Risk attributed to PI SDK utility

Discussion created by asadz on Jul 2, 2020

Hi Folks,

I'm new to this forum and this be my first post here.

I'm Principal Architect-Security Solution, and recently being involved with sec assessment of PI system/sub-systems. I'm starting off with risk assessment in scope of PI-SDK utility, I'm new to PI systems, I did spend time reading manuals and guide on PI system, but skeptical in regard to this otherwise simply utility be a source of threats to OT/IoT networks. I appreciate someone with more domain knowledge than me, can help me validate the following:-


  • Can PI SDK utility be trusted to remain secure if allowed to run in DMZ network? As standalone application running on a Windows O/S connecting to DA over port 5040, is risky as anyone with windows account can take control over sdk?
  • Should the port communication be digitally signed or encrypted?
  • Placing a FW between PI server and utility is it enough to ensure security?
  • All sec hardening guidelines are applicable to PI server, but in case of SDK utility, there are not many.
  • What are more safer alternates to PI SDK utility as client access technology?