esri location analytics: four implementation models
DESCRIPTION
Esri Location Analytics: Four Implementation ModelsTRANSCRIPT
Esri® Location Analytics: Four Implementation Models An Esri® White Paper July 2014
Copyright © 2014 Esri All rights reserved. Printed in the United States of America. The information contained in this document is the exclusive property of Esri. This work is protected under United States copyright law and other international copyright treaties and conventions. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or by any information storage or retrieval system, except as expressly permitted in writing by Esri. All requests should be sent to Attention: Contracts and Legal Services Manager, Esri, 380 New York Street, Redlands, CA 92373-8100 USA. The information contained in this document is subject to change without notice. Esri, the Esri globe logo, ArcGIS, StreetMap, GeoEnrichment, esri.com, and @esri.com are trademarks, service marks, or registered marks of Esri in the United States, the European Community, or certain other jurisdictions. Other companies and products or services mentioned herein may be trademarks, service marks, or registered marks of their respective mark owners.
J10243
Esri White Paper i
Esri Location Analytics: Four Implementation Models
An Esri White Paper Contents Page
Overview ............................................................................................... 1
Four Implementation Models ................................................................ 2 Product Descriptions ....................................................................... 2
Cloud Model with ArcGIS Online ........................................................ 2
Security ................................................................................................. 3 Security and Privacy Considerations .............................................. 4
Map Rendering.......................................................................... 4 GeoEnrichment Service and Infographics ................................ 5 Routing and Geocoding ............................................................ 5 Sharing and Collaboration ........................................................ 6
Hybrid Cloud/On-Premises Model with ArcGIS Online and ArcGIS for Server .............................................................................. 7
Security ........................................................................................... 7 Security and Privacy Considerations .............................................. 8
Hybrid Cloud/On-Premises Model with ArcGIS Online and Portal for ArcGIS ............................................................................... 9
Security ........................................................................................... 9 Security and Privacy Considerations .............................................. 10
On-Premises Model with Portal for ArcGIS ......................................... 11 Security ........................................................................................... 11 Security and Privacy Considerations .............................................. 12
Conclusion ............................................................................................ 12
J10243
Esri White Paper
Esri Location Analytics: Four Implementation Models
Overview Esri® Location Analytics is a strategy for enabling everyone in your organization to discover, use, make, and share maps and geographic data anywhere, on any device, at any time. This document is designed to help you understand the different implementation models available to your organization based on considerations such as financial resources, staffing, risk, and security. Esri's ArcGIS® named user licensing includes access to configurable applications that integrate with the following business systems: ■ IBM Cognos Business Intelligence ■ SAP BusinessObjects ■ MicroStrategy ■ Salesforce.com ■ Microsoft Dynamics CRM ■ Microsoft SharePoint ■ Microsoft Office In addition to these applications, Esri provides a broad range of APIs and software development kits (SDK) to integrate ArcGIS with virtually any business system or workflow. For details, see Location Analytics. ArcGIS can be implemented through cloud, on-premises, or hybrid deployment options. Esri anticipates that, as with any enterprise-level solution deployment, many of our customers will wish to undertake a formal discovery process during which best practices decisions will be made regarding ■ Development, staging, and production environments. ■ Solution hardware and software specifications. ■ Resource allocation in light of service-level agreements (SLAs). ■ High-availability architectures and service/data redundancy. ■ Overall system security. Due to the unique needs of each of our customers, this paper is not meant to serve as a system architecture design but describes common patterns for implementing ArcGIS. All diagrams are conceptual, and data security and privacy concerns are emphasized.
Esri Location Analytics: Four Implementation Models
J10243
July 2014 2
Four Implementation
Models
The four implementation models are 1. Cloud Model with ArcGISSM Online. 2. Hybrid Cloud/On-Premises Model with ArcGIS Online and ArcGIS for Server. 3. Hybrid Cloud/On-Premises Model with ArcGIS Online and Portal for ArcGIS. 4. On-Premises Model with Portal for ArcGIS.
