SlideShare a Scribd company logo

Esri ArcGIS Federal

Harsh Prakash (AWS, Azure, Security+, Agile, PMP, GISP)
Harsh Prakash (AWS, Azure, Security+, Agile, PMP, GISP)

This document summarizes lessons learned from a large enterprise implementation of Esri ArcGIS. It discusses challenges faced including the unique security responsibilities of the federal government. Key lessons included discouraging hybrid ArcGIS designs across multiple networks, allowing hours to move across contract years, using Agile over Waterfall for expedited life cycles, and increasing visibility of fixes from vendors. Prototyping with infrastructure as a service and emphasizing minimum viable products is also advised.

Related slideshows

Operationalizing Machine Learning at Scale at Starbucks
Operationalizing Machine Learning at Scale at StarbucksOperationalizing Machine Learning at Scale at Starbucks
Operationalizing Machine Learning at Scale at Starbucks
 
Analysing Web GIS apps
Analysing Web GIS appsAnalysing Web GIS apps
Analysing Web GIS apps
 
Snaplogic Live: Big Data in Motion
Snaplogic Live: Big Data in MotionSnaplogic Live: Big Data in Motion
Snaplogic Live: Big Data in Motion
 
1 of 13
Esri ArcGIS Enterprise In Retrospect: Lessons & Tips from a Large Enterprise Implementation
Agenda • Solution Summary • Challenges Faced • In Retrospect: Lessons & Tips • Q&A FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 2 / 13
Solution Summary • ArcGIS Portal, ArcGIS Servers (federated, cluster), ArcGIS Server (unfederated, stand-alone), ArcGIS DataStore, StreetMap Premium (Implemented: On-premise geocoding – ¼ billion addresses; Routing in a disconnected environment) • ArcGIS Online FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 3 / 13 API Query “Find all Providers X miles from Y” Foreground Data From Backend Database Background Map From ArcGIS – Internal & External Web Application Map Sandwich
Challenges Faced • Esri – ’Installing ArcGIS here is like pushing a square block up a right-angle hill’ • Unique security responsibilities of the federal government around high-value PII/PHI-based data assets and Expedited Life Cycle (XLC) processes FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 4 / 13
In Retrospect: Lessons & Tips Data • No PII/PHI could leave to arcgis.com, so a hybrid solution, but multi-VPN & multi-NICs i.e. different networks for different groups  ArcGIS is not designed for such fractured environments (BUG logged for mixing backdoor [privatePortalURL] with frontdoor [WebContextURL]).  So, discourage hybrid design of ArcGIS within multi-NIC and multi-VPN environment – Consider Esri Data Appliance.  Setup VIEWER role in ArcGIS for users with least privileges. • Not Public-facing  Use aerial imagery from the National Agriculture Imagery Program (NAIP) or OpenAerialMap to test internal basemaps. Budget • Hours  Allow hours to move across contract option years. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 5 / 13
In Retrospect: Lessons & Tips Process • Architecture Review (AR) • Preliminary Design Review (PDR) • Detail Design Review (DDR) • User Acceptance Test (UAT) • Operational Readiness Review (ORR)  Consolidate Gate Reviews to keep up the project pace.  Prefer Agile over Waterfall (XLC). FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 6 / 13 Not Started In Progress Testing Accepted Task 1 Task 2 Task 4 Task 5 Task 3 Kanban
In Retrospect: Lessons & Tips Prototyping • HTTPS requirement – Needed to decrypt • 3-zone architecture – Needed to negotiate SSL handshakes and establish trust to route token authentication between daisy-chained servers • No Web Adapter – Needed to proxy without  We replicated the 3-zones in Amazon Web Services (AWS). [AWS 1]  [AWS 2]  [AWS 3]  So, use Infrastructure as a Service (IaaS) for rapid piloting & prototyping. Provide test box (with admin privileges) for tool installation and prototype development. Note, Minimum Viable Product (MVP) doesn't have to be pixel-perfect. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 7 / 13
In Retrospect: Lessons & Tips Development • No custom development – Needed to use ArcGIS Web AppBuilder (WAB)  Use WAB for development, but don't oversell its ease (Ended up scripting for caching). Note, WAB can't run in a truly disconnected environment out-of-the-box. • Teams  Coordinate, but decouple frontend and backend release schedules, esp. with “horizontally-sliced” projects. • Testing  Test one app at a time in initial User Acceptance Testing (UAT).  Write clear test cases, and use screenshots/videos during testing to better capture bugs or vulnerabilities. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 8 / 13 Backend Frontend Infrastructur e Teams Team 1 Team 2 Team 3 Vertically Sliced Team 1 Team 2 Team 3 Horizontally Sliced
In Retrospect: Lessons & Tips ETL/ELT • Extract, Transform, Load  Prefer native ETL/ELT processes for less overhead. Communication • Triage  Setup regular touch-point calls to coordinate with various teams for transparent communication and timely escalation across appropriate management chains. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 9 / 13
In Retrospect: Lessons & Tips Support • Vendors – Esri, Red Hat, Teradata • E.g. Teradata’s ODBC 14.10 Driver Bug  We found it was issuing multiple queries to get multiple geometries (a.k.a. Offline Fetching), instead of using one query to get multiple geometries (or Inline Fetching) – Implemented option of local Cache or Cube.  So, increase visibility of fixes to tools or widgets, and pursue out-of-cycle patches with vendors. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 10 / 13
In Retrospect: Lessons & Tips Tools • Administration  Use great tools. Wireshark, Nmap, Nagios Fiddler, Postman, LDAP Browser New Relic, PuTTY, WinSCP Browser Dev Tools, Katalon, GlassWire TeamViewer, Cygwin FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 11 / 13
Commercial Off-the-Shelf (COTS) Tool Custom Tool Conformance to schedule is not the same as success FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 12 / 13
@gisblog FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 13 / 13

