Community
Select to view content in your preferred language

VPN requirements for ArcGIS Pro

493
4
02-06-2025 01:13 AM
Status: Open
Labels (1)
Bud
by
Esteemed Contributor

ArcGIS Pro is notoriously slow over VPN due to Pro's heavy network traffic.

I've heard rumors of I.T. departments tuning their architecture for fast Pro performance over VPN. But I don't know how it was done.

Could Pro over VPN requirements be added to the documentation or in a technical article?

4 Comments
MikeVolz
by
‎02-06-2025 05:51 AM

To add to this thread, how does one secure enterprise GIS database connections over a VPN?

This is the biggest concern my org has with the security of our enterprise GIS databases.

AyanPalit
by Esri Regular Contributor
‎02-06-2025 07:49 AM

@Bud Thanks for the idea post. We recognize the dependence of remote access on VPN. Yet there are various VPN solutions, each with their unique configuration settings for network traffic, tunneling etc. The other factor that plays in and is often overlooked is Anti-virus software.  Some organizations increase scanning when an external access is detected (including VPN).) 

Adding the following resources for review:

ArcGIS and VPN: Understanding connection errors, timeouts, and performance issues when working remot...

How do I troubleshoot ArcGIS Pro performance issues related to antivirus software (exceptions)?

PS: @MikeVolz Suggest search for your question on secure enterprise GIS database connections and posting on Implementing ArcGIS

 

RTPL_AU
by
‎02-12-2025 07:01 PM

@Bud 
My two basic rules of working with remote sites is to have processing next to the data and remote access the display i.e. to have remote access via VPN to a hosted desktop environment (insert your poison e.g. vanilla RDP, VMWare, Citrix, Azure or AWS app streams, etc.)
If physical locations are in play you could use actual hardware for the Pro instances. 

Alternatively rely heavily on web services but this does not remove the requirement for at least one or few desktops closer to the data for primary processing & sharing.

Having Pro & data separated by VPN just gives a terrible experience, especially for less proficient users that do not recognise the risk of opening that statewide road dataset.

I am complaining of Pro performance on a local 10GBE environment so my expectations my differ from other users!!

The only cases where VPN use can be OK is where latency is massively optimised (the experience killer is latency more than just speed)  and unfortunately that yolo's the cost to IT dramatically. 

Some newer VPN tools such as Tailscale improve things a bit but unlikely to be in play with typical corporate IT that have some legacy tech debt in place already.

@MikeVolz  I think we have to ask "Define VPN?"
If it runs between two corprorate sites and both sides and all user devices are fully within the organisation's control then you don't need to go overboard. If you mean to have users access the server from their own device using an 'influencer VPN' from the airport wifi then it opens a whole big can of worms. 

Add caveats that cover that if you have to ask about security you probably have to bring someone in that can list all the caveats.

RTPL_AU
by
‎02-12-2025 07:09 PM

@Bud If I remember correctly there are Ideas covering 'low noise modes' for Pro harking back to the ArcMap days specifically to cover this topic. 
The concept is that if we can make Desktop less chatty then the latency has less of an impact on performance.
Something else I saw somewhere (will try to find later when I have time again) was to leverage AGOL Offline Map Areas or something very similar in Pro - you still need someone to process and edit the 'main' data but some workflows can be much more local.