Product Descriptions ■ ArcGIS Online is a cloud-based, collaborative mapping platform for creating, managing, and sharing maps, data, and other geographic information. For details, see ArcGIS Online.
■ ArcGIS for Server is software for sharing your geographic information system
(GIS) resources across an enterprise as web services. It is composed of a scalable line of editions based on functionality and levels based on capacity. For details, see ArcGIS for Server.
■ Portal for ArcGIS is a feature of ArcGIS for Server that provides a mapcentric,
collaborative content management system that organizations can deploy in their own infrastructure (i.e., on-premises). For details, see Portal for ArcGIS.
■ ArcGIS for Desktop is software for creating, editing, and analyzing geographic
knowledge to examine relationships; test predictions; and, ultimately, make better decisions. For details, see ArcGIS for Desktop.
■ StreetMap™ Premium for ArcGIS is a ready-to-use street dataset that works with
ArcGIS to provide geocoding, routing, and high-quality cartographic display. For details, see StreetMap Premium for ArcGIS.
■ Data Appliance for ArcGIS is a turnkey solution that provides terabytes of
worldwide basemaps and reference layers preloaded onto a network-attached storage device that plugs right into your organization's internal network. For details, see Data Appliance for ArcGIS.
Cloud Model with
ArcGIS Online Most Esri applications and data products are either built on top of ArcGIS Online or connect through it to form an integrated system for creating, analyzing, and distributing maps and spatial data. Under this architecture, customers configure an ArcGIS Online account that is sized appropriately for the expected user load. The account is based on an annual subscription plan. Information about current subscription plans is available at esri.com/software/arcgis/arcgisonline/purchase. In addition to being a geographic content management and mapping system for organizations, ArcGIS Online supports the sharing and collaboration features of the ArcGIS platform and facilitates searches for data across all Esri products that connect to ArcGIS Online. The customer has cloud-based, read-only access to Esri basemaps, boundary map services, business data, community and lifestyle data, demographics information, and much more. ArcGIS Online provides routing, geocoding, and other location services such as drive-time analysis. In addition, this architecture provides the customer with access to additional data and services published and shared by an extensive Esri community.
Esri Location Analytics: Four Implementation Models
J10243
Esri White Paper 3
Customers may also configure and publish web maps and map services in ArcGIS Online to serve their own spatial data. In order to connect and publish data, at least one license of ArcGIS for Desktop is required. All web maps and map services created and explicitly shared by the customer are stored and accessed via ArcGIS Online.
Security ArcGIS Online serves as the repository for the sharing model (including users, roles, and groups). ArcGIS uses the underlying sharing model of ArcGIS Online. Additionally, the customer may elect to configure the use of enterprise logins via Security Assertion Markup Language (SAML) and a supported Lightweight Directory Access Protocol (LDAP) provider. Users can configure Active Directory Federation Services 2.0, NetIQ Access Manager 3.2, OpenAM 10.1.0, Shibboleth 2.3.8, or SimpleSAMLphp 1.10 as the identity provider. The customer may further elect to require Secure Sockets Layer (SSL) for all communication with ArcGIS Online and optionally disable sharing of on-premises business system data through the use of users/roles permissions and the sharing settings within location analytics products (see figure 1).
Figure 1 Cloud Model with ArcGIS Online
This diagram depicts how ArcGIS would be integrated with a generic business system and configured to embed map content and map-based analytics into the business system dashboard or user interface (UI).
