Architecting The Arcgis System: Best Practices

Architecting the ArcGIS System: Best Practices
AUGUST 2021
Architecting the
ArcGIS System:
Best Practices
Copyright © 2021 Esri
All rights reserved.
Printed in the United States of America.
The information contained in this document is the exclusive property of Esri. This work is protected under United States copyright law and
other international copyright treaties and conventions. No part of this work may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying and recording, or by any information storage or retrieval system, except as expressly
permitted in writing by Esri. All requests should be sent to Attention: Contracts and Legal Services Manager, Esri, 380 New York Street,
Redlands, CA 92373-8100 USA.
The information contained in this document is subject to change without notice.
Esri, the Esri globe logo, The Science of Where, ArcGIS, esri.com, and @esri.com are trademarks, service marks, or registered marks of Esri
in the United States, the European Community, or certain other jurisdictions. Other companies and products or services mentioned herein may
be trademarks, service marks, or registered marks of their respective mark owners.
What’s New (August 2021)

This update includes minor corrections and clarifications, with some substantive updates to the “Collaboration” and
“Governance” articles.
Modifications
The “Distributed Web GIS” article was updated and renamed to “Collaboration: Enable People to Work Together.”
This update reflects changes in ArcGIS to more broadly support collaboration among teams and stakeholders.
The “Governance: The Policy and Practice of Enablement” article was updated for clarity.
We also reviewed and made minor updates to the remaining best practices to align with the latest Esri messaging.
The content of most of the best practices, including their recommendations, remains unchanged.
3
Introduction
You can maximize the value of ArcGIS in the context of your organization’s goals, by applying the guidelines presented in
these best practices and implementation approaches.
Architecting ArcGIS
ArcGIS is a system that connects maps, apps, data, and people in ways that help organizations make more informed
and faster decisions. ArcGIS accomplishes this by making it easy for everyone in an organization to discover, use,
make, and share maps from any device, anywhere, anytime. Furthermore, ArcGIS is designed to be flexible, offering
these capabilities through multiple implementation patterns and approaches. Together, these capabilities and flexible
approaches make it easier for you to extend the reach of GIS across the enterprise.
This document presents some implementation guidelines in the form of a conceptual reference architecture diagram
and associated best practice briefs. You can use these guidelines to maximize the value of your ArcGIS
implementation and meet your organizational objectives.
Conceptual Reference Architecture

The ArcGIS Conceptual Reference Architecture diagram (found on
page 6) illustrates the capabilities of ArcGIS combined with best
practices.
The diagram depicts three distinct compute environments—

production, staging, and development—which together represent a
best practice known as environment isolation. Each environment has
four components, with each section displayed in a different color to
highlight the function. Figure 1 identifies those components by color
and number.
The Apps section illustrates the components of ArcGIS that most

users interact with, including clients such as ArcGIS Pro, mobile
native apps, and web applications. Apps connect people and their
business workflows to ArcGIS. Apps are typically used in workflows
that follow one or more of the patterns of use (mapping &
visualization, data management, field mobility, monitoring,
analytics, design & planning, decision support, constituent
engagement, and sharing & collaboration). For example, the sharing
& collaboration pattern extends geospatial capabilities to everyone
in the organization by providing a destination (website and simple
apps) where knowledge workers, executives, and field workers can Figure 1: Components of the ArcGIS Conceptual
access information and capabilities. A person capturing data in the Reference Architecture: 1, Apps (orange); 2, Portal
field is following the field mobility pattern. A decision-maker (green); 3, Infrastructure (blue); and 4, External
observing the real-time information created by field workers is Systems and Services (purple).
following the decision support pattern.
The Portal component of ArcGIS organizes users and connects them with the appropriate content and capabilities
based on their role and privileges. The portal uses a person’s identity to deliver the right content to the right person
at the right time. From a product perspective, the portal is either ArcGIS Enterprise (software) or ArcGIS Online
(Software as a Service, or SaaS). The portal provides access controls, content management capabilities, and a sharing
model that enables users to share information within and/or between organizations.
The Infrastructure component includes the hardware, software, services, and data repositories that are the core of
the ArcGIS system. Many best practices—including load balancing, high availability, workload separation, and
4
publication strategies—offer key considerations that may affect your infrastructure decisions. Follow the links from
each best practice label on the Conceptual Reference Architecture diagram to learn more about how these strategies
affect infrastructure decisions. Additional information is also available in the Infrastructure best practice brief.
The External Systems and Services components include other systems that either provide services to ArcGIS or
consume ArcGIS services to geospatially enable their capabilities. The ability to easily geoenable other enterprise
business systems is a key capability of ArcGIS.
Best Practices
There are 20 best practice briefs associated with the ArcGIS Conceptual Reference Architecture diagram.
Eleven of these briefs—Automation, Collaboration, Enterprise Integration, Environment Isolation, High Availability,
Infrastructure, Load Balancing, Publication Strategy, Real-time GIS Strategy, Security, and Workload Separation—
reference technology practices that provide high-level implementation guidelines based on business needs. Following
these best practices will help organizations meet requirements for performance, security, and availability.
The best practice briefs for Application Implementation Strategy, Capability Delivery, Communicating Success,
Geospatial Strategy, Managing Identities, Patterns of Use, Prioritization Approach, and Workforce Development focus
on people and how they should interact with ArcGIS.
Finally, the Governance brief offers a complementary process guideline that suggests ways to minimize risk, improve
quality, and increase productivity around ArcGIS solutions.
How to Use This Document

The ArcGIS Conceptual Reference Architecture diagram is a clickable graphic that contains links to each best practice
brief. You can use the diagram to explore how the individual briefs relate to ArcGIS, or to visualize how ArcGIS will
support organizational business needs.
Comments and Suggestions

Any comments or suggestions regarding this document can be emailed to SA@esri.com.
5
ArcGIS Conceptual
Reference Architecture
Mapping & Data
Field Mobility Monitoring Analytics
SDKs / APIs
Visualization Management
APPS
Solutions
Design & Decision Constituent Sharing &
Planning Support Engagement Collaboration
Patterns of Use
P O R TA L
SDKs / APIs
Users • Groups • Items • Tags

(Content and Capabilities)
EXTERNAL SYSTEMS AND SERVICES

Web Maps Web Layers Tools Files
Enterprise
Systems
• CRM
• EAM
INFRASTRUCTURE
• BI
SDKs / APIs SDKs / APIs • Microsoft Office
W O R K LOA D S E PA R AT I O N
Management
Visualization
Other
Analysis
H I G H AVA I L A B I L I T Y
LOA D B A L A N C I N G
• Social
Data
• Weather
• Traffic
• Real-time Feeds
• IoT Sensors
Data and Storage
PRODUC TION S TAG I N G D E V E LO P M E N T
A SSO C I AT E D B E S T PR AC T I C E S
Automation • Capability Delivery • Communicating Success

Geospatial Strategy • Governance • Prioritization Approach
Publication Strategy • Security • Workforce Development
Copyright © 2021 Esri. All rights reserved.
August 2021
Application Implementation Strategy

An application implementation strategy is an approach to delivering capabilities that meet your business needs with
technology. An ideal strategy will minimize cost and optimize the use of development resources. By applying a “configure
first” philosophy that prioritizes commercial off-the-shelf (COTS) apps and least-effort design patterns, you can reduce
the cost and effort needed to deploy and maintain applications for your users.
A Flexible System for Implementing Location-Enabled Apps

