Maximize your success in ArcGIS platform adoption by using a prioritization approach that balances business benefits with challenges, so you can prioritize high‐value, low‐effort activities. Read more about this concept, along with 17 additional best practices in our document Architecting the ArcGIS Platform: Best Practices at this link: https://go.esri.com/bp
For many of our customers, installation and implementation of ArcGIS Monitor is a straightforward and quick process. Once the minimum requirements are met, most Monitor installations flow smoothly.
However, when advanced firewall and security practices are in place, these installation and configuration of ArcGIS Monitor can be much more complicated. For optimal success in highly secure environments, ask IT support staff to join in installation activities.
When the ArcGIS Monitor can’t quickly make a connection with other systems in the Enterprise ask IT to monitor the network traffic and see if any internal ports are blocking traffic. This may be an iterative process as you install the software, but without System and Process collectors, ArcGIS Monitor can't fully measure ArcGIS Enterprise Health.
Onsite recently, in addition to opening ports 6443 and 7443 for ArcGIS Server and Portal connections, we had to request permission for ArcGIS Monitor to operate on ports 135, 49153 and 49154 on the ArcGIS Server, Portal and SQL machines in the deployment. Once these ports were opened, we could begin collecting on Memory, Network and Processing utilization.
Collaboration between GIS Admins and IT is crucial for understanding security rules and limitations when implementing a product like ArcGIS Monitor.
An ArcGIS identity allows a person to participate in the platform; access, create, or share items as part of one or more groups; and use the platform to play a more collaborative role in the organization.
Identity information is used to uniquely and securely describe user access to maps, apps, data, and analysis within the ArcGIS platform. A person’s ArcGIS identity can be managed with built‐in security by ArcGIS or by federating ArcGIS with a a third‐party enterprise identity management system. Regardless of the approach, effective management of user identities and associative credentials is necessary for users to appropriately utilize and participate in the ArcGIS platform.
People access the ArcGIS platform through a role and set of privileges configured by an administrator. Roles can be tailored to individual users and their organizational responsibilities (examples include: viewer, editor, publisher, analyst, field technician, and administrator). The privileges associated with these roles ultimately permit people to join groups, access their own resources (data, maps, apps, and capabilities), and access resources that have been shared with them.
An ArcGIS Identity is managed as a named user credential within the platform. This credential is used to sign into any app, on any device, at any time, and to provide access to all maps, apps, data, and analysis a particular user is entitled to. As users sign into the ArcGIS platform with their named user credentials, their identity gives them access to authoritative data, GIS capabilities, shared content, apps, and their saved maps and items. The named user model allows an organization to securely and appropriately extend the reach of its geospatial capabilities to everyone who needs them.
Users often participate in groups, an important aspect of the ArcGIS platform sharing model. A group is a collection of items (such as maps, apps, and named users) typically related to a specific area of interest (such as a business unit, initiative, or team). Groups are useful for organizing content and controlling access. If a group is private, only members will see the group and its content.
Depending on the needs of the organization, user identities can be managed with built‐in security by ArcGIS, or by using a third‐party identity management system. For small implementations, an ArcGIS administrator will want to leverage the built‐in security of the Enterprise portal to manually add and configure or batch import users. The administrator would then use a simple web interface to manage these users, the roles they assume, and the privileges they are granted. For larger implementations, enterprise identities and groups (managed external to ArcGIS) will be used by the Enterprise portal to control access to the platform. These implementations can leverage enterprise credentials from an existing Lightweight Directory Access Protocol (LDAP) server, an Active Directory server, or an identity provider that supports Security Assertion Markup Language (SAML) 2.0 Web Single Sign On.
ArcGIS identities provide the organization with access control around platform content and capabilities and give users the ability to discover, share, and participate in the secure environment. Two approaches are provided to give organizations options for how to implement identity management within the ArcGIS platform. Choose the approach that best enables users to accomplish their business objectives.
Download the PDF for this presentation from the 2018 Esri User's Conference: Managing Identities
It’s important for an organization to realize that creating a purposeful and actionable training plan that aligns its needs, goals, and objectives is highly critical.
A plan that is focused on the learning and development of the workforce can be the rudder that guides them toward success. Employees gain a sense of purpose with a better understanding of where they’ve been, where they are, and how far they must go to reach their goal. The organization benefits from a more productive, efficient, skilled, and empowered staff.
Failure to have a strategic training plan in place for your workforce can lead to unsuccessful projects and initiatives, and staff without a focus and vision for their role in the organization.
Esri Training Consultants partner with organizations of all sizes and industries to assess current skills and knowledge, while building awareness and making recommendations for key learning resources. There are hundreds of resources, ranging from instructor led training to self-paced e-Learning. Engage with an Esri Training Consultant right away!
