Patching ArcGIS Enterprise

127
0
01-14-2021 07:13 PM
NicEverdell
Esri Contributor
3 0 127

As we all know, the ArcGIS Enterprise environment is constantly under development and being further improved by Esri.

Part of the application life cycle, for all software not just ArcGIS Enterprise, is the release of Security and Functionality patches that improve security, stability and functionality of the application but don’t warrant new version numbers.

Often times I will see a client deploy an ArcGIS Enteprise environment, forget to install patches, and revisit the deployment a year or two later to upgrade to a new version. This is not the most secure way to manage an environment nor is it the best way to utilise an Enterprise scale GIS.

 

When working with Enterprise scale systems, a good mentality is to patch regularly and upgrade often. This is the behaviour that we have grown used to with the growing use of smart phones and the applications we use them for, so why do we not keep this behaviour for software suites we manage for an enterprise.

A regular (maybe monthly) maintenance window means that users are less disturbed by work on a system and they are also more aware that the system is being maintained and looked after. Applying the latest patches during this maintenance window also means that bug fixes are applied, security flaws are resolved and the system gets a regular “refresh” with virtual machine reboots that are built into the maintenance window.

 

When it comes to ArcGIS Enterprise, Esri make patching easy for administrators by including the ArcGIS Enterprise Patch Notification utility in the install of all applications. More information on using this utility can be found here - https://enterprise.arcgis.com/en/server/latest/install/windows/check-for-software-patches-and-update... - but unfortunately, this method relies on an internet connection from the Server that is trying to download the patch. Not all servers have this connection in which case you will need to download the patches manually and install them using another method.

Some important things when working with a disconnected environment and looking to patch:

  • Download the patches.json file from here - https://downloads.esri.com/patch_notification/patches.json
  • Host the patches.json file on a web server with the same context as above (For IIS, make the following directory “C:\inetpub\wwwroot\patch_notification” (Or a virtual directory of the same name) and put the patches.json file in that folder

NicEverdell_0-1610680324493.png

 

  • Set up network routing (DNS or Host File change) so that when the Patch Notification calls the above URL, it finds your locally hosted version

Using this method, you will be given a list of patches that are currently installed and a list of newly released patches that you should apply to the system.

Once you have this list, download the new patches and install them using your preferred method (Personally, I use powershell to silently install the patches and log the start/end times of each install for my own record keeping)

 

 

Also of importance is that not all months will have dedicated work to perform, but even these windows should be utilised for a VM restart to clear any of the little issues and refreshes the ArcGIS Enterprise windows services.