ArcGIS lets you apply the power of geography to improve workflows throughout your organization. Apps provide the
user experience that makes ArcGIS capabilities available at the right time on the right device, so users can work more
efficiently. Implementing apps, however, can require different approaches, depending on whether the capabilities
you need are available out of the box. ArcGIS helps you deliver these capabilities by supporting multiple approaches
to application implementation (as shown in figure 2), while also helping you minimize cost and effort.
There are many factors to consider when deciding the best way to deliver new
capabilities through apps. These factors include resourcing, initial development
effort, ongoing app maintenance, user training, and technical support. In addition,
users now expect frequent updates to their apps, which increases demand for
resources to develop and maintain custom apps. As a result, it’s best to select the
approach that delivers the capabilities you need with the least cost and effort.
Depending on your specific requirements, you can:
1. Configure COTS apps to meet your business needs. ArcGIS provides many Figure 2: Configure first for the
configurable COTS apps that support key workflows out of the box. Using lowest cost and least effort, then
COTS apps requires the least effort and the lowest ongoing cost. extend and customize as needed.
2. Extend existing apps, either by modifying templates or by creating widgets for COTS apps. Esri offers app
templates at arcgis.com and github.com/esri that provide focused solutions for specific problems; you can
modify the source code for these templates to add discrete capabilities. In addition, several ArcGIS COTS apps
use modular frameworks that let you create custom widgets and plug them into the apps. Extending existing
apps lets you develop only the additional functionality you need, saving money and effort.
3. Customize apps using ArcGIS APIs and SDKs. These APIs and SDKs provide objects like the Identity Manager
to manage credentials within custom apps that expose ArcGIS capabilities (such as secure web maps).
Because you don’t have to code those parts yourself, you can build business-focused apps to take advantage
of ArcGIS COTS capabilities, reducing the overhead for app development and maintenance.
A configure-first philosophy helps you avoid unnecessary cost and effort associated with custom app development,
maintenance, and training. Organizations that adopt a configure-first philosophy start by configuring COTS apps, then
extend and customize apps only when needed. Using this least-effort approach in your application implementation
strategy lets you deliver capabilities faster and reserve your development resources for more complex tasks.
Recommendations
To establish an effective application implementation strategy for your organization:
1. Adopt a configure-first philosophy, configuring COTS apps when possible to deliver the capabilities you need.
2. If you have a requirement that cannot be met with configuration alone, extend existing apps with discrete
capabilities and widgets.
3. When you need capabilities that you can’t provide by configuring and extending existing apps, customize
apps using ArcGIS APIs and SDKs.
Back to Reference Architecture 7

Automation
Automation is the orchestration of tasks, processes, and compute resources to function automatically and efficiently.
Automation allows you to streamline administrative workflows and repetitive tasks to improve efficiency, consistency,
and productivity, reducing risk and increasing the value of your GIS.
Increasing the Value of ArcGIS Through Automation

Repetitive tasks are common when using GIS to support data
Automation Tames the Internet of Things (IoT)
management, analysis, map production, and infrastructure
deployment and operations. Repetitive manual tasks take a lot of As the volume and velocity of IoT data increases,
time, effort, and focus; decrease overall productivity; and automation becomes both more necessary and
increase risk. These impacts are compounded as the number of more valuable to the business.
tasks grows.
Working manually, staff often struggle with
You can mitigate these impacts through automation. Automation processing the high volumes of data produced
allows technology to create and maintain infrastructure and by IoT devices and scaling infrastructure
programmatically execute the steps of a well-defined workflow accordingly. This delays the transformation of
while limiting human interaction. Common tools for automation data into insight, which in turn reduces the
include APIs and scripts. organization’s efficiency and makes its decisions
less responsive and less effective.
Automation maximizes your investment in ArcGIS by improving:
With automation, you can process IoT data
1. Efficiency. Information is most useful to the decision- efficiently, consistently, and routinely. For
making process when it is delivered in a timely manner. example, you can automatically allocate
Because automating tasks and resource allocation compute resources to your infrastructure to
improves efficiency, work can be completed faster and scale up and down as data volume and
new information can be delivered to stakeholders processing needs fluctuate. This keeps IoT data
sooner. This boost in efficiency allows ArcGIS to return flowing to key workflows and business systems,
greater value to the business. improving efficiency and supporting better,
faster decisions.
2. Consistency. When tasks are executed manually, errors
are more common and outcomes can be inconsistent, unreliable, and costly. Once developed and properly
tested, automated processes are highly dependable and can be replicated with identical and predictable
results. Automated processes save time, minimize duplicated efforts, and increase confidence in business
operations.
3. Productivity. Automation can improve all areas of a GIS including deployment, administration, and end-user
workflows. By using automation to execute more GIS tasks and complete them faster, you can increase
overall productivity. This lets you apply ArcGIS to additional business initiatives (such as strategic projects,
research and development efforts, and other high-value projects) that might otherwise go unfulfilled.
With automation, you can improve administrative workflows and process data more efficiently, consistently, and
routinely. This improves operational efficiency and the effectiveness and timeliness of decision-making, freeing
resources for other tasks and boosting the value of ArcGIS in your organization.
Recommendations
To maximize the benefits of automation and reduce risk in your organization:
1. Automate tasks where human error can impact reliability and consistency in outcomes.
2. Automate lengthy tasks so processes can be completed in less time.
3. Schedule automated tasks so they run continuously within set time windows, without human interaction.

Capability Delivery
Delivering capabilities that support key requirements, goals, and initiatives helps you improve business outcomes. By
working with stakeholders to define the capabilities you deliver, you can better align your solutions with real business
needs. In addition, establishing a regular cadence for capability delivery lets you continuously improve your maps, apps,
services, and information products, so they can provide additional value and meet evolving requirements.
A Business-First Approach to Delivering New Capabilities

Delivering capabilities that support your business requires smart resource investments. Organizations that spend
years on expensive, complex development projects often end up with solutions that are difficult to use or that don’t
align with current requirements. To maximize the value of your investments and better support the evolving demands
of your business, you can work with stakeholders to identify areas where you can provide the most value in the least
time. This business-first approach helps you establish a cadence for rapidly delivering high-impact capabilities and
information products that meet business needs.
For effective capability delivery, you should:
1. Collaborate with business stakeholders to

envision their capability needs. Engaging
stakeholders early in the planning process
helps you identify the business value a
capability will provide, balance value against
risk, and set development priorities. You
can then apply a configure-first approach,
deploying low-effort capabilities first. This
delivers value quickly and builds toward
long-term success. Once you have a final
product, you can invite stakeholders to test Figure 3: Capability delivery follows a cadence and terminates when the
it and offer feedback. solution no longer provides value to the business.
2. Iterate rapidly on existing solutions so you can deliver new value quickly and often. By focusing on
incremental enhancements that provide clear value, you can avoid spending development time on
functionality that adds unnecessary complexity. A rapid release cycle should be 30 days or less, with each
iteration producing a usable deliverable. To meet this short release schedule, you can keep requirements
simple and focused, and leverage COTS and configurable solutions when possible. With each new release,
you can solicit stakeholder feedback to drive the next iteration.
3. Adhere to a capability delivery lifecycle with a regular cadence, like the lifecycle shown in figure 3. This helps
you continue iterating on your solutions as long as the business gains new value from each iteration. Once
you satisfy your stakeholders’ needs, you can suspend further iterations, then resume them if future business
needs require additional enhancements. When a solution no longer provides value, its lifecycle is complete.
Deprecating these legacy solutions lets you avoid consuming resources unnecessarily.
Recommendations
To deliver capabilities that maximize business value and make effective use of development resources:
1. Collaborate with business stakeholders to define, prioritize, and test new capabilities.
2. Keep iteration cycles short and focus on supplying incremental business value with each new release.
3. Establish a regular cadence for new iterations until you satisfy all identified business needs, and deprecate
solutions that no longer provide value.

