Академический Документы
Профессиональный Документы
Культура Документы
Before After
Restrict Cross Domain (CORS) Request
• By default, ArcGIS Server allows all cross-domain requests.
Disable Primary Site Administrator (PSA) Account
• Recommend disable the PSA account to remove an alternate method of administering ArcGIS
Server outside of your enterprise users
Enable HTTPS Communication
• Enforce HTTPS so that all communication in your portal is encrypted
• Set by default in 10.7
Disable ArcGIS Portal Directory (Production Environment)
• Provides a browsable HTML-based representation of all of Portal Items services, web maps, and
content
• Recommend disabling this to reduce the chance that your items can be browsed, found in a web
search, or queried through HTML forms.
• Portal Administrator Directory
Home > Security > Config > Update Security Configuration
Before After
Restrict Machines Accessible by Portal Proxy
• Portal ships with a built-in proxy server that is used in some scenarios to access resources on
different machines
- Storing credentials (ex. secured services, Online premium services)
- Adding OGC services to Content
- Accessing services from non-CORS systems
Restrict Machines Accessible by Portal Proxy
How to Restrict Proxies
Disable ‘Create an Account’ on Sign in Page
• Allows any new user to create a new built-in portal account
• Disable by default in 10.7
Restrict Incoming Cross-Domain (CORS) Requests
• Limits external JavaScript applications making CORS requests to Portal items
• Does NOT restrict overall access to Portal items
SAML access to any ArcGIS Enterprise
• Security Assertion Markup Language (SAML) is an open standard to securely exchange
authentication and authorization data between an enterprise identity provider and a service
provider (in this case, Portal for ArcGIS). The approach used to achieve this is known as SAML
Web Single Sign On.
• Bring secured services together from anywhere
Allow Portal Access
Needed to allow apps on other Portals to authenticate and access secured services hosted on your
Portal
Sharing content by Everyone
Can restrict the ability for users to share items with everyone
Scan Portal for Security Checks
• portalscan.py is a script in the Portal installation directory
Location: <install_directory>\ArcGIS\Portal\tools\security
• Checks for security configuration settings
10.7 – 12 different settings are checked
• Generates HTML report that makes recommendations to improve security
• Categorizes findings based on severity
• Critical
• Important
• Recommended
• Help links provided for each findings
Sample Portal for ArcGIS Security Scan Report
SSL Protocol Configuration
https://www.ssllabs.com/ssites/clients.html
• In 10.4, both Server and Portal can be configured to limit which SSL protocol is accepted and
used
• Starting 10.7, new installation of ArcGIS enterprise will use Transport Layer Security (TLS) 1.2
only
• Only impacts the communication with Portal, Server and Data Store over ports 7443, 6443,
and 2443 respectively
• Protocols used by the web adaptor or load balancer are configured separately
Portal for ArcGIS
TLS 1.0 port 7443
• X-Ray Add-in
• GDB Diagrammer
• Sparx Systems Enterprise Architect
• Geometric Network Configuration Manager
What’s New in ArcGIS
Enterprise
Release Timeline
2016 2017 2018 2019
10.6.1 10.7.1
June
Relationship style
New smart mapping style
New tools:
- Clip, Dissolve, Merge
- Forest-Based Classification and Regression
- Generalized Linear Regression
New extensibility:
Run Python script
- Leverage pyspark & all subpackages
- Run SQL queries
- Chain tools together
ArcGIS Notebook Server
Host python notebooks in your infrastructure
What is a Webhook?
A webhook is a new Arcgis Enterprise capability that will automatically
provides other applications with event-driven(event such as user actions,
messages from other programs) information, delivered as an HTTPS request
(POST)
Webhooks for automatic notification
Automate notification based on portal actions
10.7 Scope
• Webhooks can only be created, updated and deleted by portal admins
via the ArcGIS Portal Directory (Sharing API)
- Registration and management of webhooks are also supported via the ArcGIS API
for Python
- /items: If the sharing settings are changed for a layer that contains
confidential information, email administrators.
