Skip navigation
All Places > Implementing ArcGIS > Blog

Here is the fourth of my twelve posts as a GovLoop Featured Contributor.  This one highlights the work at the California Governor's Office of Emergency Services: 

Here is the third of my twelve posts as a GovLoop Featured Contributor: 



Here is the second of my twelve posts as a GovLoop Featured Contributor: 

For the next twelve weeks, I am a GovLoop featured contributor. Please check out my first post: 

Every organization strives to keep its systems running smoothly, but for some, that objective is mission critical.

Learn about the technical assistance level that aligns with your mission critical needs.  This is accomplished through assigned Technical Account Managers, 1-hour initial response to support requests, and 24/7/365 support.  No matter what your GIS needs may be Premium Support is designed to provide next level support for organizations of all sizes and industry.


Perhaps you’re not sure if Premium Support is right for your organization.  We can review your support history and help you better understand if a higher-level support would unlock your organizations potential. 


Using the link below you can learn more about the program and submit your request for additional information at the bottom.

Maximize your success in ArcGIS platform adoption by using a prioritization approach that balances business benefits with challenges, so you can prioritize high‐value, low‐effort activities. Read more about this concept, along with 17 additional best practices in our document Architecting the ArcGIS Platform:  Best Practices at this link:

For many of our customers, installation and implementation of ArcGIS Monitor is a straightforward and quick process. Once the minimum requirements are met, most Monitor installations flow smoothly.


However, when advanced firewall and security practices are in place, these installation and configuration of ArcGIS Monitor can be much more complicated. For optimal success in highly secure environments, ask IT support staff to join in installation activities.


When the ArcGIS Monitor can’t quickly make a connection with other systems in the Enterprise ask IT to monitor the network traffic and see if any internal ports are blocking traffic. This may be an iterative process as you install the software, but without System and Process collectors, ArcGIS Monitor can't fully measure ArcGIS Enterprise Health. 


Onsite recently, in addition to opening ports 6443 and 7443 for ArcGIS Server and Portal connections, we had to request permission for ArcGIS Monitor to operate on ports 135, 49153 and 49154 on the ArcGIS Server, Portal and SQL machines in the deployment. Once these ports were opened, we could begin collecting on Memory, Network and Processing utilization. 


Collaboration between GIS Admins and IT is crucial for understanding security rules and limitations when implementing a product like ArcGIS Monitor.

An ArcGIS identity allows a person to participate in the platform; access, create, or share items as part of one or more groups; and use the platform to play a more collaborative role in the organization.




Identity Value

Identity information is used to uniquely and securely describe user access to maps, apps, data, and analysis within the ArcGIS platform. A person’s ArcGIS identity can be managed with built‐in security by ArcGIS or by federating ArcGIS with a a third‐party enterprise identity management system. Regardless of the approach, effective management of user identities and associative credentials is necessary for users to appropriately utilize and participate in the ArcGIS platform.





People access the ArcGIS platform through a role and set of privileges configured by an administrator. Roles can be tailored to individual users and their organizational responsibilities (examples include: viewer, editor, publisher, analyst, field technician, and administrator). The privileges associated with these roles ultimately permit people to join groups, access their own resources (data, maps, apps, and capabilities), and access resources that have been shared with them.




Named User

An ArcGIS Identity is managed as a named user credential within the platform. This credential is used to sign into any app, on any device, at any time, and to provide access to all maps, apps, data, and analysis a particular user is entitled to. As users sign into the ArcGIS platform with their named user credentials, their identity gives them access to authoritative data, GIS capabilities, shared content, apps, and their saved maps and items. The named user model allows an organization to securely and appropriately extend the reach of its geospatial capabilities to everyone who needs them.


Named User



Users often participate in groups, an important aspect of the ArcGIS platform sharing model. A group is a collection of items (such as maps, apps, and named users) typically related to a specific area of interest (such as a business unit, initiative, or team). Groups are useful for organizing content and controlling access. If a group is private, only members will see the group and its content.


Managing Identity

Develop A Strategy! 

Depending on the needs of the organization, user identities can be managed with built‐in security by ArcGIS, or by using a third‐party identity management system. For small implementations, an ArcGIS administrator will want to leverage the built‐in security of the Enterprise portal to manually add and configure or batch import users. The administrator would then use a simple web interface to manage these users, the roles they assume, and the privileges they are granted. For larger implementations, enterprise identities and groups (managed external to ArcGIS) will be used by the Enterprise portal to control access to the platform. These implementations can leverage enterprise credentials from an existing Lightweight Directory Access Protocol (LDAP) server, an Active Directory server, or an identity provider that supports Security Assertion Markup Language (SAML) 2.0 Web Single Sign On. 


