ArcGIS for Server: Administration and Security. Amr Wahba

Similar documents
ArcGIS for Server: Security

Learning What s New in ArcGIS 10.1 for Server: Administration

Securing ArcGIS Services

Securing ArcGIS Server Services An Introduction

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Introduction to ArcGIS Server Architecture and Services. Amr Wahba

Securing ArcGIS for Server. David Cordes, Raj Padmanabhan

ArcGIS Enterprise: Advanced Topics in Administration. Thomas Edghill & Moginraj Mohandas

Implementing Security for ArcGIS Server Java Solutions

Oracle WebLogic Server 12c: Administration I

ArcGIS Enterprise: Architecture & Deployment. Anthony Myers

Administering Your ArcGIS Enterprise Portal Bill Major Craig Cleveland

ArcGIS Enterprise: Configuring Backups, Disaster Recovery, and Replication. Harrold Sompotan and Patrick Jackson

What is new in ArcGIS 10.2.x for Server

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

ArcGIS Server Web Server Web Applications WWW. Applications. ArcGIS Server Manager. GIS Server. Data. Desktop GIS. ArcGIS Desktop (content author) SOM

ArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT

ArcGIS Enterprise: Portal Administration BILL MAJOR CRAIG CLEVELAND

Portal for ArcGIS. Matthias Schenker, Esri Switzerland

ArcGIS for Server Administration. Andrew Sakowicz

Data Store Management Best Practices. Bill Major Laurence Clinton

ArcGIS Enterprise Administration

What s New in ArcGIS 10.3 for Server. Tom Shippee Esri Training Services

ArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Cloud Operations Using Microsoft Azure. Nikhil Shampur

ArcGIS Enterprise Portal for ArcGIS

Working with Feature Layers. Russell Brennan Gary MacDougall

Edge Foundational Training

ArcGIS Deployment Scenarios. Philip Heede, Jay Theodore

Developing Enterprise Cloud Solutions with Azure

ArcGIS Enterprise Security. Gregory Ponto & Jeff Smith

Enabling High-Quality Printing in Web Applications. Tanu Hoque & Craig Williams

Deploying and Using ArcGIS Enterprise in the Cloud. Bill Major

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

MySQL for Database Administrators Ed 4

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

1 Modular architecture

Implementing a Hybrid Approach to ArcGIS. Philip McNeilly and Margaret Jen

Architecting ArcGIS Server Solutions for Performance and Scalability

High Availability & Disaster Recovery. Witt Mathot

High Availability and Disaster Recovery. Cherry Lin, Jonathan Quinn

Server Installation and Administration Guide

ArcGIS for Server Michele Lundeen

ArcGIS Server Components: An Introduction to Server IT

Live Data Connection to SAP Universes

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

vcenter Server Installation and Setup Update 1 Modified on 30 OCT 2018 VMware vsphere 6.7 vcenter Server 6.7

Google Cloud Platform for Systems Operations Professionals (CPO200) Course Agenda

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Enabling High-Quality Printing in Web Applications

Configuring, Tuning and Managing ArcGIS Server. Dan O Leary James Cardona Owen Evans

What s New in ArcGIS 10.4 for Server

Dispatcher. Phoenix. Dispatcher Phoenix Enterprise White Paper Version 0.2

An Introduction to GIS for developers

Softlink International Liberty Security

ArcGIS for Server: What s New. Philip Heede, Jay Theodore

Installation runbook for Hedvig + Cinder Driver

Automating ArcGIS Deployments Using Chef

Securing an Oracle Private Cloud using Oracle Directory Suite

VIRTUAL GPU LICENSE SERVER VERSION , , AND 5.1.0

VMware vcenter Server Appliance Management Programming Guide. Modified on 28 MAY 2018 vcenter Server 6.7 VMware ESXi 6.7

NET EXPERT SOLUTIONS PVT LTD

Table of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Welcome to the. Migrating SQL Server Databases to Azure

Performance and Scalability: Tuning, Testing, and Monitoring

Exam : Implementing Microsoft Azure Infrastructure Solutions

GroupWise Architecture and Best Practices. WebAccess. Kiran Palagiri Team Lead GroupWise WebAccess

Galigeo for Cognos Analytics Installation Guide - G experience

Installation Guide. CloudShell Version: Release Date: June Document Version: 1.0

Microsoft Exchange Proxy Settings Outlook 2010 Gpo

Genomics on Cisco Metacloud + SwiftStack

McAfee Security Management Center

vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7

TECHNICAL WHITE PAPER DECEMBER 2017 VMWARE HORIZON CLOUD SERVICE ON MICROSOFT AZURE SECURITY CONSIDERATIONS. White Paper

MOC 6420A: Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Axway Validation Authority Suite

Enabling High-Quality Printing in Web Applications

Spotfire Security. Peter McKinnis July 2017

ArcGIS 10.3 Server on Amazon Web Services

LAN protected by a Firewall. ArcGIS Server. Web Server. GIS Server. Reverse Proxy. Data

SnapCenter Software 2.0 Installation and Setup Guide

HySecure Quick Start Guide. HySecure 5.0

Creating Web Mapping Applications. Nikki Golding

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

IBM Integration Bus v9.0 System Administration: Course Content By Yuvaraj C Panneerselvam

Microsoft Dynamics. Administration AX and configuring your Dynamics AX 2009 environment

Quick Start ArcGIS Enterprise with Automation. Shannon Kalisky Mark Carlson Nikhil Shampur Cherry Lin

Inside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1

Web App Builder: Code-free Development. Adam Ziegler, Esri-Northeast, Local Government Team

