Skip navigation
All Places > Implementing ArcGIS > Blog
1 2 3 Previous Next

Implementing ArcGIS

133 posts

This is a continuation of The Path from GIS Manager to GIS Leader - Part 1


The five pillars of Location Intelligence from the Esri Canada and IDC report, Winning with Location Intelligence: The Essential Practices.


The second of my important numbers (64, 76, 78, 84, 84) based on my research of 800+ GIS practitioners across the United State over the last two years, refers to the second pillar of location intelligence, Organization:

76% of organizations that use GIS do not have formal governance in place


While Organization covers many aspects of enterprise GIS, let's focus on Governance.  In this context, governance refers to the organizational structure for GIS within the organization.  GIS governance is a critical ingredient for any successful enterprise GIS.  If your organization does not have formal GIS governance, you should consider creating it.  Here are some resources to assist:

You should also reach out to your Esri Account Team for assistance and other examples of successful enterprise GIS governance.


The third of my important numbers mentioned above, refers to the third pillar of location intelligence, Technology & Data:

78% of GIS practitioners have not read the Architecting the ArcGIS Platform: Best Practices document


While Technology & Data covers a wide area, let's focus on Best Practices.  This Architecting the ArcGIS Platform: Best Practices document is one of the most important documents produced by Esri, and it is updated at least three times a year.  Following and implementing best practices are another key ingredient to a successful enterprise GIS.  They are called best practices for a reason.  They are designed to help you learn from the missteps of others.  Many of the best practices in this document follow those established by the IT industry.  By implementing these best practices, your GIS will become stronger, more stable and effective.  Please work with your Esri Account Team to implement those that are applicable to your organization.


The fourth of my important numbers refers to the fourth pillar of location intelligence, Culture:


84% of organizations that use GIS do not have, and maintain, a Change Management Plan


While Culture covers a wide area, let's focus on Change Management.  According to Prosci, Change Management is the discipline that guides how we prepare, equip and support individuals to successfully adopt change in order to drive organizational success and outcomes.  The biggest challenge for a successful implementation is not the technology, it's the people.  The technology is the easy part.  You can deploy the best GIS app ever, but if nobody uses it, it's of no value.  Change management can really help technology adoption.  According to Prosci, organizations that combine a people-focused change management plan with a project plan are up to six times more likely to achieve their project goals.  Here are some resources to help you implement Change Management:

Please work with your Esri Account Team and our Esri Change Management Consulting to learn more about GIS and Change Management. 


The fifth of my important numbers refers to the fifth pillar of location intelligence, Literacy:

84% of organizations that use GIS do not have, and maintain, a Workforce Development Plan


While Literacy covers a wide area, let's focus on Workforce Development.  GIS is changing rapidly.  Everyone that uses GIS in an organization should be receiving some GIS training annually.  Getting financial support for training can be a challenge, as can figuring out what GIS training options to take in what order.  As an Esri customer, you have access to an Esri Training Consultant.  These Training Consultants can create a custom workforce development plan for you at no cost.  This plan will create learning pathways for each GIS user in your organization based on their roles, responsibilities and use of ArcGIS technology.  Once you have a workforce development plan, it can help you get budget to support this critical need.  There are also a collection of Learning Plans available on the Esri Training website.  Contact your Esri Account Team to get connected to your Training Consultant.


This discussion will continue in Part 3...

Over the last ten years as technology has evolved, especially cloud and mobile devices, ArcGIS has transformed from a collection of software that runs on different devices, to a fully integrated cloud platform that allows the GIS practitioner to easily share their work with anyone, anywhere, anytime, on any device.  This transformation has changed the role of the GIS Manager, from managing a team of GIS practitioners that did all of the GIS work, to that of an enterprise IT system leader that focuses on enabling anyone inside, or outside the organization, to directly use GIS technology to make better decisions and do their job.  The GIS community has failed to keep up with this transformation in a few ways.


In this article from Directions Magazine on May 15, 2019, GIS Jobs: Current Industry Expectations, you can see that their research of 1,000 GIS job ads from September 2018 to January 2019 shows that the most common attributes for a GIS Manager/Coordinator position include:

  • one to four years of experience,
  • a bachelor's degree in Geography, and
  • software skills that include Esri software, programming skills, database skills


Those requirements do not represent the skills required by the modern GIS Manager of a cloud-enabled enterprise IT system.  The requirements now are more focused on enterprise IT system management, business, strategy, governance, innovation, marketing, change management, and workforce development.  Due to this disconnect, where most GIS manager positions are defined incorrectly, there is an atmosphere of unawareness as to what they should be doing.  This has led to a chronic underutilization of enterprise GIS in most organizations that have the technology.  This trend of underutilization can be supported by the following documents:


  • “Generally, people outside of GIS think of GIS just as ‘maps’ or a graphic product, or the younger brother of CAD.” Five suggestions to get more out of your GIS:
  • “GIS is often seen as “maps” or a visual graphics product, and the more advanced capabilities are ignored because they remain unknown to key departments and decision makers.”

