Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Architecture and Best Practices: Recommendations for PI Systems.

Slides:



Advertisements
Similar presentations
Regional Seminar Series Kirkland, WA
Advertisements

Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems Christian Leroux Technical lead.
1 Vladimir Knežević Microsoft Software d.o.o.. 80% Održavanje 80% Održavanje 20% New Cost Reduction Keep Business Up & Running End User Productivity End.
Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems: Three strategies to keep your PI.
1 © Copyright 2010 EMC Corporation. All rights reserved. EMC RecoverPoint/Cluster Enabler for Microsoft Failover Cluster.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Microsoft Virtual Server 2005 Product Overview Mikael Nyström – TrueSec AB MVP Windows Server – Setup/Deployment Mikael Nyström – TrueSec AB MVP Windows.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
1© Copyright 2011 EMC Corporation. All rights reserved. EMC RECOVERPOINT/ CLUSTER ENABLER FOR MICROSOFT FAILOVER CLUSTER.
5205 – IT Service Delivery and Support
Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems: Three strategies to keep your PI.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
VMware vCenter Server Module 4.
High Availability PI System Denis Vacher Paul Combellick Rev 5.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
© 2008 OSIsoft, Inc. | Company Confidential Windows Integrated Security for the PI Server Hans-Herbert Gimmler Rulik Perla.
Configuring File Services Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Configuring a File ServerConfigure a file server4.1 Using.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
1 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Overview PI Server with Windows Integrated Security (WIS) PI.
VAP What is a Virtual Application ? A virtual application is an application that has been optimized to run on virtual infrastructure. The application software.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems: Three strategies to keep your PI.
Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.
IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.

Module 13: Configuring Availability of Network Resources and Content.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES
Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems: Three strategies to keep your PI.
A Cloud is a type of parallel and distributed system consisting of a collection of inter- connected and virtualized computers that are dynamically provisioned.
Chapter 7: WORKING WITH GROUPS
Chapter 8 Implementing Disaster Recovery and High Availability Hands-On Virtual Computing.
Copyright © 2011 EMC Corporation. All Rights Reserved. MODULE – 6 VIRTUALIZED DATA CENTER – DESKTOP AND APPLICATION 1.
© 2008 OSIsoft, Inc. | Company Confidential High Availability Michael Jakob Colin Breck Colin Breck Michael Jakob Colin Breck Colin Breck.
Module 7: Fundamentals of Administering Windows Server 2008.
Microsoft and Community Tour 2011 – Infrastrutture in evoluzione Community Tour 2011 Infrastrutture in evoluzione.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Computer Emergency Notification System (CENS)
Module 13 Implementing Business Continuity. Module Overview Protecting and Recovering Content Working with Backup and Restore for Disaster Recovery Implementing.
Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.
1 Week #10Business Continuity Backing Up Data Configuring Shadow Copies Providing Server and Service Availability.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
OSIsoft High Availability PI Replication
Desktop Virtualization
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Empowering Business in Real Time. © Copyright 2009, OSIsoft, LLC. All rights Reserved. Leverage HA & Virtualization Regional Seminar Series Phoenix/Scottsdale,
Microsoft Windows Server 2012 R2. What’s NEW in Windows Server 2012 R2.
11 GLOBAL CATALOG AND FLEXIBLE SINGLE MASTER OPERATIONS (FSMO) ROLES Chapter 4.
Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems: Strategies to Keep Your PI System.
Managing Servers Lesson 10. Skills Matrix Technology SkillObjective DomainObjective # Using Remote DesktopPlan server management strategies 2.1 Delegating.
Empowering Business in Real Time. © Copyright 2009, OSIsoft Inc. All rights Reserved. Virtualization and HA PI Systems: Strategies to Keep Your PI System.
OSIsoft High Availability PI Replication Colin Breck, PI Server Team Dave Oda, PI SDK Team.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Chapter 6: Securing the Cloud
Configuring File Services
2016 Citrix presentation.
Welcome! Thank you for joining us. We’ll get started in a few minutes.
Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.
Exam in just 24 hours!!! Pass your exam in first attempt by the help of our latest braindumps
Microsoft Azure P wer Lunch
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Designed for powerful live monitoring of larger installations
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Architecture and Best Practices: Recommendations for PI Systems Regional Seminar Series Chris Coen Product Manager OSIsoft, LLC

