Skip navigation
All Places > Implementing ArcGIS > Blog
1 2 3 Previous Next

Implementing ArcGIS

66 posts

Here is the sixth of my twelve posts as a GovLoop Featured Contributor. This one discusses how the Internet of Things (IoT) really requires integration with an enterprise GIS: 

Here is the fifth of my twelve posts as a GovLoop Featured Contributor.  This one discusses when to write code and when not to: 

When it comes to technology companies, product renaming and refocus is often inevitable. This recently occurred with Citrix as they have moved away from the "Xen" prefix and have simplified their product portfolio naming to make them easier to understand. For example, the new name for XenApp is "Citrix Virtual Apps" while XenDesktop is now "Citrix Virtual Desktops". These are the two primary products from Citrix that are used to deploy ArcGIS Desktop and ArcGIS Pro as virtualized applications. At the same time, Citrix is changing the associated product versioning and moving to a year and month format, for example:


      YYMM = Year and month when the product or component released. For example, a release in August 2018 appears       as 1808.


Citrix recently released the latest version of Citrix Virtual Apps and Desktops utilizing these changes and the current release is "Citrix Virtual Apps and Desktops 7 1808.2". This means that XenApp/XenDesktop 7.18 was the last release of the 7.x releases and the new version of "Citrix Virtual Apps" appears to be what XenApp 7.19 would have been and not a major upgrade, though Citrix is constantly evolving their products.


Though the naming changes are helpful for understanding product purpose, I don't anticipate much of an impact from these changes at a technical level. Over the last few years Esri has been certifying multiple Citrix releases and the most recent "certified" Citrix release for ArcGIS is XenApp/XenDesktop 7.17. It is likely that the new "Citrix Virtual Apps and Desktops" release, or a subsequent release, will be certified with the next major ArcGIS release so look for updates on the associated ArcGIS system requirements pages.

While at a client site installing and configuring ArcGIS Monitor, I needed to set up the ArcGIS Monitor Reporting Server with the client’s SSL Domain Certificate for the server so that no security error would be thrown when accessed. I was given the certificate in the PFX format (binary format for storing the server certificate, intermediate certificates, and the private key) common to Windows and readily imported by IIS. ArcGIS Monitor does not use IIS and requires that the Certificate and Private key be in separate files and in PEM format (Base64 encoded ASCII files).


Here are the steps I used to move from the single PFX file to the two PEM files required by ArcGIS Monitor Server.


  1. Download/Install OpenSSL software on an available workstation (For information on OpenSSL please visit:
  2. Open a command window and navigate to the PFX file location
  3. Extract the Public/Private key-pair 
  4. Extract the Certificate 
  5. Get the Private Key from the key-pair 
  6. The private key needs to be converted to pkcs8 format ***Copy the output and save it as sample_private_pkcs8.pem***
  7. Copy the sample_private_pkcs8.pem and sample_cert.pem files to the <Installation location>\ArcGIS Monitor\Server\ssl directory on the ArcGIS Monitor Report Server.
  8. Start ArcGIS Monitor Administrator - the Connections view appears.
  9. Click the File menu and click Open - the Open File dialog box appears.
  10. Browse to the <Installation location>\ArcGIS Monitor\Server\settings directory on the machine where ArcGIS Monitor Server is installed, click config.db, and click Open.
  11. Click Server on the main menu - the Server configuration pane appears. 
  12. Click the Private Key browse button - browse to and choose the sample_private_pkcs8.pem file and click Open.
  13. Click the Public Key browse button - browse to and choose the sample_cert.pem file and click Open. 
  14. Click the File menu and click Save to save your changes.
  15. Click the File menu and click Close to return to the Connections view.
  16. Right-click the ArcGIS Monitor Server service in the Windows Services manager and click Restart.
  17. The result is a secure connection to the ArcGIS Monitor Report Server 

Here is the fourth of my twelve posts as a GovLoop Featured Contributor.  This one highlights the work at the California Governor's Office of Emergency Services: 

Here is the third of my twelve posts as a GovLoop Featured Contributor: 



Here is the second of my twelve posts as a GovLoop Featured Contributor: 

For the next twelve weeks, I am a GovLoop featured contributor. Please check out my first post: 

Every organization strives to keep its systems running smoothly, but for some, that objective is mission critical.

Learn about the technical assistance level that aligns with your mission critical needs.  This is accomplished through assigned Technical Account Managers, 1-hour initial response to support requests, and 24/7/365 support.  No matter what your GIS needs may be Premium Support is designed to provide next level support for organizations of all sizes and industry.


