SlideShare a Scribd company logo

Portal vs. ArcGIS Online

Download as PPTX, PDF
SSP Innovations
SSP Innovations

An ArcGIS portal can be implemented either through ArcGIS Online (the cloud-based version) or Portal for ArcGIS (an on-premise installation). Both provide a web-based interface for accessing and sharing enterprise mapping applications and data. The document discusses various architectures and authentication methods for setting up a portal, including using a virtual private network and integrating with Active Directory. It also outlines three approaches for using a portal: manually registering services, federating with ArcGIS Server, or designating the portal as a hosted server.

1 of 34
Portal vs. ArcGIS Online When, Why & How to Install Each
What’s a Portal? It’s a very generic word:  Roots dating back hundreds of years
Computing Portal A Web portal or public portal refers to a Web site or service that offers a broad array of resources and services, such as e-mail, forums, search engines, and online shopping malls. The first Web portals were online services, such as AOL, that provided access to the Web, but by now most of the traditional search engines have transformed themselves into Web portals to attract and keep a larger audience. An enterprise portal is a Web-based interface for users of enterprise applications. Enterprise portals also provide access to enterprise information such as corporate databases, applications (including Web applications), and systems.
Use of the word Portal ~1994: AOL becomes a Portal …a web site or service that offers a broad array of resources and services, such as e-mail, forums, search engines, and online shopping malls.
Enterprise Mapping Portal  Enterprise portals cover all areas of business  Mapping Portals were a logical evolution of GIS
ArcGIS Meets Portal  The first portal offering was ArcGIS Online  Defined Web GIS
ArcGIS Meets Portal  Portal for ArcGIS simply moves Web GIS onto Your Infrastructure
The Importance of Capitalization  Upper Case Portal = Portal for ArcGIS  Lower case portal = ArcGIS Online (or lack thereof) An ArcGIS portal is a web-based interface for users of enterprise mapping applications and/or informational products. An ArcGIS portal may be used via Esri’s software as a service (SAAS) offering called ArcGIS Online or fully on-premise via a local installation of the Portal for ArcGIS product. The intent and usage of an ArcGIS portal are the same either way.
Why All the Talk About Portal?  Portal is the technology by which most GIS data will be served up and consumed in the future. Really? Let’s talk for a moment about why I say this.
The Utility Network is Coming  The utility network is Esri’s new network for managing connected electric, gas, & water facilities.  In Alpha right now, SSP has been testing & providing feedback (sworn to secrecy)  Many new benefits including non-coincident connectivity, structural associations, and containment modeling….  Editing of utility network will occur natively in ArcGIS Pro SSP-Sponsored Pre-Conference Workshop at EGUG
Utility Network Runs on Fairy Dust  Where Fairy Dust = Portal Web Services!  The Alpha version currently runs off direct connect to GDB  BUT the final release will run off of REST End Points  Increased Performance  Centralized Data Access  Also Available to WebMaps,  Runtime,  Third Party Integration  In my humble opinion, it will be a while before you use the Utility Network in a production system  But educate and prepare yourselves for the road ahead
Related Sidebar 1. Upgrade to ArcGIS Desktop 10.2.1  Esri will support this version until the Utility Network is ready  Schneider will follow the leadership of Esri  Significant Performance Improvements  Optionally Feeder Manager 2.0  Major Conflict Management Improvements  Esri Utility Patches  Schneider 10.2.1b  This only applies to Desktop/GDB, not to Server/Platform The point is, utility network is not going to be ready in time for you to have a roadmap that excludes 10.2.1. What Should We Do to Prepare for the Road Ahead
Related Sidebar 2. Implement a GIS portal  Our topic for today!  ArcGIS Online (lower case p)  Portal for ArcGIS (upper case p)  Introduces key future concepts to the utility:  Web Services  Named Users  Operational Patterns: Expose, Collect, Empower A GIS portal has major operational benefits to your utility today AND it creates the bridge between the geodatabase and ArcGIS Pro. Embrace a portal today to minimize change in the future. What Should We Do to Prepare for the Road Ahead
Related Sidebar 3. Begin Using ArcGIS Pro  Pro will be the primary editing environment for the Utility Network, ArcMap cannot be used  However, Pro cannot edit the geometric network we use today  We CAN use Pro for analysis, visualization, & content sharing  ArcGIS Pro is directly tied to a GIS portal  Licenses are administered via your portal  Login / data usage is tied directly to your portal  Runs natively off of WebMaps / REST Services  Your ArcFM data can be used via services today ArcGIS Pro will become very important to utilities in the future. Change management can be embraced early by starting adoption today. At least to start getting familiar with the application within the GIS department. What Should We Do to Prepare for the Road Ahead
Administering ArcGIS Pro Licenses  Licenses assigned in portal to a named user within your organization.  Standard or Advanced required for Utility Network
Architecture – ArcGIS Online  SSP’s minimal recommended architecture 1. 2. 3. 4. 5. 6. 7.
