Self-service mapping, analysis, and sharing system (Kubernetes)

The self-service mapping, analysis, and sharing system pattern is deployed to Kubernetes primarily using the ArcGIS Enterprise on Kubernetes software.

ArcGIS Enterprise on Kubernetes uses microservices and containerization to provide a cloud native architecture, running either on your organization’s Kubernetes platform or in your cloud provider’s Kubernetes service. It uses containers to split GIS processes into microservices, each of which performs a discrete, focused function. Each microservice runs in a container that packages everything necessary to run an application. One or more containers is housed in a pod that includes storage resources, a network identity, and a set of rules for how the container is to be run. The Kubernetes cluster orchestrates and manages the ArcGIS Enterprise on Kubernetes containers.

ArcGIS Enterprise on Kubernetes is for organizations that have invested in Kubernetes to orchestrate and manage their containerized applications.

Related resources:

Base architecture

The following is a typical base architecture for a self-service mapping, analysis, and sharing system deployed on Kubernetes.

This diagram should not be taken as is and used as the design for your system. There are many important factors and design choices that should be considered when designing your system. Review the using system patterns topic for more information. Additionally, the diagram depicted below delivers only the base capabilities of the system; additional system components may be required when delivering extended capabilities.

Self-service mapping, analysis, and sharing system base architecture (Kubernetes)

Key components of this architecture include:

  • A foundational deployment of ArcGIS Enterprise on Kubernetes containers to the Kubernetes cluster. This includes four categories of pods that represent various system functions, including GIS services, system managed storage, framework, and administration pods. For more information, please see the ArcGIS Enterprise on Kubernetes documentation.
  • A load balancer is required to direct traffic across each worker node. For more information please see the ArcGIS Enterprise on Kubernetes system network requirements.
  • A variety of data stores may be used to power the self-service mapping, analysis, and sharing capabilities provided by ArcGIS Enterprise on Kubernetes, including file stores, cloud data warehouses, and databases. The system managed relational store is used in this pattern to store ArcGIS-managed data that is published and hosted by content creators. Learn more about data stores in ArcGIS as well as data and publishing with ArcGIS Enterprise.
  • The object store provides ArcGIS-managed storage for uploaded and saved content, hosted tile and image layer caches, and geoprocessing output. As of ArcGIS Enterprise 11.2 the object store can be configured to use cloud-native storage from several supported service providers.
  • ArcGIS Online, Esri’s SaaS infrastructure, typically provides basemaps (e.g., satellite map), reference data (e.g., places), as well as other location services (e.g., geocoding and search) for this system. Alternatively, it is possible for the organization to host and manage their own location services instead of using Esri’s SaaS system. Please see the location services system pattern for more information.
  • There are a wide range of applications available through the self-service mapping, analysis, and sharing system. Those applications and types of applications commonly included in a base architecture deployment are shown in the diagram. For more information please see the full list of self-service, analysis, and sharing applications.

Key interactions in this architecture include:

  1. Client applications communicate with enterprise data services as well as location services over HTTPS, typically via stateless REST APIs.
  2. ArcGIS Enterprise GIS services may persist TCP connections to the database management system (DBMS) hosting the enterprise geodatabase. Database client software/drivers are included in ArcGIS Enterprise on Kubernetes for all supported database management systems.
  3. References to location services hosted and managed by ArcGIS Online (e.g., basemaps) are typically registered and made available for use within ArcGIS Enterprise. Some services are referenced automatically when installing ArcGIS Enterprise, though additional sharing of content and services between these two systems can be performed manually or automatically. Please see configuring ArcGIS Online utility services and distributed collaboration.
Note:

ArcGIS License Manager may be required for configuring and managing ArcGIS Pro licenses. See ArcGIS License Manager documentation for more information.

Additional information on interactions between ArcGIS Enterprise components can be found in the ArcGIS Enterprise on Kubernetes product documentation.

Capabilities

The capabilities of the self-service mapping, analysis, and sharing system on Kubernetes are described below. See the capability overview and comparison of capability support across deployment patterns for more information.

Capabilities used in a self-service mapping, analysis, and sharing system, but typically provided by other systems, such as basemaps, geocoding, and other location services provided by a location services system are not listed below. Learn more about related system patterns.

Base capabilities

Base capabilities represent the most common capabilities delivered by self-service mapping, analysis, and sharing systems and that are enabled by the base architecture presented above.

Extended capabilities

Extended capabilities are typically added to meet specific needs or support industry specific data models and solutions, and may require additional software components or architectural considerations.

  • Production mapping optimizes data and map production using ArcGIS Production Mapping. Production mapping is a broad capability that involves data editing and management as well as imagery data management. The subset of this capability provided by self-service mapping, analysis, and sharing systems includes high-quality, advanced cartographic production as well as general use of the maps and data produced. This capability is not supported using Kubernetes as the exclusive deployment pattern. Support for these extended capabilities is possible by deploying ArcGIS Enterprise, specifically ArcGIS Server, on Windows or Linux and federating those ArcGIS Server sites with the Portal for ArcGIS component running in your Kubernetes-based deployment of ArcGIS Enterprise. Please see the Windows/Linux deployment pattern capabilities, as well as federating a server site documentation for more information.
  • Project delivery and coordination enables architecture, engineering, construction (AEC) and operations teams to easily work with linked data and documentation in configurable web apps to simplify communication and collaboration. Learn more about this capability powered by ArcGIS GeoBIM and ArcGIS Enterprise.
  • Other industry solutions allow for rapid deployment of industry-specific apps and configurations of ArcGIS Enterprise using ArcGIS Solutions. Note, not all industry solutions are available for ArcGIS Enterprise.
  • Support for web-tier Authentication, such as Integrated Windows Authentication (IWA) and Public Key Infrastructure (PKI) is supported with the addition of the Web Adaptor component of ArcGIS Enterprise on Kubernetes.

Considerations

The considerations below apply the pillars of the ArcGIS Well-Architected Framework to the self-service mapping, analysis, and sharing system pattern on Kubernetes. The information presented here is not meant to be exhaustive, but rather highlights key considerations for designing and/or implementing this specific combination of system and deployment pattern. Learn more about the architecture pillars of the ArcGIS Well-Architected Framework.

Reliability

Reliability ensures your system provides the level of service required by the business, as well as your customers and stakeholders. For more information, see the reliability pillar overview.

  • SLAs requiring high levels of availability are reasonably common, though it’s less common for self-service mapping, analysis, and sharing systems to be considered mission critical. For mission critical delivery of applications with strict SLAs and high levels of availability consider the enterprise application hosting and management system pattern.
    • Architecture profiles are predefined deployment profiles that correlate to varying levels of redundancy across pods and provide flexibility across several known variables such as requirements for hardware, redundancy, and organizational use.
    • Consider the Enhanced availability architecture profile when increased and expanded redundancy across critical pods is required.
  • System-level backup and restore is also supported

Security

Security protects your systems and information. For more information, see the security pillar overview.

  • Authentication and authorization is required for almost all uses of a self-service mapping, analysis, and sharing system. One notable exception is the use of maps and apps shared without a login requirement for anonymous users.
    • Due to the wide range of users logging in from across the organization, this system pattern almost always leverage a single sign-on (SSO) approach to authentication. SSO is typically implemented using SAML and/or OpenID Connect.
    • User access and data collaboration are governed by role-based access controls and modern authorization and authentication models, including OAuth, SAML, OpenID Connect, and multifactor authentication.
  • Learn more about ArcGIS Enterprise security best practices and implementation guidance.

Performance & Scalability

Performance and scalability aim to optimize the overall experience users have with the system, as well as ensure the system scales to meet evolving workload demands. For more information, see the performance and scalability pillar overview.

  • SLAs requiring high performance are less common with this system pattern than with others, such as enterprise application hosting and management systems.
    • Data read performance is typically a major factor in overall system performance.
  • Scalability is an important design consideration, as self-service mapping, analysis, and sharing systems are typically used heavily within an organization. Additionally usage may increase quickly and unexpectedly as the overall adoption of GIS grows across an organization. ArcGIS Enterprise on Kubernetes deployments can be scaled horizontally by adjusting the number of pods as well as vertically by adjusting the memory and CPU. ArcGIS Enterprise on Kubernetes also provides robust, flexible scaling options for services. Learn more about service scaling.
  • For applications and services requiring high-levels of performance and scalability, consider delivering them through an enterprise application hosting and management system.

Automation

Automation aims to reduce effort spent on manual deployment and operational tasks, leading to increased operational efficiency as well as reduction in human introduced system anomalies. For more information, see the automation pillar overview.

  • Automation related to publishing, content management, analytics, as well as administration is common with ArcGIS Enterprise. This is typically done using the ArcGIS API for Python.
  • System administration automation is handled in large part by Kubernetes.
  • ArcGIS Enterprise on Kubernetes includes support for Helm-based deployment and configuration.

Integration

Integration connects this system with other systems for delivering enterprise services and amplifying organizational productivity. For more information, see the integration pillar overview.

  • Incorporation of external data and services into this system for self-service mapping and analysis workflows is common. Integration approaches tend to focus on data or services-level integration, sometimes involving automation. Learn more about integration approaches and methods.
  • Sharing of maps and other content from this system with other systems across the enterprise is common. Learn more about integration approaches and methods.
  • Self-service mapping, analysis, and sharing systems are commonly integrated with other ArcGIS systems. Learn more about related system patterns.
  • Organizations may deploy and connect more than one of these systems together, often to establish boundaries when engaging different groups of stakeholders, for example, across multiple departments or for internal and external use.

Observability

Observability provides visibility into the system, enabling operations staff and other technical roles to keep the system running in a healthy, steady state. For more information see the observability pillar overview

  • Observability is especially important with this system pattern. The flexible, self-service use of this system benefits greatly from governance, which is best implemented through awareness of evolving usage patterns and practices learned through observation. Organizations getting started with this system pattern are strongly encouraged to introduce governance and change management policies early. Additionally, ongoing review and housekeeping of content, groups, and users is strongly recommended, and can be enabled in large part through automation.
  • ArcGIS Enterprise on Kubernetes can be observed in a variety of ways including system logs and health monitoring through ArcGIS Enterprise Manager. Monitoring of system availability, performance, and usage is important to this system pattern, as patterns of use may grow and evolve organically. In addition to monitoring the ArcGIS Enterprise software, it is important to monitor all supporting components and infrastructure such the Kubernetes environment, databases and other data stores, as well as compute, network, security, and other infrastructure. Learn more about monitoring system health and reliability.
  • Some extended capabilities of this system pattern, such as workflow management and automation with ArcGIS Workflow Manager, have additional observability support. Please review the corresponding product documentation for more information.
  • Web analytics can be used with ArcGIS Instant Apps, ArcGIS StoryMaps, and custom applications.
  • Additional observation of user logins and account changes may be possible through the configured identity provider when using SAML and/or OpenID Connect logins.

Other

Additional considerations for designing and implementing a self-service mapping, analysis, and sharing system on Kubernetes include:

  • Organizations getting started with this pattern are strongly encouraged to introduce governance and change management policies early.
  • Organizations should review and consider organization-level business and IT guidance around security and data sharing, and implement data and application-level security protocols within the system as appropriate.

Related resources:

Top