Best Practices for Security in AVEVA PI System

This guide outlines best practices for enhancing security within the AVEVA PI System. It begins with a discussion on firewall configurations, detailing specific server rules necessary to secure network traffic and the required ports for various functionalities. The document emphasizes the importance of Windows OS features and security applications, recommending file-class and folder-level filtering for anti-virus software to prevent performance issues. It also covers the installation of the AVEVA PI Server on Windows Server Core OS to minimize the attack surface. The guide presents various authentication methods, including OpenID Connect and Windows Integrated Security, and discusses the security implications of each. It further explains the authorization process, emphasizing the principle of least privilege for user access. The document concludes with recommendations for maintaining security through regular updates and proper configuration of authentication protocols, ensuring a robust security posture for the AVEVA PI System.