Architecture – ArcGIS Online  SSP’s minimal recommended architecture benefits  Fully secured via ssl (https)  At ArcGIS Server (6443)  At Web Adaptor (443)  Can store ArcGIS Server credentials in ArcGIS Online  REST endpoints fully available to internet  Any authorized device can access via internet  Full editing available via proxy _
Architecture – ArcGIS Online  SSP’s simplified architecture with VPN 1. 2. 3. No Security Required 4. 5. VPN Client Req’d • HTTP or HTTPS • Cannot Store Creds
Architecture – ArcGIS Online  SSP’s simple architecture with VPN benefits  Less need for security because no internet exposure  Editing now works with latest versions of ArcGIS Online  Proxy no longer required  Possible Issues  Cannot store ArcGIS Server credentials in ArcGIS Online  Possible Solution = leave the credentials off the REST endpoints (only available in back office)  REST endpoints are NOT available to internet  Must have VPN on all internet clients
ArcGIS Online - Authentication  Local Named User Storage in ArcGIS Online  Dedicated Username and Password  Must manage separate password for these accounts  Easiest to Configure  No need for ArcGIS Online to Access Internal LDAP  No LDAP / Active Directory Tie In  No Single Sign On  From an Authorization Perspective, can still Authorize REST services with AD ArcGIS Online Authentication
ArcGIS Online - Authentication  LDAP / Active Directory User Tied to Named Users  Everyone Loves Single Sign On  BUT, It’s proven Challenging to Configure via SAML  Must expose an Active Directory Federation Services (ADFS) Endpoint to the Internet  Must load the XML Metadata from ADFS into ArcGIS Online  Must generate and load XML Metadata from ArcGIS Online back into ADFS  Creates a Trusted Handshake Between the Systems  Most utilities have not been able to support the SAML Authentication requirements ArcGIS Online Authentication
Architecture – Portal for ArcGIS  SSP’s recommended Portal architecture 1. 2. 3. Full Portal 4. 5. 6. 7.
Architecture – Portal of ArcGIS  SSP’s recommended architecture benefits  Fully secured via ssl (https)  At ArcGIS Server (6443)  At Portal (7443)  At Web Adaptor (443)  All Authenticated Components Behind the Firewall  Active Directory Can More Easily Be Used for User Authentication  Though not required  Full Portal Access via the Internet  Any authorized device can access via internet  Full editing available _
Architecture – Portal for ArcGIS  SSP’s Portal architecture with VPN 1. 2. 3. Full Portal w/Web Adaptor 4. 5.
Architecture – Portal of ArcGIS  SSP’s recommended VPN architecture benefits  Fully secured via ssl (https) – Portal Runs with HTTPS Regardless  At ArcGIS Server (6443)  At Portal (7443)  At Web Adaptor (443)  Authenticated Components Behind the Firewall  Active Directory Can More Easily Be Used for User Authentication  Though not required  Full Portal Access via the Back Office & VPN  Must have VPN on all Internet clients  Full editing available _
Portal of ArcGIS - Authentication  Can use the built-in user store  Locally defined users with unique passwords (identical to ArcGIS Online)  Can use LDAP / AD for Authentication  Portal runs on a server associated with Active Directory  Can therefore more easily use AD authentication  Simple JSON configuration using a system AD account for access  Configure Windows Authentication at the IIS Level  Allows for standard AD challenge at the website level, pass-through to Portal
3 Approaches to Using Portal 1. Registering REST Services Manually  This is how ArcGIS Online Works  Publish MXD to REST Service  Copy and Paste the REST URL into Portal  If secured, save credentials with the Service Item  Add Service Items to WebMap  Loosely Coupled
3 Approaches to Using Portal 2. Federating ArcGIS Server via Portal  Switch your ArcGIS Server Authentication to utilize Portal  Both Server and Portal use the SAME identity store (both use AD)  All Authentication to Server requires a Portal token  Portal essentially owns your ArcGIS Server  When users publish MXDs to Server  Automatic Creation of Service Items in Portal  Simplifies the publishing process  Can define portal metadata, sharing, etc. within MXD publishing process  Keeps items in sync between Server and Portal  Server and Portal MUST be the same release
3 Approaches to Using Portal 3. Designating Portal as a Hosted Server  Similar to Federation but Portal now has a Dedicated Geodatabase  Allows Portal to host data just like ArcGIS Online does  Requires adding a “managed” data store to ArcGIS Server  Publishers or Admins in Portal can add hosted feature services  Upload a file GDB, shapefiles, CSV, etc.  Mapping / Feature services can be created automatically  Can also use with Esri Maps for Apps (ex. Excel can upload data to Portal via Maps for Office)  Server and Portal MUST be the same release  MUST be federated and MUST have a managed geodatabase configured  NOTE: You can have multiple federated servers with Portal but only one hosted server
So when to use each?  Both portals render similar Web GIS functionality when fully implemented:  Service Items  WebMaps  Web Applications  Use of native iOS and Android Apps  Data sharing  Data collection  Named User Model So when should we use ArcGIS Online vs. Portal for ArcGIS?