http://enterprise.arcgis.com/en/portal/latest/administer/windows/create-and-manage-
webhooks.htm
Webhooks for automatic notification
Automate notification based on portal actions
Key Terms : Payload
• Once a webhook is triggered, a payload is delivered to the specified payload URL in
JSON format. Each event follows a similar JSON schema with information that is
relevant to the event
• Since all payloads are delivered through an HTTPS request, the webhook receiver
must be configured to communicate over HTTPS and be reachable by the Portal
3 Jobs Page
• Select by service,
status, age, machine to
see the status, start &
end time, duration and
machine
New in Publishing
• Feature definition
• Field definition
• Area of interest
Adapt “Export
Author map Web Map” Share the Use print
Run script
template in ArcGIS Python code to result as a service in
include as GP tool
Pro print service web apps
templates
Print Service Enhancements
New at 10.7
Adapt “Export
Author map Web Map” Share the Use print
Run script
template in ArcGIS Python code to result as a service in
include as GP tool
Pro print service web apps
templates
New at 10.7
• Rich text editing
• Direct upload of images
• Choose an image focal point
• Streamlined UI for adding widgets
New Applications ArcGIS Excalibur
& Products
• Imagery exploitation
and management
web application
ArcGIS Indoors
Edit data ✓ ✓ ✓ ✓
Administer subscription ✓ ✓
Esri support has a page for information, patches and instructions for
updating software
support.esri.com/en/tls
Updated product lifecycle
10.7.x will be the last release series that direct upgrades from 10.2.x will be supported
Recommended Order of Upgrade
1. Upgrade Portal for ArcGIS
• You will need your new Portal JSON license file before you can upgrade Portal
Recommended Order of Upgrade
1. Upgrade Portal for ArcGIS
Recommended Order of Upgrade
1. Upgrade Portal for ArcGIS
Recommended Order of Upgrade
1. Upgrade Portal for ArcGIS
Recommended Order of Upgrade
2. Upgrade your Portal’s ArcGIS Web Adaptor
• Take note of the web adaptor context you used at the previous version
• This is the Web Adaptor name (for example ‘arcgis’)
• Uninstall the previous version
• Install the 10.7 Web Adaptor
• Ensure you use the same context you used previously
• Reconfigure the Web Adaptor with your Portal
Recommended Order of Upgrade
3. Upgrade ArcGIS Server
1. In a multi-node site, it is recommended to upgrade one server at a time
2. At 10.7 you can no longer directly upgrade from 10.1
• If you are at 10.1 you will need to first upgrade to an intermediate version
Multi-Cluster Sites
• At 10.7 we no longer support multiple clusters
• During the upgrade, if you have multiple clusters:
• If you do not have the ‘Default’ cluster, this will be created
• All Servers in the site will be moved to the ‘Default’ cluster
• All Services will be moved to the ‘Default’ cluster
• This include the system and Utility services
• All services will be in a ‘Stopped’ state
• System and Utility services will be in their expected estate
• Services will need to be manually started
Recommended Order of Upgrade
4. Upgrade your Server’s ArcGIS Web Adaptor
• Take note of the web adaptor context you used at the previous version
• This is the Web Adaptor name (for example ‘arcgis’)
• Uninstall the previous version
• Install the 10.7 Web Adaptor
• Ensure you use the same context you used previously
• Reconfigure the Web Adaptor with your ArcGIS Server
Recommended Order of Upgrade
5. Upgrade ArcGIS Data Store
• Prior to 10.7 you are required to upgrade the Primary Data Store before you can
upgrade the Standby Data Store
• At 10.7 you are able to upgrade from either the Primary or Standby Data Store
• You will first need to install the setup on all Data Stores
• Relational and TileCache Primary and Standby
• All Spatiotemporal Data stores
• On one of the Data Stores initiate the upgrade
• Starting 10.6 you can no longer perform an uninstall/install upgrade of Data Store
• You will need to perform an inplace upgrade
• To upgrade the spatiotemporal Big Data Store
• Run the installation on each machine in the configuration
• Run the configuration on any machine in the configuration
• The remaining machines are all upgraded automatically
ArcGIS Enterprise: Road
Ahead
Interceptors, WebHooks,
GeoAnalytics, and
Containers
Developer technology: Server Interceptors (server filters)
• Today SOIs are very powerful but comes with high development cost and limitations
- Very powerful but also very low-level API
- Only works for Pro-based map services (ArcGIS Enterprise SDK) or ArcMap based map and
image services (ArcObjects SDK)
• Server Interceptors will be an expansion of the Server Object Interceptor (SOI) pattern
• Future plans include support for additional events for future services
- Feature.Created, Feature.Updated, Feature.Deleted, Feature.Edited
- Feature.AttachmentCreated, Feature.AttachmentUpdated, Feature.AttachmentDeleted
- Layer.SchemaChanged, Layer.DefinitionChanged, FeatureService.DefinitionChanged
• Payloads are designed to be skinny to minimize network overhead and for security
reasons
- Information on what happened and enough information to identify what was affected
- E.g. the service name, the layer id, and the OBJECTID of a modified feature
• Recipients are expected to decide how to act and contact the server to fetch
additional information if needed.
GeoAnalytics
• Spatiotemporal Clustering
- Where are points clustering in space as well in time?
• Data Sources
- Vision includes direct read from traditional RDBMS (SQL Server, Oracle, PostgreSQL
- Accumulo
- Hbase
- Google Cloud Storage
• Developer Story
- At 10.7 we exposed a tool to run custom Python code on your GeoAnalytics Server
- Can use pyspark, chain GeoAnalytics development and extensibility
- Future: Expose this functionality as part of Notebook Server
Deliver ArcGIS Enterprise as a collection
of microservices, running on containers,
managed by a standard orchestration
fabric
ArcGIS Enterprise: The Next Generation
Design Approach
• Software Delivery
• Containers
• Container orchestration
• Software architecture
• Microservices and Microservers
ArcGIS Enterprise: The Next Generation
Orchestration framework:
Kubernetes (K8s)
• Timeline
• Development throughout 2019 and 2020
• Initial release planned for second half of 2020
Introduction to ArcGIS Notebooks
Multidimensional
data
Hosted Imagery Layers Creation of tile layers
from Imagery
Configuration option
such as nodata
10.7.1/10.7.2 (subject to change)
• Ortho Maker
- Satellite Imagery
- Seamline editing
- Scanned imagery
- Custom frame camera UX
- Parrot SEQUOIA
10.7.1/10.7.2 (subject to change)
• Deep Learning
- Improved multi-GPU support
- Improved deployment scripts for deep learning framework setup
- Manage training samples in cloud storage (S3, Azure,…)
- Training sample manager Web UX
- Extract training samples in image space, image space inference
- Valuable for highly oblique images
- Remove distortions
Q4 2019/2020 (subject to change)