2 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Overview PI Server with Windows Integrated Security (WIS) PI High Availability PI Interface Failover Virtualization and PI

Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. New PI Security Concepts

4 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI Identities = Security Principals within PI Examples: PIOperators, PIEngineers, and PISupervisors PI Mappings – link AD Groups to PI Identities PI Identities, PI Mappings

5 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. User Identity in the PI Server The security principal is the Windows User, not a PI User Audit and Change logs in the PI Server reflect the Windows User The security principal is the PI User Audit and Change logs reflect the PI User  Nancy  Bob  Jim

6 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI Identity vs. PI Groups and Users Differences between PI Identity and PI Users and Groups Unlike PI Users, PI identities don’t have a password and can’t be used for explicit login Unlike PI Groups, PI Identities can not contain PI Users Common Properties Shared by PI Identities, Users, and Groups Can be used for PI Mappings or PI Trusts (except PIWorld) Can be used in all Access Control Lists (ACL) Have the same authentication control flags

7 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Active Directory Integration PI Server must be a member of a domain to leverage Kerberos authentication Multiple AD domains must have trusts established or users and groups from other domain cannot be used One-way trusts are supported: the server domain must trust the client domain Users in Workgroups can be configured to use Windows Local Groups from the PI Server machine Passwords have to match for NTLM authentication

8 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Active Directory Integration Considerations when Integrating with AD Kerberos authentication can be used without creating domain groups Create a Local Group then add users from AD into those local groups Who will manage the AD Security groups? Will IT allow you to manage them? Do you want to manage them? Design Identity mappings and AD or Local Groups to ensure consistent access management across your PI System(s) with Active Directory

9 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Identity Planning – Best Practices Develop a PI Identity Scheme for your Organization Use common Identities across PI Systems What will the structure be? – Why would you build them that way? » Protect data » Ease of maintenance » Organizational separation Standardize the application of Identities for security in PI Systems Use Kerberos authentication either by directly mapping AD Security Principles, or by using Local Groups with AD Security Principles

10 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Object Level Security Model

11 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Access permissions are automatically converted New single ACL attribute or security descriptor Identity1:A(r,w) | Identity2:A(r,w) | Identity3:A(r) Same schema for PI Database and Module Database security Object Level Security - Compatibility Tagdataaccessdatagroupdataowner sinusoido:rw g:rw w:rpi_usersbob Tagdatasecurity sinusoidpi_users:A(r,w) | bob:A(r,w) | PIWorld:A(r) Backwards Compatible

12 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Use PIWorld for generic read access Everyone is granted at least PIWorld privileges World access is controlled through a PI Identity Default setting: read-only access You can disable PIWorld

13 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI Client Considerations Clients No more explicit logins Seamless authentication from a Windows session You can revert to the old method (explicit login) by selecting the authentication procedure in the SDK X

14 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. How to Tighten Security 1.Use the new Security Tool to help secure your PI Server 2.Disable or protect the PIADMIN account 3.Disable PI password authentication (Explicit Logins) 4.Secure piconfig by forcing login 5.Retire PI SDK-based Trusts 6.Configure the PI Server Firewall 7.Disable PIWorld Identity

15 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Migration Planning Perform impact and risk analysis Work with the CoE to update your architecture Develop a migration plan with EPM 1. Identify access roles “read-only” & “read-write” 2. Create PI Identities 3. Create AD Groups 4. Create PI Mappings 5. Plan for AD Group Maintenance (add/remove users)

Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI High Availability (HA)

17 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Secondary Metadata Replication Secondary Metadata Replication PI Server Collective Time-Series Data PI Server PI Interface Time-Series Data Data Collection & Buffering PI SDK System Management Tools ProcessBook, DataLink, RtWebParts, Notifications, ACE, etc. Primary PI High Availability Architecture

