AnsweredAssumed Answered

What does the Local AFServers group on the SQL Server do?

Question asked by cdenslow on Jan 30, 2017
Latest reply on Jan 30, 2017 by vkaufmann



I'm hoping that someone can clarify something for me in regards to the PI AF 2.7 installation.


I have successfully installed PI AF Server on one domain machine and I am trying to connect it to a separate SQL Server on the same domain.


Can someone please tell me what the Local AFServers group that has to be created on the Windows Server hosting the SQL Server does exactly.


Our Windows Team would like a clear understanding of what it does and why it is required because we do not normally create local groups on servers especially groups that don't have any permissions assigned to them.


Are there any permissions that should be assigned to this group OR does the PI AF Code just need the group to be present and contain the Domain name of the server that has Pi AF installed on and the domain name of the service account running the PI AF Service.


The only thing I can come up with is that when the Pi AF Service starts it looks for that local group on the SQL Server and will only allow allow a connection to the PIFD database from the machine defined as a member of the AFServer group and by the account defined in the AFServer group.


What benefit does this mechanism give us? Why does it not just connect to the SQL Server directly over the network without needing this group.  Surely the connection string and an account on the SQL Server to allow login to the database is enough?  Why is there this extra layer??


If someone can direct me to a diagram of what the interactions through this group between an AF Server and the SQL Server are that would be a great help.


Thanks in advance