Portal for ArcGIS  Portal provides Significant Value @ Significant Cost  Key Pros:  Fully On-Premise for Data AND Software Solution  Significantly Easier Integration with Active Directory (no ADFS required)  Federation Is a Nice-to-Have  Allows you to own the entire solution  Key Cons:  Additional Hardware Likely Required to Scale the Solution  Additional Project Cost for Install, Configure, Secure  Higher Support Costs for Patches, Upgrades, General Server Support/Knowledge  Summary = Higher Total Cost of Ownership
ArcGIS Online  ArcGIS Online Includes Most Portal Functionality w/Out Setup  Key Pros:  Full SAAS Offering  Data Maintained Securely On-Premise  Esri Handles Quarterly Releases, Support, Patches Updates  No additional project cost for install, configure, secure  Lower support costs  Summary = Lower Total Cost of Ownership  Key Cons:  Challenging Integration with Active Directory Requiring ADFS  Heard of Some Performance Scaling Issues for Very Large Customers
Who wins in your fight?  The decision will vary by utility based on your requirements  I believe it comes down to the importance of authentication & money  All things being equal, we recommend using ArcGIS Online whenever possible due to better benefits and a lower total cost of ownership.
Portal vs. ArcGIS Online When, Why & How to Install Each Questions? Skye Perry skye.perry@sspinnovations.com www.sspinnovations.com | @SSPInnovations on Twitter | www.slideshare.net/sspinnovations

More Related Content

Portal vs. ArcGIS Online

  • 1. Portal vs. ArcGIS Online When, Why & How to Install Each
  • 2. What’s a Portal? It’s a very generic word:  Roots dating back hundreds of years
  • 3. Computing Portal A Web portal or public portal refers to a Web site or service that offers a broad array of resources and services, such as e-mail, forums, search engines, and online shopping malls. The first Web portals were online services, such as AOL, that provided access to the Web, but by now most of the traditional search engines have transformed themselves into Web portals to attract and keep a larger audience. An enterprise portal is a Web-based interface for users of enterprise applications. Enterprise portals also provide access to enterprise information such as corporate databases, applications (including Web applications), and systems.
  • 4. Use of the word Portal ~1994: AOL becomes a Portal …a web site or service that offers a broad array of resources and services, such as e-mail, forums, search engines, and online shopping malls.
  • 5. Enterprise Mapping Portal  Enterprise portals cover all areas of business  Mapping Portals were a logical evolution of GIS
  • 6. ArcGIS Meets Portal  The first portal offering was ArcGIS Online  Defined Web GIS
  • 7. ArcGIS Meets Portal  Portal for ArcGIS simply moves Web GIS onto Your Infrastructure
  • 8. The Importance of Capitalization  Upper Case Portal = Portal for ArcGIS  Lower case portal = ArcGIS Online (or lack thereof) An ArcGIS portal is a web-based interface for users of enterprise mapping applications and/or informational products. An ArcGIS portal may be used via Esri’s software as a service (SAAS) offering called ArcGIS Online or fully on-premise via a local installation of the Portal for ArcGIS product. The intent and usage of an ArcGIS portal are the same either way.
  • 9. Why All the Talk About Portal?  Portal is the technology by which most GIS data will be served up and consumed in the future. Really? Let’s talk for a moment about why I say this.