Mapping the Cause: Using GIS to Determine Potential Causes for Cancer, Aug. 27, 2015

  • Low awareness the biggest hurdle - However, understanding the complexity and potential about this technology amongst those technology innovators is still limited. “The geospatial industry is still undervalued and under-appreciated by the world at large. The onus is on us to collectively demonstrate how location data and tools can be applied to make dramatic improvements to society from making every journey safer and our air cleaner to helping businesses operate more efficiently,” underlines Edzard Overbeek, CEO, HERE Technologies.

As expected, lack of awareness among users and policymakers remains the biggest challenge for the industry, with over 38% listing it as a primary hurdle... (Graph 14)

Disruption a bane or boon: What is the geospatial industry’s vision for 2018?, Jan. 12, 2018


This trend of underutilization has led to an outdated image of most GIS practitioners as mapmakers.  While mapmaking is a valuable and treasured skill, if an organization has an enterprise GIS implemented, the GIS practitioners should be doing a lot more than just making maps.  If the non-GIS practitioners in the organization think the GIS practitioners only make maps, that is all they will ask for.  The problem is, they want help, and need help from the GIS practitioners to apply spatial analytics to their mission, they just don't know that they can help them in this manner.


One of the first things an enterprise GIS manager needs to do is change this image.  There are a few ways to do this.  Internal marketing and education is one way.  One easy way to start to work on this is to change your elevator pitch.  Many GIS practitioners when asked what they do for a living say, "I make maps." or "I do GIS, it's like Google Maps."  This prolongs the mapmaker image, therefore it is crucial that you change your elevator pitch to something like, "I help people use the power of location to make better decisions."


Rebranding is another way, there is a growing movement for GIS practitioners changing their job titles and the name of their department to remove the term "GIS" from them, to distance themselves from the mapmaker image.  Examples of this include Decision Analytics, Spatial Analytics, Location Intelligence, Geospatial Intelligence, GeoAnalytics, and Location Innovative Services.


Another part of internal marketing and education is proactively changing your communication focus with non-GIS users.  Most GIS users tend to focus on the technology in their communication with non-GIS users.  This is not an effective mode of communication, you need to communicate with non-GIS users in ways that interest them in what you can do to help them.  The best way to do this is to shift the communication focus to capabilities.  A capability is "the power or ability to do something" according to Lexico powered by Oxford.  Adding capabilities to an organization and its staff will interest executives and managers.  The capability that GIS can enable is best described as location intelligence.  Watch this short video for a definition of location intelligence.


Enabling a new capability, like location intelligence, for an organization and its workers, is very different than implementing technology.  In 2019, Esri Canada released a report they developed with IDC called Winning with Location Intelligence: The Essential Practices.  This report identifies best practices for how to be successful with location intelligence.  They surveyed two hundred organizations across Canada in all industries.  These organizations had five hundred or more employees.  They analyzed their use of location intelligence and identified common best practices.  They categorize these best practices into what they call the five pillars of location intelligence.

These five pillars of location intelligence help us understand in more detail the skills required of an enterprise GIS manager.  You can see that you cannot spend all of your time on Technology & Data.  You must dedicate time and effort to the other four.  My research shows that the majority of organizations that have implemented GIS are not spending time in these other four areas.  Here are five important numbers that will be revealed in this blog series:

64, 76, 78, 84, 84


Starting with the first of the five pillars of location intelligence, Strategy, why is a strategy so important?  In this article from McKinsey & Company entitled, Catch them if you can: How leaders in data and analytics have pulled ahead, their survey of over five hundred C-level executives and senior managers representing a full range of regions, industries and sizes showed that:

The creation of a strategy now ranks as the number one challenge to, and reason for, companies' success at data and analytics...

Once you realize you need a strategic plan, you may encounter resistance from executives regarding the dedication of resources to the development of a strategic plan.  If that is the case, here is a great article from Matt Lewin of Esri Canada, Why organizations need a geospatial strategy: An executive perspective.


Here's the first of my important numbers, based on my research of 800+ GIS practitioners across the United States over the last two years:

64% of organizations that use GIS do not have, and maintain, a GIS Strategic Plan

What is a Geospatial Strategy?


A Geospatial Strategy is a business-oriented plan that defines how an organization will use GIS to achieve its goals.  An effective geospatial strategy connects your business needs with the right people, processes and technology to help you overcome challenges and improve results.


