Configuring PI Data Archive Security

Learn how PI Identities and PI AF Identities are mapped to applications and active directory accounts and how custom permissions are configured for each of these identities

About this course

In this course, you will learn the skills necessary to configure security on the PI Data Archive using OSIsoft best practices. Specifically, you will learn how to create the PI Identities and assign them custom permissions on different areas of the PI Data Archive corresponding to the security needs of your users. Additionally, this course will over how to tighten down your security model to allow the minimum permissions needed for users and applications.

By the end of the course, you will be able to:

  • Create a custom PI System security plan that makes sense for your PI System.
  • Enable PI API and PI SDK applications to connect to your PI System.
  • Create security identities with minimal PI System permissions.
  • Map your incoming PI System connections to appropriate PI System identities.
  • Troubleshoot common authentication, permission, and connection problems.

Audience

This course is best suited for a PI System administrator who is responsible for setting up and maintaining how users and applications connect and authenticate with the PI System. It is designed to help perform security-related administrative tasks as well as introduce the tools available for common security management.

Level: Introductory

Study Time: 12 hours

Course Access: Unlimmited access. The only exception is the Training Cloud Environment for which you have 30 day access. After those 30 days you can purchase additional access with one of the two options below:

Prerequisites

  • Basic knowledge of Windows Active Directory users and groups.
  • PI System Basics: typical PI System components and architectures, understanding PI Points, searching PI points.
  • A computer that can access our YouTube content, and pass our connection test

Students without prior knowledge of the PI System should review Chapter 1: PI System Basics of the PI System Administration workbook.

This Course Includes...

  • Videos, exercises and quizzes to help you learn the material
  • A Cloud Environment accessible for 30 days and configured to complete all the exercises in the course
  • Sharable certificate of completion

Further Information

  • This is a self-paced course. Any questions or assistance needed about the material can be asked in this course's space in the OSIsoft PI Square community
  • When you complete the examination at the end of the course, you will receive a certificate of completion which can be shared and directly posted on LinkedIn.
  • For more information about our Online Courses please visit our FAQ page

You can audit the full video lecture content right now on the OSIsoft Learning YouTube Channel

and Download Course Workbook.

Course Outline

  • Getting Started
  • Key Course Information
  • Course Grading Scheme
  • How to Navigate This Course
  • Offline Course Videos for Blocked YouTube Users
  • Course Workbook
  • Cloud Environments Introduction
  • Cloud Environments Instructions
  • Launch Cloud Environment
  • Lesson 1 - Gaining Administrator Access
  • Knowledge Check: Gaining Administrator Access
  • Lesson 2 - Introduction to PI Data Archive
  • What are Identities, Mapping, & Trusts? (High Level PI Server Security Map)
  • Data Archive Security Deep Dive Map - Security Areas, Defaults and Customization
  • Lesson 3 - Online Courses's Example Security Model
  • Demo of Custom Data Archive Security Plan in Action
  • Knowledge Check: Who and What Else Needs Access?
  • Lesson 4 - Configuring Security
  • Configure Overall PI Data Archive Security for Users and SDK Applications
  • Knowledge Check: Granting User and Application Access
  • Setup Custom Security on PI Points for Both Users and Applications
  • Knowledge Check: Granting Access in Bulk
  • Configuring Minimum Permissions for PI Interfaces and Buffering
  • Knowledge Check: Securing Interface Access
  • Disable the Least Secure Authentication Options on Your Data Archive
  • Configure Windows Credentials for a Workgroup Interface Machine
  • Knowledge Check: Granting Access From Outside a Domain
  • Create, Map, and Grant Permissions to Custom Identities in AF Server 2015
  • Knowledge Check: Selectivity Secure AF Elements
  • Lesson 5 - Troubleshooting Security Issues
  • Basic Data Archive Security Troubleshooting - Check Common Errors and User Authentication
  • Advanced PI Data Archive Security Troubleshooting - Check Connections/Permissions in PI SMT
  • Lesson 6 - Create a Custom Security Plan
  • Create a Custom Security Plan with out Online Course Security Plan Worksheet
  • Final Exam
  • Final Exam
  • Course Evaluation
  • How did it go?
  • Next Steps
  • Additional Resources
  • End of the Course

About this course

In this course, you will learn the skills necessary to configure security on the PI Data Archive using OSIsoft best practices. Specifically, you will learn how to create the PI Identities and assign them custom permissions on different areas of the PI Data Archive corresponding to the security needs of your users. Additionally, this course will over how to tighten down your security model to allow the minimum permissions needed for users and applications.

