deploying and tuning arcgis server -...

Deploying and Tuning ArcGIS ServerDeploying and Tuning ArcGIS Server

Presented by Jim Mason and Eric MillerPresented by Jim Mason and Eric MillerESRI Server DevelopmentESRI Server Development

OverviewOverview

•• TuningTuning–– Detecting and Analyzing Performance BottlenecksDetecting and Analyzing Performance Bottlenecks–– Accommodating Performance ProblemsAccommodating Performance Problems

•• DeploymentDeployment–– High Availability ConfigurationsHigh Availability Configurations–– Distributed Installations of ArcGIS ServerDistributed Installations of ArcGIS Server–– Security ConsiderationsSecurity Considerations

PresumptionsPresumptions

•• Basic understanding of:Basic understanding of:

––ArcGISArcGIS Desktop.Desktop.

––ArcGISArcGIS Server architecture and concepts.Server architecture and concepts.

––Web ArchitecturesWeb Architectures

ArcGIS Server Case StudyArcGIS Server Case Study

Palm Springs Elevation Transect Geoprocessing Task ServicePalm Springs Elevation Transect Geoprocessing Task Service

•• Geoprocessing Tool ModelGeoprocessing Tool Model

–– Input Line Feature ClassInput Line Feature Class

–– Extract elevations at points on Extract elevations at points on the the verticiesverticies of the input line. of the input line.

•• ADF Web ApplicationADF Web Application

•• Extract ElevationsExtract Elevations–– Enter a series of pointEnter a series of point–– Symbolize the points Symbolize the points

according to elevation. according to elevation.





•• ArcMapArcMap

•• Extract ElevationsExtract Elevations–– Enter a series of pointEnter a series of point–– Symbolize the points Symbolize the points

according to elevation. according to elevation.

ADF Geoprocessing Task ResourcesADF Geoprocessing Task Resources

•• DocumentationDocumentation–– ArcGIS Desktop HelpArcGIS Desktop Help–– ArcGIS Server HelpArcGIS Server Help–– ArcGIS Server Developer HelpArcGIS Server Developer Help

•• ArcGIS Server Development ArcGIS Server Development BlogBlog–– http://blogs.esri.comhttp://blogs.esri.com ––> ArcGIS Server Development > ArcGIS Server Development BlogBlog link.link.

•• EDN SamplesEDN Samples–– ArcGIS Buffer GeoprocessingArcGIS Buffer Geoprocessing

Web Server (IIS 6)

ArcGIS Server 9.2Server Object Manager

ArcGIS Server 9.2

Server Object Container

ArcGIS Server Case StudyArcGIS Server Case StudyHardware EnvironmentHardware Environment

Predicting Usage by Modeling User BehaviorPredicting Usage by Modeling User Behavior

•• 500 users500 users

•• 20% peak concurrency20% peak concurrency

•• 100 simultaneous users (20% of 500)100 simultaneous users (20% of 500)

•• Users submit requests about once every minuteUsers submit requests about once every minute

•• 100 transactions/minute = 6,000 transactions/hour100 transactions/minute = 6,000 transactions/hour

ArcGIS Server: Response time factorsArcGIS Server: Response time factors

•• Four main factors of Four main factors of response timeresponse time

•• Multiple tiersMultiple tiers

•• Performance bottleneck Performance bottleneck can occur in each tiercan occur in each tier

Browser

Web Server

SOM

SOC

Transmission Time

Wait Time

Search & Retrieval Time

Usage Time

SDE

BottlenecksBottlenecks

•• ThreadingThreading•• MemoryMemory•• DiskDisk•• CPUCPU•• NetworkNetwork


•• ThreadingThreading––Service availabilityService availability

•• MemoryMemory•• CPU CPU •• DiskDisk•• NetworkNetwork

Pooled Service ModelPooled Service Model

•• State information State information maintained in web server / browser.maintained in web server / browser.–– Current extentCurrent extent–– layer visibilitylayer visibility

•• Scales betterScales better due to shared object pool.due to shared object pool.