When creating a Geospatial Strategy, it is critical that you focus on the business, not the technology.  Your objective is to focus your work on assisting the business.  You do this by first identifying and understanding what the business goals are, these should be documented in strategic plans, initiatives, Key Performance Indicators, etc.  Then you identify and understand the challenges that the organization is facing that are keeping it from achieving the goals.  Then you deploy GIS solutions that overcome the challenges so the goals are achieved.  This results in real business value of GIS.

For more information on the Esri Best Practices on how to create a Geospatial Strategy, please check out this document, The Approach to Maximize Impact and be sure to contact your Esri Account Team.


This discussion continues in Part 2...

Here's an article on the #COVID19 #pandemic and #GIS lessons learned that I have observed.


#coronavirus #dashboard #map #location #digitaltransformation #saas #geospatial #cloud #spatial #dataviz #lowcode #nocode

A huge thanks to Daniel O'Donohue, the man behind the MapScaping Podcast, for the opportunity to talk about rebranding #GIS & #geospatial, please check out the episode here:


Organizations often require a certain level of system uptime for their ArcGIS Enterprise deployments, such as 99 percent of the time or higher. For these organizations, implementing a strategy to ensure high availability is crucial.

High Availability (HA), while related to Disaster Recovery (DR), is a separate concept. Generally, HA is focused on avoiding downtime for service delivery, whereas DR is focused on retaining the data and resources needed to restore a system to a previous acceptable state after a disaster.

This post will focus on best practices to configuring local load balancer (Local Traffic Manager, LTM) in a single location for high availability, and will not include considerations to configuring Global Traffic Manager (GTM) for automatic failover between different locations.

To achieve high availability, you must reduce single points of failure through duplication and load balancing.

Load balancers act as a reverse proxy and distribute traffic to back-end servers. Third-party load balancer is required in a highly available ArcGIS Enterprise deployment to improve the capacity and reliability of the software. They handle client traffic to your portal and server sites, as well as internal traffic between the software components.

ArcGIS Web Adaptor

Though ArcGIS Web Adaptor is considered a load balancer, it’s inadequate to serve as the lone load balancer in a highly available deployment, since ArcGIS Web Adaptor also requires redundancy to achieve high availability.

ArcGIS Web Adaptor is an optional component, as load balancers can forward requests directly to your portal and server sites, yet it is a recommended component. The advantages of using web adaptors are:

  • It provides an easy way to configure a single URL for the system
  • It allows you to choose context names for the different system components, e.g. portal, server, mapping, etc.
  • It is integrated natively with other ArcGIS Enterprise software components, the portal and server sites, and will automatically handle health checks and configuration tasks, e.g. adding new machine to a server site

Web Context URL

The web context URL is the public URL for the portal. Since any item in portal has a URL - file, layer, map, and app, the portal's WebContextURL property helps it construct the correct URLs on all resources it sends to the end user.

External Access and DNS

ArcGIS Enterprise portal supports only one DNS for public portal URL (the web context URL), and currently there is no supported way to change the web context URL without redoing administrative tasks, e.g. federating server sites with your portal. If your ArcGIS Enterprise requires external access, e.g. to allow access to mobile users, contractors, partners, or agencies, without VPN, or if you anticipate that you will need to allow external access in the future, you must use an externally resolvable DNS name for the portal’s web context URL, e.g.

To secure external access to ArcGIS Enterprise, it is common to host a load balancer in a DMZ, and implement a Split Domain Name System (Split DNS), i.e. internal access to ArcGIS Enterprise DNS (e.g. will be resolved to an internal load balancer IP, so internal users will stay behind the firewall, and external access to ArcGIS Enterprise DNS will be resolved to an external (DMZ) load balancer IP.

Load balancing configuration with external access

URLs used in federation

Several different URLs are used in a highly available ArcGIS Enterprise deployment.

Services URL

This is the URL used by users and client applications to access ArcGIS Server sites. It’s the URL for the load balancer that handles ArcGIS Server traffic and passes requests either to the server site’s Web Adaptor or directly to the server machines.

Administrative URL

This URL is used by administrators, and internally by the portal, to access an ArcGIS Server site when performing administrative operations. This URL is also used for publishing GIS services with reference to a registered data store, e.g. SQL Server enterprise geodatabase, to a federated server site. This must direct to a load balancer; if the administrative URL points to a single machine in the server site and that machine is offline, federation will not work. This can be the same URL as the services URL or can be a second load balancer (VIP) for each federated server site admin URL via port 6443. Configuring a dedicated VIP for each federated server site admin URL via port 6443 will require to open this port for administrators and publishers, and you can disable administrative access through the web adaptor, thus providing additional security controls for the organization.

I recommend using the same URL as the services URL since it simplifies configuration. ArcGIS Server administrative access will be controlled by ArcGIS Enterprise authentication and user roles, similarly to administrative access to portal, e.g. ArcGIS Portal Directory (portaladmin) and Organization Settings. To use web adaptor URL for administrative URL, you must enable administrative access in the server web adaptor.

