AnsweredAssumed Answered

Internet Facing PI Vision

Question asked by VCampus-METCO on Jul 3, 2017
Latest reply on Feb 6, 2020 by bikramjitd

Has anyone installed PI Vision on a server which is visible on the internet?

 

I have a customer who wishes external partners to have access only to the data relevant to them in a secure manner. He was going to put the server in a DMZ on its own domain but with connectivity to the PI Server and AF Server on the main network.

 

The issue I see is how are the users going to authenticate - I presume a login window will popup when they access the Vision home page. And I presume they would then enter a DMZ domain account/password. But those credentials wont be able to be used to access the PI/AF Server because the domains wont be trusted. So PI trusts would have be configured which means if there are several partners they would all be sharing the same trust and therefore able to see each others data and this might not be permitted.

 

The traditional answer to this question would be for each partner to have their own PI System and use PI to PI over VPN, or Cloud Connect to transfer the data. Or the other option would be to use CITRIX and then they could login using the target domains credentials.

 

Also, one more thing - PI Vision is licensed by named user. It does not seem to make any restrictions on how many instances of PI Vision are installed. So it would be possible to install an instance of PI Vision for internal use and one for the external access?

Outcomes