Skip to Main Content
AVEVA™ PI System™ Feedback Portal

Welcome to our new feedback site!

We created this site to hear your enhancement ideas, suggestions and feedback about AVEVA products and services. All of the feedback you share here is monitored and reviewed by the AVEVA product managers.

To start, take a look at the ideas in the list below and VOTE for your favorite ideas submitted by other users. POST your own idea if it hasn’t been suggested yet. Include COMMENTS and share relevant business case details that will help our product team get more information on the suggestion. Please note that your ideas and comments are visible to all other users.

This page is for feedback specifically for AVEVA PI System. For links to our other feedback portals, please see the tab RESOURCES below.

Status No Status
Created by Guest
Created on Aug 16, 2022

Support security baselining

As a PI administrator, I need to baseline the security configuration of my PI System to ensure OSIsoft security best practices are followed. Below is a list of requested features. Baseline verification (read-only) for PI Data Archive: - PI Data Archive Table Security - examines the database security of the PI Data Archive and flag any ACLs that contain access for PIWorld as weak. - PIADMIN role - verify that the piadmin PI user is not used in any mappings or trusts. - PI Data Archive Version - verify that the PI Data Archive is using the most recent release. - Tuning parameters (Expensive Query Protection, archive data modification protection - EditDays) - verifies that the PI Data Archive has protection against expensive queries and that EditDays parameter is set. - Auto Trust Configuration - verifies that the autotrustconfig tuning parameter is set to create either no trusts or a trust for the loopback automatically ( - Explicit Login Disabled - verifies that explicit login is disabled as an authentication protocol. - PI Server Service Principal Name (SPN) configuration - verifies that the PIServer SPN exists and is assigned to the correct AD principal. - PI Collective - verifies that the PI Data Archive is a member of a High Availability Collective. - PI Firewall Used - verifies that PI Firewall is used. - PI Backup Configured - ensures that PI Backups are configured and current. Baseline configuration for PI Data Archive (via Powershell DSC configuration): - Disable PIWorld PI identity - Restrict use of the piadmin superuser - Specify EditDays and Expensive query protection tuning parameters - Auto Trust configuration - Diable Explicit Login authentication - Enable PI Firewall - Create custom identities, map them to selected AD groups, and configure PI Database security appropriately.
  • Attach files
  • taterhead247
    Aug 16, 2022
    Looks like this is strictly Archive. Will this be expanded to AF, PI Web API, etc?
  • Guest
    Aug 16, 2022
    I'd like to get PI Data Archive done first, with other products (PI Vision, PI AF, PI Web API) to be added soon after.