The ArcGIS Desktop application architecture traditionally involves interaction between a user interface running on the client desktop (locally or through virtual application delivery) and a centralized data source such as a relational database management system (RDBMS). ArcGIS integrates with industry standards and technologies that provide infrastructure services. Industry best practices can be used to secure those services without impacting ArcGIS.
For desktop applications, there are several areas to consider to minimize overall security risk, including the following:
- Protecting sensitive data
- User authentication and authorization
- Guarding against attack from malicious code and users
- Auditing and logging events as well as user activity
The best practices section contains guidance for reducing the risk associated with the above concerns.
Client/Server ArcGIS communication protocols
- Direct connect
- Most common mechanism of communication between ArcGIS Desktop and database servers
- Uses standard SQL protocol communication with database servers
- Supports secured communication between client and database by using standard vendor solutions with SSL/TLS or IPSec
- Application connect
- Proprietary communication protocol between client and server
- Preferred by some customers to avoid deployment of database client software to desktop machines
- Web services interface to ArcGIS Server
Application connections (the ArcSDE application server) have been deprecated and ArcGIS 10.2.2 was the last release that included this technology. Beginning at 10.3, customers will need to convert to using direct connections.
Custom development for desktop security
The security of the desktop application can be improved through the use of custom control extensions.
- Implement technologies such as identity management (IM), access control, and provide the ability to restrict ArcGIS client operations (edit, copy, save, print) that an authorized user can perform.
- Developed using ArcObjects development interface.
ArcGIS Workflow Manager extends ArcGIS Desktop and provides centralized enterprise job management, as well as security benefits:
- Accountability—Automatic tracking of feature edits
- Logging—Captures activity logs and provides stakeholders with a real-time status report of the organization's resources
- Geospatial data management—Ability to handle complex geodatabase tasks such as data access, version management, and archiving
- Transparency—Enables a fully documented mapping of all inventory processes