PI Vision AD User Authentication

Dear Jared,

I need your assistance, I just read your message, my case is different, we would like to implement PI Vison out the AD environment as your current situation. Is possible to share your experience with me please? The main issue we have now is how to setup user's authentication locally. We have PI DA & AF installed in the same server and PI Vision will be installed on another saver but both servers are in the same network. But clients should access PI Data resources from the Business network passing through the Firewall.

Assuming that you're not using AVEVA PI Server 2023, then Kerberos delegation is required to allow users to properly retrieve data from the Data Archive & Asset Framework servers Setting up Kerberos delegation (aveva.com). It may be possible to do domain trusts between the two networks to get Kerberos Delegation working, but I'm not 100% on that.

The best solution is to bring the data up from the lower environment to a separate system in the business network so that users can access it. PI Server 2023 may make things a little easier, but the IDP needs to be accessible in both networks for authentication to work.

Assuming that you're not using AVEVA PI Server 2023, then Kerberos delegation is required to allow users to properly retrieve data from the Data Archive & Asset Framework servers Setting up Kerberos delegation (aveva.com). It may be possible to do domain trusts between the two networks to get Kerberos Delegation working, but I'm not 100% on that.

The best solution is to bring the data up from the lower environment to a separate system in the business network so that users can access it. PI Server 2023 may make things a little easier, but the IDP needs to be accessible in both networks for authentication to work.