ArcGIS identities provide the organization with access control around platform content and capabilities and give users the ability to discover, share, and participate in the secure environment. Two approaches are provided to give organizations options for how to implement identity management within the ArcGIS platform. Choose the approach that best enables users to accomplish their business objectives.


Download the PDF for this presentation from the 2018 Esri User's Conference: Managing Identities


Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include High Availability, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.


Best Practices

It’s important for an organization to realize that creating a purposeful and actionable training plan that aligns its needs, goals, and objectives is highly critical.


A plan that is focused on the learning and development of the workforce can be the rudder that guides them toward success. Employees gain a sense of purpose with a better understanding of where they’ve been, where they are, and how far they must go to reach their goal. The organization benefits from a more productive, efficient, skilled, and empowered staff.


Failure to have a strategic training plan in place for your workforce can lead to unsuccessful projects and initiatives, and staff without a focus and vision for their role in the organization.


Esri Training Consultants partner with organizations of all sizes and industries to assess current skills and knowledge, while building awareness and making recommendations for key learning resources. There are hundreds of resources, ranging from instructor led training to self-paced e-Learning. Engage with an Esri Training Consultant right away!

The Strategic Impact of a Training Plan


Esri Spotlight Talk - UC 2018

High availability environments for ArcGIS are becoming engrained within the critical business operations and workflows of your organization.  Defining a SLA, service level agreement, will identify your organizations percentage of required service up-time and help guide you to designing a HA solution that satisfies your organizations expectations.


Our spotlight presentation, "Considerations for a Highly Available Enterprise", at Esri's 2018 User's Conference identified the below approaches to consider while designing a Highly Available system.


Multi-machine redundancy

Redundancy can be accomplished through duplication and load balancing.  Duplication of instances reduce the number of single points of failure while load balancing is a technique for distributing client workload traffic requests across multiple system components.



System Operational Plans

Test Plans should be applied on the systems and all applications that feed into those systems.  These tests plans should not be a onetime task and done.  They need to be part of a predefined schedule.  Please test the apps and systems prior to going live and at a predetermined schedule.  Having these test plans in place and recording the test results, will help you keep tab of your systems over its life cycle.  Operational plans can include, but not limited to: Stress Testing, Performance Testing, and Testing of Fail-over functions and activities.



Health Monitoring

Prevention is certainly better than the cure, it applies to systems too!  Monitoring system health to identify and proactively address problems are key to maintaining a highly available system.  System monitoring tools are available from various sources, including Esri.  The more systems you have to manage, the greater the need for a monitoring tool.  Use the monitoring tool to monitor: CPU usage, Memory usage, Response time, Service throughput, etc.  Ensure you can configure them to execute a job, like notifying you when a system status crosses a threshold.



The approaches listed above, are just some of the strategies that are meant to minimize service downtime.  Implementing these recommended approaches along with your own organizations strategies will enable maximum up-time and provide a reliable, high performing ArcGIS environment.


Keeping these best practices in mind, you can implement these approaches in your highly available enterprise.  Here is a download to the PDF for this presentation from the 2018 User's Conference:  Considerations for High Availability 



Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include IT Governance, Automation, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.


Specific business functions impact the performance of the ArcGIS platform in different ways. By allocating workloads to appropriate server resources organized by business function, organizations can maximize performance, reduce risk, and meet business‐defined service level agreements (SLAs). By implementing geospatial function isolation, organizations can reduce the risk that high‐intensity processes will consume cycles needed to support critical applications, or that an abnormal spike in requests will disrupt service for all users.


Design Approach Value

Workload separation is a design approach that enhances performance and reliability by aligning the technical implementation with organizational business requirements. Consider different business workflows to understand how each workflow impacts compute resources, and then use segregated and preplanned resource allocation to meet the needs of each workflow. 


Workload Separation


Maximize Performance

System performance is maximized when service requests are directed to compute resources in a way that optimizes hardware and reduces resource contention. Direct service requests that are known to be central processor unit (CPU) intensive, such as complex analysis tasks, to an ArcGIS Server site containing machines with faster processors. Direct less intensive requests, such as map visualization tasks, to more modest machines. This approach makes the best use of available compute resources to achieve the highest performance.


Reduce Risk

Workload separation also reduces the risk of service interruption. System stability is enhanced because overloaded machines cannot affect other machines in the environment, which in turn protects critical tasks from resource contention. Route user requests to the appropriate sites through load balancers and deliver results securely and transparently.


Develop a Strategy!

Allocate hardware around core GIS capabilities, including data management, analysis, and visualization functions. Some organizations may have more detailed separation needs around specific business functions (such as imagery, real‐time data, or caching), hardware characteristics, or SLA definitions. Use GIS patterns, SLAs, and performance expectations to determine how to best direct workloads to appropriate compute resources.