Collaboration: Enable People to Work Together

Collaborations enable people from multiple ArcGIS organizations to work together and share content through trusted
and secure workflows. By implementing one or more collaborations, you can more effectively leverage authoritative
data, foster engagement and communication, and glean insights from data. Collaborations let you preserve
departmental control over data and workflows while supporting the needs of the entire organization.
A Modern Approach to Sharing Information

ArcGIS supports two types of collaboration for an improved type of sharing. A
distributed collaboration is a configuration between ArcGIS Enterprise and/or
ArcGIS Online, while a partnered collaboration works between ArcGIS Online
organizations. With this integrated approach, each department controls access
to their shared items, while enabling authorized people to contribute edits or
access authoritative information, promoting more interactive and integrated
data maintenance workflows and information sharing. The result is a truly
collaborative environment—an integrated set of deployments working toward
shared goals.
For example, an organization might have multiple business units, each with its
own GIS deployment supporting different business functions. In a city, the
police department, fire department, public works department, and municipal
water utility might each deploy their own GIS to support their individual
workflows. By configuring collaborations, you can connect those organizations
so people across departments or outside the organization can work together
to create, maintain, and use authoritative data. Figure 4 illustrates these Figure 4: Preserve control and access
relationships using both a distributed collaboration and a partnered within individual departments while
collaboration. Together, these collaborations enable people to work better supporting the broader needs of the
together. enterprise and cross-departmental
workflows.
Collaborations expand a modern GIS by making its capabilities and data easier
to access across the enterprise without sacrificing security. You can now configure an organizational network where
content can be shared in a simple and controlled manner. This enables business units to share, update, or sync select
information with the broader enterprise while maintaining control of sensitive data.
Each organization within a collaboration maintains its own maps, apps, services, and data. Each participating
organization chooses which content to share with members of the collaboration; updates can be shared either in real
time or at scheduled intervals. Importantly, a collaboration uses each organization’s existing security model.
With collaboration enabled, you can achieve larger organizational goals through distributed and partnered
collaborations, well-defined sharing processes, and automation, all within ArcGIS.
Recommendations
To fully leverage collaboration within your own organization:
1. Model your ArcGIS system after your organization’s structure.
2. If you have departments or business units that need to control sensitive data, allow each to work in its own
GIS deployment as part of a trusted collaboration.
3. Establish collaborations between organizations based on business need and workflows, enabling the right
people to update and/or have access to the authoritative content they need.

Communicating Success
Communicating successful outcomes motivates and incentivizes people in your organization to support GIS. By
reinforcing the business value of GIS, you can build stakeholder support and encourage people to build new GIS
capabilities that solve business problems and help the organization achieve its goals.
Communication: One Action, Three Outcomes

Communication is key to building and sustaining GIS investments. Organizations recognize the need for effective
communication when they are defining their geospatial strategy, but often they don’t realize that communication is
equally important when they are executing that strategy.
After you deliver a geospatial solution that solves a business problem, you should communicate your success with
stakeholders throughout the organization. Doing so produces three positive outcomes:
1. Awareness: Good communication informs stakeholders that real business value was created from their
investment in GIS. Without communication, stakeholders may not know that GIS is providing value to their
business processes. They may not understand how GIS is contributing through spatial analysis, mobile
workflows, decision support, or information sharing. They may see expenditures without realizing the
benefits. By publicizing your success to stakeholders, you can help them better understand the power of
geospatial technology and make them aware of the value it’s providing. This is crucial for GIS to be seen as a
good investment that helps the organization meet its goals.
2. Incentive: Good communication encourages other people in the organization to think about how GIS can
help them. When people can see what is possible with GIS, they are more likely to want to participate in new
GIS projects. This builds demand and expands the pool of resources that can use GIS. As a result, you can
leverage your GIS technology investments more fully to deliver the most value possible to the organization.
3. Acknowledgment: Good communication celebrates and motivates the people that deliver geospatial
solutions for the organization. Timely and authentic employee recognition builds trust and helps you foster a
positive culture. In turn, this helps you encourage the people responsible for building solutions, so you can
continue to deepen the value of geospatial technology to the organization.
Together, these outcomes will help you sustain your GIS program, advocate for additional resources, and increase
your impact.
Recommendations
After you deliver a new solution, you should:
1. Communicate your success in order to promote greater awareness of GIS, incentivize potential users, and
acknowledge the hard work of your teams.
2. Communicate the business impact of your success by highlighting new workflows that save time, reduce
costs, or improve effectiveness; by showing how business units are using GIS to work together or improve
their operations in tangible ways; and by illustrating more informed decision-making thanks to geospatial
technology.

Enterprise Integration: Application Patterns

Application integration patterns describe different approaches to incorporating location intelligence into applications.
You can use these patterns to identify how users will interact with geospatial content, and how capabilities from GIS and
other business systems should integrate.
Patterns for Integrating GIS with Business Applications

Application integration lets you deliver solutions that
combine data and tools from disparate systems—including
your GIS as well as business systems like permitting,
licensing, and asset management systems. With integrated
solutions, you can improve cross-functional business
processes and provide decision-makers with integrated views
of your organization’s information.
How you integrate GIS with other systems will depend on

which system you use as the hosting framework. ArcGIS
helps you meet varying integration needs by supporting
multiple application integration patterns (as shown in figure
5). These patterns include: Figure 5: Application integration patterns for ArcGIS.
1. Geocentric applications, which enhance GIS

applications with business data and capabilities to automate or inform location-centric activities. Geocentric
applications are dominated by geospatial content and capabilities, while delivering business content and
capabilities secondarily. This pattern typically uses a GIS application as the hosting framework. It is best
suited for staff who are familiar with GIS applications, for situations where GIS activities are central, or for
cases where a user-friendly GIS template or configurable app provides most of the needed functionality.
2. Geoenabled applications, which enhance business applications with GIS data and capabilities to automate or
inform business activities. Geoenabled applications are dominated by business system content and
capabilities that are supplemented by GIS capabilities. This pattern typically uses the business system as the
hosting framework. It is best suited for staff who are familiar with the business system that automates the
related workflows, or when an extensible business system provides most of the needed functionality.
3. Composite applications, which integrate capabilities from multiple systems in situations where no existing
system can or should serve as the hosting framework. This pattern typically uses web services to integrate
data and logic from multiple systems to derive new functionality. Composite applications are conceptually
comparable to mashups, and they represent a contemporary trend in enterprise application development.
No single application integration pattern fits all situations. You can use the application pattern that best combines
capabilities from ArcGIS and your business system to deliver the greatest impact.
Recommendations
The following guidelines can help you determine which application integration pattern best suits your situation:
1. If most of the capabilities you need are delivered by your GIS, deploy a geocentric application.
2. When you need to access GIS content and capabilities within a business system or application, deploy a
geoenabled application.
3. When you need a discrete application that integrates content and capabilities from both your GIS and
existing business systems, build a composite application.

