you are developing a web app with many users with different security privileges on the PI System, you might want to impersonate the user account. PI AF SDK already allows you to do that. Please refer to the ASP.NET MVC 5 with PI AF SDK: Part 2 - Security blog post for more information.

                     

                    Hope this helps!

                    • Re: Connecting to PI System
                      pablo.araya

                      Hello Gavin

                      Maybe you can create a trust with the PI SMT tool and grant the access to the client machine where is runing your application.

                       

                      Cheers

                      Pablo