Perhaps you’re not sure if Premium Support is right for your organization.  We can review your support history and help you better understand if a higher-level support would unlock your organizations potential. 


Using the link below you can learn more about the program and submit your request for additional information at the bottom.

Maximize your success in ArcGIS platform adoption by using a prioritization approach that balances business benefits with challenges, so you can prioritize high‐value, low‐effort activities. Read more about this concept, along with 17 additional best practices in our document Architecting the ArcGIS Platform:  Best Practices at this link:

For many of our customers, installation and implementation of ArcGIS Monitor is a straightforward and quick process. Once the minimum requirements are met, most Monitor installations flow smoothly.


However, when advanced firewall and security practices are in place, these installation and configuration of ArcGIS Monitor can be much more complicated. For optimal success in highly secure environments, ask IT support staff to join in installation activities.


When the ArcGIS Monitor can’t quickly make a connection with other systems in the Enterprise ask IT to monitor the network traffic and see if any internal ports are blocking traffic. This may be an iterative process as you install the software, but without System and Process collectors, ArcGIS Monitor can't fully measure ArcGIS Enterprise Health. 


Onsite recently, in addition to opening ports 6443 and 7443 for ArcGIS Server and Portal connections, we had to request permission for ArcGIS Monitor to operate on ports 135, 49153 and 49154 on the ArcGIS Server, Portal and SQL machines in the deployment. Once these ports were opened, we could begin collecting on Memory, Network and Processing utilization. 


Collaboration between GIS Admins and IT is crucial for understanding security rules and limitations when implementing a product like ArcGIS Monitor.

An ArcGIS identity allows a person to participate in the platform; access, create, or share items as part of one or more groups; and use the platform to play a more collaborative role in the organization.




Identity Value

Identity information is used to uniquely and securely describe user access to maps, apps, data, and analysis within the ArcGIS platform. A person’s ArcGIS identity can be managed with built‐in security by ArcGIS or by federating ArcGIS with a a third‐party enterprise identity management system. Regardless of the approach, effective management of user identities and associative credentials is necessary for users to appropriately utilize and participate in the ArcGIS platform.





People access the ArcGIS platform through a role and set of privileges configured by an administrator. Roles can be tailored to individual users and their organizational responsibilities (examples include: viewer, editor, publisher, analyst, field technician, and administrator). The privileges associated with these roles ultimately permit people to join groups, access their own resources (data, maps, apps, and capabilities), and access resources that have been shared with them.




Named User

An ArcGIS Identity is managed as a named user credential within the platform. This credential is used to sign into any app, on any device, at any time, and to provide access to all maps, apps, data, and analysis a particular user is entitled to. As users sign into the ArcGIS platform with their named user credentials, their identity gives them access to authoritative data, GIS capabilities, shared content, apps, and their saved maps and items. The named user model allows an organization to securely and appropriately extend the reach of its geospatial capabilities to everyone who needs them.


Named User



Users often participate in groups, an important aspect of the ArcGIS platform sharing model. A group is a collection of items (such as maps, apps, and named users) typically related to a specific area of interest (such as a business unit, initiative, or team). Groups are useful for organizing content and controlling access. If a group is private, only members will see the group and its content.


Managing Identity

Develop A Strategy! 

Depending on the needs of the organization, user identities can be managed with built‐in security by ArcGIS, or by using a third‐party identity management system. For small implementations, an ArcGIS administrator will want to leverage the built‐in security of the Enterprise portal to manually add and configure or batch import users. The administrator would then use a simple web interface to manage these users, the roles they assume, and the privileges they are granted. For larger implementations, enterprise identities and groups (managed external to ArcGIS) will be used by the Enterprise portal to control access to the platform. These implementations can leverage enterprise credentials from an existing Lightweight Directory Access Protocol (LDAP) server, an Active Directory server, or an identity provider that supports Security Assertion Markup Language (SAML) 2.0 Web Single Sign On. 


ArcGIS identities provide the organization with access control around platform content and capabilities and give users the ability to discover, share, and participate in the secure environment. Two approaches are provided to give organizations options for how to implement identity management within the ArcGIS platform. Choose the approach that best enables users to accomplish their business objectives.


Download the PDF for this presentation from the 2018 Esri User's Conference: Managing Identities


Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include High Availability, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.


Best Practices

It’s important for an organization to realize that creating a purposeful and actionable training plan that aligns its needs, goals, and objectives is highly critical.