Environment Isolation
Isolating computing environments is an approach to maintaining system reliability and availability. This approach
involves creating separate systems for production, testing, and development activities. Environment isolation reduces
risk and protects operational systems from unintentional changes that negatively impact the business.
Deploying Isolated Environments to Safeguard Operational Systems

Unintentional system changes can cause operational systems to fail to deliver the capabilities and performance that
users expect. Environment isolation insulates different computing environments from the risk of unmanaged change,
helping you better maintain their functionality, stability, and performance.
Users within your organization have expectations for system reliability. In some cases, your users’ expectations may
be documented in a Service Level Agreement (SLA), a contract between business stakeholders and technology service
providers that defines the level of reliability expected by stakeholders. You should consider your users’ expectations
when you decide on the level of environment isolation and governance required to manage system changes.
To effectively manage enterprise systems and meet expectations for system reliability, organizations typically
implement at least three isolated computing environments (as shown in figure 6):
1. A production environment is the live system that supports

end users. Uptime requirements are defined by an SLA and
met through effective change management and
governance. Software, application, configuration, or
network changes should never be made to a production
system without being tested in a staging environment.
2. A staging environment is a mirror of the production

environment that lets you vet system changes before
deploying those changes to production. You can perform
user acceptance testing, performance testing, load testing,
and training in a staging environment to avoid risk to your Figure 6: Recommended (minimum) compute
production system. If needed, you can even implement environments.
multiple staging environments for different testing and
training activities.
3. A development environment is a workspace where developers and analysts can manage content and make
changes without impacting a large audience. This dedicated server environment is typically used for unit
testing, constructing business workflows, or creating new capabilities such as applications, services, data
models, or geoprocessing models. The size and complexity of the environment will depend on the level of risk
generated by changes, the number of creators, and the potential impact of system outages and downtime.
Implementing these isolated computing environments helps you deliver a stable, extensible, and high-performing
system. By leveraging these environments to support effective change management, you can shield your system from
unexpected failure and avoid disruptions to business operations.
Recommendations
To best maintain system reliability and availability for your users:
1. At a minimum, implement isolated production, staging, and development environments.
2. Test system changes in a staging environment before making changes to the production environment.
3. Use a development environment to develop new capabilities without impacting users in other environments.

Geospatial Strategy
A geospatial strategy is a business-oriented plan that defines how an organization will align GIS to support its business.
Organizations that develop and execute a geospatial strategy are able to connect and align technology to their business,
deliver quick value based on priorities, and define and implement sustainable solutions that solve business challenges.
A Business-First Approach for Maximizing the Impact of GIS

Many successful organizations maximize the impact of GIS in their
business by developing and executing a geospatial strategy. A
geospatial strategy gives organizations a way to align their geospatial
capabilities and technologies to their underlying business needs. By
executing on this business-first strategy, organizations can use GIS to
reach their goals and improve outcomes throughout the business.
Employing a geospatial strategy requires a passionate team of leaders

that want to solve business challenges within their organization and Figure 7: A four-phase approach to a geospatial
strategy.
improve the way their organization works. Successful teams include a
champion that believes in the value of geospatial solutions, an executive sponsor that provides resources and
funding, and a technical sponsor that provides resources to implement and maintain sustainable solutions. With this
team, you can develop and execute a geospatial strategy, following a four-phase approach (illustrated in figure 7):
1. In the Understand phase, the team engages with stakeholders across the organization including
departmental and functional area executives, key business unit directors, and GIS users and managers.
Through these meetings, the team learns what is driving these stakeholders and develops a shared
understanding of the organization, its goals, and its challenges. The outcome of the Understand phase is clear
and shared knowledge of the organization including its mission, goals, business challenges, and more.
2. In the Plan phase, the team defines the targeted future state that will allow the organization to overcome its
challenges and meet its goals, and then identifies the gaps between existing capabilities and what is needed.
By comparing the current and future states, the team can define the technology, data, workflows, and skills
necessary to establish sustainable solutions that address business needs. This phase concludes with a road
map, which is a prioritized and sequenced set of activities.
3. In the Act phase, the team executes a series of implementation cycles consisting of activities defined in the
road map. Each implementation cycle should result in one or more tangible outcomes.
4. In the Revisit phase, the team adapts and updates the plan as leadership goals change, business priorities
shift, and technology evolves. The plan should be revisited regularly—especially after each implementation
cycle—to ensure it is maximizing the impact of GIS on the organization.
This approach supports an incremental implementation guided by a geospatial strategy. It allows the team to develop
and execute a plan that aligns geospatial technology to the needs of the business and delivers continuous value.
Recommendations
To define and execute your own geospatial strategy:
1. Review Esri’s approach to developing a geospatial strategy, and then form a team that includes a motivated
champion, an executive sponsor, and a technical sponsor.
2. Develop and execute your geospatial strategy by engaging stakeholders across your organization, identifying
business challenges, developing a plan that addresses the needs of the business, implementing solutions
through an incremental process, and revisiting your plan over time.
3. Leverage best practices to maximize the impact of your geospatial strategy and GIS within your organization.

Governance: The Policy and Practice of Enablement

Governance is a formal approach to decision-making consisting of policies and procedures that enable positive change
within an organization. Information and technology (IT) governance guides the implementation and management of IT
systems to maximize their value, reduce risk in technology investments, and help the organization accomplish its goals.
By applying IT governance to ArcGIS, you can deliver clear benefits and achieve long-term success with ArcGIS solutions.
Key Characteristics of Effective IT Governance

Because change within every organization is inevitable, it’s important that IT systems have a way to change along with
business needs. Effective IT governance enables IT systems to change by reducing the friction between technologists
and business users. It maximizes the business benefits of technology investments by increasing stakeholder
engagement and optimizing risk and resources.
By applying the key characteristics of IT governance (below), you can better align your GIS technology investments to
high-priority business and stakeholder needs. Leveraging these characteristics can help you lead and manage change
so you can design, implement, and use GIS to maximize the impact on desired business outcomes.
1. Business Benefits: Technology investments are maximized when outcomes are well aligned to the business
needs of the organization—when the technology is used to deliver something of value, such as increased
revenue, reduced costs, or improved safety. This means the intended outcomes and the value to the
organization should be clearly understood before undertaking activities that require your organization’s
resources or funds. The evaluation of business benefits is best accomplished by engaging with stakeholders
who understand and can communicate the value of new capabilities.
2. Risk Optimization: Recognizing that while big, transformational change is sometimes required, organizations
that want to optimize risk focus on implementing small changes that deliver continuous value over time. They
reduce risk by choosing capabilities that are sustainable and then iteratively improve them to stay current
with updates in performance, security, reliability, and efficiency. They favor solutions that minimize technical
debt, choosing configurable solutions over customization, preferring best of breed technology, and avoiding
purchases where weaker solutions deliver overlapping capabilities. They leverage their existing capabilities to
maximize their value.
3. Resource Optimization: When an organization understands its business priorities, it can more effectively
optimize its resources and assets to support its needs. Within this context, governance guides which solutions
get developed and who does the development, based on skills and availability. An important aspect of
governance is getting the right people to create the right capabilities.
4. Stakeholder Engagement: A key component of IT governance is the involvement of stakeholders. By

engaging stakeholders more broadly, organizations are more likely to maintain focus on business priorities,
reduce risk, and optimize resources. Stakeholders should include representatives from the executive team,
line of business managers, enterprise IT, GIS, and other subject matter experts as needed.
Effective IT governance drives greater outcomes for the business through the adoption of technology that is tailored
to its business and stakeholder needs. This helps the organization maximize the value of its technology investments.
Recommendations
When planning and making decisions about your organization’s use of ArcGIS, you should:
1. Leverage the characteristics of IT governance to enable change that leads to positive outcomes.
2. Use IT governance to guide technology choices so you maximize the value of GIS in your organization.
3. Align technology to overcome business challenges and amplify the value of your GIS.