High availability environments for ArcGIS are becoming engrained within the critical business operations and workflows of your organization. Defining a SLA, service level agreement, will identify your organizations percentage of required service up-time and help guide you to designing a HA solution that satisfies your organizations expectations.
Our spotlight presentation, "Considerations for a Highly Available Enterprise", at Esri's 2018 User's Conference identified the below approaches to consider while designing a Highly Available system.
Redundancy can be accomplished through duplication and load balancing. Duplication of instances reduce the number of single points of failure while load balancing is a technique for distributing client workload traffic requests across multiple system components.
Test Plans should be applied on the systems and all applications that feed into those systems. These tests plans should not be a onetime task and done. They need to be part of a predefined schedule. Please test the apps and systems prior to going live and at a predetermined schedule. Having these test plans in place and recording the test results, will help you keep tab of your systems over its life cycle. Operational plans can include, but not limited to: Stress Testing, Performance Testing, and Testing of Fail-over functions and activities.
Prevention is certainly better than the cure, it applies to systems too! Monitoring system health to identify and proactively address problems are key to maintaining a highly available system. System monitoring tools are available from various sources, including Esri. The more systems you have to manage, the greater the need for a monitoring tool. Use the monitoring tool to monitor: CPU usage, Memory usage, Response time, Service throughput, etc. Ensure you can configure them to execute a job, like notifying you when a system status crosses a threshold.
The approaches listed above, are just some of the strategies that are meant to minimize service downtime. Implementing these recommended approaches along with your own organizations strategies will enable maximum up-time and provide a reliable, high performing ArcGIS environment.
Keeping these best practices in mind, you can implement these approaches in your highly available enterprise. Here is a download to the PDF for this presentation from the 2018 User's Conference: Considerations for High Availability
Specific business functions impact the performance of the ArcGIS platform in different ways. By allocating workloads to appropriate server resources organized by business function, organizations can maximize performance, reduce risk, and meet business‐defined service level agreements (SLAs). By implementing geospatial function isolation, organizations can reduce the risk that high‐intensity processes will consume cycles needed to support critical applications, or that an abnormal spike in requests will disrupt service for all users.
Workload separation is a design approach that enhances performance and reliability by aligning the technical implementation with organizational business requirements. Consider different business workflows to understand how each workflow impacts compute resources, and then use segregated and preplanned resource allocation to meet the needs of each workflow.
System performance is maximized when service requests are directed to compute resources in a way that optimizes hardware and reduces resource contention. Direct service requests that are known to be central processor unit (CPU) intensive, such as complex analysis tasks, to an ArcGIS Server site containing machines with faster processors. Direct less intensive requests, such as map visualization tasks, to more modest machines. This approach makes the best use of available compute resources to achieve the highest performance.
Workload separation also reduces the risk of service interruption. System stability is enhanced because overloaded machines cannot affect other machines in the environment, which in turn protects critical tasks from resource contention. Route user requests to the appropriate sites through load balancers and deliver results securely and transparently.
The GIS Health Check is a service offered by Esri's Services. It provides an opportunity to have an expert in Esri-based GIS systems review an organization's current deployment and operations. This "hands-on" activity offers a pro-active and holistic assessment of the current system relative to the organization's objectives and other successful patterns. The recommendations by the expert are documented in a report and may include recommendations related to system design, operations, configuration, deployment patterns, performance, availability, etc. The PDF of the presentation slides is available for download: User Conference 2018 GIS Health Check Service Spotlight Presentation .
The PDF includes some case studies that illustrate the motives of some customers that have used this service. Among those was a state government organization. They had a long history of implementing Esri technologies which gave them a wealth of experience but led them to suspect that they may have some legacy patterns that were out-of-step with the newer technology. They also had questions about what might be responsible for various performance and reliability issues. The Health Check exonerated some technologies and configurations as a cause of the problems, allowing focus on the real issues. And, it allowed the organization to translate its deep knowledge to the updated patterns and practices for the technologies that they currently have deployed.
Every time a new version of ArcGIS is released I receive one particular question more often than any other. The exact words can change but it's always something to the effect of "How am I going to move all of my users from ArcGIS Desktop to ArcGIS Pro"?
A big part of my role at is helping customers implement and configure the ArcGIS platform, and that extends to upgrading to the latest version of ArcGIS and installing the newest products. So when someone asks me this question they are usually expecting me to talk about a technology migration path for desktop users. But a straight path like that assumes users will perform a 1 for 1 swap of ArcMap for ArcGIS Pro over time, and that's often not the best way to address the underlying question.
