Latest Contributions by RandallWilliams

‎07-23-2019

Yes. When you federate your GIS server with a Portal instance, you're delegating security to the Portal. Portal has a concept of users, roles, and groups. You may create all three. A role is more a collection of priviliges, and a group is a logical collection of portal items that is themselves shared with a number of users. Basically, when you federate, use Portal to manage your users, groups, and roles. Once you've federated, the GIS Server passes that functional aspect to the Portal. https://enterprise.arcgis.com/en/portal/latest/administer/windows/roles.htm https://enterprise.arcgis.com/en/portal/latest/administer/windows/create-groups.htm

‎06-28-2019

Hi Clinton, You should add the domain for ArcGIS Server machines to which you're creating items with stored credentials, hosts that provide OCG services, hosts that don't support CORS. If you have none of those, a dummy entry will work fine - like your domain. You can see if a server supports CORS by reviewing the access-control-allow-origin header in the browser debugger for a web request to that resource.

‎06-18-2019

In Esri PSIRT, we get a LOT of questions. Some questions we see more frequently than others - like folks wondering where your data goes when you publish to ArcGIS Online, or where to go to ask other questions. We've documented many security, privacy, and compliance information over on our ArcGIS Trust Center. Here are a few examples of some frequently asked questions, with some pointers on where to find references to support these answers. The first set of questions we're usually asked is along the lines of: Q: Do you house the servers where ArcGIS Online is hosted? Q: If not, do you have a third party such AMAZON, Microsoft that handles this for you? This is an example of a question that's documented in DCS-04 in the ArcGIS.com Cloud Security Alliance Controls Matrix. The controls documented in the Cloud Security Controls Matrix map to NIST SP 800-53 and ISO/IEC 27001:2013, and cover a great many aspects of ArcGIS Online. Q: What else can you share from a security, privacy, or compliance stand point? We've accumulated a good bit of information for our customers. In fact, we curate https://trust.arcgis.com, which is a repository for knowledge regarding security, compliance, and privacy. Of particular note is our 'documents' section, found here: https://trust.arcgis.com/en/documents/. Customers should know that ArcGIS Online is a FedRAMP Tailored Low authorized solution by the United States Department of Agriculture (USDA). This includes the requirement to adhere to robust continuous monitoring requirements and security controls are reviewed at a minimum of every three (3) years. Q: Who can I reach out to to obtain additional or more granular information if I don't see it on the ArcGIS Trust Center? Esri's PSIRT is here to help. If we're missing something on the Trust Center, let us know. We'll answer your question and update our docs. Let us know how else we can help!

‎06-18-2019

The 10.3 STIG is still valid for stand-alone ArcGIS Server instances. Updated STIGS for Enterprise (including Portal/Datastore) are on our roadmap.

‎06-10-2019

Tad Hammer‌ - a. I've been successful installing 10.3.1 on Win2016 but... b. Why? Do you have legacy dependencies? At a minimum, I'd go with 10.4.1 (prefer 10.7/10.7.1) I ask because 10.3.1 is in Mature support, meaning no new patches are being released. https://support.esri.com/en/Products/Enterprise/arcgis-server/ArcGIS-Server/10-7#product-support

‎06-10-2019

Kevin MacLeod‌, Given your experience, I'd posit that the bottleneck is likely on the database side. Have you done any profiling with SDEINTERCEPT? https://support.esri.com/en/technical-article/000010355

‎05-30-2019

I'd strongly recommend SAML over IWA in a situation where you need to share some services to the public but keep others private. You can support both built in and domain users with SAML, but not with IWA. SAML is by far your best option here. You can even support multi-factor auth with Portal if your SAML provider can support it.

‎05-30-2019

Is your portal exposed to the outside, or just internal/VPN users? If just internal/VPN, I'd personally push out a GPO to add your portal to the list of trusted sites in IE. That way you should get a single signon experience and won't need to manually pass credentials at all, as long as you're logged into the domain.

‎05-30-2019

Don't add CORS headers at the web tier. CORS is supported at the GIS Server and Portal tier. By default allowed origins are set to allow *.

‎05-28-2019

ArcGIS Enterprise security patches have been released for ArcGIS Server and Portal for ArcGIS.. ArcGIS Server Security 2019 Update 1 Patch Portal for ArcGIS Security 2019 Update 1 Patch You'll notice a new addition to our patch pages - CVSS base scoring and vector parameters. CVSS is a way that software security professionals come quantify risks associated with software security issues. Next to each patch above we list the highest risk addressed, moderate risk security issues are addressed by the Server patch and a high risk issue is addressed by the Portal patch. We strongly suggest users patch their systems to address these security concerns.

‎05-16-2019

Correct. This applies to any client making requests to the ArcGIS Online geocode services.

‎05-15-2019

Hi Iruoma, While this blog is in the context of Esri Maps for Power BI, it does explain data custody in terms of geocoding. https://community.esri.com/groups/powerbi/blog/2018/05/25/faq-data-security-in-arcgis-maps-for-power-bi

‎04-26-2019

You can still publish directly to the GIS Server using your SQL server RDBMS as a data source as you did previously - you don't have to copy data from your SQL server instance into the Data Store. Instead of a hosted feature service, the outcome will be an 'arcobjects' based feature service. The primary difference between hosted feature services and 'classic' ArcObjects based services is scalability - hosted feature services are far more lightweight/scalable.

‎04-25-2019

Yes, but you'd have to simply add the rasters to a map document and publish as a map service. You wouldn't be able to publish a mosaic dataset as a map service.

‎04-25-2019

I don't think importing the cert will help in this case. The error mentions that the CN in the cert doesn't match the FQDN that you're connecting to. Importing the cert would help to address this issue if the issue was ONLY that the cert was self scanned, but the root of this issue (at least according to the error message) looks to be that either the cert is misconfigured or the alias you're using isn't the CN or one of the SAN values.

Online Status	Offline
Date Last Visited	‎04-10-2026 06:56 AM

My Ideas

Latest Contributions by RandallWilliams

Re: Steps to require username and password for map service

Re: Enterprise Security allowedProxyHost Portal Admin 10.6.1

Just a few quick questions...

Re: Maintain STIG's with ArcGIS Server Version

Re: Has anyone successfully installed ArcGIS Server 10.3 on Windows 2016?

Re: Feature Service vs. Map Service

Re: LDAP/IWA issues

Re: LDAP/IWA issues

Re: Access Control Allow Origin - Portal + Hosting Server

Portal for ArcGIS and ArcGIS Server Security 2019 Update 1 Patches released!

Re: Data Privacy using Arc Gis Python API

Re: Data Privacy using Arc Gis Python API

Re: Understanding ArcGIS Enterprise Data Store and Editing Hosted Feature Layers

Re: Can you still publish imagery as a cached MAP SERVICE after 10.4.1?

Re: Certificate warning publishing from ArcMap

Re: Update ARCGIS ANTIVIRUS GUIDANCE document

Re: Update ARCGIS ANTIVIRUS GUIDANCE document

Re: Best method to change IAA and PSA passwords

Re: Apache Parquet < 1.15.1 Remote Code Execution ...

Re: ArcSOCs Exceed Max Instance Setting