Esri Location Analytics: Four Implementation Models
J10243
July 2014 4
Security and Privacy Considerations
Access to data for implementing ArcGIS uses the underlying sharing model of ArcGIS Online, whereby all spatial data layers, map services, and web maps reside within and are accessed via ArcGIS Online. Access to data is controlled by named user logins or by accessing the organization's data through the use of a registered application key, whereby ■ Authorization is controlled through the use of users and groups within the
ArcGIS Online organization. ■ Administrators can require SSL encryption for all access and interaction with their
ArcGIS Online for Organizations subscription. ■ All data is encrypted in transit over the Internet. Data is not encrypted in situ within
ArcGIS Online. ■ Data can be encrypted during upload through the use of third-party solutions. ArcGIS Online administrators and users should understand the security and privacy considerations inherent in a cloud-based solution. The most common types of interaction with ArcGIS Online are as follows:
Map Rendering Maps within ArcGIS are delivered in one of three formats: ■ Image tiles—for cached map services ■ Map images from dynamic map services ■ Feature data drawn on the map by combining geometries from a feature service with
data held in the business system (feature data drawn on the map takes place entirely within the consuming client. No customer data is transmitted outside the containing business system during map rendering tasks.)
Figure 2
Map Rendering
Maps are delivered in one of three formats: image tiles, map images, and feature data.
Esri Location Analytics: Four Implementation Models
J10243
Esri White Paper 5
Information transmitted outside the customer's firewall includes one or more source URLs for map data that has been registered with or stored in ArcGIS Online as well as projection and bounding box information from the map. Information received back through the firewall will include map images or URLs to map images and feature geometries and attributes in JSON format.
GeoEnrichment Service and
Infographics
The ArcGIS platform provides a GeoEnrichmentSM service that's built on the ArcGIS REST API. The service can be used to add fields to the business analysis layer and populate them with spatially relevant values, such as demographics. The API provides a method for generating a variety of infographics (charts, graphs, tables) within ArcGIS. It operates on a user-provided geometry (clicking or drawing on map), spatial reference information derived from the map, and a list of variable values that the user wishes to use. Information received back through the firewall is a JSON format response containing the requested data relevant to the submitted geometry. For these activities, no customer data is transmitted outside the firewall beyond the location information and variable names used for GeoEnrichment services or generation of infographics.
Figure 3 GeoEnrichment
The GeoEnrichment service adds fields to the business analysis layer and populates them with spatially relevant values.
Routing and Geocoding
In most routing and geocoding workflows, one or more street addresses are transmitted to the Esri World Geocoder, and an x,y location is returned to the client for each submitted address. In other cases, routes with driving directions or drive-time polygons are returned to the client for further processing and rendering.
Esri Location Analytics: Four Implementation Models
J10243
July 2014 6
Figure 4 Geocoding, Routing, and Drive Times
Street addresses are returned as x,y locations using the Esri World Geocoder. During the geocoding process, address information from a customer's business system is transmitted outside the firewall to the Esri World Geocoder, and JSON format data on location, route, or drive-time polygons is returned to the consuming client. An HTTPS URL is available for geocoding, which will encrypt all data in transit. For some organizations, the use of hosted routing, geocoding, and drive-time functionality could be a source of concern in terms of on-premises business data security and privacy. If this is the case, an on-premises solution may be appropriate.
Sharing and Collaboration
One of the key value propositions for ArcGIS Online is the capability to share and collaborate with map content. Users must be aware that information may be transmitted and stored when it is shared. For example, if a business system dashboard author or consumer elects to share a map or individual data layer via the ArcGIS Online organizational account, a snapshot of the business system data being rendered on the map is packaged along with spatial information required to display it and transmitted and stored in ArcGIS Online.
Figure 5 Sharing and Collaboration
When a map or individual data layer is shared via ArcGIS Online, a snapshot of the data on the map is packaged along with spatial information, then transmitted and stored in ArcGIS Online.
Esri Location Analytics: Four Implementation Models
J10243
Esri White Paper 7
Typically, sharing means that ■ A map service is created. ■ A CSV file is uploaded for each business system data layer in a map. ■ A feature service is created for each map layer derived from business data. ■ A web map is created (essentially, a JSON format config file) that duplicates the
view of the map from within the business system. Users must understand that in such cases, they are transmitting their business data through the firewall to be available to authorized groups within ArcGIS Online and other Esri products. In ArcGIS, the sharing capability can be administratively turned off by default.