High Availability
High availability is a design approach that helps a system meet a prearranged level of operational performance over a
specific period of time. 1 Highly available systems provide customers with a reliable, high-performing environment that
meets or exceeds their business requirements for service delivery.
Strategies for Maximizing System Performance and Reliability

High availability is a set of strategies for minimizing service downtime and maximizing system performance and
reliability. Because GIS is part of critical business operations and workflows, it is essential for organizations to apply
high availability strategies to GIS. By using high-availability designs for their ArcGIS deployments, IT managers and
system architects can mitigate the risk of system and component failures.
Before designing a solution for high availability, you must determine your organization’s acceptable level of system
downtime. This is described in a Service Level Agreement (SLA). An SLA quantifies the percentage of required service
uptime (also known as the “number of nines”). For example, an organization may want their systems to be available
at a rate of 99.9% (three nines), which equates to 8.76 hours of unplanned downtime annually or 10.1 minutes
weekly. Your SLA defines targets for unplanned downtime that should be minimized with a high-availability design.
To maximize your system’s performance and uptime, you should:
1. Reduce single points of failure through duplication and load balancing (as
shown in figure 8). Duplication involves implementing multiple instances of a
specific system component. Load balancing is a technique for distributing
client workload traffic requests across multiple system components.
2. Develop and execute test plans to evaluate the system’s ability to meet a
prearranged level of operational performance. These plans should include,
but not be limited to, stress, performance, and failover functions and
activities. At least one test plan should be developed and executed before
going live. All testing plans and associated activities should be part of your
overall system governance.
3. Monitor the health of the system and have a plan in place to correct
Figure 8: Duplication and load
problems before they cause a widespread or unrecoverable outage. A variety
balancing for high availability with
of system monitoring tools are available from Esri and third-party vendors. ArcGIS.
By designing your ArcGIS implementation for high availability, you can improve performance and reliability, meet your
SLA commitments, and satisfy your users’ expectations for service availability.
Recommendations
To implement a high-availability design for ArcGIS:
1. Use duplication and load balancing to reduce the number of single points of failure.
2. Test the system regularly to assure that it can meet performance requirements.
3. Monitor your system to catch issues early and have a plan in place to address issues quickly when they arise.
1
High Availability (HA), while related to Disaster Recovery (DR), is a separate concept. Generally, HA is focused on avoiding unplanned
downtime for service delivery, whereas DR is focused on retaining the data and resources needed to restore a system to a previous
acceptable state after a disaster. When DR plans are executed, it is typical for service delivery to be disrupted until the system has been
restored.

Infrastructure
GIS infrastructure is GIS technology deployed on standard IT infrastructure components. The server-side infrastructure
components of the ArcGIS system let you deliver, access, and use data and capabilities wherever and whenever they’re
needed.
An Infrastructure for Serving Data and Capabilities to Users

ArcGIS system capabilities are delivered by server-side infrastructure components,
represented conceptually in figure 9 and described below. You can host these
components on premises or in a cloud environment like Amazon Web Services or
Microsoft Azure. By leveraging these components, you can expose GIS content and
capabilities as web services and consume those services in your apps. This enables
users to access and apply useful GIS resources in their work.
SDKs/APIs let developers build custom capabilities for specific needs. At the
infrastructure level, they reference objects and interfaces for your GIS servers,
allowing you to extend, consume, and manage GIS services. For example, you can use
ArcGIS Enterprise SDKs to add new operations to map services and extend the
functionality of ArcGIS. In addition, with Esri’s other SDKs and APIs, many client and
server technologies can be integrated with the ArcGIS system.
Data Management represents server-side capabilities, exposed as web services that

allow end users to create, maintain, and transform geographic data. For example,
Figure 9: ArcGIS infrastructure
you can use a mobile app to access a web service for data editing, allowing you to components.
gather location data in the field. Key server-side data management capabilities
include short and long transaction editing, data replication, and extract, transform,
load (ETL) procedures.
Analysis represents web services for performing GIS analytics. These analytics can range from simple geometric
functions (like point-in-polygon) to complex geoprocessing models for site selection. You can run analytics on many
kinds of data including vector data, raster data, linear networks, imagery, 3D data, real-time data, and big data.
Visualization represents web services for creating and consuming visual information products like 2D maps and 3D
scenes. These products can be dynamically generated on demand, or pre-rendered and cached.
Data and Storage represents the stored geographic information leveraged by GIS servers. ArcGIS supports multiple
storage models for various data types, formats, and uses. One storage model is the data store managed by ArcGIS.
There are several data store types, including relational data stores (for vector data), tile cache data stores (for map
and 3D scene caches), and spatiotemporal big data stores (for big data). Another model is the geodatabase, an
object-relational model for storing geographic data in a relational database management system (such as Microsoft
SQL Server, IBM DB2, or Oracle), a file-based structure (a file geodatabase), or an in-memory columnar system like
SAP HANA. A third model is to connect to externally managed data sources like Hadoop, IBM Netezza, and Teradata.
Recommendations
To make the most of your ArcGIS system infrastructure:
1. Store and connect to your data using the storage models that best support your data and business needs.
2. Expose data management, analysis, and visualization capabilities as web services so people can access and
use those capabilities in their daily work.
3. Use ArcGIS apps, SDKs, and APIs to incorporate ArcGIS capabilities and services in your apps and systems.

Load Balancing
Load balancing is a technique for distributing client workloads across multiple computing resources, such as physical
servers, virtual servers, or clusters. Load balancing helps you balance system utilization, reduce risk, simplify service
delivery and growth, and improve backend server security.
Technology for Optimizing System Resource Utilization

The ArcGIS system can scale to support both small and large deployments. As the number of users increases, so will
the deployment size and the number of GIS servers. To accommodate this growth effectively, ArcGIS supports load
balancing techniques and technologies. With load balancers in place, you can distribute client workload traffic across
multiple server-based resources to optimize performance and resource utilization. Load balancing algorithms, used to
dispatch client requests, can vary from simple round-robin approaches to more complex algorithms that consider
factors such as current connection counts, host utilization, or real-world response times.
A properly load-balanced system improves scalability by allowing you to add and subtract machines without
modifying client applications or removing those applications from use. Also, with load balancing in place, typically
only one IP address is exposed to the internet or intranet. This greatly reduces security risks because the internal
topology of the network and systems is hidden, and the number of breach points is reduced in case of attack. This
method also simplifies service delivery and consumption by providing a single access point (such as a URL).
In its simplest configuration, a single-machine ArcGIS Enterprise base

deployment uses two ArcGIS Web Adaptors to manage traffic to the
ArcGIS Enterprise portal and to the ArcGIS Server. In more complex
configurations, you can deploy third-party load balancers in front of
your ArcGIS Servers (as shown in figure 10).
ArcGIS Web Adaptor is an application that integrates ArcGIS Server with

an existing web server. It also serves as a load balancer, providing a
single endpoint that distributes incoming requests and enables web-tier
authentication. Client traffic is forwarded to your ArcGIS Servers via a
round-robin algorithm. ArcGIS Web Adaptor is easy to install and
configure, and it is required for an ArcGIS Enterprise base deployment.
Third-party load balancers are often used by more advanced site and
network administrators. As with ArcGIS Web Adaptor, client traffic is
directed to the load balancer, then forwarded to available servers or
ArcGIS Web Adaptors. However, third-party load balancers also offer
special capabilities including asymmetric load management, priority
Figure 10: Multiple load balancers in a high-
queuing, added HTTP security, SSL offload and acceleration, and TCP availability configuration.
buffering. These additional features help organizations address
advanced business and technical requirements.
Recommendations
To optimize system performance and resource utilization for your GIS deployment:
1. Implement load balancing to distribute client workload traffic across multiple computing resources.
2. If you have a simple ArcGIS configuration or require web-tier authentication, use ArcGIS Web Adaptor as your
load balancer.
3. If you have advanced load balancing requirements, use a third-party load balancer that provides the
capabilities you need (along with ArcGIS Web Adaptor, if you also need web-tier authentication).

