Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Ray Verhoeff Vice President – Engineering.

Published byChester Sims Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Ray Verhoeff Vice President – Engineering."— Presentation transcript:

1

2 Security Ray Verhoeff Vice President – Engineering

3 Security Agenda Operating System Security PI Server Security PI Clients Auditing “Best Practices” White Paper

4 Security Motivation Widely held misconceptions Pharmaceutical Industry audits

5 Security What do these have in common? Complete Works of Shakespeare The Bible California Tax Code Tao Te Ching 21CFR11

6 Security Answers… None are clear or specific Subject to interpretation Have inspired great minds to debate the issues for hours Commentaries now outweigh the original document

7 Security 21CFR11 Electronic Records “Code of Federal Regulations” Not Law Not Standard Subject to interpretation Details will be shaped by FDA rulings

8 Security Examples Electronic Signature Human Readable

9 Security 21CFR11 Tug-of-War Users want software to handle everything Vendors push for Standard Operating Procedures (SOP)

10 Security Misconceptions PI files are installed “Everyone/Full Control” piadmin/pidemo have no password No login prompt when on Server console “PI does not support Windows integrated login”

11 Security PI Installation “Setup” is a starting point Site must configure PI for its own environment

12 Security Physical Security This means locking the computer room Access to the hardware can always compromise security Reboot Power off Pull network wire

13 Security Operating System Security Groups, Users & Passwords control access to privileged accounts File Permissions Auditing

14 Security Usernames & Passwords Domain users Independently validated by Domain Controller Passwords: Lifetime: min & max Length History Complexity

15 Security Windows Auditing You can track just about any operation Login/Logout File Operations creation deletion execution change permissions/take ownership “Traverse Folder”

16 Security Windows Event Log All audit messages go here Security group Do not configure “Overwrite as Needed” Loss of audit trail SOP must be in place: backup audit trail manually purge

17 Security File Permissions PI Server will run with D:\PI set to: Local Administrators/Full Control Everyone else/Nothing

18 Security Standard Operating Procedures Control access to Domain Administrator account No auto-login Don’t expose PI directory as File Share You may expose the PI backup directory read-only

19 Security PI Server Security PI Firewall restrict access to your IP domain PI Trust don’t map to “piadmin” PI Users and Groups

20 Security Connecting to PI PI API vs. PI SDK Connecting vs. Logging In The Default User

21 Security The Default User no name, can’t assign one no group, can’t assign one gets “world” access Disable this in PI 3.3 SR2 if disabled, PI Server appears empty Degrade to this if you attempt a login and fail!

22 Security Windows Integrated Login “Login to Windows = Login to PI” You still need to: Control which Windows users are PI users Assign ownership and permissions of PI points, etc.

23 Security PI Trust Strong start with PI Trust table Supports Windows domain membership as well as TCP/IP credentials “Domain,User,PIuser” as “OSI,$,$” is powerful PI ICE uses this exclusively

24 Security PI Client User Experience PI API clients attempt a login Gives perception that PI does not support Windows login PI SDK clients attempt a trust lookup If trust is Domain-based, you have integration

25 Security PI SDK Clients PI Point Builder PI Tag Configurator PI Auto Point Sync PI ICE 1.0 PI ProcessBook 3.0 PI Datalink 3.0

26 Security 21CFR11 Audit Requirements Record Windows username of editor Contents are unreadable Contents cannot be tampered with Maintained outside primary data store

27 Security PI Audit Requirements Cannot detract from the primary function of the PI Server To support this: Audit trail cannot be read on-line PI does not process or format the trail pidiag -xa PI Audit Viewer

28 Security PI Audit Viewer – Edit

29 Security PI Audit Viewer – Detail

30 Security PI Audit Database additions PI Batch database auditing PI Module Database auditing

31 Security PI Audit Database futures Auditing of new events for specific points Workaround: code using “replace” mode when inserting data

32 Security Best Practices White Paper Gives details of Windows and PI configuration Many thanks to OSIsoft Field Service Supplements “PI in Compliance”

33 Security Questions? ASSIGN CONTEXT ANALYZE DISTRIBUTE VISUALIZE ACT GATHER EVENTS & DATA Data Collection from Inside and Outside the Corporation Make the data relevant to users Aggregation, Analysis, Reconciliation, Calculation, Cases Get the Information to people who need it People Need Pictures, Graphs, Trends specific to their Role Without Action, there is no Benefit. Empowered people take better Actions!

Download ppt "Security Ray Verhoeff Vice President – Engineering."

Similar presentations

Use of RtReports in the Pharmaceutical Environment

Use of RtReports in the Pharmaceutical Environment
Guide to MCSE 70-290, Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.

Guide to MCSE , Enhanced 1 Activity 14-1: Browsing Security Templates Objective: To become familiar with built-in security templates Start  Run.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.

Module 2: Planning to Install SQL Server. Overview Hardware Installation Considerations SQL Server 2000 Editions Software Installation Considerations.
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.

1 Module 2 Installing Windows NT. 2  Overview Preparing for Installation Installing Windows NT Performing a Server-based Installation Troubleshooting.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Similar presentations

Ads by Google