Instead of a need for migration I like to think of this as an opportunity for modernization. Migration generally focuses on the technology. Upgrades, patches, installing the latest product. Modernization may involve upgrading and new products but that's only a means to an end. It's really about moving to a new pattern. A paradigm shift. In our conversation about ArcMap and ArcGIS Pro that pattern is Web GIS. As we move from Desktop, to Server, to Web and eventually Distributed GIS new options present themselves that were previously unavailable. ArcGIS Pro and all of the other Web GIS native applications allow for new and powerful functionality that we can only leverage if we shift the way we look at using GIS.
When working with users on modernization I almost always start by asking three simple questions:
Everyone that is using ArcGIS is trying to solve a problem, ask a question, or get an answer using spatial data. That problem, question, and answer come together as a workflow and the workflow, not the technology, is what we want to focus on. Once we answer those questions we start reviewing the existing workflows and making a workflow by workflow recommendation on how to modernize each using one of three options.
As you modernize your GIS and help your users make the paradigm shift to Web GIS keep these steps in mind so you can help them understand their options, and that a whole new ecosystem of tools and products are available to help them achieve their mission.
In your organization there are likely different people, working in a variety of roles, with varying skills and responsibilities. It can be overwhelming to deliver the right content in the right format to these different people in a well-performing, reliable, and secure manner.
Your geospatial content publication strategy serves as a guide to help accomplish this. While any two organizations can have vastly different publications strategies, an effective content delivery strategy will always address performance, reliability, and security.
Think of performance as how long it takes an application to load- is it lightning fast, or crawling along. One way to address performance strategically is to consider separating internal and external activities. In practice, this could mean external public applications like StoryMaps live in a scalable environment such as ArcGIS Online, and internal dashboards, analytics, and editing work stays on your own infrastructure in ArcGIS Enterprise. This way, if one of those public-facing apps suddenly becomes popular, your internal resources won’t have to compete for resources.
Reliability is expressed in a service level agreement (SLA), and is an expectation of when the system will be available- like during work hours, or 99% of the time. There are many ways in which organizations address reliability, such as following other best practices like high availability, load balancing, workload separation, and security. You could also address reliability by leveraging cloud capabilities.
Within the context of a publication strategy, security is about exposing the right content and capabilities to the right people. You certainly don’t want non-experts editing your asset information, or your sensitive data to be exposed publicly. This content should be properly maintained in a secure system of record. Security isn’t just about keeping your internal content within your organization; it can also pertain to information or capabilities that is sensitive even between departments or teams within your organization. Depending on the level of risk and sensitivity of this content, it may be appropriate to have a separate, internal publication environment.
While your organization’s individual content publication strategy will likely encompass many other considerations that are relevant to your work, goals, and mission, it should always address the needs and expectations of the people in your organization and protect your internal system.
Download the PPT for this presentation from the 2018 Esri User's Conference: Content Publication Strategy.pdf
As technologists supporting important business functions, it’s important to do what you can to make sure that your organization’s production environment is protected.
What kinds of negative business impacts could you expect if your production environment failed? How much money would it cost your organization? How many mission-critical operations would be halted? How many customers or citizens would be affected?
Environment isolation will help protect your production system by creating at least three separate and distinct computing environments for operational, testing, and development activities. Let’s talk about how each of these systems help to protect your production environment.
Your production environment is the system that you are most familiar with. It’s your “live” system. It’s where most people in your organization go to do their work, whether it’s to access their mobile application to submit damage assessments around the city, or their desktop application to predict the structural integrity of buildings and bridges, or their dashboards to monitor the progress of their initiatives and projects. Because these people’s work is so important, it’s crucial that changes aren’t made here without first being tested and evaluated in a separate environment.
Your staging environment is a replica of the production environment that isn’t supporting your business operations. This makes it a great, safe place to test an amazing new application your team has developed. This way you can be sure the app will deliver the functionality you promise and that nothing else in the system will be negatively impacted. It’s worth mentioning that many risk-averse organizations will have many kinds of testing environments, including a staging, performance testing, load testing, acceptance testing, and even training environments. The needs of your organization may differ depending on the level of risk you’re willing to assume.
Let’s get back to that amazing new application. That app was made in a separate environment: development.
This is a workspace where your developers can innovate. It’s where they can manage content, make changes, construct new business workflows, and create new capabilities. This environment’s size and complexity will largely be determined by how many developers you have working in this space and the level of risk associated with the kinds of changes they work on.
Needless to say, delivering a reliable, high-performing system is no easy feat. It takes a lot of diligent work done by smart, dedicated people. Isolating inherently risky activities like development and testing from your production environment will contribute to the stability and performance of that system.