Managing Identities
An ArcGIS identity provides a unique credential that lets a user securely access maps, apps, data, and analysis tools. You
can manage ArcGIS identities using the built-in security features in ArcGIS or using a third-party identity provider. By
effectively managing ArcGIS identities for your users, you can enable people across your organization to access, use, and
participate in the ArcGIS system.
Delivering the Right Content and Capabilities to Every User

An ArcGIS identity allows a person to participate in the ArcGIS system.
With an ArcGIS identity, users can access, create, and share GIS content
and capabilities. This enables them to collaborate with others across the
organization.
Each ArcGIS identity is managed as a named user credential. With this

credential, users can sign into ArcGIS on any device, at any time, and
access the maps, apps, and capabilities they have permission to use (as
shown in figure 11). For example, they can access their saved maps and
items, content and apps that have been shared with them, and data Figure 11: An ArcGIS identity defines each user’s
from other participants. The named user model allows you to securely role and privileges within the ArcGIS system.
extend geospatial capabilities to everyone who needs them.
Administrators can configure roles that define the privileges users have in ArcGIS. You can tailor roles to individual
users and their responsibilities. The privileges associated with these roles govern the capabilities the user can access.
Users can also join and participate in groups. A group is a collection of maps and apps that is typically related to a
specific area of interest (such as a business unit, initiative, or team). Groups help you organize content and control
access. If a group is private, only members will see the group and its content. Members of a group can update maps
and apps that have been shared with the group. You can also create public groups that are viewable by anyone.
Depending on the needs of the organization, ArcGIS identities can be managed within ArcGIS or with a third-party
identity management system. For small implementations, administrators can leverage their ArcGIS portal’s built-in
security to add and configure users. They can then use a simple web interface to manage these users, the roles
they’re assigned, and the privileges they’re granted. For larger implementations, organizations can use externally
managed identities and groups to control access to ArcGIS. 1 These implementations can integrate enterprise
credentials from a Lightweight Directory Access Protocol (LDAP) server, an Active Directory server, or any identity
provider that supports Security Assertion Markup Language (SAML) 2.0 web single sign-on.
Recommendations
To effectively manage ArcGIS users in your organization:
1. Provide an ArcGIS identity to everyone in the organization that needs to use GIS content and capabilities.
2. Create roles and groups to control who can access specific capabilities and content.
3. If you don’t need to integrate ArcGIS with existing enterprise credentials, use the built-in security in ArcGIS;
otherwise, use an external identity provider.
1 Specific capabilities related to identities and groups differ between ArcGIS Enterprise and ArcGIS Online. The ArcGIS Enterprise and
ArcGIS Online help topics provide details about these differences.

Patterns of Use
The patterns of use describe common geospatial functions that re-occur across organizational business models and
environments. These patterns give you a framework for tracking current and future GIS utilization in a business context.
Understanding and Planning Your Use of ArcGIS

A common set of GIS usage patterns exists
across industries, independent of business
models or environments. Because these
patterns describe both geospatial capabilities
and business capabilities, you can use them to
understand how ArcGIS aligns with your needs.
Organizations that apply all the patterns in their
location strategy reap the greatest business
benefits and return on their GIS investments. Figure 12: The common GIS usage patterns that exist across organizations.
Mapping & Visualization is how people understand locations and relationships through visual representations. 2D
and 3D maps and charts bring data to life and provide context, so people can share and understand information.
Data Management is how people collect, organize, and maintain accurate locations and details about assets and
resources. It is important to persist spatial data within storage models optimized for its unique characteristics.
Storage models include the geodatabase, spatiotemporal big data store, relational data store, and tile cache.
Field Mobility includes managing and enabling a mobile workforce to collect and access information in the field. This
lets you improve visibility into the operational aspects of an organization, enhance workforce scheduling, reduce
issues caused by stale data, and empower personnel with information needed to perform tasks while on the move.
Monitoring allows people to track, manage, and monitor fixed and mobile assets and resources in real time. This lets
organizations tap into, analyze, and display streaming data from many sensors, devices, and social media feeds.
Analytics involves applying analytical techniques to transform data into actionable information. You can use analytics
to discover, quantify, and predict trends and patterns to empower decision-making and improve business outcomes.
Design & Planning enables people to evaluate alternative solutions and create optimal designs. This supports the
design workflow by enabling users across organizations and communities to collaborate on design decisions.
Decision Support involves combining data, metrics, and operational and analytical layers on a map or dashboard to
better understand activities, projects, and operations. This produces valuable information for decision-makers.
Constituent Engagement includes two-way sharing of information with the public, partner agencies, or other external
stakeholders. By improving engagement and collaboration with communities of interest, you can promote more
informed decision-making.
Sharing & Collaboration provides self-service capabilities, so people can discover, use, make, and share maps. This
lets you extend the value of location information to the entire organization or community.
Recommendations
To better understand how GIS capabilities can meet your current and future business needs:
1. Apply the patterns of use as a framework for tracking your use of GIS in a business context.
2. If you identify gaps in pattern adoption, consider leveraging ArcGIS capabilities to fill those gaps and
maximize the value of your GIS investment.

Prioritization Approach
You can maximize the value of ArcGIS by prioritizing easy and manageable activities that deliver high business value.
Deliver Ongoing Value to Your Organization

When implementing new GIS capabilities, organizations should apply a simple method of selection and prioritization
to improve their overall return on investment. The goal should be to mitigate implementation risks and improve
adoption by balancing challenges with business benefits. By embracing this approach, you can continuously deliver
high business value and high returns on your GIS investments.
One effective prioritization approach uses a matrix to plot both business value and ease of launch. The benefit aspect
relates to the value derived from completing an activity (such as increased productivity, reduced costs, or more
informed decisions). The ease of launch aspect focuses on the level of effort, challenge, or risk required to deliver a
capability (including considerations like the technology skillsets required, time to delivery, and level of difficulty).
You can evaluate potential new capabilities by plotting them on

a matrix like the one shown in figure 13. You can then pursue
the activities with the appropriate mix of value and risk:
1. The green oval represents activities that provide clear

benefits and are easy to accomplish (for example,
configuring COTS templates). You can embrace these
kinds of activities to develop a cadence of delivery that
produces ongoing value to the organization.
2. The blue rectangle represents high-value capabilities

that are challenging to deliver. Typically, these are
long-term projects that require careful planning. They
may require additional resources, planning, or Figure 13: Prioritization matrix evaluating benefits and ease
mitigation actions. The additional effort to manage of launch.
risks may also lengthen the project duration.
3. The purple diamond represents tasks that are good for developing skills, thanks to manageable challenges.
You can use these types of activities to learn new technologies or approaches in an isolated development
environment. Experimentation can lead to greater understanding and help reduce future risk.
4. The red hexagon represents efforts that are challenging and offer little business benefit. Trying to implement
these types of capabilities will be costly and will distract from the overall value of your efforts.
Organizations that employ this simple but effective prioritization approach derive high value from their ArcGIS
investments and achieve greater success in their implementation.
Recommendations
When deciding how to prioritize new activities in your organization:
1. Consider using a matrix to help qualify new capabilities based on business value and ease of launch.
2. Prioritize the capabilities that offer the greatest benefit with the lowest risk, so you can deliver rapid value.
3. Develop a delivery cadence of easy, high-value capabilities, and take time to plan more challenging projects.
4. Avoid low-value, high-risk efforts altogether.