Private portal URL

This is an internal URL used by your server sites to communicate with the portal. This must also direct to a load balancer and should be defined prior to federating. If you federate your server sites prior to setting the privatePortalURL, follow step 8 and 9 in the topic Configure an existing deployment for high availability to update the URL within your deployment. Similar to the administrative URL, this can be the same as the public URL for the portal (portal’s web context URL), or it can be a second load balancer (VIP) via port 7443.

For configuration simplicity, I would recommend using the public URL for the portal for the private portal URL. If you choose to use a dedicated load balancer VIP via port 7443 for private portal URL, you should configure the load balancer to check the health of the portal machines.

Load Balancer Configuration

Health Check Settings 

The most important capability to use is a Health Check. As described in portal’s health check documentation:


“The health check reports if the responding Portal for ArcGIS machine is able to receive and process requests. For example, before creating the portal, the health check URL reports the site is unavailable because it can't take requests at that time.”


ArcGIS Enterprise portal and server have health checks.

When you use ArcGIS Web Adaptors, the web adaptors will take care of performing the health checks against the portal and the servers. In this case you can configure the load balancer with basic TCP/443 health check or a static page health check, with standard health check settings for timeout, failure trigger, polling interval, and healthy threshold.

If you configure the load balancer to access portal and/or the servers directly, e.g. if you don’t include web adaptors in your architecture, or if you use dedicated load balancer URL for private portal URL (port 7443) or federated server administrative URL (port 6443), you should configure the load balancer to check the health of the portal and server machines.

There are some important considerations about health check settings on the load balancer. Most organizations using a load balancer use a static page as their health check (e.g. index.html) to determine whether the web server is healthy. This is a static file that only requires a disk fetch.  Also, most web servers tend to bottleneck with I/O rather than CPU. 

However, Esri’s ArcGIS Server is different in that our health check requires a very small amount of CPU because our check is more than just a disk fetch, as the software needs to determine whether certain processes are functional.

With health checks there is a timeout value on the poll. Most load balancer administrators set the timeout value very low because disk fetches are usually very fast (though they often leave some buffer for poor network latency).

When using a low timeout value with ArcGIS Server and when using a multi-machine setup, there is a chance one of the machines may exceed the low timeout value and a healthy machine will be removed.

Esri recommends a higher timeout value, ideally at least 5 seconds. Depends on the system, you might need to increase this value even more. You should monitor your environment and adjust this value accordingly. This may seem like a high number to Network Administrators since a health check on a simple page usually takes less than 10ms normally (plus network latency).

However, it is critical for the load balancers to distinguish between when a machine is just slow vs. when a machine is truly dead and non-responsive.  If portal or server is truly down and not listening on a port at all, most load balancers will detect this even sooner than 5 seconds, so this timeout does not impact "normal" failures where a machine goes away.

The second consideration is the failure trigger - how many times does the poll need to fail before removing the machine from the load balancer. 

As a rule, Network Administrators set the failure trigger to be more than 1 failure because they do not want a single network glitch to take down the system.  As noted above, a small spike in CPU usage (which is common on ArcGIS Server systems) can cause a timeout, and it is not desirable to bring down a machine because of a single CPU spike on a single machine. 

Esri has done significant internal testing with load balancers and found that a setting of 5 failures dramatically reduced the number of false positives while still detecting true outages.  We found that a value of 3 was still highly susceptible to false positives.

The third consideration is the polling interval.  Esri has found that 30 second polling intervals, coupled with 5 failures was a sweet spot of detecting true failures and ignoring false positives. 

With this combination, the expected value (using a statistics term) or mean time to detection is 1 minute and 15 seconds of downtime before detection, with a worse case of 2 minutes and 30 seconds.  It is possible to aim for a lower mean time to detection, but the trade-off is receiving false positives.

If the lower mean time to detection is preferred, it may be needed to increase capacity so there are sufficient resources to suffer a true failure on a machine and a false positive without overloading the remaining machines.

The final setting regarding health checks is the healthy threshold for the load balancer to start sending requests again.  Esri does not have a recommendation for this and we have not observed many differences in this number, but we typically see 3 healthy consecutive polls before rejoining.


Throttling settings are worth considering.  ArcGIS Server is CPU-bound which means most of the request time is spent using the CPU rather than waiting for I/O. 

This means if there are 8 cores, ArcGIS Server can handle a little more than 8 simultaneous requests from a practical standpoint. If ArcGIS Server is busy, it starts queueing requests until there are hundreds of requests in line, and after that threshold it refuses connections. When there is a long backlog of requests it will result in a long wait time, but eventually the request gets processed.

ArcGIS Server has settings to control this behavior, so there are less of these abandoned requests being worked on, but it is also a best practice to control this at the load balancer level via its ability to throttle. 