ArcGIS Server ArcGIS Server –– Configuring Pooled InstancesConfiguring Pooled Instances

•• Define MinDefine Min--Max instancesMax instances

•• Instances are distributed Instances are distributed across all host serversacross all host servers

Optimum number of pooled instances Optimum number of pooled instances for Dynamic Map Servicesfor Dynamic Map Services•• Set instances to level where Set instances to level where maximum throughputmaximum throughput

occurs (usually between 2 to 4 instances per CPU)occurs (usually between 2 to 4 instances per CPU)

CPU bottleneck

number of instances

Thro

ughp

ut (m

aps/

hour

)

N


•• ThreadingThreading•• MemoryMemory•• CPU CPU •• DiskDisk•• NetworkNetwork

Memory BottleneckMemory Bottleneck

Palm Springs Elevation TransectPalm Springs Elevation Transect

•• Deployed 8 instances on 1GB host serverDeployed 8 instances on 1GB host server

•• Memory started paging before CPU was fully utilizedMemory started paging before CPU was fully utilized

•• Options to resolve:Options to resolve:–– Increase memoryIncrease memory––Reduce number of instances per serverReduce number of instances per server––Limit capacity on host machinesLimit capacity on host machines

Setting Capacity Setting Capacity

•• Limits number of service instances running on a Limits number of service instances running on a specific host machine. specific host machine.

•• Once this limit is reached, Server starts replacing Once this limit is reached, Server starts replacing least recently used instances instead of creating least recently used instances instead of creating new ones.new ones.

CPU/Memory BottleneckCPU/Memory Bottleneck•• LSASSLSASS

–– Local Security Authentication Server system process (Local Security Authentication Server system process (lsass.exelsass.exe) ) grows in CPU usage and memory utilization under heavy load.grows in CPU usage and memory utilization under heavy load.

•• Solution:Solution:–– Install ArcGIS Server Service Pack 1 or later.Install ArcGIS Server Service Pack 1 or later.–– Deploy web services and applications into a new application poolDeploy web services and applications into a new application pool..–– Change identity of the new application pool to Change identity of the new application pool to ArcGISWebServicesArcGISWebServices

user.user.–– Turn off web service/web application authentication.Turn off web service/web application authentication.

•• Windows_Server_2003 Windows_Server_2003 http://support.esri.com/index.cfm?fa=knowledgebase.techarticles.http://support.esri.com/index.cfm?fa=knowledgebase.techarticles.artarticleShow&d=326320icleShow&d=326320

•• Windows_XPWindows_XPhttp://http://support.esri.com/index.cfm?fasupport.esri.com/index.cfm?fa==knowledgebase.techarticles.artknowledgebase.techarticles.articleShow&dicleShow&d=326322=326322


•• ThreadingThreading•• MemoryMemory•• CPUCPU•• DiskDisk•• NetworkNetwork

Optimize Your ServicesOptimize Your Services

•• DynamicDynamic–– Elevation TransectElevation Transect–– Roads symbolized by current snow depthRoads symbolized by current snow depth–– Electrical network showing the latest posted work orderElectrical network showing the latest posted work order–– GeocodingGeocoding addressesaddresses

•• Static Layers Static Layers –– Elevation TINElevation TIN–– ImageryImagery–– StreetMapStreetMap–– Shaded ReliefShaded Relief

•• The classification is subjectiveThe classification is subjective

Best Practices for Geoprocessing ServicesBest Practices for Geoprocessing Services

Optimizing Geoprocessing ServicesOptimizing Geoprocessing Services

•• Simplify Models and dataSimplify Models and data–– Preprocess steps in advance.Preprocess steps in advance.

•• Use inUse in--memory datamemory data

•• Use fastUse fast--access data (uncompressed).access data (uncompressed).

