7 of 7 people found this helpful
Yes, it is possible. We do it frequently to set up the VMs for the Programming Hackathons which we exposed a public PI Web API endpoint in case the hackers want to access to the data from their physical machine (and through our Azure VMs).
Supposing that you have already a domain with a PI Data Archive, PI AF Server and PI Web API already set up, here are the steps:
- Open Windows Firewall on the Web Server VM and make sure port 443 is opened for the public network.
- Using the AWS portal, make sure port 443 is also opened.
- Use telnet against your AWS VM FQDN to make sure port 443 is opened.
- Make sure you are using Basic authentication, since Kerberos cannot be used from the public internet
- Set up the SSL certificate. If you want to access PI Web API through https://pisystem.mycompany.com/piwebapi, you need to buy an SSL certificate whose DNS and Common Name would be pisystem.mycompany.com.
The steps above work fine with Azure. I don't expect any issues with AWS although I have not tested.
Hope this helps!
2 of 2 people found this helpful
On top of what Marcos said, please note that Basic Authentication sends user credentials in plain text over the wire. For this reason, it is absolutely critical that you use only HTTPS with Basic Authentication.
I refer you to look at the first 2 paragraphs at the top of this LiveLibrary link. In other words, do not skip over Marcos's last bullet item.
PI Web API always requires an SSL certificate. Nevertheless, Rick is right. Investing more on SSL certificates will make your credentials more secure when transmitted over the network.
3 of 3 people found this helpful
Nowadays you don't even have to pay for an SSL certificate. They are freely available through Let's Encrypt. The tricky part is renewal, which you will probably want to automate because the certificates only last 90 days. There are some scripts out there for windows machines.