Download the PPT for this presentation from the 2018 Esri User's Conference: Environment Isolation
I had the honor of presenting the spotlight talk "Engage the Enterprise with GIS" at UC 2018. The full capacity audience was fantastic, especially considering it was late in the day. The talk was around the People side of the broader Enterprise GIS Strategy. The broader strategy should include:
When engaging the enterprise, look at all the various business units and enlist the help of willing participants at various levels in the said business unit(s). Then work with them to communicate in terms that are well understood and relevant to the intended audience. Below is a graphic, extracted from Dr. Elliott Jacques' "In Praise of Hierarchy". Note that the temporal and strategic levels are the parameters to use when communicating the value of utilizing GIS.
The attached presentation provides more information about this concept.
As always, Esri is here to support you through your technology implementation and change. Let us know if you have any questions.
With the push towards ArcGIS Enterprise, the successful integration of Portal for ArcGIS has become increasingly important to a smooth deployment of your Web GIS. Portal, though just one component of ArcGIS Enterprise, a few IT-centric system requirements and require a bit of pre-planning. This Spotlight Talk looks at 3 areas in the pre-planning process that can help smooth out the implementation of Portal for ArcGIS.
Access: One of the first decisions to make before deploying Portal, is to decide whether or not you need external access. When making this decision you want to consider your data's sensitivity, the need for public access, whether you need a mobile solution, and the type of security you will implement. Deciding on the access of your Portal will help dictate some other decisions you will need to make when implementing Portal.
Security: There are a variety of ways that you can authenticate your Portal, and it’s important to think about who your users will be, how they will be using the Portal, and most importantly where they will be accessing it from.
SSL/TLS: This is how secure websites leverage HTTPS to encrypt all web traffic. Having a valid TLS will safeguard your sensitive data from being compromised and it happens to be a requirement for running Portal for ArcGIS!
These components are the heavy hitters that you will want to take into consideration when you start to prepare to implement Portal. We recommend starting with a kick it off meeting with your IT department to look at your organizations access needs, security requirements, and SSL/TLS availability. In our experience these are things that can derail a smooth implementation, and even cause some hiccups down the road if not properly considered during the planning stages.
Download the PDF version of the presentation from the 2018 Esri User’s Conference: Preparing to Implement Portal for ArcGIS
A Distributed GIS is a modern approach that supports a new type of sharing. With distributed GIS, multiple GIS deployments are connected with each other, and users can use web maps and apps to easily create, manage, analyze, publishing and share geospatial content. This integrated approach preserves control and access with individual departments while supporting the broader business needs of the organization. The result is a truly collaborate environment – an integrated set of deployments working together towards shared goals.
To create a distributed GIS, you simply connect multiple Web GIS environments that can include multiple ArcGIS Enterprise deployments as well as an ArcGIS Online organization. We call these connections “trusted collaborations”. You can configure a trusted collaboration between deployments using the out-of-the-box capabilities of ArcGIS which let you easily define how data is shared. No custom coding required.
Trusted collaborations between deployments are secure, using your deployments existing security model. Users can share data – either as a copy or as a reference to the sources (requiring authentication) – to other collaboration participants. Collaboration creates a network where multiple systems can access data and information products from their own environment, keeping authoritative sources intact, with updates either in real time or at scheduled intervals.
Distributed GIS will be of interest to a wide variety of organizations and departments including those with a purpose to maintain or manage data and provide it to other business units or audiences, who have faced challenges getting authoritative data to target audiences effectively and efficiently, and those that create data in one environments (i.e. ArcGIS Enterprise) and host it for customers in another (i.e. ArcGIS Online).
A distributed GIS is an integrated set of GIS deployments working together and sharing content as part of a trusted collaboration. Implementing a distributed GIS is an effective way to leverage authoritative data, foster communication and engagement across user types, and glean insights from data to generate powerful location intelligence. A distributed GIS also preserves departmental control over data and workflows while contributing to and supporting the needs of the enterprise.
Download the presentation from the 2018 Esri User’s Conference: Distributed GIS – Establishing a Trusted Collaboration to take a closer look and begin to develop your strategy.
This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include High Availability, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.
If you attended the Esri User Conference earlier this month you may have taken the opportunity to fill out an ArcGIS 10.6 readiness assessment to help you identify potential areas for improvement, and options to investigate prior to implementing or upgrading to ArcGIS Enterprise 10.6.
The results of this assessment are based on the high level information you provide and while it doesn't represent the in depth requirements gathering needed for many complex environments it does provide general recommendation and guidance most users will find helpful when planning a migration and it's a great way to start the conversation about upgrading to 10.6 either internally or with your Esri Account Representative.