Hybrid Cloud/On-Premises Model with
ArcGIS Online and ArcGIS for Server
In this scenario, the organization wishes to keep sensitive spatial data inside the organization's firewall. To do this, the standard architecture described in the section "Cloud Model with ArcGIS Online" can be enhanced with one or more ArcGIS for Server instances.
Security All the features of the standard architecture apply. However, services on one or more ArcGIS servers are registered with the ArcGIS Online account. These services are available with ArcGIS. The ArcGIS for Server service registration process effectively creates a "pointer" to where the data is located and enables discovery of the data. The ArcGIS for Server token-based security model is respected in these cases. In this manner, customer data is stored and accessed using on-premises or Amazon-based ArcGIS for Server, and none of the customer's spatial data assets reside in ArcGIS Online unless they are explicitly uploaded. As with the standard architecture, ArcGIS Online serves as the repository for the sharing model; supports sharing and collaboration; and includes standard Esri datasets and services such as routing, geocoding, drive-time, and GeoEnrichment service requests.
Esri Location Analytics: Four Implementation Models
J10243
July 2014 8
Figure 6 Hybrid Cloud/On-Premises Model with ArcGIS Online and ArcGIS for Server
This diagram depicts how ArcGIS would be integrated with a generic business system using a hybrid model, where some map and feature services are created and maintained on-premises and shared via ArcGIS Online.
Security and Privacy Considerations
The same basic security and privacy rules for business data apply in this hybrid architecture as in the cloud model described previously. The only time business data leaves the organization's firewall is when geocoding is performed on addresses stored within the target business system or when a user explicitly shares a map or individual map layer through the ArcGIS Online account. The main difference between this architecture and the cloud model is that when business data is rendered over the map and the spatial data is stored in an on-premises database and made available via ArcGIS for Server, it can also be used for standard map layers and as a geometry source for rendering business system data. In this manner, proprietary or sensitive spatial data can be housed and secured on-premises via ArcGIS for Server, while less sensitive assets can be stored in ArcGIS Online. The presence of an on-premises ArcGIS for Server installation does not, in and of itself, make any modifications to the sharing, search, and security patterns that depend on ArcGIS Online.
Esri Location Analytics: Four Implementation Models
J10243
Esri White Paper 9
Hybrid Cloud/On-Premises Model with
ArcGIS Online and Portal for ArcGIS
In special circumstances, some organizations may use ArcGIS with highly sensitive information. For example, organizations that handle personal health information or intellectual property may be prohibited from transmitting information outside the organizational firewall as a matter of policy. In this scenario, a hybrid architecture that mixes on- and off-premises resources may serve as an acceptable implementation pattern.
Security Under this architecture, the organization establishes and configures an on-premises instance of Portal for ArcGIS to support collaboration and sharing within the organization's own infrastructure. Portal for ArcGIS then serves as the repository for the sharing model (including users, roles, and groups), supports the sharing and collaboration features of the ArcGIS platform, and facilitates searches for data. The organization may need to provide map content to a community of users or customers outside the firewall. In this case, the organization can optionally set up an ArcGIS Online Nexus account to facilitate the sharing of selected maps and datasets. Nexus users have cloud-based, read-only access to all Esri basemaps, boundary map services, business data, community/lifestyle data, and demographics information. An instance of StreetMap Premium for ArcGIS is required to provide routing, geocoding, and drive-time analysis services. Portal for ArcGIS must be configured to use these internal services. The organization may elect to configure the use of enterprise logins via SAML and a supported LDAP provider. The customer may further elect to require SSL for all communication with the ArcGIS Online Nexus account. An ArcGIS for Server instance is required under this architecture.
Esri Location Analytics: Four Implementation Models
J10243
July 2014 10
Figure 7 Hybrid Cloud/On-Premises Model with ArcGIS Online and Portal for ArcGIS
This diagram depicts how ArcGIS would be integrated with a generic business system, where Portal for ArcGIS is used to share highly sensitive information within the organizational firewall.