Esri does not have a numerical recommendation because it depends a lot on the specific architecture and the types of requests coming in, but it is typical to throttle at a significant lower value than Network Admins would typically do for a Web Server.

This is beyond the control of the Network Administrator, but the client applications should be written to handle a throttling event and do re-tries in increasing time intervals (e.g. first time you can immediately re-try, second time you wait a second, third re-try wait 5 seconds, etc.).

Sticky Sessions 

Esri does not recommend sticky sessions except in very rare circumstances. Sticky sessions can theoretically overload a machine.  Esri has conducted load tests using sticky sessions to see if we found results that would overload our GIS Server, and this did not occur. We have also not received any customer complaints. That said, since our software is stateless we do not see the value in using sticky sessions. 

Layer 4 vs. Layer 7 

The final setting to mention is whether the load balancer does a "level 7" approach or a "layer 4" approach.  This can be a debate among Network Administrators, but below is a concise summary of the situation describing the differences and advantages of each.

A layer 7 load balancer understands http and https, it therefore decrypts https content and then re-encrypts it.  Because it understands http and https it can cache content and save requests going to the backend server. 

A layer 4 load balancer views all the traffic as TCP packets and has no idea what the packets mean; they could be for ftp, https, smtp, but this does not matter to a layer 4 load balancer.  As a result, it doesn't need to understand the http payload and can be faster.

ArcGIS Server can work with either approach and there is no recommendation on this setting for Network Admins, but there are some pieces of information that an Admin will want to be aware of. 

ArcGIS Server payloads can be much larger than HTML pages, CSS, and JS content (the actual amount would be useful but is often dependent on the data the customer uses).  This means there is more CPU load on a layer 7 load balancer decrypting and encrypting on a per-request basis. 

Also, since much of ArcGIS Server data is dynamic and frequently changing, by default cache headers prohibit caching on the client and load balancer. If the data doesn't change much and the customer wants to use a layer 7 load balancer, they can change and control these cache settings. 

Summary of Recommendations

Health Check

  • If you configure your load balancers with ArcGIS Web Adaptors, you can configure the load balancer with basic TCP/443 health check or a static page health check against the web servers
  • If you configure the load balancer to access portal and/or the servers directly (via ports 6443 and 7443), use HTTPS health check endpoint:


  • Use a throttle setting at a significant lower value than typical web servers

Sticky Sessions

  • Do not use sticky sessions


ArcGIS Enterprise components come pre-configured with a self-signed server certificates, which allows the software to be initially tested and to help you quickly verify that your installation was successful. However, in almost all cases, an organization should request a certificate from a trusted certificate authority (CA) and configure the software to use it. The certificate can be signed by a corporate (internal) or commercial CA. Commercial CA (known-CA) must be used for externally resolvable DNS, e.g. load balancer VIP DNS; internal domain certificates can be used for internal servers. 
For ArcGIS Enterprise system with externally resolvable DNS, if the load balancer’s SSL method is SSL-passthrough (the load balancer does not decrypt and re-encrypt https content), it does not require certificate, and a commercial CA certificate must be installed on the mapped servers (e.g. web servers where the web adaptors are installed). If the load balancer’s SSL method is SSL re-encryption, a commercial CA certificate must be installed on the load balancer.

Since the release of ArcGIS Enterprise 10.5.1, distributed collaboration has been a powerful way to connect and integrate your web GIS across a network of participants.  Distributed collaboration has made it possible to organize and share content between entities and organizations including departments, other governments, private businesses and more.


During the time since the release of distributed collaboration, the implementation of ArcGIS Enterprise “on premises” at customer sites has also grown.  And for good reason!  Deploying ArcGIS Enterprise at your site gives you complete control over your deployment while providing the core capabilities of organization-wide mapping, analysis, data management, sharing and collaboration.


While working with ArcGIS Enterprise customers I have discovered a common misconception regarding the ability of an internal-only ArcGIS Enterprise to collaborate with ArcGIS Online.  A common deployment pattern for ArcGIS Enterprise is to not deploy the system as public-facing at your site.  The system is deployed for internal customers only.  The general public cannot connect to this system over the public Internet and items, services, and data are all behind the organization’s firewall.  The misconception is that this internal-only ArcGIS Enterprise cannot sync (send and receive) items such as web maps, apps, and feature layers with ArcGIS Online.  It can!


In such a scenario, even though ArcGIS Online is considered the host of the collaboration, all communication is initiated by ArcGIS Enterprise from behind your firewall.  To enable this, organization firewall rules must be configured to support outbound communication on port 443.  A few other technical details include:


The following URLs must be whitelisted/reachable by the ArcGIS Enterprise machine:


The Portal for ArcGIS service account that runs the Portal for ArcGIS service needs access to the Internet.