18 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Built-in Benefits of HA PI PI is there all the time – users trust it No late night heroics to restore a backup or perform routine maintenance Removes fear of a bad backup Simple design is robust, low bandwidth and supported by WANs Geographical independence (replace PI to PI) Support more or specialized users Facilitates capacity planning Complements virtualization strategies: PI is perfect for monitoring a virtualized environment (HyperV performance counters; VMWare SNMP interface)

Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI Interface Failover

20 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Native Data Source Failover for Data Collection PRIMARY DATA SOURCE (e.g. OPC SERVER) PLC / INSTRUMENT SYSTEMS INTERFACE NODE BACKUP DATA SOURCE (e.g. OPC SERVER)

21 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Interface Failover for Data Collection PLC / INSTRUMENT SYSTEMS PRIMARY INTERFACE BACKUP INTERFACE DATA SOURCE (e.g. OPC SERVER)

22 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Combination of native Data Source and Interface Failover PRIMARY DATA SOURCE (e.g. OPC SERVER) PLC / INSTRUMENT SYSTEMS PRIMARY INTERFACE BACKUP INTERFACE BACKUP DATA SOURCE (e.g. OPC SERVER)

23 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Types of Interface failover Phase 1 Maintains heartbeat via source data system Only available for selected interfaces Phase 2 Maintain heartbeat via shared file Many interfaces implement OSIsoft recommended

24 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI Interface Failover Interface failover provides 2 instances collecting the same data from the data source. Communication mechanism between 2 instances of the interface. Backup interface is sleeping; it means no data is sent to PI. If one fails the other will recognize it, wake up and start sending data to PI. File Backup Interface Primary Interface Send data to PI Data Collection

25 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI Interface Failover Signals updated by both nodes at a defined frequency to the shared file and the PI Server: Device Statuses Heartbeats Active ID 3 types of failover Hot = Primary node sends data, secondary one does not send but has the data. There is no data loss. Warm = Secondary node is connected, points are loaded but no collection is performed. Minimal data loss is possible. Cold = Secondary node is only connected to the data source but nothing is done. Some data loss is possible.

26 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. File Backup Interface Primary Interface Data Source Device Status: Heartbeat: 0 Timeline : (interval) Hot Failover Example Send data to PI Send data to PI from the last 2 intervals (4 & 5) and this one (6) Data Collection Failure in the communication layer Possible overlap of data during intervals 4 and 5

27 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. 27 Prerequisites Make a plan Verify if the PLC and/or instrument systems can support doubling the requests on the automation network. Determine the heartbeat interval. Need to ensure that it is long enough to prevent false failover. Hardware will be needed. Other computers for the file sharing system for heartbeat and the backup interface node. Supplemental networking equipment. 3 rd party software and hardware might be required. Licenses may have to be upgrade to manage more than one connection to the data source. Security Manage the security on computer for the file sharing system.

Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI and Virtualization

29 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Virtualization Servers Storage Applications

30 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Server Virtualization Instead of having physical machines, virtual servers run on a physical host Case Study: AtlantiCare Eliminated need to expand or relocate data center Microsoft® Virtual Server 2005 used to consolidate infrastructure and legacy application servers Consolidation ratio achieved of 33:2

31 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Example: Server Consolidation 31 Typically server workloads only consume a small fraction of total physical server capacity, wasting hardware, space, and electricity Through virtualization, these workloads can be consolidated onto fewer physical servers, saving resources and increasing flexibility OS APP OS APP OS APP OS APP OS APP OS APP 9% utilization 6% utilization 14% utilization 30% utilization

32 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Benefits of Server Virtualization* Less hardware required (HP went from 85 data centers to 6) up to 35% reduction of annual server costs per user ($100-$200K per year per server) Better utilization of hardware (HP decreased servers by 40%) Reduce power consumption (HP reduced energy by 40%) Provide higher availability by supporting redundancy Rapidly deliver adaptive and reliable IT services Tie diverse components together into a single managed entity Storage efficiency can lead to higher storage utilization *Gillen, A., Grieser, T., Perry, R Business Value of Virtualization: Realizing the Benefits of Integrated solutions. IDC.

