The process to secure a cloud environment is different from more traditional data center practices, so cloud adoption requires a learning curve for IT teams. Unauthorized access to resources is the most common cloud security threat; many high-profile exposures of sensitive data resulted from misconfigurations.
The cloud is generally more secure than most private data centers since Amazon and Microsoft can hire talented engineers and automate many of their practices. Cloud infrastructure providers also offer tools and architectural options to isolate workloads, encrypt data and detect potential threats.
It is your data to do with as you need, but be able to answer the question “why?” Why would you want to maintain a workload on-premise when you can move it into the cloud? There, keeping the lights on is managed for you instead of having to maintain it yourself separately.
This is an interesting problem, essentially the approach to take in this situation is to choose which data is the authority and leverage that data source over the other – in this situation if I knew good data was getting replaced with bad data by users, the first approach I would take is user access control – do users need to change this data to do their job? If not, they don’t need access to change it. If they do need to change it, but mistakes get made, in that case I would create a workflow that compares the two data sources, and if the secondary source is different than the authoritative source, it overwrites the alternative source.
ROK approaches this problem in a way that respects our client’s budget. Oftentimes these security certifications require costly annual audits, documentation, etc. To help our clients avoid paying for this process twice (once for their environment that exists already, and one for the ROK environment), ROK provides services where we are able to be on-boarded as contractors within your existing certified environment and are able to provide the same level of service you would expect with a ROK owned environment, except you only have to deal with a single auditing process.
Our clients are made up of organizations that use ArcGIS Enterprise and those that use both ArcGIS Online and Enterprise as well as a variety of third-party applications.
At ROK we take a different approach to Managed Services. Our clients have complete access to all of their Esri Software and data giving them (and you) complete control over content. When it comes time to upgrade, the ROK team can take that entirely off your plate. Simply call our team and request a move to the latest version and we will make it happen!
It is comparable, and in many cases can surpass traditional solutions in terms of performance. One of the finer points of using cloud based solutions is the ease of scalability. The performance can scale dynamically with your workload, unlike traditional on premise solutions
Budget 4 hours of downtime for the Portal upgrade. During that time none of the elements of the ArcGIS Enterprise environment will be accessible. This includes the Portal, GIS Server(s), and Data Store(s). If you have a VDI solution and an SDE server you can still make a direct connection to your Enterprise Geodatabase if needed (but it is the weekend so you probably don’t want to).
No. The only change may be the path to the Python installation directory on the GIS Server. This may cause an issue if you have Python scripts that reference that path.
ROK will roll everything back to the current version if the upgrade can not be completed during the scheduled outage window. The environment will be restored to the point in time just before the start of the upgrade.
The primary issues in both administration and security are vast amounts of workflow differences compared to traditional IT – Administration of a cloud environment, as well as securing it, both require a paradigm shift in the thought process and approach to architecting solutions and solving problems.
ROK provides 24/7 customer support for both your cloud infrastructure and your Esri software. We take care of every IT and GIS administrative task so you can focus on what you do best, GIS.
Actually, not all. The difference is, that instead of GIS Admins and DBA’s spending the majority of their time troubleshooting and maintaining the software, they can focus on developing and innovating with GIS. When you are calculating the Opportunity Cost, consider the value you can bring to your organization
Yes, the benefit of the cloud is that ROK can help specify a time window where your staff can develop and test in the environment and once they are done, we can automatically shut down the machines and spin them back up when they’re ready to continue. Another option is to deploy a dev environment for a few months while you test a new version or integration. Once satisfied with the testing, we can remove the machines from your environment. This way you only pay for what you use.
Technically yes, but there is probably a better way. This type of resource-intensive processing is best done on a dedicated machine. ROK can stand up a processing server for this task for very little cost in very little time. Once the processing is complete, ROK can terminate the processing server permanently, or turn it off until it is needed again. By managing the uptime of this server the cost can be kept low.
Hosting options for hybrid or full cloud solutions are vast. You can either go directly to a cloud solutions provider like AWS or Azure, or, you can engage with a Managed Cloud Services provider who will set up and manage the environment for you. Should you choose the latter option we would strongly suggest ensuring the MSP has experience standing up and managing Esri Software specifically.
Users log into a VM from any device and from anywhere through a secure network. A VDI hosted environment provides an end-user experience through a virtualized backend that hosts VMs. Users utilize a replica of the master desktop. The master desktop stores all the required applications and distributes it via application virtualization.
ROK typically will manage software installs and upgrades within your Virtual Desktop environment (Citrix, AWS Workspaces). However if you prefer to handle the administration of the Virtual Desktop environment that is fine too. This is your environment, you are in charge here.
While similar, VDI allows access to a remote desktop on which users can work, VPN establishes a tunnel between the end-user and an organization’s private network. Both are popular solutions for remote work, VPN is more cost-effective, easy to implement, and simple to use. However, due to the demands of GIS data processing, complex workflows and high performance and graphic processing, VDI is the better choice.
Virtual Desktop Infrastructure (VDI) is a solution that involves running virtual desktops on Virtual Machines (VMs) hosted in the cloud. VDI provides an isolated environment for each user and offers the same user experience as a traditional physical desktop.
Latency, not to be confused with bandwidth, is a known factor since distance is key to determining latency – no matter how fast a connection, data must still physically travel the distance from cloud to machine and is constrained by the laws of physics 🙂 With this in mind, we can reduce the travel time by staying in one availability zone. Most of the clients we work with actually realize better performance after migrating to the cloud.
When working with clients on Cloud Migrations, the first step is to understand their environment. To do this, we start with a holistic view, formulating a detailed plan that serves as a roadmap. Using this roadmap, we work with the client to transfer and configure data (Database(s), Imagery, Flat Files etc.), working/project files (ArcMap/Pro documents, scripts, proprietary information), web applications and any third party integrations. After all configurations are complete, we validate the Cloud Environment through a client testing and QA/QC Phase to work out any and all issues. We then hand the keys over and GO LIVE!
Deploying and managing a 3-tier environment in the cloud is standard practice for many of the organizations we serve. Migration, when planned correctly can be a smooth and painless experience.
This really depends on the Esri software that is in use. You can find the specifications on Esri’s website. Here is a link to get you started: ArcGIS Server 10.8 system requirements—ArcGIS Enterprise system requirements | Documentation
There will always be challenges to overcome when encountering something different or unknown. If some of your data or technology is proprietary, you may not legally be able to deploy to the cloud. You may need to modify and/or map your application design and architecture to follow the cloud architecture. You could experience downtime due to technical outages (loss of power, maintenance, etc), but this would also be true on-premise
Migrating your GIS to AWS, Azure or any cloud solutions provider is accomplished in phases. Here is a brief overview of the methodology we use at ROK. Keep in mind that there are several steps within each phase, but this will give you an overview of what needs to take place.
Great question! If you are looking for an answer to a question not listed here, please reach out.
1501 Belle Isle Av, Suite 110
Mt Pleasant, SC 29464
Email: info@ROKtech.net
Phone: 843.577.3192