More Related Content

Esri ArcGIS Federal

  • 1. Esri ArcGIS Enterprise In Retrospect: Lessons & Tips from a Large Enterprise Implementation
  • 2. Agenda • Solution Summary • Challenges Faced • In Retrospect: Lessons & Tips • Q&A FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 2 / 13
  • 3. Solution Summary • ArcGIS Portal, ArcGIS Servers (federated, cluster), ArcGIS Server (unfederated, stand-alone), ArcGIS DataStore, StreetMap Premium (Implemented: On-premise geocoding – ¼ billion addresses; Routing in a disconnected environment) • ArcGIS Online FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 3 / 13 API Query “Find all Providers X miles from Y” Foreground Data From Backend Database Background Map From ArcGIS – Internal & External Web Application Map Sandwich
  • 4. Challenges Faced • Esri – ’Installing ArcGIS here is like pushing a square block up a right-angle hill’ • Unique security responsibilities of the federal government around high-value PII/PHI-based data assets and Expedited Life Cycle (XLC) processes FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 4 / 13
  • 5. In Retrospect: Lessons & Tips Data • No PII/PHI could leave to arcgis.com, so a hybrid solution, but multi-VPN & multi-NICs i.e. different networks for different groups  ArcGIS is not designed for such fractured environments (BUG logged for mixing backdoor [privatePortalURL] with frontdoor [WebContextURL]).  So, discourage hybrid design of ArcGIS within multi-NIC and multi-VPN environment – Consider Esri Data Appliance.  Setup VIEWER role in ArcGIS for users with least privileges. • Not Public-facing  Use aerial imagery from the National Agriculture Imagery Program (NAIP) or OpenAerialMap to test internal basemaps. Budget • Hours  Allow hours to move across contract option years. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 5 / 13
  • 6. In Retrospect: Lessons & Tips Process • Architecture Review (AR) • Preliminary Design Review (PDR) • Detail Design Review (DDR) • User Acceptance Test (UAT) • Operational Readiness Review (ORR)  Consolidate Gate Reviews to keep up the project pace.  Prefer Agile over Waterfall (XLC). FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 6 / 13 Not Started In Progress Testing Accepted Task 1 Task 2 Task 4 Task 5 Task 3 Kanban
  • 7. In Retrospect: Lessons & Tips Prototyping • HTTPS requirement – Needed to decrypt • 3-zone architecture – Needed to negotiate SSL handshakes and establish trust to route token authentication between daisy-chained servers • No Web Adapter – Needed to proxy without  We replicated the 3-zones in Amazon Web Services (AWS). [AWS 1]  [AWS 2]  [AWS 3]  So, use Infrastructure as a Service (IaaS) for rapid piloting & prototyping. Provide test box (with admin privileges) for tool installation and prototype development. Note, Minimum Viable Product (MVP) doesn't have to be pixel-perfect. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 7 / 13
  • 8. In Retrospect: Lessons & Tips Development • No custom development – Needed to use ArcGIS Web AppBuilder (WAB)  Use WAB for development, but don't oversell its ease (Ended up scripting for caching). Note, WAB can't run in a truly disconnected environment out-of-the-box. • Teams  Coordinate, but decouple frontend and backend release schedules, esp. with “horizontally-sliced” projects. • Testing  Test one app at a time in initial User Acceptance Testing (UAT).  Write clear test cases, and use screenshots/videos during testing to better capture bugs or vulnerabilities. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 8 / 13 Backend Frontend Infrastructur e Teams Team 1 Team 2 Team 3 Vertically Sliced Team 1 Team 2 Team 3 Horizontally Sliced
  • 9. In Retrospect: Lessons & Tips ETL/ELT • Extract, Transform, Load  Prefer native ETL/ELT processes for less overhead. Communication • Triage  Setup regular touch-point calls to coordinate with various teams for transparent communication and timely escalation across appropriate management chains. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 9 / 13
  • 10. In Retrospect: Lessons & Tips Support • Vendors – Esri, Red Hat, Teradata • E.g. Teradata’s ODBC 14.10 Driver Bug  We found it was issuing multiple queries to get multiple geometries (a.k.a. Offline Fetching), instead of using one query to get multiple geometries (or Inline Fetching) – Implemented option of local Cache or Cube.  So, increase visibility of fixes to tools or widgets, and pursue out-of-cycle patches with vendors. FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 10 / 13
  • 11. In Retrospect: Lessons & Tips Tools • Administration  Use great tools. Wireshark, Nmap, Nagios Fiddler, Postman, LDAP Browser New Relic, PuTTY, WinSCP Browser Dev Tools, Katalon, GlassWire TeamViewer, Cygwin FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 11 / 13
  • 12. Commercial Off-the-Shelf (COTS) Tool Custom Tool Conformance to schedule is not the same as success FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 12 / 13
  • 13. @gisblog FedGIS - Mar 2018 Harsh Prakash, PMP, GISP 13 / 13

Editor's Notes

  1. GIS & (SAP) BusinessObjects Manager, Business Intelligence (BI) / Extract, Load & Transform (ETL) program Health & Federal Business Unit, MANTECH Esri and Amazon Partner 17y – previously, with NIH implementing Esri + OGC/FOSS4G; before that, with FEMA implementing Esri Graduate of the University of Virginia, previously, served as the chairperson of the American Planning Association’s (APA) Technology Division
  2. Relate & Share
  3. Map Sandwich Database is called the Integrated Data Repository (IDR), comprising of Teradata and other Online Analytical Processing (OLAP) and Online Transaction Processing (OLTP) resources
  4. In no particular order
  5. See http://www.slideshare.net/gisblog/fedgis2017-72293729