Publication Strategy: Geospatial Content Delivery

A publication strategy describes how you deliver data, services, and applications to users. By considering the needs of
your users, you can identify a strategy that delivers geospatial content in a well performing, reliable, and secure manner.
Give Your Users the Access They Need—Securely

An effective geospatial content delivery strategy must address performance, reliability, and security. By addressing
these three areas, organizations can make certain that content will be available and delivered in a manner that is
suitable for consumers to use. This strategy should balance user expectations for performance and availability against
security and load on the infrastructure. This will mitigate risk while meeting audience needs and expectations.
One common publication need involves sharing internal information with people outside the organization—for
example, a city sharing land ownership information with the public. A typical strategy involves creating a publication
geodatabase (as a hosted service) deployed to a cloud environment, which is separated from internal systems. As
discussed below, this strategy addresses the elements of performance, reliability, and security:
1. Performance is addressed by separating information consumers from operational or transactional systems. In

the city’s example, the public consumes information from ArcGIS Online, a cloud-hosted software-as-a-
service (SaaS) environment. This approach reserves the city’s internal resources for transactional editing,
which in turn reduces resource contention and increases the resources available for editors. In addition, the
resources available to consumers can grow in response to demand (for example, to support a suddenly
popular map), because the SaaS environment is scalable and more elastic than the city’s internal resources.
2. Reliability can be expressed as a Service Level Agreement (SLA) or as an expectation of when the system will
be available (for example, during work hours, or during a crisis). You can address reliability by following other
best practices like High Availability, Load Balancing, Workload Separation, and Security. You can also leverage
cloud capabilities to meet reliability expectations. In the city’s example, reliability is addressed for the public,
since ArcGIS Online has a 99.9% SLA. The city’s SLA for editors is less strict and doesn’t need high availability.
3. Security means exposing the right content to the right consumers

while protecting the enterprise. In the city’s example, consumers can
view published land ownership information but cannot update
property boundaries. Because property boundaries should be
maintained in a secure system of record and edited only by authorized
experts, a separate internal publication environment is appropriate for
other departments. The city might also consider a separate internal
publication environment for decision support, as shown in figure 14.
An effective geospatial content publication strategy addresses performance,

reliability, and security. Your strategy should deliver content that meets the
needs and expectations of consumers, while minimizing the impact on
operations and protecting internal systems and data.
Figure 14: Publish content to the
Recommendations environment appropriate for the audience.
When devising your own publication strategy, consider the following recommendations:
1. For better performance, consider separating information consumers from operational or transactional
systems, and consider using a cloud-hosted SaaS environment for scalability and elasticity.
2. To improve reliability, implement the infrastructure necessary to support the SLA expectations of your users.
3. For better security, use separate publication environments to support audiences with different needs.

Real-time GIS Strategy

Real-time GIS allows organizations to analyze and display streaming data from sensors, devices, and social media feeds.
With real-time GIS, maps and databases are continuously updated, trends are observed as they form, and key personnel
are alerted the moment activity or performance reaches a critical threshold. By embracing location in your real-time
capabilities, you can speed up decision-making and responsiveness.
A Core Capability for Operational Awareness and Decision-Making

Real-time location data is increasingly important in modern enterprises. Organizations that treat real-time GIS as a
core capability can track the location, performance, and status of relevant assets and environments, as well as
manage, analyze, and disseminate this data in real time. This enhances an organization’s operational awareness and
maximizes the impact of its decisions. Your real-time GIS strategy should allow you to ingest and manage real-time
data, transform that data into actionable information, and disseminate the intelligence to the right people.
1. Ingest real-time data from a wide variety of locations and sources, so decision-makers and operations teams
can access information as events occur. You can consume real-time data streams for immediate display and
persist the data for later analysis and use. ArcGIS ingests data about the location, performance, and status of
teams, assets, products, environments, and services from Internet of Things (IoT) sensors and devices, as well
as social media feeds and web APIs. With ArcGIS, you can broadcast live data with stream services for
visualization, as well as archive data to a relational database or spatiotemporal big data store.
2. Filter and analyze incoming data on the fly so

decision-makers can address changes as they
occur. You can use location-based and attribute-
based filters to evaluate high-volume and high-
velocity data and determine its relevance and
importance. For example, a spatial filter based
on a geo-fence can verify if an asset is inside,
outside, entering, or exiting an area (see figure
15). Additionally, you can analyze and enrich
incoming data using mathematical, spatial, and
geometric analysis tools. Analysis can make real-
time data more relevant and actionable.
Figure 15: Use of a spatial filter to determine the location of a
3. Disseminate actionable information to enhance moving asset in relation to a geo-fenced area.
decision support through notifications, which let
you send information to appropriate users, applications, or systems for action. For example, the location of
moving assets (like snow plows) or the status change of stationary assets (like radiological sensors) can
trigger a notification to key personnel (via text message) and/or to another system (via a web API).
Real-time data from moving and stationary assets can help you optimize business performance and improve decision
support. By embracing the location aspect of your real-time data, you can react more quickly to dynamic situations
and make faster, more informed decisions.
Recommendations
To maximize the value of your real-time data:
1. Ingest real-time data from a range of locations and sources to deliver better situational awareness to users.
2. Use analysis tools and filters to evaluate incoming data and determine its relevance and importance.
3. Configure notifications so the right users, applications, or systems can respond to incoming data.

Security
ArcGIS security should be addressed early in the design process, since the techniques and approaches may vary by
business need and environment. Storing and delivering information securely will improve availability and reduce risk.
ArcGIS supports common security frameworks and can be configured to work within your established security model.
Key Technical Security Mechanisms

ArcGIS can meet an organization’s security and privacy challenges through a secure enterprise solution. Typically, the
security configuration involves integrated functions within Esri products, third-party solutions, and implementation
approaches. Key technical security mechanisms to consider include user authentication and authorization, filters,
encryption, logging and auditing, and hardening:
1. Authentication involves verifying credentials to confirm the identity of an application or user attempting to
connect to a system. Once the identity is confirmed, an authorization process determines if the application
or user has permission to access resources like data, maps, or apps. To help you secure resources using a
single sign-on experience (reducing the number of user credentials you manage), ArcGIS supports centralized
identity stores like Lightweight Directory Access Protocol (LDAP), Integrated Windows Authentication, and
Security Assertion Markup Language (SAML). Based on the identity store, authentication and authorization
may require specific technology configurations to enable users and applications to access system resources.
2. Filtering hardware and software can intercept invalid or attack requests before a server can execute them.
You can use firewalls to prevent unauthorized access to private resources, or to inspect packets and accept or
reject them based on defined rules based on acceptable levels of risk. Reverse proxies obscure details of the
internal network; you should configure them for content filtering, URL rewriting, and load balancing. ArcGIS
Web Adaptor can forward client requests to ArcGIS Enterprise machines in a site, obscuring machine and port
information and filtering access to ArcGIS Server Manager and Administrator directories.
3. Encrypting data in transit enforces the security and privacy of data. To prevent the interception of secure
data communications, you should configure ArcGIS to use the Transport Layer Security (TLS) encryption
protocol. You should also employ strong encryption methods like Advanced Encryption Standard (AES) and
Secure Hash Algorithms (SHA) to encode data and detect whether it has been tampered with or modified.
4. Auditing and analyzing system and application logs on a regular basis can provide a baseline understanding of
use during regular operations. You can then use anomalies in the baseline to identify and investigate security
incidents, or to provide information about system problems and unusual conditions. Application logs can also
provide event-level details about specific security incidents and policy violations.
5. Hardening is the process of securely configuring a system to mitigate as many security risks as possible.
Hardening involves implementing application-level security approaches, removing unnecessary software,
disabling unnecessary services, consulting guidelines and policies that are specific to your applications and
operating system, and reviewing industry-standard security guidelines.
Recommendations
To address security requirements within your environment:
1. Include user-level authentication in every application and avoid anonymous access.
2. To improve auditing, use ArcGIS Monitor to track what is happening to the system in real time.
3. To improve system hardening, follow ArcGIS Enterprise security best practices (as described in the help
documentation) and leverage the ArcGIS Online Security Advisor.
4. Regularly review ArcGIS security, privacy, and compliance guidance at trust.arcgis.com.

