E n t e r p r i s e L e v e l S e c u r i t y a n d D a t a C o n f i g u r a t i o n

Chris Spicer Team Lead and Domain Architect

Ministry of Citizens' Services and Open Government

What is DataBC?

Security and Configuration in an Enterprise, a two year mission

DataBC provides leadership for the BC Government’s Open Data and Spatial Data Infrastructure

DataBC provides resources that help the BC Government manage and use its data as a strategic asset

DataBC promotes and enables the sharing of data with citizens, businesses and across the government enterprise www.data.gov.bc.ca

DataBC online is the place to find BC Government data, services, applications and tools

www.data.gov.bc.ca

5

ELUC,

CORE,

LUCO

1990’s Early 2000’s Late 2000’s Future

2006: ILMB 2003: LIBC 2002: MSRM 2008: GeoBC 2011: DataBC

• Open Data – License, Policy, Catalogue, Website

• Provincial Spatial Data Infrastructure – Shared Infrastructure for Access to Government Data

– warehouse, catalogue, download, visualization and connection services

– Application Frameworks and Location Services

• Governance: – Data Custodianship Principles

An SDI is composed of 6

fundamental elements:

• Metadata

• Geospatial Data

• Framework

• Services

• Standards

• Partnerships

More than 2,500 data sets and 3,400 presentation Layers

6,000 tables

1.6 billion rows of data

150 line of business applications

Users download over 400,000 products / yr

Core corporate app, iMapBC has over 275,000 user sessions / yr

Our WMS services serve over 129 million image requests / yr

Light weight for Mobile devices using the Google Maps API

Heavy weight for desktop users via Java, Silverlight & Browser (IMF & IMF2 respectively)

Maintaining presentation and security for over 3,400 different warehouse layers for web mapping and desktop GIS users

Managing the individual configuration of layer collections in dozens of different applications

◦ One layer change could require multiple configuration updates across multiple applications

◦ Each application often needs to be tested and migrated between IT environments

Security configured in one place with no duplication

Layer presentation configured in one place, both for desktop GIS and Web GIS users and consumers

Centralized security through a database driven policy store

Using ArcIMS Dynamic layers eliminated the need for a AXL file with 3,400 layers

Implemented for a single application; many stand alone AXL files still maintained for business specific applications

Policy store implementation clumsy; one record entry for each database layer

The Internet Mapping Framework, based on ArcIMS is nearing the end of its useful lifespan

Upgrade opportunity using Geocortex Essentials, ArcGIS Server and custom code to reproduce and improve on the feats of the original iMapBC app

Trying to migrate from ArcIMS to ArcGIS Server, it was apparent that there was a gap –– dynamic layer support was absent

Sud Menon

Ismael Chivite

Craig Williams

Layer files are converted into JSON using a Server object extension

The JSON is stored in a database and made available through a REST endpoint layer catalogue

The layer catalogue provides an authorized catalogue list of layers to calling client applications

Layer File Library

.LYR files on disk

JSON

Conversion to JSON

Dynamic Layers Web Service

GetDynamicLayers()

GetDynamicLayer(layerName)

Upon application start-up, the layer catalogue provides the client application with a list of authorized layer IDs

JSON is provided directly from the database when the user or application requires a layer to reduce network traffic

The layer presentation properties are retrieved dynamically from the database which holds the authoritative layer representation

A Proxy monitors transactions from the client to AGS and filters any IDs that the client is not authorized to see

Client viewer makes requests through different AGS map services for different security groups

Multiple AGS map services are used to protect sensitive layers, each with an associated proxy account with appropriate oracle permissions

ArcGIS Server Geocortex Essentials

Viewer

REST API

REST API

Secured Map Services

Proxy

Public Map Services

Layer Security Provider

Available Layers

Dynamic Layers Web Service

GetDynamicLayers()

GetDynamicLayer(layerName)

Layer Security Provider Sites

Layer Catalogue

Client Viewer

Essentials Proxy

Security

Layer Catalogue

Web Service

JSON Repository

Security Groups

ArcGIS Server 10.1

Layer List

A new version of iMapBC is being rolled out using ArcGIS Server 10.1 and Essentials

Beta test URL goes out this week

Future application design stds will require new apps to utilize this REST endpoint for security and layer presentation

Chris.Spicer@gov.bc.ca