Deployment Architecture
The following diagram shows the deployment architecture
of Proficy Historian for AWS. In this diagram:
This next diagram shows the
high availability architecture:- Data Archiver, Proficy Authentication, PostgresSQL, Configuration Hub, and Historian Rest APIs are deployed in an Elastic Cloud Compute (EC2) instance in a private subnet inside Amazon Elastic Kubernetes Service (EKS).
- Amazon Elastic File System (EFS) is connected to Data Archiver.
- Network Load Balancer (NLB), collector instances, and the NAT Gateway are in a public subnet.
- EFS is in the Virtual Private Cloud (VPC), whereas CloudWatch and CloudTrail are outside the VPC. EFS sends archiver logs to CloudWatch, which you can use for analysis. CloudTrail is used to access events.
- Collector 1 and Collector 2 are collector instances created on an on-premises Windows machine. Similarly, Excel Addin for Historian and Historian Administrator are installed on an on-premises client machine.
- Collector 3 and Collector 4 are collector instances created on an EC2 instance in a VPC (can be a different VPC than the one in which the Historian server is deployed).
How tag data is stored if using collectors without TLS
encryption:
- Collectors send a request to AWS Network Load Balancer (NLB) to write tag data.
- NLB sends the request to Data Archiver. If user authentication is needed, Data Archiver sends the request to Proficy Authentication, which verifies the user credentials stored in PostgreSQL. After authentication, NLB confirms to the collectors that data can be sent.
- Data collected by the collector instances is sent to NLB.
- NLB sends the data to Data Archiver directly. After authentication, Data Archiver stores the data in EFS in .iha files.
- Collectors send a request to AWS NLB to write tag data. Since the request is encrypted, port 443 is used.
- NLB decrypts the request and sends it to Data Archiver. If user authentication is needed, Data Archiver sends the request to Proficy Authentication, which verifies the user credentials stored in PostgreSQL. After authentication, NLB confirms to the collectors that data can be sent.
- Data collected by the collector instances is encrypted and sent to NLB using port 443.
- NLB decrypts the data and sends it to Data Archiver. After authentication, Data Archiver stores the data in EFS in .iha files.
- Clients (that is, Excel Addin, the Web Admin console, the REST Query service, or Historian Administrator) send a request to NLB to retrieve data.
- NLB sends the request to Data Archiver, which retrieves data from EFS. If, however, user authentication is needed, Data Archiver sends the request to Proficy Authentication, which verifies the user credentials stored in PostgreSQL. After authentication, data is retrieved from EFS.