Download the PDF for this presentation from the 2018 Esri User's Conference: Designing a Robust Environment - Workload Separation


Architecting the ArcGIS Platform: Best Practices

This blog post, serves as a high-level introduction to one topic that is featured in the Architecting the ArcGIS Platform: Best Practices whitepaper published by Esri. Other topics include High Availability, Load Balancing, Security, and more. Please click on the link above to learn more or post comments to ask questions and engage with Esri staff.


Best Practices

The GIS Health Check is a service offered by Esri's Services. It provides an opportunity to have an expert in Esri-based GIS systems review an organization's current deployment and operations.  This "hands-on" activity offers a pro-active and holistic assessment of the current system relative to the organization's objectives and other successful patterns.  The recommendations by the expert are documented in a report and may include recommendations related to system design, operations, configuration, deployment patterns, performance, availability, etc.  The PDF of the presentation slides is available for download: User Conference 2018 GIS Health Check Service Spotlight Presentation . 


The PDF includes some case studies that illustrate the motives of some customers that have used this service.  Among those was a state government organization.  They had a long history of implementing Esri technologies which gave them a wealth of experience but led them to suspect that they may have some legacy patterns that were out-of-step with the newer technology.  They also had questions about what might be responsible for various performance and reliability issues.  The Health Check exonerated some technologies and configurations as a cause of the problems, allowing focus on the real issues.  And, it allowed the organization to translate its deep knowledge to the updated patterns and practices for the technologies that they currently have deployed.

Every time a new version of ArcGIS is released I receive one particular question more often than any other.  The exact words can change but it's always something to the effect of "How am I going to move all of my users from ArcGIS Desktop to ArcGIS Pro"?   


A big part of my role at Esri is helping customers implement and configure the ArcGIS platform, and that extends to upgrading to the latest version of ArcGIS and installing the newest products. So when someone asks me this question they are usually expecting me to talk about a technology migration path for desktop users. But a straight path like that assumes users will perform a 1 for 1 swap of ArcMap for ArcGIS Pro over time, and that's often not the best way to address the underlying question. 


Instead of a need for migration I like to think of this as an opportunity for modernization. Migration generally focuses on the technology. Upgrades, patches, installing the latest product. Modernization may involve upgrading and new products but that's only a means to an end. It's really about moving to a new pattern. A paradigm shift. In our conversation about ArcMap and ArcGIS Pro that pattern is Web GIS. As we move from Desktop, to Server, to Web and eventually Distributed GIS new options present themselves that were previously unavailable. ArcGIS Pro and all of the other Web GIS native applications allow for new and powerful functionality that we can only leverage if we shift the way we look at using GIS. 


When working with users on modernization I almost always start by asking three simple questions: 


  • Who are the users? 
  • What location information do they value? 
  • What answers are they after? 


Everyone that is using ArcGIS is trying to solve a problem, ask a question, or get an answer using spatial data. That problem, question, and answer come together as a workflow and the workflow, not the technology, is what we want to focus on.  Once we answer those questions we start reviewing the existing workflows and making a workflow by workflow recommendation on how to modernize each using one of three options. 


  1. Desktop to Pro Workflow Transition: A one-to-one swap of technologies by rebuilding workflows in Pro using only out-of-the-box (OOB) functionality. If you can do it this is it's the preferred approach because it has the smallest learning curve, requires less change management and can likely be accomplished with minimal changes to data. Although you may be accessing data differently (i.e. through services instead of direct GDB editing) in many cases. This is your easy button but don't expect you can use it in every case.  
  2. Desktop to a Web GIS Enabled Product Transition: When a one-to-one swap isn't an option (or an OOB app is a better fit than Pro) you can adjust the workflow you're using in Desktop to another Esri product.   Examples could range from something as simple as using collector for offline data collection rather than an ArcGIS Desktop with checked out data on a Toughbook, to more complicated changes that effect the underlying system architecture, like using a web app template and ArcGIS services to review and approve data changes rather than using a multitude of versioned databases and spending hours reconciling the edits. This option is often the most over looked. After years of comfortably working in ArcGIS Desktop our instinct is that we either need to move a workflow to Pro or build a plugin for Pro. But with the vast ecosystem of Esri Apps that leverage Web GIS we can often find a suitable (if not preferable) replacement for a desktop workflow using an OOB app that is fully supported and maintained by Esri. Sometimes changes like these require architectural or data adjustments, so while they may not be minor changes to a GIS administrator if done properly they can provide a very simple transition for the user.  
  3. Desktop to Custom Technology TransitionIn the past 10 years I've seen a great swing from customization being the default approach to any problem, to COTS over custom at all costs. But in the past few years we've seen the pendulum settle somewhere in between, and while configure first is still a great rule, customization is no longer frowned upon when needed. With the Developer tools available with ArcGIS this custom technology can take many forms. So think about your userbase when you are deciding how to go about building your new custom app, tool, or plugin. Think about what else the user of that workflow will be doing. Is this their only workflow? If so maybe a JavaScript app that's easy to maintain and can be built quickly is best. Do they have several workflows and most of them will be moving to a mobile app? Then maybe building with AppStudio makes sense so you limit that user's need to switch devices. Or are 99% of their workflows staying in the desktop with ArcGIS Pro? If so maybe a custom Pro plugin is worth the investment. It all depends on context.  