  • 10. The Utility Network is Coming  The utility network is Esri’s new network for managing connected electric, gas, & water facilities.  In Alpha right now, SSP has been testing & providing feedback (sworn to secrecy)  Many new benefits including non-coincident connectivity, structural associations, and containment modeling….  Editing of utility network will occur natively in ArcGIS Pro SSP-Sponsored Pre-Conference Workshop at EGUG
  • 11. Utility Network Runs on Fairy Dust  Where Fairy Dust = Portal Web Services!  The Alpha version currently runs off direct connect to GDB  BUT the final release will run off of REST End Points  Increased Performance  Centralized Data Access  Also Available to WebMaps,  Runtime,  Third Party Integration  In my humble opinion, it will be a while before you use the Utility Network in a production system  But educate and prepare yourselves for the road ahead
  • 12. Related Sidebar 1. Upgrade to ArcGIS Desktop 10.2.1  Esri will support this version until the Utility Network is ready  Schneider will follow the leadership of Esri  Significant Performance Improvements  Optionally Feeder Manager 2.0  Major Conflict Management Improvements  Esri Utility Patches  Schneider 10.2.1b  This only applies to Desktop/GDB, not to Server/Platform The point is, utility network is not going to be ready in time for you to have a roadmap that excludes 10.2.1. What Should We Do to Prepare for the Road Ahead
  • 13. Related Sidebar 2. Implement a GIS portal  Our topic for today!  ArcGIS Online (lower case p)  Portal for ArcGIS (upper case p)  Introduces key future concepts to the utility:  Web Services  Named Users  Operational Patterns: Expose, Collect, Empower A GIS portal has major operational benefits to your utility today AND it creates the bridge between the geodatabase and ArcGIS Pro. Embrace a portal today to minimize change in the future. What Should We Do to Prepare for the Road Ahead
  • 14. Related Sidebar 3. Begin Using ArcGIS Pro  Pro will be the primary editing environment for the Utility Network, ArcMap cannot be used  However, Pro cannot edit the geometric network we use today  We CAN use Pro for analysis, visualization, & content sharing  ArcGIS Pro is directly tied to a GIS portal  Licenses are administered via your portal  Login / data usage is tied directly to your portal  Runs natively off of WebMaps / REST Services  Your ArcFM data can be used via services today ArcGIS Pro will become very important to utilities in the future. Change management can be embraced early by starting adoption today. At least to start getting familiar with the application within the GIS department. What Should We Do to Prepare for the Road Ahead
  • 15. Administering ArcGIS Pro Licenses  Licenses assigned in portal to a named user within your organization.  Standard or Advanced required for Utility Network
  • 16. Architecture – ArcGIS Online  SSP’s minimal recommended architecture 1. 2. 3. 4. 5. 6. 7.
  • 17. Architecture – ArcGIS Online  SSP’s minimal recommended architecture benefits  Fully secured via ssl (https)  At ArcGIS Server (6443)  At Web Adaptor (443)  Can store ArcGIS Server credentials in ArcGIS Online  REST endpoints fully available to internet  Any authorized device can access via internet  Full editing available via proxy _
  • 18. Architecture – ArcGIS Online  SSP’s simplified architecture with VPN 1. 2. 3. No Security Required 4. 5. VPN Client Req’d • HTTP or HTTPS • Cannot Store Creds
  • 19. Architecture – ArcGIS Online  SSP’s simple architecture with VPN benefits  Less need for security because no internet exposure  Editing now works with latest versions of ArcGIS Online  Proxy no longer required  Possible Issues  Cannot store ArcGIS Server credentials in ArcGIS Online  Possible Solution = leave the credentials off the REST endpoints (only available in back office)  REST endpoints are NOT available to internet  Must have VPN on all internet clients
  • 20. ArcGIS Online - Authentication  Local Named User Storage in ArcGIS Online  Dedicated Username and Password  Must manage separate password for these accounts  Easiest to Configure  No need for ArcGIS Online to Access Internal LDAP  No LDAP / Active Directory Tie In  No Single Sign On  From an Authorization Perspective, can still Authorize REST services with AD ArcGIS Online Authentication
  • 21. ArcGIS Online - Authentication  LDAP / Active Directory User Tied to Named Users  Everyone Loves Single Sign On  BUT, It’s proven Challenging to Configure via SAML  Must expose an Active Directory Federation Services (ADFS) Endpoint to the Internet  Must load the XML Metadata from ADFS into ArcGIS Online  Must generate and load XML Metadata from ArcGIS Online back into ADFS  Creates a Trusted Handshake Between the Systems  Most utilities have not been able to support the SAML Authentication requirements ArcGIS Online Authentication
  • 22. Architecture – Portal for ArcGIS  SSP’s recommended Portal architecture 1. 2. 3. Full Portal 4. 5. 6. 7.
