5 Replies Latest reply on Aug 5, 2013 12:48 PM by Gregor

    ProcessBook AF 2.x connection (outside AF Domain)

    Petronor

      hi,
      there is any possiblity to connect  the Add-in AF 2.x Data set to the AF server without use the menu option PiSystems...?
      We are accesing to a AFServer in another domain and we can't connect directly. We have to specify user/pass:

       

      2335.01_2D00_08_2D00_2013-11_2D00_10_2D00_05.gif

       

      Thanks

       

       

        • Re: ProcessBook AF 2.x connection (outside AF Domain)

          Hello José,

           

          Can you provide some insights as of why the AF Server is in a different domain?

           

          Are both domains member of the same domain forest?

           

          Is there a trust relationship between domains?

           

          Do machines / users inside DLBIOTPS domain have access to the Active Directory domain controller inside your office network? If so, have you tried setting up AF security i.e. for <OfficeDomain>\Builtin\Users?

           

          Is there as well a PI Server involved? If so, in what domain is it located?

            • Re: ProcessBook AF 2.x connection (outside AF Domain)
              Petronor

              Hello,

               

              No, there isn't any trust relationship between domains.

               

              (We are developing a Movement Monitor (MM) to accurately plan and monitor material movements. The application is completly installed in the Control Network and will be used by Tank Operators. We would like to give some access to other users, outside the control network)

               

              Maybe there is any chance developing a PB Add-in?

               

              we have been developping PB Add-ins to provide some AF funcionality and the connection can be shared between all of them.

               

              wich are the name of the AF connection variables in the AF 2.x Data set add-in?

               

              thanks a lot for your help

                • Re: ProcessBook AF 2.x connection (outside AF Domain)

                  Hello José,

                   

                  AF relies on Windows Integrated Security. I am afraid that without any trust relationship between domains, you will not be able to connect from outside the control network. To my knowledge the minimum requirement is that the domain controller the AF Server belongs to has a one way trust to the domain(s) the clients belong to.

                   

                  José María Elexpe

                  wich are the name of the AF connection variables in the AF 2.x Data set add-in?

                   

                  I don't have that information but will try getting some insides from The ProcessBook team.

                   

                  What I can think of as an easy solution for you would be using a Terminal Server inside you Control network that can be accessed via remote desktop from users outside the Control network. Is that an option for you?

                    • Re: ProcessBook AF 2.x connection (outside AF Domain)
                      Petronor

                      OK, Thanks.

                       

                      We will try to use TerminalServer.

                        • Re: ProcessBook AF 2.x connection (outside AF Domain)

                          Hello José,

                           

                          I've received the following information from PI ProcessBook product management:

                           

                          The AF SDK on the client handles the actual connection. Since it’s based on the user’s Windows account, we just use that. The AF help file (%PIHOME%\Help\AF.chm ) installed with the AF client on the PI ProcessBook host (for example) provides the following information about security:

                           

                          PI AF Clients and Windows Authentication

                           

                          The PI AF Client setup program consists of the PI AF SDK, PI System Explorer, and user documentation. PI System Explorer and other PI AF SDK clients communicate with PI AF server using Windows authentication. Except for configuration of a PI AF collective, the PI AF SDK never connects directly to the PI AF SQL Server. When you attempt to connect to a PI AF server through PI System Explorer, your login credentials are used. If you have permission to access the PI AF server, the connection is made. If you do not have the appropriate rights (for example, if you are logged in as a local user, not a domain user, or the client computer is in a domain other than that of the PI AF server), a login dialog box appears where you can enter credentials.