By the end of the course, you will be able to:

  • Create a custom PI System security plan that makes sense for your PI System.
  • Enable PI API and PI SDK applications to connect to your PI System.
  • Create security identities with minimal PI System permissions.
  • Map your incoming PI System connections to appropriate PI System identities.
  • Troubleshoot common authentication, permission, and connection problems.

Audience

This course is best suited for a PI System administrator who is responsible for setting up and maintaining how users and applications connect and authenticate with the PI System. It is designed to help perform security-related administrative tasks as well as introduce the tools available for common security management.

Level: Introductory

Study Time: 12 hours

Course Access: Unlimmited access. The only exception is the Training Cloud Environment for which you have 30 day access. After those 30 days you can purchase additional access with one of the two options below:

Prerequisites

  • Basic knowledge of Windows Active Directory users and groups.
  • PI System Basics: typical PI System components and architectures, understanding PI Points, searching PI points.
  • A computer that can access our YouTube content, and pass our connection test

Students without prior knowledge of the PI System should review Chapter 1: PI System Basics of the PI System Administration workbook.

This Course Includes...

  • Videos, exercises and quizzes to help you learn the material
  • A Cloud Environment accessible for 30 days and configured to complete all the exercises in the course
  • Sharable certificate of completion

Further Information

  • This is a self-paced course. Any questions or assistance needed about the material can be asked in this course's space in the OSIsoft PI Square community
  • When you complete the examination at the end of the course, you will receive a certificate of completion which can be shared and directly posted on LinkedIn.
  • For more information about our Online Courses please visit our FAQ page

You can audit the full video lecture content right now on the OSIsoft Learning YouTube Channel

and Download Course Workbook.

Course Outline

  • Getting Started
  • Key Course Information
  • Course Grading Scheme
  • How to Navigate This Course
  • Offline Course Videos for Blocked YouTube Users
  • Course Workbook
  • Cloud Environments Introduction
  • Cloud Environments Instructions
  • Launch Cloud Environment
  • Lesson 1 - Gaining Administrator Access
  • Knowledge Check: Gaining Administrator Access
  • Lesson 2 - Introduction to PI Data Archive
  • What are Identities, Mapping, & Trusts? (High Level PI Server Security Map)
  • Data Archive Security Deep Dive Map - Security Areas, Defaults and Customization
  • Lesson 3 - Online Courses's Example Security Model
  • Demo of Custom Data Archive Security Plan in Action
  • Knowledge Check: Who and What Else Needs Access?
  • Lesson 4 - Configuring Security
  • Configure Overall PI Data Archive Security for Users and SDK Applications
  • Knowledge Check: Granting User and Application Access
  • Setup Custom Security on PI Points for Both Users and Applications
  • Knowledge Check: Granting Access in Bulk
  • Configuring Minimum Permissions for PI Interfaces and Buffering
  • Knowledge Check: Securing Interface Access
  • Disable the Least Secure Authentication Options on Your Data Archive
  • Configure Windows Credentials for a Workgroup Interface Machine
  • Knowledge Check: Granting Access From Outside a Domain
  • Create, Map, and Grant Permissions to Custom Identities in AF Server 2015
  • Knowledge Check: Selectivity Secure AF Elements
  • Lesson 5 - Troubleshooting Security Issues
  • Basic Data Archive Security Troubleshooting - Check Common Errors and User Authentication
  • Advanced PI Data Archive Security Troubleshooting - Check Connections/Permissions in PI SMT
  • Lesson 6 - Create a Custom Security Plan
  • Create a Custom Security Plan with out Online Course Security Plan Worksheet
  • Final Exam
  • Final Exam
  • Course Evaluation
  • How did it go?
  • Next Steps
  • Additional Resources
  • End of the Course