How does ArcGIS Insights Enterprise use a database connection?

622
4
06-25-2023 10:30 PM
AnthonyRyanEQL
Occasional Contributor III

Hi all,

I have the required JDBC driver installed on all servers registered within my hosting server site and register the connection type via the server admin api (eg. SQL Server, HANA).

Within Insights, I make the database connection by filling out the required fields and connection to the database is successful.

This is a functionality type question relating to database connections used with ArcGIS Insights Enterprise (eg. within Portal). How does the web app communicate with the database? I'm looking at this from a cyber security point of view of where does the database ports need to be allowed to access to & from.

Example would be - In AWS allow TCP 1433 in/out for NACL between the subnets of the hosting server & database along with a security group for TCP1433, etc.

 

Thanks for anytime with this

 

4 Replies
AkshayHarshe
Esri Contributor

Hi @AnthonyRyanEQL ,

Thanks for your question. I might need additional information about your concerns so I can answer them or have someone answer them. 

There are nuances when it comes to security but when it comes to sharing ArcGIS Insights follows the Portal's sharing model. Once you have created a database connection within Insights it creates a portal item. You can share this item with others and people who have access to this item will be able to see and use the data from this connection.

If that is not desirable, you can also manage your security on the database by creating views or named users with permissions to certain data. (Note: we do not support row-based access)

When it comes to sharing a report, Insights will honour permissions set on the Portal. e.g. if you share a report to "Everyone" but the underlying database connection is not shared with anyone then the viewers will get prompted to log in. If the viewer doesn't have enough permissions they will not see the cards they don't have access to. (Though this has exceptions depending on how your page is setup)

I hope I have at least touched on your question. Feel free to drop in a follow-up.

Thanks,
Akshay Harshe
0 Kudos
AnthonyRyanEQL
Occasional Contributor III

Akshay,

The question is around database access/security. Our ArcGIS Enterprise instance is in AWS and users access the arcgis from the corporate network into AWS via Direct Connect. With this configuration, no user has direct database access (eg. database ports are blocked) to any databases hosted in AWS.

Based on this, how does ArcGIS Insights access data from a database when a user is interacting with the workbook/card, etc

Thanks

0 Kudos
AkshayHarshe
Esri Contributor

Thanks for the information, I might have to refer you to my colleague who might have an answer for you. @ChakaClarke See if you can answer this! 

Thanks,
Akshay Harshe
0 Kudos
ChakaClarke
Esri Contributor

Hi @AnthonyRyanEQL , Sorry for the delay in answering this question, 

ArcGIS Enterprise
Assuming  you have ArcGIS Insights installed in you Enterprise Portal, if that is the case,

our JDBC connections use TCP/IP connection from ArcGIS Server to the database server name Specified, on the TCP/IP Port number, also specified when creating this connection:

ChakaClarke_0-1691489864806.png

 

Figure 1 Simple JDBC Connection Example

 

This will either be a straight TCP/IP socket for SQL server/Hana, But for Hana as the JDBC driver supports Secure Socket Layer (SSL) connection, in which case this is will be used, if the SSL Button is checked when creating the Hana Database connection to communicated between ArcGIS Server and Hana Cloud , the Transport Layer Secure (TLS)/Secure Sockets Layer (SSL) protocol to secure communication between the SAP HANA CLOUD database and ArcGIS Server.

ChakaClarke_1-1691489864808.png

 

Figure 2 Secure Socket Connection Example

 

 

ArcGIS Insights Desktop,

then the JDBC Connection is similar but from the client machine ArcGIS Insights Desktop is installed and the database server:
Connection Source: the Client machine location

Could be the IP address, when signed in

    • at the office,
    • VPN, or
    • other possible locations the user would be expected to work from

 

TO

Connection Destination : Database server.

Let me know if this helps answer your question. Feel free to reach out for more information about other specific types of connections relevant to your working environment.
Cheers
Chaka Clarke
Senior Product Engineer at Esri
ArcGIS Insights

 

0 Kudos