•• Two instances cannot update the same data at the Two instances cannot update the same data at the same time. same time.

General GuidelinesGeneral Guidelines

Best Practices for Dynamic Map ServicesBest Practices for Dynamic Map Services

Best PracticesBest Practices

•• Show relevant informationShow relevant information

–– Start simple (Start simple (additional layers can be toggled on by useradditional layers can be toggled on by user))

–– Use field visibility (Use field visibility (hide unnecessary attributeshide unnecessary attributes))

•• Use scale dependenciesUse scale dependencies

–– Use data appropriate for the given scale (generalize if Use data appropriate for the given scale (generalize if

necessary)necessary)

–– Display similar number of features at all scales for consistent Display similar number of features at all scales for consistent

user experienceuser experience

General GuidelinesGeneral Guidelines

ESRI_OptimizedESRI_Optimized Lines and PolygonsLines and Polygons

•• Outlines for all fills are Outlines for all fills are

simple lines instead of simple lines instead of

cartographic linescartographic lines

•• Picture fills are EMFPicture fills are EMF--

based instead of BMPbased instead of BMP--

basedbased

•• Improves drawing Improves drawing

performance by > 50%performance by > 50%

http://webhelp.esri.com/arcgisdesktop/9.2/index.cfm?id=305&pid=2http://webhelp.esri.com/arcgisdesktop/9.2/index.cfm?id=305&pid=297&topicname=Creating_fill_symbols97&topicname=Creating_fill_symbols

•• Use annotation instead of labelsUse annotation instead of labels•• Use indexed fields Use indexed fields •• Use label and feature conflict weights sparinglyUse label and feature conflict weights sparingly•• Avoid special effects (fill patterns, halos, callouts, Avoid special effects (fill patterns, halos, callouts,

backgrounds)backgrounds)•• Avoid very large text size (60+ pts)Avoid very large text size (60+ pts)•• Avoid Maplex for dynamic labelingAvoid Maplex for dynamic labeling

Text and labelingText and labeling

Best PracticesBest Practices

Best Practices for Static Map ServicesBest Practices for Static Map Services

Classic Dynamic Mapping TradeClassic Dynamic Mapping Trade--OffOff

Quality vs. SpeedQuality vs. Speed

•• Shaded ReliefShaded Relief•• Transparent LayersTransparent Layers•• MaplexMaplex LabelingLabeling

•• Standard LabelingStandard Labeling

If you can cache your map then no need to tradeIf you can cache your map then no need to trade--offoff

1.5 seconds1.5 seconds 4 seconds4 seconds

Cached Map ServiceCached Map Service

•• Tiles preTiles pre--rendered rendered at fixed scalesat fixed scales

•• Rapid display of Rapid display of static base mapsstatic base maps

•• Richer symbols and Richer symbols and more informationmore information

How Map Caching WorksHow Map Caching Works

•• You can controlYou can control::

–– Origin of the tiling scheme in map coordinatesOrigin of the tiling scheme in map coordinates

–– Set of scalesSet of scales

–– Image format (PNG, JPG)Image format (PNG, JPG)

–– Tile size (default = 512 x 512)Tile size (default = 512 x 512)

–– Display resolution in DPI (default = 96)Display resolution in DPI (default = 96)

–– The scale, tile size, and DPI control the pixel resolution in The scale, tile size, and DPI control the pixel resolution in map units at each scale levelmap units at each scale level

How the Map Cache is StoredHow the Map Cache is Stored

•• Map services have an Map services have an associated map cache directoryassociated map cache directory–– SubSub--directory under one of the GIS Serverdirectory under one of the GIS Server’’s cache directoriess cache directories

•• AssociationAssociation between the map service and the map cache between the map service and the map cache directory is directory is by nameby name

•• Accessed from clients using a Accessed from clients using a virtual directoryvirtual directory..–– For ADF clients, anonymous access should be enabled.For ADF clients, anonymous access should be enabled.

How the Map Cache is Stored (continued)How the Map Cache is Stored (continued)

•• Map cache directory organizationMap cache directory organization

•• Server Cache DirectoryServer Cache Directory•• Map Cache Directory (Wyoming, Map Cache Directory (Wyoming, SoCalSoCal, , ……))•• Data Frame (Layers, Study Area, Data Frame (Layers, Study Area, ……))•• Layer (_Layer (_alllayersalllayers, roads, , roads, ……))•• Level (L01, L02, L03, Level (L01, L02, L03, ……))•• Row (R00000000, R00000001, Row (R00000000, R00000001, ……))•• Tiles (C00000000.png, C00000001.png, Tiles (C00000000.png, C00000001.png, ……))

What Happens During Map CachingWhat Happens During Map Caching

•• Data is Data is prepre--renderedrendered into large ininto large in--memory tiles that memory tiles that are subsequently chopped up to the specified tile are subsequently chopped up to the specified tile sizesize

–– Minimizes the need to squeeze labels into small tile Minimizes the need to squeeze labels into small tile boundariesboundaries

–– Tip: remove label offsets Tip: remove label offsets

AntiAnti--aliasingaliasing

•• Tiles are rendered at Tiles are rendered at finer resolutionfiner resolution followed by followed by down samplingdown sampling

–– Smoothes the edges of labels and lines by blending them with theSmoothes the edges of labels and lines by blending them with thebackground.background.

–– The resulting screen display quality is better than standard The resulting screen display quality is better than standard rendering in ArcMap.rendering in ArcMap.

Caching map services that may overlay other Caching map services that may overlay other servicesservices

•• Boundaries, Streets, Thematic PolygonsBoundaries, Streets, Thematic Polygons•• Use PNG format for TransparencyUse PNG format for Transparency•• Background ColorBackground Color

–– Explicitly define itExplicitly define it–– Use a color not used in Use a color not used in SymbologySymbology (e.g., RGB(1,2,3))(e.g., RGB(1,2,3))–– Use dark backgrounds when overlaying antiUse dark backgrounds when overlaying anti--aliased lines or aliased lines or

labels on imagerylabels on imagery

Impact of Tile Size selectionImpact of Tile Size selection

•• Larger size produces fewer tilesLarger size produces fewer tiles–– Less disk space (block size)Less disk space (block size)–– Faster creation, Easier to manageFaster creation, Easier to manage

•• Smaller sizeSmaller size–– Allows partial update of the displayAllows partial update of the display

•• Example: OahuExample: Oahu

5 hours5 hours1.2 GB1.2 GB311K311K128x128128x128

1 hour1 hour0.2 GB0.2 GB19K19K512x512512x512

Creation Creation TimeTime

Size on Size on DiskDiskFilesFilesTile SizeTile Size

Impact of Scale selectionImpact of Scale selection•• StreetMapStreetMap USAUSA

–– 48 states 48 states –– Cached on 6 dualCached on 6 dual--CPU serversCPU servers

37 hours37 hours4.7M4.7M1:16K1:16K

2 min2 min4K4K1:500K1:500K

………………

4.5 hours4.5 hours1.1M1.1M1:32K1:32K

2 hours2 hours0.3M0.3M1:64K1:64K

Creation TimeCreation TimeFilesFilesScaleScale

Total Size on Disk: 57 GBTotal Size on Disk: 57 GB

Disk BottlenecksDisk Bottlenecks

•• Problem: Disk contentionProblem: Disk contention

•• Output: Output: Temporary files returned to the user as outputTemporary files returned to the user as output•• Cache: Cache: PrePre--rendered map and globe tiles.rendered map and globe tiles.•• JobsJobs: : Files needed by geoprocessing servicesFiles needed by geoprocessing services•• Data sourceData source•• Page FilePage File

•• SolutionsSolutions––Network Attached Storage (NAS)Network Attached Storage (NAS)––Fast SCSI III drivesFast SCSI III drives––Fast Network between storage and server.Fast Network between storage and server.

Network Performance and High Availability ConfigurationNetwork Performance and High Availability Configuration

Web Server (IIS 6)

ArcGIS Server 9.2Server Object Manager

ArcGIS Server 9.2


Scaling Out Scaling Out –– Adding More Adding More ArcGISArcGIS Server ComponentsServer Components

Distributed Installs:Distributed Installs:

•• The following topics in the online help provide complete The following topics in the online help provide complete instructions for a distributed install:instructions for a distributed install:

–– How the GIS Server WorksHow the GIS Server Works

–– Configuring a Distributed Installation of ArcGIS ServerConfiguring a Distributed Installation of ArcGIS Server

•• The online help can be found at the following URLs:The online help can be found at the following URLs:–– http://webhelp.esri.com/arcgisserver/9.2/dotnethttp://webhelp.esri.com/arcgisserver/9.2/dotnet–– http://webhelp.esri.com/arcgisserver/9.2/javahttp://webhelp.esri.com/arcgisserver/9.2/java

Distributed Installs:Distributed Installs:

•• HighlightsHighlights

–– Determine which ArcGIS Server Components to scale to Determine which ArcGIS Server Components to scale to additional machines.additional machines.

–– Run the required postRun the required post--installsinstalls

–– Add required OS users and groupsAdd required OS users and groups

–– Configure required server directoriesConfigure required server directories

Distributed Installs: Required OS Users and GroupsDistributed Installs: Required OS Users and Groups

Distributed Installs: Required Directory ConfigurationDistributed Installs: Required Directory Configuration

Distributed Installs: Network ConsiderationsDistributed Installs: Network Considerations

•• If installing in a If installing in a WorkgroupWorkgroup

–– Simple File Sharing must be Simple File Sharing must be ““OffOff”” on XP.on XP.

–– Core ArcGIS Server accounts must be local users.Core ArcGIS Server accounts must be local users.

–– Local Security Policy SettingLocal Security Policy Setting•• For For ““Network access: Sharing and security model for local accountsNetwork access: Sharing and security model for local accounts””

Set to Set to ““Classic Classic –– local users authenticate as themselveslocal users authenticate as themselves””..

Web Server (IIS 6)

ArcGIS Server 9.2 Server Object Manager

ArcGIS Server 9.2


ArcGIS Server 9.2


Scaling Out Scaling Out –– Adding More Computing PowerAdding More Computing Power

Scaling Out Scaling Out –– Adding More Computing PowerAdding More Computing Power

Detecting BottlenecksDetecting Bottlenecks

•• Single user testing is inadequateSingle user testing is inadequate

•• Simulating multiple usersSimulating multiple users–– Low Tech: Low Tech:

•• Recruit others in the officeRecruit others in the office

–– High Tech: Load simulation tool High Tech: Load simulation tool •• Web Application Stress Tool (WAST)Web Application Stress Tool (WAST)

•• Application Center Test (ACT)Application Center Test (ACT)

•• Visual Studio 2005 Team Edition for TestersVisual Studio 2005 Team Edition for Testers

Test Strategy for ArcGIS OnlineTest Strategy for ArcGIS Online

•• Static Maps and GlobeStatic Maps and Globe

•• Performance depends on web Performance depends on web serverserver’’s ability to deliver tiles.s ability to deliver tiles.

•• High volume load testHigh volume load test–– Random request for tiles Random request for tiles –– ……popular tiles requested more popular tiles requested more

frequentlyfrequently

Application Center TestApplication Center Test

Additional Information Additional Information

How To: Use ACT to Test Web Services PerformanceHow To: Use ACT to Test Web Services PerformanceImproving .NET Application Performance and ScalabilityImproving .NET Application Performance and ScalabilityJ.D. Meier, J.D. Meier, SrinathSrinath VasireddyVasireddy, , AshishAshish BabbarBabbar, and Alex , and Alex MackmanMackmanMicrosoft Corporation, May 2004Microsoft Corporation, May 2004

http://msdn2.microsoft.com/enhttp://msdn2.microsoft.com/en--us/library/ms979203.aspxus/library/ms979203.aspx

Monitor Statistics and Log FilesMonitor Statistics and Log Files

•• Creation TimeCreation Time•• Wait TimeWait Time•• Usage TimeUsage Time

Security: OverviewSecurity: Overview

•• Server Communications Architecture OverviewServer Communications Architecture Overview

•• Core Server SecurityCore Server Security–– FirewallsFirewalls–– Proxy ServersProxy Servers

•• Application SecurityApplication Security–– EncryptionEncryption–– AuthenticationAuthentication–– AuthorizationAuthorization–– Reverse Proxy ServersReverse Proxy Servers

ArcGIS Server Communications ArchitectureArcGIS Server Communications ArchitectureLegendLegend ArcGIS ServerArcGIS Server

BrowserBrowser

DesktopDesktop

Web Server TierWeb Server Tier

Manager/WebManager/WebServicesServices

ADF Web ADF Web ApplicationsApplications

ArcGIS Server ArcGIS Server Virtual DirectoriesVirtual Directories

App Server TierApp Server TierSOMSOM SOCSOC SDESDE

Plain HTTP and SOAP over HTTPPlain HTTP and SOAP over HTTP

Binary or SOAP over DCOMBinary or SOAP over DCOM

Plain TCP/IPPlain TCP/IP

ClientsClients

Special case when Special case when Service is a clientService is a client

ArcGIS Server Communications ArchitectureArcGIS Server Communications Architecture

•• SOAP over HTTPSOAP over HTTP between clients and web server tier.between clients and web server tier.–– There is There is nono direct SOAP transfer between web clients and the direct SOAP transfer between web clients and the

application tier.application tier.

•• SOAP/Binary over DCOMSOAP/Binary over DCOM between desktop clients and between desktop clients and application server using local connections.application server using local connections.

•• SOAP/Binary over DCOMSOAP/Binary over DCOM between web server tier and between web server tier and application server.application server.–– Exception: Service is a client to another service.Exception: Service is a client to another service.

Core Server Security: FirewallsCore Server Security: Firewalls

•• Firewalls Firewalls betweenbetween ArcGIS Server components ArcGIS Server components not not recommendedrecommended..–– Use a DMZ ReverseUse a DMZ Reverse--Proxy to protect your Server from the internet.Proxy to protect your Server from the internet.

•• NAT FirewallsNAT Firewalls–– Will not workWill not work

•• NAT makes internal NAT makes internal IPsIPs inaccessible to external COM clients.inaccessible to external COM clients.

•• NonNon--NAT FirewallNAT Firewall–– Not RecommendedNot Recommended

•• Must open range of ports that can quickly become saturated.Must open range of ports that can quickly become saturated.

–– HowToHowTo: Configure ArcGIS Server for firewalls and NAT devices : Configure ArcGIS Server for firewalls and NAT devices http://http://support.esri.com/index.cfm?fasupport.esri.com/index.cfm?fa==knowledgebase.techarticles.aknowledgebase.techarticles.articleShow&drticleShow&d=28703=28703

Core Server Security: FirewallsCore Server Security: Firewalls

•• Windows FirewallWindows Firewall

–– Not recommended for server class deploymentsNot recommended for server class deployments

–– HowToHowTo: : Configure Windows XP SP2 Firewall to work with Configure Windows XP SP2 Firewall to work with ArcGIS Server ArcGIS Server http://http://support.esri.com/index.cfm?fasupport.esri.com/index.cfm?fa==knowledgebase.techarticleknowledgebase.techarticles.articleShow&ds.articleShow&d=27798=27798

Core Server Security: Proxy ServersCore Server Security: Proxy Servers•• ArcCatalogArcCatalog and other and other ArcGIS DesktopArcGIS Desktop ApplicationsApplications

–– When making connections to ArcGIS Server Servers and When making connections to ArcGIS Server Servers and Services.Services.

Core Server Security: Proxy ServersCore Server Security: Proxy Servers•• For ArcGIS Server Application Server Components (For ArcGIS Server Application Server Components (SOCSOC))

•• When Service is a client When Service is a client –– GeodatabaseGeodatabase service synchingservice synching–– Service containing web reference to another serviceService containing web reference to another service–– Configure in ArcGIS Server postConfigure in ArcGIS Server post--install.install.

Core Server Security: Proxy ServersCore Server Security: Proxy Servers

•• For the For the .NET Manager.NET Manager web application when it, itself, is a web application when it, itself, is a client to web services.client to web services.–– Example: Adding web services while authoring a web application Example: Adding web services while authoring a web application –– Alter Proxy Server settings in IE (IIS applications inherit)Alter Proxy Server settings in IE (IIS applications inherit)

Core Server Security: Proxy ServersCore Server Security: Proxy Servers

•• For the For the Java ManagerJava Manager web application when it, itself, is web application when it, itself, is a client to web services. a client to web services.

–– Example: When adding web services while authoring a web Example: When adding web services while authoring a web application application

–– Alter Proxy Server settings in the JVM of the embedded Tomcat Alter Proxy Server settings in the JVM of the embedded Tomcat servletservlet engine (embedded Tomcat applications inherit)engine (embedded Tomcat applications inherit)

•• %AGSHOME%/%AGSHOME%/\\javajava\\managermanager\\serviceservice\\jrejre

•• http://java.sun.com/j2se/1.5.0/docs/guide/net/proxies.htmlhttp://java.sun.com/j2se/1.5.0/docs/guide/net/proxies.html

Web Applications and Services SecurityWeb Applications and Services Security

•• ADF applications and ArcGIS Server services are ADF applications and ArcGIS Server services are standard web applications and services.standard web applications and services.

•• Use standard web application security approaches for:Use standard web application security approaches for:

–– EncryptionEncryption

–– AuthenticationAuthentication

–– AuthorizationAuthorization


•• Encryption (SSL)Encryption (SSL)

–– Install SSL server certificates into ADF and ArcGIS Server Web Install SSL server certificates into ADF and ArcGIS Server Web Services web servers.Services web servers.

•• Instructions available from any Certificate AuthorityInstructions available from any Certificate Authority

–– .NET: .NET: http://www.digicert.com/sslhttp://www.digicert.com/ssl--certificatecertificate--installationinstallation--microsoftmicrosoft--iisiis--55--6.htm6.htm

–– Java: Java: http://www.digicert.com/sslhttp://www.digicert.com/ssl--certificatecertificate--installationinstallation--apache.htmapache.htm

–– Install SSL client certificates into ArcGIS Desktop Install SSL client certificates into ArcGIS Desktop libcurllibcurl store.store.


•• Encryption (SSL)Encryption (SSL)–– Install SSL client certificates into Install SSL client certificates into

ArcGIS Desktop ArcGIS Desktop libcurllibcurl certificate certificate bundle.bundle.•• http://curl.haxx.se/docs/sslcerts.htmlhttp://curl.haxx.se/docs/sslcerts.html•• Add path to Add path to libcurllibcurl certificate bundle certificate bundle

in in ArcCatalogArcCatalog..


•• AuthenticationAuthentication

–– Basic and DigestBasic and Digest

•• Web application server provides framework to authenticate users.Web application server provides framework to authenticate users.•• Basic is completely unencrypted.Basic is completely unencrypted.•• Digest is encrypted, but may suffer from different Digest is encrypted, but may suffer from different

implementations on IIS and Apache.implementations on IIS and Apache.•• Neither is recommended unless using with SSL.Neither is recommended unless using with SSL.