Once the above requirements are met you may proceed to set up your collaboration.


It might seem counterintuitive that your internal ArcGIS Enterprise can sync with ArcGIS Online and even receive items.  It is not only possible, but can be a very effective way to extend the reach and use of your web GIS. 

Many organizations have installed and configured their deployments of ArcGIS Enterprise in the cloud and are required to incorporate disaster recovery plans to ensure the least amount of downtime in the event of a failure or catastrophe. There are various options out there for organizations to choose from to plan for a disaster recovery scenario. For the purpose of this blog post, I will walk through the steps for replicating a primary Enterprise deployment specifically in AWS to a warm, geographically redundant standby site using the WebGIS DR Utility.


Learn more on disaster recovery and replication in ArcGIS Enterprise


Much of this workflow has been covered extensively by my colleagues for on-premise deployments in another blog post Migrate to a new machine in ArcGIS Enterprise using the WebGIS DR tool. The general workflow for our scenario is very similar to the on-premise deployments with some added steps utilizing AWS services* – Application Load Balancer (ALB), Route 53, and S3 buckets – as well as the exclusion of using etc\host file entries in EC2 instances. Please read the blog post above to understand the overall workflow and prerequisites before proceeding with this workflow, as it will contain information not covered in this post.


* I will assume readers will have some prior experience with AWS and its services mentioned above.




Let’s say we want to have a replicated and geographically redundant multi-machine deployment with the following components setup in AWS in the US East and US West regions: 

  • Portal for ArcGIS 
  • ArcGIS Hosting Server 
  • ArcGIS Data Store 
  • ArcGIS Geocode Server

Architectural design of base enterprise deployment with additional server

Route 53 Hosted Zones


Route 53 is a scalable Domain Name System (DNS) that utilizes a combination of public and private hosted zones, which are containers for records about how you want to route traffic for a specific domain. Public hosted zones are used to route traffic on the internet, while private hosted zones are used to route traffic within an Amazon VPC. The following workflow will be utilizing both types of hosted zones with overlapping namespaces. Therefore, in our scenario when we are logged into an EC2 instance in a VPC that is associated with a private hosted zone:

  • The Resolver will evaluate whether the name of the private hosted zone matches the domain name in the request. If there is no match, the Resolver will forward the request to a public DNS resolver.
  • If there is a match in the domain name of the request, the hosted zone is searched for a record that matches the domain name. If there is no record in the matching private hosted zone, the Resolver does not forward the request to a public DNS resolver, but will return a non-existent domain (NXDOMAIN) to the client.


That last bullet is very important! If you have other applications in the same VPC and you setup a private hosted zone, please ensure to add records for those applications so that those application remain completely operational.


Before Deployment


Before proceeding with deploying ArcGIS Enterprise, we need to complete the following tasks using the AWS services mentioned above in order to maintain a consistent DNS across the primary and standby sites:


  1. Create an ALB in both regions that will manage traffic for the ArcGIS Enterprise deployments. A few things to note: 
    1. Ensure to attach the appropriate certificate from the public domain registered in Route 53.
    2. A target group must be created when configuring a new load balancer. Create a target group for Portal at this time. It does not need to be registered to any targets with this target group.
  2. In Route 53 under your Public Hosted Zone:
    1. Create two identical Record Sets for each of the load balancers using CNAME types. One thing to note here: 
      1. Having multiple Record Sets using the Weighted Routing Policy is not a requirement; it is more a matter of preference. It is possible to have just one Record Set and replace the ALB value when the switch is needed.
    2. Set the time to live (TTL) to the recommended 60 seconds, which will "minimize the amount of time it takes for traffic to stop being routed to your failed endpoint."
    3. Set the Routing Policy to Weighted:
      1. Assign a weight of 100 to the primary site.
      2. Assign a weight of 0 to the standby site.                     Public record set in Route 52 with Weighted Routing PolicyPublic record set in Route 52 with Weighted Routing Policy
  3. Create a Private Hosted Zone for each region using the same Domain Name as the Public Hosted Zone in Route 53.
    1. Attach the private hosted zone to the VPC assigned to your ALB during time of creation.List of hosted zones in Route 53
  4. In Route 53 under each of the Private Hosted Zones:
    1. Create an identical Record Set to match the one created in the Public Hosted Zone.
    2. TTL can remain as the default value of 300 seconds.
    3. The Routing Policy can remain the default value of Simple.Private record set in Route 52 with Simple Routing Policy Private record set in Route 52 with Simple Routing Policy


The last two steps of this pre-deployment process are vital to the success of the WebGIS DR utility. Having the two Private Hosted Zones with identical Domain Names and Record Sets that match the Record Sets in the Public Hosted Zone ensures the ability to configure identical ArcGIS Enterprise deployments. Additionally, the deployments will remain in an operational state to perform consistent backups and restores on the appropriate systems without issue due to being on separate regions and VPCs.


