2 Replies Latest reply on Sep 25, 2014 7:25 AM by rencurosid

    PI AF with multiple PI servers

    rencurosid

      Hi all,

       

      I need some more detailed information about client connection to AF with multiple pi servers.

       

      Can AF server use PI tags coming form different PI servers located in different domains?

       

      Does windows user (AF client like SharepointWebPart, ProcessBook, AFSDK, etc...) need to be authenticated only in the domain where the AF server runs, or must be "known/trusted" also on all the PI servers?

       

      Is there any docs or white paper or guidlines about this scenario ?

       

       

       

      I will be gratefull for any help you can provide.

       

      Regards.

       

       

       

      Davide

        • Re: PI AF with multiple PI servers
          Marcos Vainer Loeff

          Hi Davide,

           

          The PI AF Server never connects to the PI Data Archive. It just provides the PI Server name and the PI Point name stored on the connection string of the AF attribute to the client which is responsible for making the connection to the PI Data Archive.

           

          The AF client application (like PI System Explorer) is able to connect to the PI Data Archive through explicit login (PI User), PI Trusts or WIS (Windows Integrated Security). The first option is not secure at all. As you are able to connect with PI Trusts specifying an IP address, your client application does not have to be on a domain or a trusted domain. Nevertheless, WIS is more secure than PI Trusts that is why it is preferable to choose this option. This is concerning the security of PI Data Archive.

           

          Concerning the security of the PI AF Server, it is recommended for the AF client application to be on the same domain or trusted domain of the PI AF Server. Nevertheless, if this is not possible, you can create on the client and on the server a local user with same name and password on both machines. You will need to run your AF client application under this user account in order to be able to connect to the PI AF Server. Again, authenticating with domain accounts is more secure than local accounts.

           

          I invite you to read the user manual called PI AF Installation and Upgrade Guide for more information.

           

          Hope this helps!