You may need to login with the domain account. pischool\student01, password: student
Now that I think about this some more, I realize you probably need to create a PITrust for the PIPerfmon interface and another PITrust for the point configuration tool. Method for this is the same as the PITrust(s) you created for PI ICU, Buffering, and the OPC Data Access interface to PI.
I have played around (Cheated a little to allow PIadmin to Login) So I have installed, created a service, added a tag. (removed PIadmin's ability to login)
Not sure what happened - can access via the Pidemo account that originally had the error
I used Student01 as the service account but that did not work (got I/O timeout) so switch to a services account and I get a value.
Got 2 tags added then....
Started getting errors on trying to add or update any point - (like all of a sudden lost permissions - No Write Permissions)
So need to find a class the focuses on this interface and more on security - a lot to learn.
Security is very tricky indeed There are some great videos in the Configuring PI Data Archive Security online course, but when it comes to the PI Interface for Performance Monitoring, the only video we have is OSIsoft: The basic version of the PI Performance Monitor Interface. Hence your best resource for specifics would be the documentation (Tech Support downloads or Live Library).
Some questions received via email:
1. When we did the initial trusts the videos gave us the name SnapE and OPCpE application names. How do I find the application names for this interface?
cet> application names are published by the application and are contained in the network packets sent to the PI server. PI-API applications (most interfaces) send four characters of their published name. Unfortunately the published name isn't always the service name or the executable name. For example SnapE is executable apisnap.exe. The big E on the end of the application name is the media type, E stands for Ethernet. PI-SDK applications will have the executable name as the application name. for example PI-ICU.exe or PIBufSS.exe. It can be tricky to know which name to use. In newer versions of our interfaces, you can use PI-ICU to set the application name to a string of your choosing. Recommend you stick to the format, e.g. four letters and a big E.
cet> To learn the connection requirements (application name, IP address, node name, etc) you can try connecting and then look in the PI Message Log on the interface node and the PI server node to find messages related to the application.
cet> I am old school and usually try to get something working first, figure out why it works, then fix it the way it is supposed to be. When it comes to trusts and application names I often create a so called open trust for a node, then run an application or interface on that node. when things work, then I use PI Network Manager Statistics plug-in of PI-SMT to view the connection and see the application name, node name, IP address, and trust or windows credentials the application is using. Then go to Security, PITrusts in PI-SMT and make a two factor trust for the specific needs of the application. I then disable the open trust and retest, repeating till things work.
2. Even though I am installing this interface of the PISRV1 I need a Name based and a IP based Trust (First Assumption)
cet> what you describe is the so called two factor trust. such a trust is our recommended best practice. alternatively in some environs you may want to make an application name & host or node name trust. Commonly interface nodes (on more secure networks) use IP and app name trusts, reporting or calculation or input applications on office network might use app name and host name trusts.
3. We created a PI Identify for the Interface and Buffering and mapped to a previously created domain account. Would I create a new PI Identity and map to a domain or local account. i.e can I map to the local student01 account?
cet> yes, you can map to a local user account. this may be problematic. in some cases it may be a requirement for the same username and exact password exists on both nodes, e.g. interface node and PI server. Mappings and Identities are really designed to be supported by an Active Directory.
4. Looking online it appeared this interface needed additional security. Is this table correct? I did try to map an identity to PIModules Table and I do get an error "At least one PI Identity on the PI Module has zero mapped Windows Principals"
cet> The interface probably doesn't need access to modules. However, the PI-ICU tool does need read/write access to modules.
PI Securable object
%OSI\Interfaces module and all submodules
Individual PI points (PtAccess or PtSecurity attribute)
cet> I don't recognise this table. Where did it come from? Are you looking at this from PI-SMT or another tool?
I got the table from https://pisquare.osisoft.com/message/47762#comment-47762
I found some OSIsoft YouTube videos that explained several of my questions like the NetMask explanation, the naming of Applications for interfaces. Trying to look at all possible resources, the Perfmon is definitely an under documented solution, would have loved to find best practices on monitoring. A class just on performance monitoring would be awesome.
Scott D. Smith | Center of Excellence | OSIsoft | Office 281-677-1053 | Cell 979-220-25135
Here is a Video from OSIsoft Learning Channel over at YouTube which presents the PI PerfMon interface. OSIsoft: The basic version of the PI Performance Monitor Interface. v3.4.375 - YouTube
The video is somewhat dated - we now provide the full version of the interface for use on the PI data archive server and you can monitor as many performance counters as you choose.
PI SMT includes a plugin to aid configuration of PerfMon points. The plugin includes role based templates you can use to quickly select counters to monitor and build points to receive the data with only a few mouse clicks. I usually load and apply the templates for the PI data archive server and Windows operating systems. That winds up becoming 100-200 PI points. (demonstrated in the video above.)
Another video from OSIsoft learning channel showing more up to date commentary on monitoring your PI server - OSIsoft: Health Points, Performance Counters, and Performance Points. v2010 - YouTube
As for monitoring interfaces on interface nodes, we usually build 3-4 points using PI ICU - three health points (Device Status, Heartbeat, I/O rate (per sec)) and perhaps the separate I/O rate point (per minute).
PI TCP Response interface could be used to generate transactions with applications on other nodes like Web server, DNS, PI system, etc to confirm such applications and their nodes are reachable, responsive, and performant.
PI Ping interface can be used to confirm important nodes are reachable and online such as data sources, perhaps DNS and other other infrastructure elements.
Christian Foisy has shared a OneDrive for Business file with you. To view it, click the link below.
Find attached the Word document with my final exercise screenshots. Finally I had to start from scratch because IT was unable to restart my VM.
Next week I’m in training all week in Philly so this is why I’m turning in my work this week.
Thanks for the help.
Solution Architect | Academic Program
OSIsoft<http://www.osisoft.com/> | CSS | •: +1 514.493.2056 | 1155 Robert-Bourassa Blvd, Suite 612 | Montreal, QC H3B 3A7 CANADA
For more information on the Academic Program:
image00001.png 561 bytes
To view Final_Project_V1.docx, sign in<https://osisoft1980-my.sharepoint.com/personal/cfoisy_osisoft_com/_layouts/15/acceptinvite.aspx?invitation=%7B51EB4088%2D5441%2D4BB7%2DB534%2D82D87540C8E4%7D&listId=63b09410%2D5487%2D4f94%2Da950%2Df25f4e06b671&itemId=10cafd88%2Dceb9%2D413a%2Daceb%2D335262035230> or create an account.
Thanks Christian - Final Project received. I'll look it over and let you know any questions we have.