Tip:
Highlight text to annotate it
X
I have shown you the PI Trust Editor Plug-in
a couple of times, but let's look at it in more detail. Now, first
of all, what I am going to do here is I would like to make sure
that this interface right here, it's called
PIPerfMon. I want to make sure that that is
Trusted. There's a Trust defined so that this interface
can write data onto the PIServer. So,
in order to do that, I need to go into the System Management
Tools for the PIServer
and make sure that there is a Trust defined on that
PIServer that allows that interface to connect.
And I will make it a Restrictive Trust. So, I am now looking
at the System Management Tools pointing to my
PIServer. I am running this remotely but it's pointing to my PIServer,
and if I go into the Trust Editor, this
is where I would start to build a PI Trust.
Now, I will do this by choosing New Trust,
and my Trust Name is just going to
be called, let's call this
myPerfMonAPI. This is
going to be for the API connection because the
PerfMon Interface does make an API connection.
A little later you will see it does make an SDK connection as well.
We will have to create a Trust for that as well. So, I will choose
myPerfMonAPI, that's the name of the Trust.
This dialog box, this little wizard by the way, takes you through
the steps in building the Trust. This is
an API-based application, so I will choose PI API.
The Application Name -- well, if you recall, the
Application Name was called PIPerfMon.exe.
Actually, if you take a look at our Directory, it's under PIPC,
Interfaces, PerfMon. That's
the executable. I know from experience that the name of
the application is called PIPerfMon.exe.
So, because this
is an API-based connection, we are going to use just the first
four letters, PIPe,
plus the letter E. And that indicates
that that's the, that's the application name for the
API connection.
Now, I am going to make this a Restrictive Trust, so I am going to
restrict this just, just to this computer where
it's running on. It's actually running on a computer called nick's,
nickgx280. And, again, I will make it very restrictive.
I will make this based on the IP
Address as well.
And,
my Netnast...NetMask will be 255
and all octets. This last thing is
which PIUser will we associate this with?
Well, you will see a lot of people just do the shortcut of using
piadmin because that's a super-user. Technically
a much better choice is to build a PI
tag that has permission to write just to
the tags that are collected by this interface. So, for example,
I have a, a user called PerfMonOwner.
He's the owner of all the PI Performance
Monitor Tags and so he has the ability
to write to this. So, when I finish this, this now
creates an API-based Trust
that gives this interface, the one
that has that Process Name,
it gives this the same privileges as that
privileged user when we connect to the PI Server.
Well, for most interfaces, just creating
this one Trust would be enough, but there are some
interfaces that have both an API-based connection
and an SDK-based connection. So, if that's
the case, I will have to build a second trust that will
allow the SDK components in that interface to
connect as well. So, I am going to do another
Trust called myPerfMonSDK
just to remind me what it is.
This is going to be an SDK-based application, running under
Windows NT. The Application Name, well,
the Application Name now -- again, if we
go back and look at it, it's called PIPerfMon.exe.
It is the full executable name. So,
PIPerfMon.exe. Now, I am leaving
this blank. I did not mention that before but I am not going to make
this so restrictive that it has to come in as a certain user
from a certain domain. So, I am going to leave that blank.
My Host Name, though -- again, we will make this restrictive to just
those computers that match that,
and same for IP Address.
And, 255 and all
octets means that we need an identical match.
And, again,
I will associate this user
with PerfMonOwner, or I should associate
this Trust with the user PerfMonOwner because
PerfMonOwner does have access, read-write access, to those
tags. There we go.
So now, we have, we have got a second Trust. This is
a Trust that's based on the SDK and the
most, I guess, obvious
distinction is the Application Name as I mentioned earlier.
The Application Names are slightly different if
you are using an API-based Application vs an SDK-based
Application.