enterprise gis architecture deployment options and security€¦ · performance factors network...
Post on 27-May-2020
13 Views
Preview:
TRANSCRIPT
Enterprise GIS Architecture Deployment Options and Security Amr Wahba
Esri Middle East and Africa User Conference December 10–12 | Abu Dhabi, UAE
Agenda Enterprise GIS Architecture Deployment Options
• Design process • Deployment options
- Architecture topology options - Application architecture deployment options - ArcGIS Server deployment options - Geodatabase deployment options - Virtualization options - Cloud deployment options - Environment options
• Tools
ArcGIS – A complete integrated system
Cloud
Enterprise
Local
• Discover • Create • Manage • Visualize • Analyze • Collaborate
Mobile
Desktop
E
Web
Choosing the option that's right for you
Architecture design process
The Open Group Architecture Framework
http://www.opengroup.org/togaf/
Phase B: Business Architecture
• Business Objectives and Workflows
• GIS-Supported Operations
• Business User locations
• Data Center and server infrastructure locations
• Business Continuity
Phase C: Application Architecture
• Application Patterns • Real-time data • Security • Performance SLA
Phase C: Application Architecture
Data Management
A Complete Integrated System
Planning & Analysis
Field Mobility
Operational Awareness
Constituent Engagement
Transform Data Into Actionable
Information
Collect, Organize, & Exchange Data
Get Information Into and Out of
the Field
Disseminate Information Where
and When it is Needed
Get Feedback and Make Informed
Decisions
Mobile Web api s Geodatabase Geodatabase Geoprocessing
Desktop Server Online
Web api s
Phase C: Data Architecture
• Data updates • Static vs. dynamic • Incremental vs. replace
• Existing Data Inventory • Data Storage Methods • Data Formats • Confidentiality • Recovery Objectives
Phase D: Technology Architecture
• Physical infrastructure • IT standards • Hardware capacity • System Availability • Disaster Recovery
Architecture topology options
Centralized Architecture
Single data center = lower cost
Performance depends on network: good bandwidth and low latency
• Required bandwidth: - Response size (Mb) - Throughput (req/hr)
• Network transport time: • Response size (Mb)
• Effective bandwidth
Performance factors Network transport time
No need to calculate it manually, System Designer Tool does it for you
3600/ reqMbitsTHMbps
usedMbpsMbpsreqMbitsTransport /(sec)
Performance Factors Network transport time
• Impact of service and return type on network transport time
- Compression - Content, e.g., Vector vs. Raster - Return type, e.g., JPEG vs. PNG
Network Traffic Transport Time (sec)
56 kbps 1.54 Mbps 10 Mbps 45 Mbps 100 Mbps 1 GbpsApplication Type Service/Op Content Return Type Mb/Tr 0.056 1.540 10.000 45.000 100.000 1000.000ArcGIS Desktop Map Vector 10 178.571 6.494 1.000 0.222 0.100 0.010Citrix/ArcGIS Map Vectror+Image ICA Comp 1 17.857 0.649 0.100 0.022 0.010 0.001Citrix/ArcGIS Map Vector ICA Comp 0.3 5.357 0.195 0.030 0.007 0.003 0.000ArcGIS Server Map Vector PNG 1.5 26.786 0.974 0.150 0.033 0.015 0.002ArcGIS Server Image JPG 0.3 5.357 0.195 0.030 0.007 0.003 0.000ArcGIS Server Map Cache Vector PNG 0.1 1.786 0.065 0.010 0.002 0.001 0.000ArcGIS Server Map Cache Vector+Image JPG 0.3 5.357 0.195 0.030 0.007 0.003 0.000
Demo: Network Speed Test Tool
http://ec2-54-242-238-110.compute-1.amazonaws.com/networktest/#
Distributed Architecture
Good performance-local application and data
Might require complex replication and synchronization process
Multiple datacenters = higher costs
Data replication considerations
Data replication considerations
Requirements GDB Replication1 FGDB copy/paste RDBMS Replication RDBMS clone Disk Block-level
Geopgraphic area and selected layers