Workforce Development
Workforce development is meant to equip an organization’s most valuable asset—its people—with the knowledge and
experience needed to effectively use and expand the reach of ArcGIS. Devoting resources towards workforce
development will help an organization achieve greater value and a faster return on investment from ArcGIS.
Cultivate Expertise for a More Effective Workforce

Organizations use ArcGIS to execute daily operations,
engage with customers and constituents, and create
products and services that improve business outcomes.
But many organizations are unable to fully leverage
ArcGIS because their staff is not current on the latest
technology advancements. This makes it difficult for
organizations to meet business demands, and it may
cause them to use inefficient legacy workflows or rely
on consulting services to accomplish goals.
Workforce development is critical to a successful ArcGIS

implementation because it improves awareness of
contemporary workflows and methodologies,
encourages the use of appropriate methods and Figure 16: Take advantage of Esri’s training resources to improve
approaches for solving problems, and reduces reliance workforce development throughout your organization.
on external resources. For example:
1. New workflows and processes are developed as technology evolves, improving efficiency and productivity.
Esri training helps an organization’s employees understand these more efficient modern workflows.
2. By using appropriate methods and approaches to problem-solving, you can minimize wasted time and unlock
the full value of ArcGIS. Once your staff knows when and where to use the right tools and workflows, they
can reach their goals more quickly and more efficiently.
3. Third-party consultants often help organizations develop new capabilities. These consultants are more
efficient and more effective if the staff they’re working with have the proper expertise. Trained staff are
better prepared to lead new teams and can retain better control over consultants’ activities. Trained staff are
also more receptive to knowledge transfer, helping them take ownership of consultants’ work.
Esri provides training resources to better equip your workforce and achieve your strategic goals (see figure 16). Esri
offers instructor-led training, web courses, training seminars, videos, conferences and user groups, professional
services, and business partner knowledge transfer. If you have a qualifying Esri product with a current maintenance
subscription, you have unlimited access to self-paced e-Learning resources. Your staff can develop their expertise by
using these training resources and practicing what they learn, which will help them utilize ArcGIS capabilities.
Workforce development should be a part of every ArcGIS implementation, because it allows you to achieve greater
value and return on investment from ArcGIS. With a trained workforce, you can use ArcGIS efficiently and effectively,
set and achieve your organization’s goals, and build a culture of self-reliance and expertise.
Recommendations
To increase the return on investment from your ArcGIS implementation:
1. Invest regularly in workforce development, so you can improve operations and meet new business needs.
2. Build a training plan for each GIS role in your organization, so your staff can develop appropriate expertise.

Workload Separation
Workload separation is a design approach that aligns your technical implementation with your organization’s business
requirements. You can use this approach to maximize system performance, reduce risk, and improve reliability.
Provide Better, More Reliable Service

Different business functions impact the performance of ArcGIS in
different ways. By allocating workloads to appropriate server
resources organized by business function, you can maximize
performance, reduce risk, and meet business-defined Service Level
Agreements (SLAs). By implementing geospatial function isolation,
you can reduce the risk that high‐intensity processes will consume
cycles needed to support critical applications, or that an abnormal
spike in requests will disrupt service for all users. You should:
1. Maximize system performance by directing service

requests to compute resources in a way that optimizes the
use of your hardware and reduces resource contention. For
example, you can direct processor-intensive analysis tasks
to an ArcGIS Server site containing machines with fast
processors, while directing less intensive tasks to more
modest machines. This makes the best use of your compute
resources to achieve the highest level of performance.
2. Reduce the risk of service interruption by routing user

requests to the appropriate sites through load balancers. Figure 17: Organize your infrastructure components by
This enhances system stability by preventing overloaded business function.
machines from affecting other machines, which in turn
protects critical tasks from resource contention.
An example of workload separation involves the isolation of analytic tasks from decision support tasks. Back‐office
analytics are typically CPU-intensive, executed sporadically, and maintained by lower SLAs. Because analysts use
geoprocessing tasks in an ad hoc fashion, the CPU may sit idle but then spike when several tasks are executed. On the
other hand, decision support activities simply consume map‐based information products to drive operational business
decisions. They are typically less CPU-intensive, are executed more consistently, and demand higher SLAs. Because
these tasks and workflows are so different, you can use workload separation to accommodate each set of activities.
Recommendations
To take advantage of workload separation in your environment:
1. Consider different business workflows to understand how each workflow impacts compute resources, and
then use segregated and preplanned resource allocation to meet the needs of each workflow.
2. Allocate hardware around core GIS capabilities, as shown in figure 17.
3. Use GIS Patterns of Use, SLAs, and performance expectations to determine how to best direct workloads to
appropriate compute resources.
4. Direct CPU-intensive service requests to sites containing machines with faster processors, and direct less
intensive requests to more modest machines.

About Esri
Send comments or suggestions

to SA@esri.com.

Architecting The Arcgis System: Best Practices

Uploaded by

Copyright:

Available Formats

Architecting The Arcgis System: Best Practices

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Architecting The Arcgis System: Best Practices

Uploaded by

Copyright:

Available Formats

Architecting the ArcGIS System: Best Practices

The information contained in this document is subject to change without notice.

What’s New (August 2021)

Conceptual Reference Architecture

The diagram depicts three distinct compute environments—

The Apps section illustrates the components of ArcGIS that most

How to Use This Document

Comments and Suggestions

Users • Groups • Items • Tags

EXTERNAL SYSTEMS AND SERVICES

Data and Storage

PRODUC TION S TAG I N G D E V E LO P M E N T

Automation • Capability Delivery • Communicating Success

Application Implementation Strategy

A Flexible System for Implementing Location-Enabled Apps

Depending on your specific requirements, you can:

Back to Reference Architecture 7

Increasing the Value of ArcGIS Through Automation

2. Automate lengthy tasks so processes can be completed in less time.

Back to Reference Architecture 8

A Business-First Approach to Delivering New Capabilities

For effective capability delivery, you should:

1. Collaborate with business stakeholders to

Back to Reference Architecture 9

Collaboration: Enable People to Work Together

A Modern Approach to Sharing Information

1. Model your ArcGIS system after your organization’s structure.

Back to Reference Architecture 10

Communication: One Action, Three Outcomes

Back to Reference Architecture 11

Enterprise Integration: Application Patterns

Patterns for Integrating GIS with Business Applications

How you integrate GIS with other systems will depend on

1. Geocentric applications, which enhance GIS

Back to Reference Architecture 12

Deploying Isolated Environments to Safeguard Operational Systems

1. A production environment is the live system that supports

2. A staging environment is a mirror of the production

1. At a minimum, implement isolated production, staging, and development environments.

Back to Reference Architecture 13

A Business-First Approach for Maximizing the Impact of GIS

Employing a geospatial strategy requires a passionate team of leaders

Back to Reference Architecture 14

Governance: The Policy and Practice of Enablement

Key Characteristics of Effective IT Governance

4. Stakeholder Engagement: A key component of IT governance is the involvement of stakeholders. By

Back to Reference Architecture 15

Strategies for Maximizing System Performance and Reliability

To maximize your system’s performance and uptime, you should:

Back to Reference Architecture 16

An Infrastructure for Serving Data and Capabilities to Users

Data Management represents server-side capabilities, exposed as web services that

Back to Reference Architecture 17

Technology for Optimizing System Resource Utilization

In its simplest configuration, a single-machine ArcGIS Enterprise base

ArcGIS Web Adaptor is an application that integrates ArcGIS Server with

Back to Reference Architecture 18

Delivering the Right Content and Capabilities to Every User

Each ArcGIS identity is managed as a named user credential. With this