ArcGIS Enterprise Deployment


It is finally time to deploy the components of our architecture to EC2 instances (repeat for each region):

  1. To setup the base deployment (Portal for ArcGIS, ArcGIS Hosting Server, and ArcGIS Data Store), follow steps 1-20 from our documentation on deploying Portal for ArcGIS on AWS, which utilizes Esri’s Amazon Machine Images (AMIs).
    1. Make sure to assign the EC2 instances to the same VPC and Security Group as the ALB.
  2. Repeat steps 11-19 in the linked documentation from the previous step to setup the additional ArcGIS Geocode Server.
  3. Create the two remaining target groups for the ArcGIS Hosting Server and Geocode Server (the Portal target group was created during the ALB creation in the pre-deployment steps).
  4. Register each instance with its appropriate target group.
  5. Configure the appropriate forwarding rules in the ALB to match the target groups. If everything is setup correctly, we should be able to successfully access portal through the DNS alias (Name property) created in the Record Sets.ArcGIS Portal homepage with arrow pointing to URL
  6. Follow steps 21-23 in the linked documentation above using the DNS alias from the Record Sets. For example, my portal’s system properties would have the following entries: Portal system properties
    1. And federating my hosting server (or any others) would look like so (the admin URL may vary depending on the level of administrative access setting placed on the Web Adaptor):ArcGIS Server federation in Portal organizational settings.
  7. Repeat step 22 for the ArcGIS Geocode Server.


We now have two identical and fully functional ArcGIS Enterprise deployments in each region. The deployment that has a Weighted Policy of 100 in the Public Hosted Zone will be accessible over the internet and act as the primary site, while the other deployment (with Weighted Policy of 0) in the Public Hosted Zone can only be accessible within its own VPC and act as the standby site.


Active and standby ArcGIS Enterprise architectural designs




Now that we have our primary and standby sites, we have to setup two replicating S3 buckets in the appropriate regions to have a fully replicated and geographically redundant deployment prepared for a disaster recovery scenario.


In Amazon S3, create two buckets with easily recognizable naming conventions, like the following:


Amazon S3 buckets


In the second step of the creation process for each bucket under Configure Options, check the box under Versioning. This is a requirement to enable Cross-Region Replication. Once the buckets have been created, select the bucket that will be utilized by the primary site and navigate to Replication under the Management tab and select Get Started. We can leave the defaults selected for all settings throughout this process. We just need to ensure we select our designated standby site bucket for the destination.


Configuring the replication rule in Amazon S3 bucket


Amazon S3 provides a selectable option (seen in the screenshot above) called S3 Replication Time Control, which will replicate 99.99% of new objects within 15 minutes. This may be a valuable option for organizations with large-scale ArcGIS Enterprise deployments with lots of content who need minimal down time. In my tests, I have found replication to be fast without that option selected, granted my backups ran around 5-6 GBs, which amounted to ~300 hosted services and a Geocode service (and its data) copied to ArcGIS Server.


Disaster Recovery


We are now able to create backups of the primary site and restore the standby site from said backups.

  1. Create a backup with the WebGIS DR tool of your primary site on the instance where Portal is installed. Make sure to point to the appropriate S3 bucket (should be the one in the same region as the primary site) in the properties file. The backup will be replicated to the S3 bucket in the other region.
  2. Restore the replicated backup with the DR tool on the standby instance where Portal is installed. Be mindful of the appropriate S3 bucket in the properties file.


This is the final architecture and workflow:


Full workflow/architecture outlined with S3 bucket replication


In the event of a disaster, we now have the ability to “failover” to our warm, standby deployment by just toggling the values of the Weighted Policies of the Record Sets in our Public Hosted Zone with downtime dependent upon the TTL of the Route 53 record set.Additionally, depending on the length of downtime for the original hot site, you may need to modify how your backups and restores are handled on the two environments, so that any new items created in the new hot site can be maintained when your original data center is restored.


* It should be heavily emphasized that this workflow with the WebGIS DR tool is not considered a highly available ArcGIS Enterprise deployment. The “failover” may be quick in this scenario, but the standby deployment will only have content available from the last WebGIS DR backup/restore. Please see our documentation on configuring a highly available ArcGIS Enterprise.


ArcGIS Enterprise failover workflow/architecture


Since both deployments are also identical, there should be no issues with services integrated into other business systems. Most importantly, this entire workflow – running WebGIS DR backups and restores, DNS toggling, as well as detecting who is acting as the primary site at any given moment – can be completely scripted and automated, ensuring that mission critical systems remain operational.


Learn more about preventing data loss and downtime with ArcGIS Enterprise.