Security and Privacy Considerations
This architecture leverages the hosted geographic content, GeoEnrichment service capabilities, and infographics available through ArcGIS Online; however, the architecture moves the sharing model, search capabilities, and routing and geocoding on-premises behind the organization's firewall. Under this model, maps may be composed of one to many map layers that may be registered with Portal for ArcGIS. The map layers may be local to the customer network, or they may be publicly accessible at an Internet location. In either case, a simple request to get map data from a service URL is required. Collaboration and sharing across the organization are facilitated by the use of Portal for ArcGIS. Likewise, address information for geocoding operations also remains on-premises through the implementation of StreetMap Premium for ArcGIS. The organization still has the option to manually upload or register nonsensitive data to the ArcGIS Online Nexus account.
Esri Location Analytics: Four Implementation Models
J10243
Esri White Paper 11
On-Premises Model with Portal for
ArcGIS
For some clients, a full on-premises implementation of ArcGIS is warranted either due to the extreme sensitivity of location and other business data transmitted online or due to completely disconnected network architectures whereby users have an internal network but no access to the Internet from within the organization's infrastructure. In these rare circumstances, an on-premises architecture is possible—one that includes many of the key features of the Esri platform, albeit with reduced functionality.* *GeoEnrichment service and infographics are not available with this configuration.
Security Under this architecture, the customer establishes and configures an instance of Portal for ArcGIS to support collaboration and sharing within the organization's own infrastructure. Portal for ArcGIS serves as the repository for the sharing model (including users, roles, and groups), supports collaboration across the ArcGIS platform, and facilitates searches for data. An optional ArcGIS Online Nexus account can be set up to facilitate sharing of selected maps and datasets as needed. Data Appliance for ArcGIS is required to provide the customer with access to all Esri basemaps, boundary map services, and other standard data offerings. An instance of StreetMap Premium for ArcGIS is required to provide routing, geocoding, and drive-time analysis services. Portal for ArcGIS is configured to use these internal services.
Figure 8 On-Premises Model with Portal for ArcGIS
This diagram depicts how ArcGIS would be integrated with a generic business system on-premises.
Esri Location Analytics: Four Implementation Models
J10243
July 2014 12
Security and Privacy Considerations
Beyond standard security considerations critical in any networked computing environment, the risk for accidental disclosure of sensitive information under this architecture is low. However, users can still share data to the ArcGIS Online Nexus account if configured.
Conclusion There are four common implementation models for ArcGIS: 1. Cloud Model with ArcGIS Online 2. Hybrid Cloud/On-Premises Model with ArcGIS Online and ArcGIS for Server 3. Hybrid Cloud/On-Premises Model with ArcGIS Online and Portal for ArcGIS 4. On-Premises Model with Portal for ArcGIS These different configurations address an organization's specific needs with regard to data sensitivity and basic security concerns about sharing maps and geographic data assets. Each implementation model can be integrated with existing enterprise business intelligence, customer relationship management, and office collaboration and productivity systems to help organizations discover, use, make, and share maps and geographic data anywhere, on any device, at any time. For more information, contact your local Esri office.
Printed in USA
Contact Esri
380 New York Street Redlands, California 92373-8100 usa
1 800 447 9778 t 909 793 2853 f 909 793 5953 [email protected] esri.com
Offices worldwide esri.com/locations
Esri inspires and enables people to positively impact their future through a deeper, geographic understanding of the changing world around them.
Governments, industry leaders, academics, and nongovernmental
organizations trust us to connect them with the analytic knowledge
they need to make the critical decisions that shape the planet. For
more than 40 years, Esri has cultivated collaborative relationships
with partners who share our commitment to solving earth’s most
pressing challenges with geographic expertise and rational resolve.
Today, we believe that geography is at the heart of a more resilient
and sustainable future. Creating responsible products and solutions
drives our passion for improving quality of life everywhere.