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

Service Manager. Installation and Deployment Guide

OpenIAM Identity and Access Manager Technical Architecture Overview

Qlik Sense Certification Exam Study Guide

High Availability for Enterprise Clouds: Oracle Solaris Cluster and OpenStack

Transcription:

ArcGIS for Server: Administration and Security Amr Wahba awahba@esri.com

Agenda ArcGIS Server architecture Distributing and scaling components Implementing security Monitoring server logs Automating server administration What s new in 10.2? Backup and restore Q&A

ArcGIS Server architecture

Pre-10.1 architecture

Motivation for architecture change Performance (64 bit) HTTP only Faster installation Scalability and elasticity High availability Cloud deployments Linux improvements

ArcGIS for Server 10.1 Architecture ArcGIS Server site http://6080 Services Directory ArcGIS Server account (OS level) GIS Server Manager Server Administrator API Primary Site Administrator (PSA) Configuration store Data Server directories

Single machine deployment with Web Adaptor Easily block admin end points Forward compatibility - Connect via port 80 - GIS site name Leverage Web tier features - Security - Logging OOTB reverse proxy http://80 Web WbServer http://6080 Web Adaptor GIS Server Firewall GIS site Configuration store Server directories Data

Multiple machine site http://80 Web Server Web Adaptor ArcGIS Server site GIS Server 1 GIS Server 2 Configuration store Server directories Data

Join site checklist Same ArcGIS Server account across all machines All machines can see config-store & server directories and have read/write/create permissions to these via ArcGIS Server account No mix of Windows and Linux among machines Necessary ports open on each machine: - 6080-6443 (for HTTPs) - 4000 4005+ (communication between GIS Servers) Each machine has valid log location

Multiple machine site with clusters http://80 Web Server Web Adaptor ArcGIS Server site GIS Server 1 GIS Server 2 GIS Server 3 cluster A cluster B Configuration store Server directories Data

Multiple machine site with clusters http://80 Web Server Web Adaptor GIS Server 1 GIS Server 2 GIS Server 3 cluster A cluster B Configuration store Server directories Data A

Benefits of clusters Hardware isolation - Cluster contains machine with the same hardware specs Dynamic allocation of resources - You set thread instances per machine, NOT per service like previously - You can re-assign machines to different clusters at different times Isolate intensive processes in their own cluster

High Availability Configuration http: 80 Web Server Web Adaptor Web Server Web Adaptor GIS Server 1 http:6080 GIS Server 2 http:6080 Server Dirs Config-Store

Active-Passive Failover Configuration NLB Web Server Web Adaptor http: 80 Web Server Web Adaptor http: 80 ArcGIS Server site http:6080 ArcGIS Server site http:6080 GIS Server 1 GIS Server 2 Server Dirs Config-Store Server Dirs Config-Store

Implementing Security

Security is tiered Installation security - ArcGIS Server account (OS account) - OS permissions on install directory, server directories and configuration store - Database account Security for published geo content - Administrators, Publishers, Consumers

Identity stores Built-in - Out of the box Windows domain LDAP Custom identity providers - You write the identity provider adaptors and deploy it to Server

Demo: Setting up identity store

Understanding authentication How the service authenticates Key security decision - Configured by the GIS admin Tokens (GIS Server) - Specific to a given ArcGIS server site Web server (e.g., IIS) Verifies credentials - User store can be built-in or enterprise - Built-in roles/groups can be used with enterprise users Can occur at different levels - GIS server (e.g., ArcGIS tokens) - Web server (e.g., IIS)

GIS Server level authentication Implementation - Web server requires anonymous access (10.2 now supported using web server authentication) - Token-based requires a token service - ArcGIS Server: GIS Server tier authentication Login using ArcGIS Identity manager - Handles all login and token processing - Supported in all Web APIs Impersonated Tokens (GIS Server) How the service authenticates User login Service request IIS Anonymous access GIS Server GIS Server Authentication

Web Server level authentication Implementation - Configured in the web server (e.g., IIS) - Runs in browser before the server is called - ArcGIS Server: Web server tier authentication Login models How the service authenticates - Pass through: Integrate Windows Authentication (IWA) - Login required: Basic or Digest Web server (e.g., IIS) Single sign on or User login Service request IIS GIS Server IWA, Basic or Digest

Demo : Configuring authentication

Authorization Role based access control Fundamental privileges - Publishers - Administrators For consumers: - Set permissions on roles - Assign roles to user accounts

Demo: Configuring authorization

Server logs and monitoring

Logs available in Manager Each GIS server writes logs locally Manager synthesizes logs from all machines - Don t open or edit manually Verbose levels for troubleshooting - Map draw extents - Layer draw times

Demo: Using logs for troubleshooting

Going further ArcGIS Server Administrator API lets you query logs and stats through REST

Statistics available in the Administrator Directory Administrator Directory gives a window into stats Shows number of requests per machine Not available currently in Manager

Automating Server Administration

Why automate? Repetitive workflows - Add more machines during business hours - Start caching during non-peak hours - Understand usage Very easy - Full administration through HTTP API - Can program in most languages like Java, Python, C#, Ruby

Demo

What s new in 10.2

A taste of what s new in 10.2 Integration with Portal for ArcGIS Backup and restore Disable automatic data copying when publishing

Backup and restore

Backup You want to: - Take regular snapshots of your server for archival - Move from staging to production Through Python tools or through Admin API Produces a self contained.agssite (ZIP) file

Restore Requires a valid Site Import exported.agssite (ZIP) file Deletes all current configuration of site and restores site to the configuration in the.agssite file

Demo: Creating a backup

Questions?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback