ArcGIS Enterprise has many configurable options and capabilities to meet stringent security requirements. These capabilities are described in the sections below. In addition, see the Best practices section for a general list of recommended steps to consider when deploying ArcGIS Enterprise in an environment.
Note:
For related documents such as presentations about designing a Web GIS security strategy, see Documents.
Configurable security
Configure users and roles for your ArcGIS Enterprise implementation in a way that aligns with organizational policies and minimizes administrative burden. For more information, see Control access in ArcGIS Server.
- Roles
- Administrators—Full administrator control.
- Publishers—Publish web services.
- Users—View web services.
- Identity store
- Built-in ArcGIS Server user store (default)—Manage users and roles in built-in store.
- Enterprise identity store (an organization's existing Active Directory or LDAP)—Leverage users and roles from an enterprise store.
- Mixed mode—Users from the enterprise identity store and roles managed in ArcGIS Server built-in store.
- Portal and ArcGIS Server federation
- In a federated configuration, Portal for ArcGIS serves as a configurable front end for ArcGIS Server and is responsible for authentication of end users. Organizational logins using SAML 2.0 Web single sign-on can be leveraged in versions 10.3 and later.
Deployment options
- On-premises
- Deploy ArcGIS Enterprise in your organization and benefit from existing enterprise security infrastructure such as firewalls, antivirus, intrusion detection system and security information, and event management system. For more information, refer to best practices for configuring a secure ArcGIS Server environment and Security best practices for Portal for ArcGIS.
- Cloud
- Deploy ArcGIS Enterprise in a public or private cloud of choice and manage all associated infrastructure. Benefit from cloud scaling capabilities.
- Cloud (Esri Managed)
- Deploy ArcGIS Enterprise in the cloud and have your GIS as well as associated infrastructure (such as database) managed by Esri Managed Cloud Services (EMCS).
- Esri Managed Cloud Services Advanced Plus
- For higher-security needs, EMCS Advanced Plus is now available where ArcGIS Enterprise is deployed in the cloud. Notably, EMCS Advanced Plus has several key security benefits to align with stringent FedRAMP Moderate security standards. These benefits include a fully hardened environment, intrusion detection system (IDS), security information and event management (SIEM), vulnerability scanning, real-time network analysis for threats, performance monitoring, log management, 24/7 monitoring for threats, and a mature backup strategy.