Latest Contributions by MichaelYoung

Hi Thomas, We have provided updates to DISA as our product has evolved for different versions, however DISA has not had bandwidth on their side to run a full update of their materials for each version. DISA clarified that the version number on the STIG does not have to match the version number deployed, IF the vendor has a public statement that the STIG is still tested and valid.  We therefore have the statement that the ArcGIS Server STIG "...is tested for compatibility through current releases." as part of the document description within the ArcGIS Trust Center documents section here.   As for providing STIGS for ArcGIS Enterprise base software components - Server, Portal, DataStore, we have attempted to engage DISA, however their backlog is too severe for them to provide us an estimate for when they can engage.  Once the number of direct requests from customers to DISA are significant enough, DISA will accordingly prioritize and engage with Esri - Until such time, we are looking at creating an ArcGIS Enterprise security hardening guide in 2020 that customers can reference for thier deployments and authorization efforts. ... View more

Thanks for your patience while we worked with the Leica team to provide a summary of work-arounds for issues with Zeno Collector mobile applications accessing external services such as ArcGIS Online (which now enforce secure TLS 1.2 only). Customer Managed Proxy - If your organization has a proxy for HTTP/S traffic, simply go to the Zeno wireless settings and enter your proxy configuration information.  By passing through a TLS 1.2 proxy, your connectivity to ArcGIS Online will be via TLS 1.2 and it will work.  If your organization’s proxy public certificate is not already on the Zeno device, you will need to add it as a trusted certificate.  This configuration has been successfully tested using a Squid proxy and other TLS 1.2 proxies will work in a similar capacity.  Because proxies can be dangerous if not locked down appropriately, we are not distributing generalized proxy setup guidance, if you are going to use a proxy we strongly recommend having your organizations information system team fully manage it. ArcGIS Enterprise - If your organization already has ArcGIS Enterprise available, you can collect and store your information there instead of ArcGIS Online for now.  While the current release of ArcGIS Enterprise only enables TLS 1.2 by default, you can configure your ArcGIS Enterprise system to utilize TLS 1.0 to support older Zeno Collector devices. (See Travis’s blog comment for more). Leica Managed Proxy – Esri has provided documentation to Leica for configuring a proxy to support relaying HTTPS traffics to ArcGIS Online via TLS 1.2. Leica is looking at establishing such a proxy for customers who do not have their own proxy system. If all goes well, this is something that could be made available in less then a week (more info to come from Leica on status). External Receiver – As of 4/26/19 Leica has a new Zeno Connect version available that will enable this option. Customers can install Collector on current technology phones and then utilize the Zeno device to obtain cm level GPS readings.  To do this the user would first configure the Zeno device to be able to share readings via Bluetooth and then on the phone with Collector, choose the add receiver option and select the Zeno device (Reach out to Jason Hooten at Leica as mentioned by Alex's blog comment). Zeno Mobile – Temporary licenses may be made available for this by Leica for your organization. If desired, please reach out to them directly for this as an interim workaround (See Veronica’s blog comment for more). Long-term Leica Patch – Leica is looking into other potential options for allowing TLS 1.2 communication by default for the device which could address mobile applications failing to communicate with external services requiring TLS 1.2 (A timeframe has not been set for such a patch at this time). - Michael ... View more

Hi Paul,  We released the public facing version of the compliance validation tool for ArcGIS  at the UC this year.  You can access the tool @ https://arcg.is/ago-advisor .  If you have any questions about the tool, feel free to reach out to our team @ SoftwareSecurity@Esri.com.    With the ArcGIS  update this week, you can now also export application log information from within the user interface as described by Kelly here: Exploring the Organization Activity Log CSV   ... View more

By the way, if you want to see all key current security papers and presentations Esri provides (including the mobile security paper), check out the Trust.ArcGIS.com Documents tab. ... View more

Hi Jerry, The integrated security model capability is a part of the core product now.  Currently, the capability is only offered for the Oracle platform, but can be expanded to other platforms as demand dictates.  Documentation for this capability may be found within our online help @ http://resources.arcgis.com/en/help/main/10.1/index.html#//0154000005rq000000 Best regards, Michael ... View more

Yes, for that particular configuration and service the VM's throughput was 11% lower then the physical server.  The key item is to test your particular services and configuration before production deployment as the amount of degradation can vary significantly.  Additional information may be found in the VMWare/Esri virtualization whitepaper. - Michael ... View more

You might want to look over the draft of the California Executive Branch Geospatial Data Distribution Policy. There are also some recent presentations discussing finding the right balance of policy/data sharing from the NSGIC 2010 conference. ... View more

Hi Jerry, Some of the more common performance testing tools utilized with ArcGIS Server include LoadRunner, Silk Performer, Visual Studio Test Team Edition, and JMeter.  Additional information about performance testing may be found in our Dev Summit presentation from earlier this year at: http://proceedings.esri.com/library/userconf/devsummit10/papers/tech/2010_arcgis_server_performance_and_scalability-testing_methodologies.pdf ... View more