All FAQs
What is the most common security threat?

The process to secure a cloud environment is different from more traditional data center practices, so cloud adoption requires a learning curve for IT teams. Unauthorized access to resources is the most common cloud security threat; many high-profile exposures of sensitive data resulted from misconfigurations.

Is the cloud secure?

The cloud is generally more secure than most private data centers since Amazon and Microsoft can hire talented engineers and automate many of their practices. Cloud infrastructure providers also offer tools and architectural options to isolate workloads, encrypt data and detect potential threats.

I have a data source I’d prefer to keep on-premise. Is this okay not to move to the cloud?

It is your data to do with as you need, but be able to answer the question “why?” Why would you want to maintain a workload on-premise when you can move it into the cloud? There, keeping the lights on is managed for you instead of having to maintain it yourself separately.

How do you routinely resolve conflicts where multiple sources exist for a data element, ie town GIS public system vs. our engineers?

This is an interesting problem, essentially the approach to take in this situation is to choose which data is the authority and leverage that data source over the other – in this situation if I knew good data was getting replaced with bad data by users, the first approach I would take is user access control – do users need to change this data to do their job? If not, they don’t need access to change it. If they do need to change it, but mistakes get made, in that case I would create a workflow that compares the two data sources, and if the secondary source is different than the authoritative source, it overwrites the alternative source.

We have a requirement to maintain a specific security certification, is ROK able to accommodate? (FedRAMP, PCI, HIPPA, etc.)

ROK approaches this problem in a way that respects our client’s budget. Oftentimes these security certifications require costly annual audits, documentation, etc. To help our clients avoid paying for this process twice (once for their environment that exists already, and one for the ROK environment), ROK provides services where we are able to be on-boarded as contractors within your existing certified environment and are able to provide the same level of service you would expect with a ROK owned environment, except you only have to deal with a single auditing process.

Are your systems running as software-as-a-service such as AGOL or are they cloud deployments of regular software (e.g. ArcGIS Enterprise on cloud VMs)?

Our clients are made up of organizations that use ArcGIS Enterprise and those that use both ArcGIS Online and Enterprise as well as a variety of third-party applications.

What level of administration capabilities do we get post deployment when we move to cloud? We want to keep the user and content management with us. What about upgrades, is it turn-key upgrade or do we have to involve in the upgrade process?

At ROK we take a different approach to Managed Services. Our clients have complete access to all of their Esri Software and data giving them (and you) complete control over content. When it comes time to upgrade, the ROK team can take that entirely off your plate. Simply call our team and request a move to the latest version and we will make it happen!

What does the performance of cloud-based computing and data storage solutions look like compared to local LAN-based solutions?

It is comparable, and in many cases can surpass traditional solutions in terms of performance. One of the finer points of using cloud based solutions is the ease of scalability. The performance can scale dynamically with your workload, unlike traditional on premise solutions

How long is the outage and what will be down during that time?

Budget 4 hours of downtime for the Portal upgrade. During that time none of the elements of the ArcGIS Enterprise environment will be accessible. This includes the Portal, GIS Server(s), and Data Store(s). If you have a VDI solution and an SDE server you can still make a direct connection to your Enterprise Geodatabase if needed (but it is the weekend so you probably don’t want to).

Will links to applications or services change as a result of the upgrade?

No. The only change may be the path to the Python installation directory on the GIS Server. This may cause an issue if you have Python scripts that reference that path.

What if something goes wrong during the upgrade?

ROK will roll everything back to the current version if the upgrade can not be completed during the scheduled outage window. The environment will be restored to the point in time just before the start of the upgrade.

What are some of the key administration and security issues with GIS cloud migration?

The primary issues in both administration and security are vast amounts of workflow differences compared to traditional IT – Administration of a cloud environment, as well as securing it, both require a paradigm shift in the thought process and approach to architecting solutions and solving problems.

What kind of Esri technical support is available for infrastructures in the cloud (if needed)?

ROK provides 24/7 customer support for both your cloud infrastructure and your Esri software. We take care of every IT and GIS administrative task so you can focus on what you do best, GIS.

Are all or most GIS system and DB admin positions eliminated using a cloud-based approach?

Actually, not all. The difference is, that instead of GIS Admins and DBA’s spending the majority of their time troubleshooting and maintaining the software, they can focus on developing and innovating with GIS. When you are calculating the Opportunity Cost, consider the value you can bring to your organization

My organization would like to deploy a dev environment to test new features and workflows but are concerned about costs, is there any flexibility?

Yes, the benefit of the cloud is that ROK can help specify a time window where your staff can develop and test in the environment and once they are done, we can automatically shut down the machines and spin them back up when they’re ready to continue. Another option is to deploy a dev environment for a few months while you test a new version or integration. Once satisfied with the testing, we can remove the machines from your environment. This way you only pay for what you use.

I need to process a lot of drone imagery and then create a cache, can I do this using my Citrix Workspace (VDI)?

Technically yes, but there is probably a better way. This type of resource-intensive processing is best done on a dedicated machine. ROK can stand up a processing server for this task for very little cost in very little time. Once the processing is complete, ROK can terminate the processing server permanently, or turn it off until it is needed again. By managing the uptime of this server the cost can be kept low.

What are my hosting options to move from on-premise to cloud or hybrid solution?

Hosting options for hybrid or full cloud solutions are vast. You can either go directly to a cloud solutions provider like AWS or Azure, or, you can engage with a Managed Cloud Services provider who will set up and manage the environment for you. Should you choose the latter option we would strongly suggest ensuring the MSP has experience standing up and managing Esri Software specifically.

How does VDI work?

Users log into a VM from any device and from anywhere through a secure network. A VDI hosted environment provides an end-user experience through a virtualized backend that hosts VMs. Users utilize a replica of the master desktop. The master desktop stores all the required applications and distributes it via application virtualization.

Who manages the software on my Virtual Desktop?

ROK typically will manage software installs and upgrades within your Virtual Desktop environment (Citrix, AWS Workspaces). However if you prefer to handle the administration of the Virtual Desktop environment that is fine too. This is your environment, you are in charge here.

What is the difference between VDI and VPN?

While similar, VDI allows access to a remote desktop on which users can work, VPN establishes a tunnel between the end-user and an organization’s private network. Both are popular solutions for remote work, VPN is more cost-effective, easy to implement, and simple to use. However, due to the demands of GIS data processing, complex workflows and high performance and graphic processing, VDI is the better choice.

What is VDI (virtual desktop infrastructure)?

Virtual Desktop Infrastructure (VDI) is a solution that involves running virtual desktops on Virtual Machines (VMs) hosted in the cloud. VDI provides an isolated environment for each user and offers the same user experience as a traditional physical desktop.

How can latency between user machines and the cloud be minimized to make GIS in the cloud usable?

Latency, not to be confused with bandwidth, is a known factor since distance is key to determining latency – no matter how fast a connection, data must still physically travel the distance from cloud to machine and is constrained by the laws of physics 🙂 With this in mind, we can reduce the travel time by staying in one availability zone. Most of the clients we work with actually realize better performance after migrating to the cloud.

How is migration load handled in the cloud?

When working with clients on Cloud Migrations, the first step is to understand their environment. To do this, we start with a holistic view, formulating a detailed plan that serves as a roadmap. Using this roadmap, we work with the client to transfer and configure data (Database(s), Imagery, Flat Files etc.), working/project files (ArcMap/Pro documents, scripts, proprietary information), web applications and any third party integrations. After all configurations are complete, we validate the Cloud Environment through a client testing and QA/QC Phase to work out any and all issues. We then hand the keys over and GO LIVE!

We currently maintain infrastructure per environment (dev, QA, prod). How difficult is it to move and maintain all of that into the cloud?

Deploying and managing a 3-tier environment in the cloud is standard practice for many of the organizations we serve. Migration, when planned correctly can be a smooth and painless experience.

What are some of the requirements for cloud migration changes – CPU, balance charge, memory on demand, etc?

This really depends on the Esri software that is in use. You can find the specifications on Esri’s website. Here is a link to get you started: ArcGIS Server 10.8 system requirements—ArcGIS Enterprise system requirements | Documentation

What are some of the cons for GIS cloud migration?

There will always be challenges to overcome when encountering something different or unknown. If some of your data or technology is proprietary, you may not legally be able to deploy to the cloud. You may need to modify and/or map your application design and architecture to follow the cloud architecture. You could experience downtime due to technical outages (loss of power, maintenance, etc), but this would also be true on-premise

What does relocating a GIS environment to AWS look like? What about moving to Azure?

Migrating your GIS to AWS, Azure or any cloud solutions provider is accomplished in phases. Here is a brief overview of the methodology we use at ROK. Keep in mind that there are several steps within each phase, but this will give you an overview of what needs to take place.

  • Phase I: Spin up and configure the cloud environment you will use to support your software. Apply security, backup and retention policies.
  • Phase II: Install and configure your Esri Software. Deploy Virtual Desktop Instances.
  • Phase III: Migrate your GIS … this is a great opportunity to “clean the closets” and ensure you are only migrating what you need. We generally start migration planning in Phase I.
  • Phase IV: Cut Over to your new Cloud GIS environment. The entire process timeline varies depending on the complexity of your environment. As a very general rule you should budget 8-10 weeks.
I don’t see my question here. How can I get it answered?

Great question! If you are looking for an answer to a question not listed here, please reach out.