The PI-Driver provides communication between the IOTA Vue Cluster (back-end) and OSIsoft PI Data Archive (source).
The driver supports all the PI Data Archive object types (Note the AF-Driver supports all the AF object types). Here is the mapping between the IOTA Types and the PI object types:
| IOTA Type | Supported? | Source Type |
|---|---|---|
| Tag | 🟢 | PI Point |
| Asset | 🟢 | PI Module with PI Aliases |
| Timeframe | 🟢 | PI Batch, PI UnitBatch, PI Subbatch |
The driver is state-less, i.e. driver does not maintain source connections and any data caches. State-less is important for supporting distributed architectures. The PI-Driver can support write-back to source PI PI Data Archive; of course this can be completely disabled if required for security or other reasons.
A single PI-Driver service can support multiple connections to different PI Data Archives.
QuickStart
The driver setup process requires 3 steps:
Configure IOTA Vue data source for communication with the PI-Driver service.
Install PI-Driver service on local network in close proximity to PI Data Archive.
Configure PI Data Archive connections
Diagram
Technical Specifications
| Description | Value |
|---|---|
| Development Language | C# |
| Processor Architecture | 64-bit |
| Supported Operating Systems | Windows 2012+ |
| Minimum Requirements CPU/Memory | 4 cores / 8 Gb |
| Deployment Size | 13.7 Mb |
| Data modes | Read/Write* |
| Request/Response pattern | Asynchronous |
| Source Communication | OSIsoft AF-SDK, PI-SDK |
| Back-end Communication | NATs message bus |
| Message bus driver type | osipi |
| Near Real-Time Data Updates | Yes |
| Multiple PI Data Archives | Yes |
Dependencies
| Name | Version |
|---|---|
| Microsoft Windows | 2012 and above |
| Microsoft .Net Framework | 4.7.2 |
| AVEVA/OSIsoft AF-SDK | 2.10.6.195 and above |
| AVEVA/OSIsoft PI-SDK | 1.4.7.516 and above |
Security
Source Security
The PI-Driver, being an PI-SDK/AF-SDK application, supports all PI Server authentication protocols. Of course it is recommended to use PI's Windows Integrated Security. This requires running the PI-Driver service with an account that has the required access to the PI Server. At a minimum the account must have read rights for all the PI Data Archives tags to be accessed by IOTA Vue.
The PI-Driver can also authenticate via a PI Trust. If required - it is possible to provide an explicit username/password for PI Data Archive connection in IOTA Vue Data Sources section.
IOTA API (back-end) Security
The PI-Driver uses NATs message bus to communicate with back-end IOTA API. The two-way data traffic is encrypted using Transport Layer Security (TLS) on port 443.
In addition, the message bus communication security model uses public-key signature system based on Ed25519 called NKeys.
With NKeys, the server can verify identities without storing or seeing private keys.
The authentication system works by requiring a connecting client to provide its public key and digitally sign a challenge with its private key.
The server generates a random challenge with every connection request, making it immune to certain attacks such as playback attacks.
The generated signature is validated against the provided public key, thus proving the identity of the client.
If the public key is known to the server, authentication succeeds.