• State Not Answered
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 807 views
  • Users 0 members are here
Options
Related

PI system architecture - network design and security

MatthiasMulder

We have a network design where a redundant PI opc interface is on the DCS network (level 2) and the PI server is on the level 3 network (see picture).

We would like to use Windows integrated security for users using PI datalink. These users are on the business network. To accomplish this, our IT department has suggested to move the PI server to the business network (level 4). Is it recommended to do this? Is it secure to direct PI data directly from the DCS network (level 2) to the PI server on the business network (level 4)?

Parents
  • 0

    Hi Lal Babu,

    Thanks for your answer! Indeed level 3 and level 4 have their own domains. I have asked our IT department about using the Windows credential manager but they don't think this is a good solution (I am not sure why). We would only have 10 users by the way.

    The reason the PI server is currently on level 3 is because maintenance by a 3rd party is easier. This level is maintained by the production department. The maintenance by the 3rd party is always done on site.

    If we move the PI server to level 4 we will become more dependent on IT, I guess, but that may not me a show-stopper.

    We also write back from PI to the DCS system, indeed.

Reply
  • 0

    Hi Lal Babu,

    Thanks for your answer! Indeed level 3 and level 4 have their own domains. I have asked our IT department about using the Windows credential manager but they don't think this is a good solution (I am not sure why). We would only have 10 users by the way.

    The reason the PI server is currently on level 3 is because maintenance by a 3rd party is easier. This level is maintained by the production department. The maintenance by the 3rd party is always done on site.

    If we move the PI server to level 4 we will become more dependent on IT, I guess, but that may not me a show-stopper.

    We also write back from PI to the DCS system, indeed.

Children
No Data