A plan that is focused on the learning and development of the workforce can be the rudder that guides them toward success. Employees gain a sense of purpose with a better understanding of where they’ve been, where they are, and how far they must go to reach their goal. The organization benefits from a more productive, efficient, skilled, and empowered staff.


Failure to have a strategic training plan in place for your workforce can lead to unsuccessful projects and initiatives, and staff without a focus and vision for their role in the organization.


Esri Training Consultants partner with organizations of all sizes and industries to assess current skills and knowledge, while building awareness and making recommendations for key learning resources. There are hundreds of resources, ranging from instructor led training to self-paced e-Learning. Engage with an Esri Training Consultant right away!

The Strategic Impact of a Training Plan


Esri Spotlight Talk - UC 2018

High availability environments for ArcGIS are becoming engrained within the critical business operations and workflows of your organization.  Defining a SLA, service level agreement, will identify your organizations percentage of required service up-time and help guide you to designing a HA solution that satisfies your organizations expectations.


Our spotlight presentation, "Considerations for a Highly Available Enterprise", at Esri's 2018 User's Conference identified the below approaches to consider while designing a Highly Available system.


Multi-machine redundancy

Redundancy can be accomplished through duplication and load balancing.  Duplication of instances reduce the number of single points of failure while load balancing is a technique for distributing client workload traffic requests across multiple system components.



System Operational Plans

Test Plans should be applied on the systems and all applications that feed into those systems.  These tests plans should not be a onetime task and done.  They need to be part of a predefined schedule.  Please test the apps and systems prior to going live and at a predetermined schedule.  Having these test plans in place and recording the test results, will help you keep tab of your systems over its life cycle.  Operational plans can include, but not limited to: Stress Testing, Performance Testing, and Testing of Fail-over functions and activities.



Health Monitoring

Prevention is certainly better than the cure, it applies to systems too!  Monitoring system health to identify and proactively address problems are key to maintaining a highly available system.  System monitoring tools are available from various sources, including Esri.  The more systems you have to manage, the greater the need for a monitoring tool.  Use the monitoring tool to monitor: CPU usage, Memory usage, Response time, Service throughput, etc.  Ensure you can configure them to execute a job, like notifying you when a system status crosses a threshold.



The approaches listed above, are just some of the strategies that are meant to minimize service downtime.  Implementing these recommended approaches along with your own organizations strategies will enable maximum up-time and provide a reliable, high performing ArcGIS environment.


Keeping these best practices in mind, you can implement these approaches in your highly available enterprise.  Here is a download to the PDF for this presentation from the 2018 User's Conference:  Considerations for High Availability 



Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include IT Governance, Automation, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.


Specific business functions impact the performance of the ArcGIS platform in different ways. By allocating workloads to appropriate server resources organized by business function, organizations can maximize performance, reduce risk, and meet business‐defined service level agreements (SLAs). By implementing geospatial function isolation, organizations can reduce the risk that high‐intensity processes will consume cycles needed to support critical applications, or that an abnormal spike in requests will disrupt service for all users.


Design Approach Value

Workload separation is a design approach that enhances performance and reliability by aligning the technical implementation with organizational business requirements. Consider different business workflows to understand how each workflow impacts compute resources, and then use segregated and preplanned resource allocation to meet the needs of each workflow. 


Workload Separation


Maximize Performance

System performance is maximized when service requests are directed to compute resources in a way that optimizes hardware and reduces resource contention. Direct service requests that are known to be central processor unit (CPU) intensive, such as complex analysis tasks, to an ArcGIS Server site containing machines with faster processors. Direct less intensive requests, such as map visualization tasks, to more modest machines. This approach makes the best use of available compute resources to achieve the highest performance.


Reduce Risk

Workload separation also reduces the risk of service interruption. System stability is enhanced because overloaded machines cannot affect other machines in the environment, which in turn protects critical tasks from resource contention. Route user requests to the appropriate sites through load balancers and deliver results securely and transparently.


Develop a Strategy!

Allocate hardware around core GIS capabilities, including data management, analysis, and visualization functions. Some organizations may have more detailed separation needs around specific business functions (such as imagery, real‐time data, or caching), hardware characteristics, or SLA definitions. Use GIS patterns, SLAs, and performance expectations to determine how to best direct workloads to appropriate compute resources.


Download the PDF for this presentation from the 2018 Esri User's Conference: Designing a Robust Environment - Workload Separation


Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include High Availability, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.


Best Practices