The ArcGIS Desktop application architecture traditionally involves interaction between a user interface running on the client desktop (locally or through virtual application delivery) and a centralized data source such as a relational database management system (RDBMS). ArcGIS integrates with industry standards and technologies that provide infrastructure services. Industry best practices can be used to secure those services without impacting ArcGIS.
Security considerations
For desktop applications, there are several areas to consider to minimize overall security risk, including the following:
- Protecting sensitive data
- User authentication and authorization
- Guarding against attack from malicious code and users
- Auditing and logging events as well as user activity
The best practices section contains guidance for reducing the risk associated with the above concerns.
Client/Server ArcGIS communication protocols
Below are some of the common connection protocols in typical client/server deployments. There is guidance available for common RDBMS including SQL Server, Oracle, DB2, Informix, and PostgreSQL.
- Direct connect
- Most common mechanism of communication between ArcGIS Desktop and database servers
- Uses standard SQL protocol communication with database servers
- Supports secured communication between client and database by using standard vendor solutions with SSL/TLS or IPSec
- Application connect
- Proprietary communication protocol between client and server
- Preferred by some customers to avoid deployment of database client software to desktop machines
- Web services interface to ArcGIS Server
Note:
Application connections (the ArcSDE application server) have been deprecated and ArcGIS 10.2.2 was the last release that included this technology. Beginning at 10.3, customers will need to convert to using direct connections.
Custom development for desktop security
The security of the desktop application can be improved through the use of custom control extensions.
- Implement technologies such as identity management (IM), access control, and provide the ability to restrict ArcGIS client operations (edit, copy, save, print) that an authorized user can perform.
- Developed using ArcObjects development interface.
Workflow Manager
ArcGIS Workflow Manager extends ArcGIS Desktop and provides centralized enterprise job management, as well as security benefits:
- Accountability—Automatic tracking of feature edits
- Logging—Captures activity logs and provides stakeholders with a real-time status report of the organization's resources
- Geospatial data management—Ability to handle complex geodatabase tasks such as data access, version management, and archiving
- Transparency—Enables a fully documented mapping of all inventory processes