As you modernize your GIS and help your users make the paradigm shift to Web GIS keep these steps in mind so you can help them understand their options, and that a whole new ecosystem of tools and products are available to help them achieve their mission. 

In your organization there are likely different people, working in a variety of roles, with varying skills and responsibilities. It can be overwhelming to deliver the right content in the right format to these different people in a well-performing, reliable, and secure manner.


Your geospatial content publication strategy serves as a guide to help accomplish this. While any two organizations can have vastly different publications strategies, an effective content delivery strategy will always address performance, reliability, and security.



Think of performance as how long it takes an application to load- is it lightning fast, or crawling along. One way to address performance strategically is to consider separating internal and external activities. In practice, this could mean external public applications like StoryMaps live in a scalable environment such as ArcGIS Online, and internal dashboards, analytics, and editing work stays on your own infrastructure in ArcGIS Enterprise. This way, if one of those public-facing apps suddenly becomes popular, your internal resources won’t have to compete for resources.



Reliability is expressed in a service level agreement (SLA), and is an expectation of when the system will be available- like during work hours, or 99% of the time. There are many ways in which organizations address reliability, such as following other best practices like high availability, load balancing, workload separation, and security. You could also address reliability by leveraging cloud capabilities.



Within the context of a publication strategy, security is about exposing the right content and capabilities to the right people. You certainly don’t want non-experts editing your asset information, or your sensitive data to be exposed publicly. This content should be properly maintained in a secure system of record. Security isn’t just about keeping your internal content within your organization; it can also pertain to information or capabilities that is sensitive even between departments or teams within your organization. Depending on the level of risk and sensitivity of this content, it may be appropriate to have a separate, internal publication environment.



While your organization’s individual content publication strategy will likely encompass many other considerations that are relevant to your work, goals, and mission, it should always address the needs and expectations of the people in your organization and protect your internal system.


Download the PPT for this presentation from the 2018 Esri User's Conference: Content Publication Strategy.pdf  

As technologists supporting important business functions, it’s important to do what you can to make sure that your organization’s production environment is protected.


What kinds of negative business impacts could you expect if your production environment failed? How much money would it cost your organization? How many mission-critical operations would be halted? How many customers or citizens would be affected?


Environment isolation will help protect your production system by creating at least three separate and distinct computing environments for operational, testing, and development activities. Let’s talk about how each of these systems help to protect your production environment.


Production Environment

Your production environment is the system that you are most familiar with. It’s your “live” system. It’s where most people in your organization go to do their work, whether it’s to access their mobile application to submit damage assessments around the city, or their desktop application to predict the structural integrity of buildings and bridges, or their dashboards to monitor the progress of their initiatives and projects. Because these people’s work is so important, it’s crucial that changes aren’t made here without first being tested and evaluated in a separate environment.


Staging Environment

Your staging environment is a replica of the production environment that isn’t supporting your business operations. This makes it a great, safe place to test an amazing new application your team has developed. This way you can be sure the app will deliver the functionality you promise and that nothing else in the system will be negatively impacted. It’s worth mentioning that many risk-averse organizations will have many kinds of testing environments, including a staging, performance testing, load testing, acceptance testing, and even training environments. The needs of your organization may differ depending on the level of risk you’re willing to assume.


Development Environment

Let’s get back to that amazing new application. That app was made in a separate environment: development.

This is a workspace where your developers can innovate. It’s where they can manage content, make changes, construct new business workflows, and create new capabilities. This environment’s size and complexity will largely be determined by how many developers you have working in this space and the level of risk associated with the kinds of changes they work on.


Needless to say, delivering a reliable, high-performing system is no easy feat. It takes a lot of diligent work done by smart, dedicated people. Isolating inherently risky activities like development and testing from your production environment will contribute to the stability and performance of that system.


Download the PPT for this presentation from the 2018 Esri User's Conference: Environment Isolation