Enterprise application hosting and management system (Kubernetes)

The enterprise application hosting and management system pattern is typically deployed to Kubernetes using the ArcGIS Enterprise on Kubernetes software.

ArcGIS Enterprise on Kubernetes uses microservices and containerization to provide a cloud native architecture, running either on your organization’s Kubernetes platform or in your cloud provider’s Kubernetes service. It uses containers to split GIS processes into microservices, each of which performs a discrete, focused function. Each microservice runs in a container that packages everything necessary to run an application. One or more containers is housed in a pod that includes storage resources, a network identity, and a set of rules for how the container is to be run. The Kubernetes cluster orchestrates and manages the ArcGIS Enterprise on Kubernetes containers.

ArcGIS Enterprise on Kubernetes is for organizations that have invested in Kubernetes to orchestrate and manage their containerized applications.

Related resources:

• Kubernetes Overview (Kubernetes site)
• ArcGIS Enterprise on Kubernetes Resources
• ArcGIS Enterprise on Kubernetes System Requirements

Base architecture

The following is a typical base architecture for an enterprise application hosting and management system deployed on Kubernetes.

This diagram should not be taken as is and used as the design for your system. There are many important factors and design choices that should be considered when designing your system. Review the using system patterns topic for more information. Additionally, the diagram depicted below delivers only the base capabilities of the system; additional system components may be required when delivering extended capabilities.

Key components of this architecture include:

• A foundational deployment of ArcGIS Enterprise on Kubernetes containers to the Kubernetes cluster. This includes four categories of pods that represent various system functions, including GIS services, system managed storage, framework, and administration pods. For more information, please see the ArcGIS Enterprise on Kubernetes documentation.
• A load balancer is required to direct traffic across each worker node. For more information please see the ArcGIS Enterprise on Kubernetes system network requirements.
• A variety of data stores may be used to power the enterprise applications hosted and managed by ArcGIS Enterprise on Kubernetes, including file stores, cloud data warehouses, and databases. The system managed relational store may also be used to store ArcGIS-managed data powering enterprise applications. Learn more about data stores in ArcGIS as well as data and publishing with ArcGIS Enterprise.
• The object store provides ArcGIS-managed storage for uploaded and saved content, hosted tile and image layer caches, and geoprocessing output. As of ArcGIS Enterprise 11.2 the object store can be configured to use cloud-native storage from several supported service providers.
• ArcGIS Online, Esri’s SaaS infrastructure, typically provides basemaps (such as imagery basemaps), reference data (for example, places), as well as other location services (such as geocoding and search) for this system. Alternatively, it is possible for the organization to host and manage their own location services instead of using Esri’s SaaS system. Please see the location services system pattern for more information.
• A wide range of web, mobile, and desktop applications designed to support a variety of user personas and workflows. Learn more about the applications used in an enterprise application hosting and management system.

Key interactions in this architecture include:

1. Client applications communicate with enterprise data services as well as location services over HTTPS, typically via stateless REST APIs.
2. ArcGIS Enterprise GIS services may persist TCP connections to the database management system (DBMS) hosting the enterprise geodatabase. Database client software/drivers are included in ArcGIS Enterprise on Kubernetes for all supported database management systems.
3. References to location services hosted and managed by ArcGIS Online (e.g., basemaps) are typically registered and made available for use within ArcGIS Enterprise. Some services are referenced automatically when installing ArcGIS Enterprise, though additional sharing of content and services between these two systems can be performed manually or automatically. Please see configuring ArcGIS Online utility services and distributed collaboration.

Additional information on interactions between ArcGIS Enterprise components can be found in the ArcGIS Enterprise on Kubernetes product documentation.

Capabilities

The capabilities of the enterprise application hosting and management system on Kubernetes are described below. See the capability overview and comparison of capability support across deployment patterns for more information.

Capabilities used in an enterprise application hosting and management system, but typically provided by other systems, such as basemaps, geocoding, and other location services provided by a location services system are not listed below. Learn more about related system patterns.

Base capabilities

Base capabilities represent the most common capabilities delivered by enterprise application hosting and management systems and that are enabled by the base architecture presented above.

• Mapping and visualization allow users to create as well as interact with 2D maps and 3D scenes. ArcGIS Enterprise includes rich mapping and visualization capabilities, including data-driven visualization, 3D visualization, as well as basemap styling. Learn more about maps and visualization.
• App building empowers content creators to create web applications using a no-code or low-code approach. It also enables application developers to create web apps, native mobile and desktop apps, as well as extended reality (XR) and immersive experiences using full code approach. Unlike self-service mapping, analysis, and sharing systems, in enterprise application hosting and management systems the app building capability is not used in production, but rather in lower environments to build applications that are promoted to production through a change controlled process. External web hosting (e.g., web server) is required for hosting custom, full-code web applications. Learn more about ArcGIS Builders and ArcGIS Mapping APIs and SDKs.
• Site building enables content creators to create hosted websites using a no-code or low-code approach. Site building in ArcGIS Enterprise on Kubernetes is supported by ArcGIS Enterprise Sites. ArcGIS Enterprise Sites enables to creation of tailored websites & webpages to showcase ArcGIS Enterprise content to users. In addition to ArcGIS Enterprise, ArcGIS Experience Builder, which is considered an application builder, is also capable of creating websites. Site building, like app building, is performed in lower environments in enterprise application hosting and management systems.
• Data publishing and hosting provides for secure storage, management, and access of data as a service for data published by content creators and other user personas in an organization. ArcGIS Enterprise on Kubernetes supports publishing and hosting data for a number service or layer types, including feature layers and feature layer views, (map) tile layers, vector tile layers, and scene layers. ArcGIS Enterprise on Kubernetes also supports OGC, imagery, and elevation layers. For more information on imagery and elevation layers please see the imagery data management system on Kubernetes. Other service or layer types, including map and feature services can also be published against user-managed data stores. Data publishing and hosting in this system pattern is typically highly governed and not provided as a self-service capability to content creators. Learn more about data and publishing in ArcGIS Enterprise on Kubernetes.
• Data editing capabilities are included in enterprise application hosting and management systems; however, most data editing workflows tend to be better served by data editing and management systems.
• Data import and export in bulk is supported through the import and export tools that work directly against feature services or an enterprise geodatabase.
• Spatial joins and relationships enable rows from two datasets to be combined based on a spatial relationship. ArcGIS Enterprise on Kubernetes supports a number of tools and services for spatial joins and relationships, including join features and merge layers. These tools rely on spatial analysis services provided by a location services system. Learn more about spatial analysis services.
• Network analysis helps solve complex network problems (typically on street networks) such as creating an optimized route to visit many destinations, finding the closest facility, identifying a service area around a location, or servicing a set of orders with a fleet of vehicles. ArcGIS Enterprise on Kubernetes includes tool interfaces in Map Viewer, such as plan routes, create drive-time areas, and connect origins to destinations. These tools rely on spatial analysis services provided by a location services system. Learn more about spatial analysis services.
• Pattern analysis identifies spatial and temporal patterns in data. ArcGIS Enterprise on Kubernetes supports a number of tools and services for pattern analysis, including find hotspots and find outliers. These tools rely on spatial analysis services provided by a location services system. Learn more about spatial analysis services.
• Proximity analysis looks at the proximity of spatial data to other spatial data. ArcGIS Enterprise on Kubernetes supports a number of tools and services for proximity analysis, including find point clusters and creating buffers. These tools rely on spatial analysis services provided by a location services system. Learn more about spatial analysis services.
• Summarization analysis aggregates or summarizes data into higher order data structures. ArcGIS Enterprise on Kubernetes supports a number of tools and services for summarization analysis, including aggregate points, calculate density, and summarize within. These tools rely on spatial analysis services provided by a location services system. Learn more about spatial analysis services.
• Geometry analysis is the process of using a client-side API to perform one or more operations on a point, polyline, or polygon to solve a geometric problem. ArcGIS Enterprise on Kubernetes also supports server-side geometry analysis using the geometry service. Learn more about geometry analysis and how geometry analysis compares to feature analysis.
• 3D visual analysis is a type of spatial analysis that calculates and displays spatial information derived from the terrain, buildings, and other 3D objects contained within a scene. ArcGIS Enterprise on Kubernetes supports a number of tools and services for 3D visual analysis, including create viewshed and create watersheds. Learn more about spatial analysis services.

Extended capabilities

Extended capabilities are typically added to meet specific needs or support industry specific data models and solutions and may require additional software components or architectural considerations.

• Indoor GIS extends the capabilities of ArcGIS Online with ability to create and manage floor plan data, map building interiors, and share floor-aware maps and services. This capability requires ArcGIS Pro, and is made possible by ArcGIS Indoors. Indoor GIS commonly serves indoor maps and applications to broad groups of stakeholders including, but not limited to, enterprise and public audiences through lightweight mobile apps or kiosks. As such, portions of an indoor GIS may be best delivered through an enterprise application hosting and management system.
• Workflow management and automation is supported, but not when using Kubernetes as the exclusive deployment pattern. Support for workflow management and automation capabilities is possible by deploying ArcGIS Enterprise, specifically ArcGIS Server, on Windows or Linux and federating those ArcGIS Server sites with the Portal for ArcGIS component running in your Kubernetes-based deployment of ArcGIS Enterprise. See the Windows/Linux deployment pattern capabilities, as well as federating a server site documentation for more information.
• Other industry solutions allow for rapid deployment of industry-specific apps and configurations of ArcGIS Enterprise using ArcGIS Solutions. Note, not all industry solutions are available for ArcGIS Enterprise.

Considerations

The considerations below apply the pillars of the ArcGIS Well-Architected Framework to the enterprise application hosting and management system pattern on Kubernetes. The information presented here is not meant to be exhaustive, but rather highlights key considerations for designing and/or implementing this specific combination of system and deployment pattern. Learn more about the architecture pillars of the ArcGIS Well-Architected Framework.

Reliability

Reliability ensures your system provides the level of service required by the business, as well as your customers and stakeholders. For more information, see the reliability pillar overview.

• SLAs requiring high levels of availability are common.
  • Architecture profiles are predefined deployment profiles that correlate to varying levels of redundancy across pods and provide flexibility across several known variables such as requirements for hardware, redundancy, and organizational use.
  • Consider the Enhanced availability architecture profile when increased and expanded redundancy across critical pods is required.
• System-level backup and restore is also supported.

Security

Security protects your systems and information. For more information, see the security pillar overview.

• Authentication and authorization are typically required. One notable exception is publicly shared apps and supporting content, which do not require authentication.
  • Due to the wide range of users logging in from across the organization, this system pattern almost always leverages a single sign-on (SSO) approach to authentication. SSO is typically implemented using SAML and/or OpenID Connect.
  • User access and data collaboration are governed by role-based access controls and modern authorization and authentication models, including OAuth, SAML, OpenID Connect, and multifactor authentication.
• Learn more about ArcGIS Enterprise security best practices and implementation guidance.

Performance & Scalability

Performance and scalability aim to optimize the overall experience users have with the system, as well as ensure the system scales to meet evolving workload demands. For more information, see the performance and scalability pillar overview.

• Performance and scalability are typically important or critical for enterprise applications that are hosted and managed in this system. Applications, along with supporting content like maps and layers, should be designed and engineered to meet the performance and scalability expectations of users and the organization (including SLAs if required). Learn more about optimizing apps and services in ArcGIS.
  • Data read performance is typically a major factor in overall system performance.
• Scalability is an important design consideration, as enterprise applications are typically used heavily within an organization. Additionally, usage may increase quickly and unexpectedly as the overall adoption of GIS grows across an organization. ArcGIS Enterprise on Kubernetes deployments can be scaled horizontally by adjusting the number of pods as well as vertically by adjusting the memory and CPU. ArcGIS Enterprise on Kubernetes also provides robust, flexible scaling options for services. Learn more about service scaling.

Automation

Automation aims to reduce effort spent on manual deployment and operational tasks, leading to increased operational efficiency as well as reduction in human introduced system anomalies. For more information, see the automation pillar overview.

• Automation related to publishing, content management, as well as administration is common with ArcGIS Enterprise. This is typically done using the ArcGIS API for Python as well as ArcGIS Notebooks. ArcGIS Notebooks are considered outside of the scope of the location services system pattern. For more information please see the self-service mapping, analysis, and sharing system pattern.
• System administration automation is handled in large part by Kubernetes.
• ArcGIS Enterprise on Kubernetes includes support for Helm-based deployment and configuration.

Integration

Integration connects this system with other systems for delivering enterprise services and amplifying organizational productivity. For more information, see the integration pillar overview.

• Incorporation of external data and services into this system for use by enterprise applications is common. Integration approaches tend to focus on data or services-level integration, sometimes involving automation. Learn more about integration approaches and methods.
• Enterprise application hosting and management systems are commonly used to deliver data, analytic results, or other content produced or managed in another ArcGIS system. Learn more about related system patterns.

Observability

Observability provides visibility into the system, enabling operations staff and other technical roles to keep the system running in a healthy, steady state. For more information see the observability pillar overview

• Careful monitoring of service and application utilization is important with this system pattern. The delivery of enterprise applications typically extends to the whole organization (and possibly beyond), and therefore usage patterns and growth may not be anticipated by the system designers or operators. Monitoring helps people make decisions about when to scale and evolve to meet demand while continuing to operate properly (and in accordance with SLAs).
• ArcGIS Enterprise on Kubernetes can be observed in a variety of ways including system logs and health monitoring through ArcGIS Enterprise Manager. Monitoring of app and service availability, performance, and usage is most critical to this system pattern. In addition to monitoring the ArcGIS Enterprise software, it is important to monitor all supporting components and infrastructure such the Kubernetes environment, databases and other data stores, as well as compute, network, security, and other infrastructure. Learn more about monitoring system health and reliability.
• Some extended capabilities of this system pattern, such as workflow management and automation with ArcGIS Workflow Manager, have additional observability support. Please review the corresponding product documentation for more information.
• Use of web analytics should be strongly considered when using ArcGIS Instant Apps, ArcGIS StoryMaps, and custom applications.
• Additional observation of user logins and account changes may be possible through the configured identity provider when using SAML and/or OpenID Connect logins.

Other

Additional considerations for designing and implementing an enterprise application hosting and management system on Kubernetes include:

• Successful operation requires strong understanding of GIS, IT, and database concepts as well as technology. This includes knowledge and skills specific to the selected database management system (DBMS), as well as Kubernetes.
• For organizations that have the resources and staff to deploy and maintain enterprise software on Kubernetes, the ArcGIS Enterprise on Kubernetes deployment option separates IT administration and maintenance from GIS administration.
• This pattern is typically designed to meet strict non-functional requirements and/or SLAs. As such, strong governance and alignment with IT policies and roles, such as data steward and content manager, should strongly be considered when implementing this system pattern.

Related resources:

• ArcGIS Trust Center
• Esri’s secure development lifecycle
• Esri’s commitment to accessibility