Mixed DBMS
Geodatabase aware
Many to Many
Incremental Edits
Large Truncate/Reload 2
Near Time
Downtime: 0
Downtime: 5-60 min 1- 3rd party product integrated through Esri API
2- Consider disconnected synchronization if network has high latency
Application architecture deployment options
ArcGIS Desktop • Design considerations
• Overview: • http://resources.arcgis.com/en/communities/enterprise-gis/01n200000006000000.htm
- Full range of GIS tools
• Design Considerations: - Desktop processing requirements - User location relative to the data - Available network bandwidth - System Administration (installs, upgrades)
ArcGIS Desktop deployment options LAN – standard deployment
ArcGIS Desktop
ArcGIS Server
ArcSDE, FGDB
ArcGIS Desktop
ArcGIS Desktop deployment options WAN – Citrix compression
Performance depends image Compression and bandwidth
Citrix Client
Citrix Client
Citrix Client
Citrix Client
Citrix Server ArcGIS Desktop ArcSDE, FGDB
ArcGIS Server Web Applications
• ArcGIS API for Silverlight • http://resources.arcgis.com/en/communities/silverlight-api/
• ArcGIS API for Flex • http://resources.arcgis.com/en/communities/flex-api/
• ArcGIS API for JavaScript • http://help.arcgis.com/en/webapi/javascript/arcgis/index.html
ArcGIS Server Web Applications API Choice
• Development Expertise - Flex aligns with Java developers - Silverlight aligns with .NET developers - JavaScript aligns with HTML/JavaScript developers
• Plug in requirements - Flex and Silverlight require plug-in installation - Need to consider policies for plug-in usage
• Download for API - JavaScript requires connectivity to Esri for API download
(method is available to establish locally)
Smartphones Feature Service
iOS
Microsoft Windows Phone Android iOS
Mobile devices Mobile data service
• Design considerations - Always vs. sometimes connected - Getting data on to the devices - Managing synchronization timing
ArcGIS for Windows Mobile GIS f Wi d M
Rugged Devices
ArcPad
ArcGIS Server deployment options
ArcGIS Server Single ArcGIS Server machine
ArcGIS Server High availability configuration
ArcGIS Server 10.1 Single firewall
• Port 80 opened • GIS and data server reside in the secure internal network
ArcGIS Server 10.1 Multiple firewall
• Port 80 and 6080 • Web adapter acts as reverse proxy • GIS and data server reside in the secure internal network
ArcGIS Server 10.1 Integrating an existing proxy
• Add your ArcGIS Server site to proxy directives, e.g. apache httpd.conf
- ProxyPass /arcgis http://myserver:6080/arcgis ProxyPassReverse /arcgis http://myserver:6080/arcgis
Proxy Page
ArcGIS tokens
GIS Tier Application Tier
Architecture at 10.0
GGIS TieGIS TGIS T er
GIS Services
Data Tier
Internal Network DMZ Web
HTTPS LAN DCOM LAN
Internal Netw
SQL Server users & roles
y PaPagggege
S tokensS t k
H
External Web Tier
HTTPS M
Internal Web Tier
workwo
Windows security store
ArcGIS Web
custom code for ArcGIS tokens
SOM
SOC SOC
IIS
IIS
Reverse proxy
Enterprise Geodatabase
Service Authorization
GIS Tier Application Tier
Architectural transition
TieGGGIS TGIS T er
GIS Services
Data Tier
Internal Network DMZ Web
HTTPS LAN DCOM LAN
Service Authorization
Internal Netw
SQL Server users & roles
External Web Tier
HTTPS M
Internal Web Tier
workwo
Windows security store
DMZ
Proxy Page
ArcGIS tokens
ArcGIS Web
custom code for ArcGIS tokens
SOM
SOC SOC
IIS
IIS
Reverse proxy
SOSOSOSOSSSOSSOSOSSOSOSOSOSOSOSSOSOSSSSSSOSSSSOSSSOSSSOSOOSOOSOSOOOOOOSOOOOSSSOOSSSSSOOSSSSSSSSOSSOSSOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOSOSOSOSSSSSSSOSOSOSOSOSSOSOSOSOSOOSOSSSSOOSSOOSSSSOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO SSOSOOSSOSOSOOOSOSOOOOOSOOOSOOOOOSSSOOSSSSSSOOSSOSSSOOSOOOOOCSOSSSOSOSOSOOOOOOSOOOOOOOOOOOSOOOOOOOOOOOOOCCSOSSSOSOOSOOOOSOOOOOSOOOOOOSOOSOSSSSOSOOOOOOCSSOSSOSOSOSSOSOSOSOSOOSOSOSOOSOOOOOOOSSSSOSSSOSSSSOOSSOSS CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC SSSSSSSSSSSSSSSSSSSCCCCCCCCCCCCCC SSSSSSSSSCCC CC CCC CC C C C C CCCC C C CCCCC CCC CCCC CCCCC SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS
GIS Servers
SSSSSServvvverrrrrrSSSSSServvvverrrrrrrr&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& ooo ee
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrreesssssssssssssssssssseeeeessssssssssssssssssssssssssssssssssssssssssrrr
e& rrrrrrrrrrrorrrrrr& rrrrrrrrrrrorrrrrrrrrrrrrrrrrrrrrrrrrrrrreeeeeeeeeeeeeeerrrrrrrrrrrrrrrrvrrrrrrrrrrrrrreeeeeeerrrrrrrvrrrrrrrrrrrrr
&&&&&&&&&&&&&&&&&& rrrrrrrrrorrrorrooooooooooooollllelleleleleleleleleleleeloooooooooooooooooooooooooooooooollllllllllllllllllllllllllleleleleeeelleleleleleleeeeleeeeleeeeevvvvvvvvvvvvvvvvvvvvvvvveeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeevvvvvvvvvvvvvvvveeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeoooooolllllllllllllllllleleleeleeleeele
ArcGIS Server Site
Built-in store
y PaPagggege
S tokensS k
HIIIII
eeeRRRRRxxxxyyyyxyoxoxoxoxoxprprprproooorooooxyroxproro
TieerWEEEEEEEEEEEEEEEEEEEEEEEEEEEExxxxxxxxxxxxxxxxxxxxxxxxxxxxttttttttttttttttttttttttttteeeeeeeeeeeeeeeeeeeeeeeeeerrrrrrrrrrrrrrrrrrrnnnnnnnnnnnnnnnnnnnnnnaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaEEEEEEEEEEEEEEEEEEEEEExxxxxxxxxxxxxxxxxxtttttttttttttttttttteeeeeeeeeeeeeeeeeeeeeeeerrrrrrrnnnnnnnnnnnnnnnaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaWWe TTiiee
aaaaaaaaaaaaaaaaaaaaaaaalllllllllllllllllllllllllaaaaaaaaaaaaaaaaallllllllller
Web Tier
IIIIIIIIIIISSSSSSSSSSSSSSSSSIISSSIIIISSSSSSSSSSSSSSIIISSS
WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWeeeeeeeeeeeeeeeeeeeeeeeeeeeeebbbbbbbbbbbbbbb TWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWeeeeeeeeeeeeeeeeeeeebbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb TTIIS
Web Adaptor rrrrrrrrrrsrsrsrrrsrrrrrrrrrrrrrrrsrrrrseeeReReeReReReeeeReReReeReReReReeeeeeeReReeeeeeeeeeeeeeeeeeeevevevevevevevevevevevvvvveveveveveveveveveveveeevevvevevveveveeveevevevveveveveeveveeveeeveerrrrrrrrrrrrrrrrrrrrrReReReReReReReReReReReReReReRReReRReRRRRRReRRReRRReRReRRRRRReReReReRReRReRRReRRReReReReReReReeeReReReReReReReReReeRReReReRRRRReeeeeeeeee
Web
S
uuststomom c cododee foforrcucuArcGIS tokens
AAAAAAAAAAAAAAAAAAAAAAAAAAppppppppppppppppppppppppppppppppppppppppppppppppppppllllllllllllllllllllliiiiiiiiiiiiiiiiiiiiiiccccccccccccccccccccccccaaaaaaaaaaaaaaaaaaaaaaaaaatttttttttttttttttttttttttiiiiiiiiiiiiiiiiiiiiioooooooooooooooooooooooooAAAAAAAAAAAAAAAAAAAAAAAAAAA ooooooooopppppppppppppppppppppppppppppppppllllllllliiiiiiiiccccccccccccccccccccccaaaaaaaaaaaaaatttttttttttttttiiiiiiiioooooooooooooooooooooooooocccccccaaaaaaaaaaaaaaaaaaaatttttttttttttttttttiiiiiiiioooooooooonnnnnnnnnnnnnnnnnnnnnnnnnTTTTTTTTTTTTTTiiiiiiiiieeeeeeeeeeeeeeeeeeeeeeeee
ppppppppppppppppppppppppppppppllllliiiiiccccccccccccccccccccccaaaaaaaaaaaaattttttttttiiiiiiiooooTTTTTTTTTTTTTTTTiiiiiiiiiiiiiieeeeeeeeeeeeeeeeeeTTTTTTTTTTTTTTTTTTTTTTTTTTiiiiiiiiiiiiiiiiiiiiiieeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
oooooooooooooooeeeeeeeeeeerrrrrrrrrrrrrrrrr
oooooocccaaaaaaaaaaaaaaaaattttttttttiiiiiiiooooooeeeeeeeeeeeeerrrrrrrrrrrrrrrrrrrreeeeeeeeeeeeeeeeeeeerrrrrrrrrrrrrrrrrrrrrrrr
Application Tier
Wizard builder
Identity manager
Enterprise Geodatabase
GIS Tier
Default 10.1 security configuration
eGGIS TiI eer
GIS Services
Data Tier
Internal Network DMZ Web
HTTPS LAN
Service Authorization
HTTPS
GIS Servers
Built-in store
ArcGIS Server Site
Web Tier
Web
Application Tier
Wizard builder
Identity manager
IIS
Web Adaptor Ad tt
Enterprise Geodatabase
What Architecture is Right for Me?