–– FormsForms•• Web application provides authentication for users.Web application provides authentication for users.•• Username/password is not encrypted.Username/password is not encrypted.•• Not recommended unless using with SSL.Not recommended unless using with SSL.


•• AuthenticationAuthentication

–– Windows integrated (IIS only)Windows integrated (IIS only)•• Similar to Basic/Digest, but uses a different transmission schemSimilar to Basic/Digest, but uses a different transmission scheme.e.•• IE Users may not be challenged if they are logged into the OS.IE Users may not be challenged if they are logged into the OS.•• Only works over intraOnly works over intra--net.net.

–– ClientClient--CertCert•• Uses encrypted certificates to authenticate both server and userUses encrypted certificates to authenticate both server and user..


•• AuthorizationAuthorization

–– UserUser--role mappingrole mapping•• Access Control List filesAccess Control List files•• DatabasesDatabases•• web.configweb.config

•• Single Sign OnSingle Sign On–– Combines Authentication and AuthorizationCombines Authentication and Authorization


•• ReverseReverse--Proxy ServersProxy Servers–– Recommended to avoid firewall between ArcGIS Server Recommended to avoid firewall between ArcGIS Server

components.components.


•• ReverseReverse--Proxy ServersProxy Servers

– IIS has no native reverse-proxy server, but many 3rd party solutions exist.

• Microsoft ISA Server contains a reverse-proxy server (expensive for just a reverse-proxy server)

– http://www.microsoft.com/isaserver/default.mspx

• Isapi rewrite (~$70.00)

– http://www.helicontech.com/download/#isapi_rewrite

• Write your own:

– http://www.codeproject.com/aspnet/HTTPReverseProxy.asp


•• ReverseReverse--Proxy ServersProxy Servers

–– ApacheApache

•• HowToHowTo: : Configure ArcGIS Server for the Microsoft .NET Configure ArcGIS Server for the Microsoft .NET Framework to work with a Reverse Proxy. Framework to work with a Reverse Proxy. http://support.esri.com/index.cfm?fa=knowledgebase.techarticles.http://support.esri.com/index.cfm?fa=knowledgebase.techarticles.articleShow&d=32634articleShow&d=32634

•• HowToHowTo: Configure ArcGIS Server Java to work with a Reverse : Configure ArcGIS Server Java to work with a Reverse Proxy. (Proxy. (Coming SoonComing Soon))

SummarySummary

•• PerformancePerformance–– Detecting and Analyzing Performance BottlenecksDetecting and Analyzing Performance Bottlenecks

–– Best practices for avoiding Threading, Memory, CPU, Disk and Best practices for avoiding Threading, Memory, CPU, Disk and Network bottlenecks.Network bottlenecks.

•• DeploymentDeployment–– Distributed Installations of ArcGIS ServerDistributed Installations of ArcGIS Server

–– High Availability ConfigurationsHigh Availability Configurations

–– SecuritySecurity

Further questions?Further questions?

•• TECHTECH--TALK AREASTALK AREAS–– What:What: Further opportunity to discuss questions and concerns Further opportunity to discuss questions and concerns

about performance, deployment and security. about performance, deployment and security. –– Where: Where: Tech Talk Area 1, Oasis 3ATech Talk Area 1, Oasis 3A–– When:When: during the next 30 minutesduring the next 30 minutes

•• ESRI ShowcaseESRI Showcase

•• ESRI Developers Network (EDN) websiteESRI Developers Network (EDN) website–– http://edn.esri.comhttp://edn.esri.com

Session Evaluations ReminderSession Evaluations Reminder

Session Attendees:Session Attendees:Please turn in your session evaluations.Please turn in your session evaluations.

. . . Thank you. . . Thank you

deploying and tuning arcgis server -...

Documents