33 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Virtualized PI

34 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Recommendation: Virtualized PI System Multiple hosts (cluster) Collective can be split across hosts PI Server components can run as separate virtual machines for scalability and performance SAN can offload storage

35 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI and Server Virtualization Validated environments need a test bed (any pharmaceutical company; BMS; Shell) Environments that require portability of IT assets (Cargill Deicing Technology – Salt mining) Deploying new sites (Rio Tinto) Flexibility in assigning resources (OSIsoft NOC for monitoring EA PI Systems)

36 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Data Store Storage Virtualization Challenge: Grow available storage space without disrupting applications and servers Solution: Storage Area Networks (SAN) allow dynamic sizing of available storage Server A Server B

37 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Benefits of SAN Technology Additional storage appears to be local to the host so users don’t have to know where the files are stored Improve the ties between centralized storage and virtual infrastructure Provide virtual-machine consistent backups for data stores and the ability to restore virtual machines in a few clicks Provide relief from disk subsystem access in virtualized environments (biggest performance hit on virtual host) Consolidate disk resources

38 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI and Storage Virtualization Keep more and higher fidelity data online; add or expand PI archive files Support aggregated PI Systems; VSS support enables PI backups Store PI Client files centrally Backup virtualized application and data servers Backup virtualized Terminal Server hosts Complete system backup storage

39 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Application Virtualization

40 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI and Application Virtualization (ProcessBook)

41 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Application Virtualization Customers currently use Citrix or Terminal Server to reduce deployment costs and maintenance for client apps Windows 2008 Server offers a service that provides applications over an SSL connection (HTTPS) without client- side deployment (a thin deployment) – Terminal Services Gateway Terminal Services Gateway provides URL access to a host (like Remote Desktop connections, without the VPN requirement) or to specific applications on a host (even more secure for those outside the firewall)

42 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Benefits of Application Virtualization One point of installation makes deployment simpler Access to applications secured All users have the same version of the software; no version or compatibility issues Casual users do not need to install anything to get started Save money on hardware upgrade investments by deploying client software in one place

43 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. PI and Application Virtualization Environments with casual client users who need low barrier to entry for system access (Inco Limited) Terminal Server users (a partial list) Georgia Pacific, Kellogg, SASO, SAPPI Fine Paper, Wacker Chemie, Alcoa, Eli Lilly, ExxonMobil Upstream, Iberdrola, Progress Energy Services Citrix users (a partial list) SDG&E, Water Corporation, Amgen, Bayer Material Science, Genmab, PPG, Vaxgen, Katahdin Paper, Celanese Chemicals, Novo Nordisk, Queensland Alumina, Total Windows 2008 Terminal Services Gateway OSIsoft

44 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Five Principles for Virtualization Success* Treat virtual machines as if they were physical machines Invest in Enterprise-level hardware and software Do not mix virtual and physical on the same host Use qualified Virtualization support personnel Test on the target platform *OSIsoft Center of Excellence

45 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. Benefits: PI in a Virtualization Project PI works as well in a virtual environment as it does on physical hardware PI is perfect for monitoring a virtualized environment If you are thinking about virtualization, it’s a good time to consider the value of HA PI If you are thinking about network storage, it’s a good time to consider the value of virtualization and PI with SAN support If you are thinking about problems with client software deployment, it’s a good time to consider the value of Terminal Services Gateway, virtualization and PI

46 Empowering Business in Real Time. © Copyright 2010, OSIsoft, LLC. All rights Reserved. More Information Whitepapers and Tech Support bulletins on OSIsoft web site Vendor web sites OSIsoft internal expertise Microsoft representatives for Hyper V and Terminal Server Gateway solutions

Thank you © Copyright 2010 OSIsoft, LLC. 777 Davis St., Suite 250 San Leandro, CA 94577

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.