Capability Security Store Authentication Tier
Authentication Method
Encryption (HTTPS)
Single Sign On Active Directory Web Tier (IIS) Integrated Windows (IIS)
Optional
Public/Private Services
Any GIS Tier ArcGIS Tokens Recommended
Enterprise Users & Roles
Active Directory, LDAP
Any Any Recommended
Web Editing Any Any Any Recommended
Mobile Applications
Any Any Any Recommended
SharePoint Any Any Any Recommended
Enterprise Users & Built In Roles
Active Directory, LDAP
Any Any Recommended
Linux LDAP, Built-In Any Any Recommended
ArcGIS Online Any Any Any Recommended
Geodatabase deployment options
Which database to select? Follow your IT standards, expertise and cost
• DBMS impact on overall performance is typically low - < 20% of total response time
39
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
FGDB_Local_URL SHP_Local_URL Ora11g_AS_URL SQLSvr_AS_URL Postgres_AS_URL
Thro
ughp
ut (T
r/Hr)
Low Complexity Map: Throughput vs. data source
Geodatabase editing Production and Publication
• Pros: - Better security - Improved performance - Additional hardware capacity
• Cons: - Requires replication - Additional hardware
Editors
1-Way Replication Publication
(Read only)
Production
(Versioned GDB)
Viewers
Viewers
Geodatabase editing Internal and external web editing
• Pros: - Better security - Improved performance - Additional hardware capacity
• Cons: - Requires replication - Additional hardware
Editors
2-Way Replication Geodata Service
External (Versioned GDB)
Internal (Versioned GDB)
Web editors
Viewers
Virtualization options
Virtualization Methods
• Server Virtualization - abstraction of the underlying physical system: storage,
processors and memory and operating systems
• Session Virtualization - multiple users share a single operating system and set
of installed applications.
• Desktop Virtualization - centralized remote desktop computing architecture
leveraging server virtualization as the back-end computing infrastructure.
Server Virtualization Benefits
• An effective mechanism to reduce server counts • Faster deployment • Better resource utilization
Server Virtualization Efficiency
4
Processors
Physical
Over-commitment
Physical
Right-sizing
Memory
Operating System (shared)
Other (Exclusive)
OS (Exclusive)
Operating System (shared)
Other (Exclusive)
OS (Exclusive)
Operating System(shared)
Operating System(shared)
Storage Access
Networking
Cloud deployment options
What is Cloud: IaaS? • Infrastructure-as-a-Service (IaaS)
• Provides virtual server instances - Configure virtual servers - Configure storage - Manage instances
• Examples: - Amazon Web Services
Your Server Room Amazon EC2
Conceptual Overview of the Cloud Infrastructure-as-a-Service (IaaS)
Advantages of the Cloud
• Robust hardware and network infrastructure
• Elastic deployments
• Fast and inexpensive prototyping
• Easy short-term or emergency deployments
• Ease of setting up a public-facing site isolated from your own network
Infrastructure-as-a-Service (IaaS)
What is Cloud: PaaS? • Platform-as-a-service(PaaS)
• Set of APIs, services, and product development tools hosted on the provider's infrastructure.
• Developers create applications on the provider's platform over the Internet
• Examples: - Microsoft Azure, GoogleApps, Force.com
What is Cloud: SaaS? • Software-as-a-service(SaaS)
• Vendor supplies the hardware and software infrastructure … whole applications
• Broad market • Examples:
- ArcGIS.com, bao.esri.com, Crimemapping.com, Salesforce.com
Cloud deployment options
Environment options
System Environment Types
Reflect Production as closely as possible but without full scalability
Development Systems Production Systems
Network Load Balancer Network Load Balancer
System Designer tool
System Designer • Solution Architecture design tool
• Gathering requirements
• Designing
• Capacity: CPU, Network, Memory
• Reporting
System Designer Provides solution templates for quick analysis
Demo: System Designer
•Thank you
• awahba@esri.com
• System Designer • http://www.arcgis.com/home/item.html?id=8ff490eef2794
f428bde25b561226bda • Network Test • http://www.arcgis.com/home/item.html?id=2b8d4ac8b102
453bb0437cdd7a07dd27
top related