  • 23. Architecture – Portal of ArcGIS  SSP’s recommended architecture benefits  Fully secured via ssl (https)  At ArcGIS Server (6443)  At Portal (7443)  At Web Adaptor (443)  All Authenticated Components Behind the Firewall  Active Directory Can More Easily Be Used for User Authentication  Though not required  Full Portal Access via the Internet  Any authorized device can access via internet  Full editing available _
  • 24. Architecture – Portal for ArcGIS  SSP’s Portal architecture with VPN 1. 2. 3. Full Portal w/Web Adaptor 4. 5.
  • 25. Architecture – Portal of ArcGIS  SSP’s recommended VPN architecture benefits  Fully secured via ssl (https) – Portal Runs with HTTPS Regardless  At ArcGIS Server (6443)  At Portal (7443)  At Web Adaptor (443)  Authenticated Components Behind the Firewall  Active Directory Can More Easily Be Used for User Authentication  Though not required  Full Portal Access via the Back Office & VPN  Must have VPN on all Internet clients  Full editing available _
  • 26. Portal of ArcGIS - Authentication  Can use the built-in user store  Locally defined users with unique passwords (identical to ArcGIS Online)  Can use LDAP / AD for Authentication  Portal runs on a server associated with Active Directory  Can therefore more easily use AD authentication  Simple JSON configuration using a system AD account for access  Configure Windows Authentication at the IIS Level  Allows for standard AD challenge at the website level, pass-through to Portal
  • 27. 3 Approaches to Using Portal 1. Registering REST Services Manually  This is how ArcGIS Online Works  Publish MXD to REST Service  Copy and Paste the REST URL into Portal  If secured, save credentials with the Service Item  Add Service Items to WebMap  Loosely Coupled
  • 28. 3 Approaches to Using Portal 2. Federating ArcGIS Server via Portal  Switch your ArcGIS Server Authentication to utilize Portal  Both Server and Portal use the SAME identity store (both use AD)  All Authentication to Server requires a Portal token  Portal essentially owns your ArcGIS Server  When users publish MXDs to Server  Automatic Creation of Service Items in Portal  Simplifies the publishing process  Can define portal metadata, sharing, etc. within MXD publishing process  Keeps items in sync between Server and Portal  Server and Portal MUST be the same release
  • 29. 3 Approaches to Using Portal 3. Designating Portal as a Hosted Server  Similar to Federation but Portal now has a Dedicated Geodatabase  Allows Portal to host data just like ArcGIS Online does  Requires adding a “managed” data store to ArcGIS Server  Publishers or Admins in Portal can add hosted feature services  Upload a file GDB, shapefiles, CSV, etc.  Mapping / Feature services can be created automatically  Can also use with Esri Maps for Apps (ex. Excel can upload data to Portal via Maps for Office)  Server and Portal MUST be the same release  MUST be federated and MUST have a managed geodatabase configured  NOTE: You can have multiple federated servers with Portal but only one hosted server
  • 30. So when to use each?  Both portals render similar Web GIS functionality when fully implemented:  Service Items  WebMaps  Web Applications  Use of native iOS and Android Apps  Data sharing  Data collection  Named User Model So when should we use ArcGIS Online vs. Portal for ArcGIS?
  • 31. Portal for ArcGIS  Portal provides Significant Value @ Significant Cost  Key Pros:  Fully On-Premise for Data AND Software Solution  Significantly Easier Integration with Active Directory (no ADFS required)  Federation Is a Nice-to-Have  Allows you to own the entire solution  Key Cons:  Additional Hardware Likely Required to Scale the Solution  Additional Project Cost for Install, Configure, Secure  Higher Support Costs for Patches, Upgrades, General Server Support/Knowledge  Summary = Higher Total Cost of Ownership
  • 32. ArcGIS Online  ArcGIS Online Includes Most Portal Functionality w/Out Setup  Key Pros:  Full SAAS Offering  Data Maintained Securely On-Premise  Esri Handles Quarterly Releases, Support, Patches Updates  No additional project cost for install, configure, secure  Lower support costs  Summary = Lower Total Cost of Ownership  Key Cons:  Challenging Integration with Active Directory Requiring ADFS  Heard of Some Performance Scaling Issues for Very Large Customers
  • 33. Who wins in your fight?  The decision will vary by utility based on your requirements  I believe it comes down to the importance of authentication & money  All things being equal, we recommend using ArcGIS Online whenever possible due to better benefits and a lower total cost of ownership.
  • 34. Portal vs. ArcGIS Online When, Why & How to Install Each Questions? Skye Perry skye.perry@sspinnovations.com www.sspinnovations.com | @SSPInnovations on Twitter | www.slideshare.net/sspinnovations