On Jan. 14, 2020, Esri hosted a GIS Leadership Workshop at the Maricopa Co. Flood Control District in Phoenix, AZ. We had about 50 attendees, mostly from state and local government. Here's the ArcGIS Hub site we used for registration, which was done with Survey123: There's also a post-event survey being done with Survey123.



There were presentations on Geospatial Strategy and Surfing the GIS Waves to Success from Esri and presentations from Dave Roby of AZ DEMA on their Operations Dashboards, and David Moss of Maricopa Co., AZ on The GIS Management Blueprint. This is the second one we've done in Phoenix, and there was lots of discussion about doing more in the area.  If you are interested in hosting such an event, please reach out to your Esri Account Manager.


At the Architecture Practice, we are getting a lot of questions about shared instance pools.  


Before 10.7.0, the solution for reducing the amount of RAM was to set low-utilization so that the minimum number of instances in that service’s dedicated pool to zero. By doing so, you allow ArcGIS Server to not run any ArcSOCs for the service if it hasn’t received any requests in a while. 


This “min-zero” solution eliminates the resource usage for services that are going unused. Because you can still set the maximum number of instances, you can accommodate services that receive infrequent bursts of traffic.  The next time the service gets a request, an ArcSOC powers up to handle it at the cost of the startup time of the ArcSOC.  Also, this service could then sit idle for a more extended period, consuming the started SOC until the service hits the set idle timeout.


At 10.7.0, Esri announced support for shared instance pools. Every ArcGIS Server Site now comes with a shared instance pool, containing four ArcSOC processes by default. This number can increase to accommodate more services. The shared instance pool utilizes all of the SOCs assigned to it, so you should only increase the pool as you need to.

Once a compatible map service has published to your ArcGIS Server Site, you can designate it to use the shared pool. Any service added to the shared instance pool will no longer have its dedicated pool; it will dip into the shared pool and use a SOC or two as needed. Once it’s done handling a request, that ArcSOC is free to be used by any other service in the shared pool.


The following restrictions limit what services can use the shared instance pool:

  • Only map services published from ArcGIS Pro can be configured to use the shared instance pool. Other service types, such as geoprocessing services, are not supported.
  • Only specific capabilities of map services—feature access, WFS, WMS, and KML—can be enabled. Turn off all other capabilities before continuing.
  • Services that have custom server object extensions (SOEs) or server object interceptors (SOIs) cannot use shared instances.
  • Services published from ArcMap cannot use shared instances.
  • Cached map services published from ArcGIS Pro that meet the above requirements can use shared instances.


For further information, please see:

Introducing shared instances in ArcGIS Server 10.7 

Configure service instance settings—ArcGIS Server Administration (Windows) | ArcGIS Enterprise 

Interest has been expressed within the Esri community with having Esri provide a set of icons for building presentations, particularly those involving conceptual IT architectures. Esri recently released an initial set of "Esri Presentation Icons" which can be used to develop conceptual architecture diagrams to provide a unified view of GIS deployments. Attached is the initial set of icons that are being provided for customer usage.


The intended use of this icon set is to enhance PowerPoint presentations by illustrating core GIS concepts. These are not intended to be used for schematic drawings or highly detailed workflows.


This is a really good TEDTalk from Scott Brinker on the democratization of software development.  Definitely worth a view for this valuable perspective.  There are so many no and low code options, full custom code should be a last resort and only if its business value is proven with a total cost of ownership analysis.  The question is not CAN I DEVELOP THE APP, it is SHOULD I DEVELOP THE APP.


Everyone Is A Software Developer | Scott Brinker | TEDxBocaRaton - YouTube 

Important document released from NASCIO, their Top Ten Policy & Technology Priorities for 2020.  It's important that GIS practitioners are aware of these as well as most of them impact your world.


  1. Cybersecurity & Risk Management
  2. Digital Government
  3. Cloud Services
  4. Consolidation/Optimization
  5. Customer Relationship Management
  6. Budget, Cost Control, Fiscal Management
  7. Legacy Modernization
  8. Data Management & Analytics
  9. Broadband/Wireless Connectivity
  10. Innovation & Transformation Through Technology 

Here are my thoughts on GIS Day.  Happy GIS Day!


Every Day Should Be GIS Day 

Are you wondering if drones can help your agency?  Check out this success story on how North Central Texas Emergency Communications District (NCT9-1-1) updates its maps by using drone imagery and GIS.


  • A fast-growing region in Texas uses satellite and drone imagery to update maps and addresses.
  • Fresh imagery helps 9-1-1 telecommunicators quickly locate emergency callers and route first responders.
  • Imagery informs addressing authorities accurately, essential to quickly reaching people in crisis.


Texas 9-1-1 Agency Uses Imagery to Stay Current with Booming Growth 


Filter Blog

By date: By tag: