ArcGIS Online Deployment Scenarios for Water Utilities

ArcGIS connects maps, apps, data, and people so you can make smarter, faster decisions. It gives everyone in your water utility the ability to discover, use, make, and share maps from any device, anywhere, anytime. ArcGIS Online, Esri’s SaaS system, enables all the portal capabilities of ArcGIS and is currently being used by over 1900 water utilities worldwide.  The deployment of ArcGIS Online within your existing, or new, ArcGIS implementation is completely flexible and is described by the three options below:

1. Fully hosted deployment – using ArcGIS Online for both its SaaS and data storage capabilities with no on-premises data
2. On-premises services deployment – using ArcGIS Online for only its SaaS capabilities, data is stored on-premises
3. Hybrid deployment – using ArcGIS Online for both its SaaS and data storage capabilities and using on-premises data

Fully Hosted Deployment

The first option is using ArcGIS Online to host some or all of your water utility’s geospatial content. When hosting data in ArcGIS Online, hosted feature and tile services are used to manage the spatial data. Feature services support vector feature querying, visualization, and editing. Feature services are most appropriate for operational layers that go on top of reference layers such as a base map.

Tile services are typically used for base maps. While custom base maps can be deployed with tile services, many water utilities use the base maps provided by ArcGIS Online. Hosted feature and tile services are created in ArcGIS Online using ArcGIS for Desktop. Data can be periodically transferred from ArcGIS Online to the local network and vice-versa.

The following scenarios typically apply to this option:

• You do not have an on-premises ArcGIS Server environment and want to use a secure cloud environment to host all of your ArcGIS resources (services, apps, maps, files, etc.). This scenario is best suited for smaller water utilities that have limited IT resources.
• You are new to ArcGIS and would like to immediately start leveraging its capabilities while an on-premises environment is being established. In this scenario, you will transition to a hybrid deployment as the on-premises environment capabilities are enabled.
• You want to completely separate your internal users (utility staff) and external users (contractors and public), not allowing any external users access to the on-premises environment. In this scenario you will have on on-premises or hybrid ArcGIS Online deployment and use a second fully hosted ArcGIS Online deployment for the external users. The data supporting this second ArcGIS Online organization is periodically transferred from the local network to ArcGIS Online and vice-versa.

Fully hosted ArcGIS Online deployment architecture

On-Premises Services Deployment

The second option uses the portal capabilities of ArcGIS Online with data provided from your on-premises GIS deployment. While it is a deployment option, using ArcGIS Online as a mapping portal does not require storing data in ArcGIS Online [this is a common misconception about ArcGIS Online]. Using this option, you would store none of your own data in the cloud.

This option requires communication between the on-premises GIS and ArcGIS Online. When a service is added from the on-premises system, the service’s REST endpoint (URL) from the ArcGIS Server(s) is registered with ArcGIS Online. When publishing a web map with a service from the on-premises server(s), the client (web browser, mobile device, or ArcGIS for Desktop) must be able to access that server to retrieve the information via the URL. In the office, when a user is on the local network, this is not an issue because the client will be able to access the URL. But, users outside of the office need to be provided with secure access to the local network to be able to access the URL.

There are several ways to accomplish access to the URL for users away from the office, including accessing the local network through a Virtual Private Network (VPN), configuring a reverse proxy web server within a perimeter network (also known as a demilitarized zone [DMZ] or screened subnet), or replicate data to, and publish the service from, an ArcGIS Server in a DMZ that is not connected to the local network. Most commonly, the ArcGIS for Server Web Adapter is deployed on a web server in the DMZ to serve as a proxy. Web maps that use on-premises services can also include content from services provided by ArcGIS Online such as a variety of basemaps, imagery or demographics.

The following scenarios typically apply to this option:

• You do not want to host any water utility data in ArcGIS Online. Before assuming this is the policy at your water utility, check with your IT security administrator. It’s quite common today that water utilities use SaaS systems and have some of their data hosted. This scenario could limit your ability to collaborate with your contractors or customers. Sensitive data could be considered on a layer-by-layer basis.
• This scenario may be combined with the fully hosted option, such that all internal uses access the on-premises environment and external users access the fully hosted ArcGIS Online organization.

On-Premises ArcGIS Online deployment architecture

With ArcGIS Online, the software components run as SaaS in an Esri-administered cloud infrastructure. If a SaaS implementation of ArcGIS Online cannot be implemented due to internet connectivity or security policies, Portal for ArcGIS Server Extension provides the same great experience as ArcGIS Online but within your infrastructure (on-premises or in the cloud).

Hybrid Deployment

The most common ArcGIS Online deployment approach at water utilities is to use a hybrid of the two options described above – meaning that some of your data is served by the on-premises GIS system and some of you data is served as hosted data stored in ArcGIS Online. Using a hybrid approach, water utilities have full flexibility to use the platform in a variety of different ways. Web maps can be created using services from on-premises servers, hosted feature services, and content provided by ArcGIS Online.

In some instances it may be required to use on-premises services when providing sensitive water network information to field workers, whereas in other instances utilities may want to share non-sensitive information with other organizations such as hydrant data with Fire Departments or meter data with Contractors installing customer services. Increasingly, water utilities are thinking about their data on a layer-by-layer basis to determine which data should be stored on-premises and which data is appropriate to store in a SaaS system.

Therefore, the only differences between the On-Premises Deployment and Hybrid Deployment of ArcGIS Online is that publishers can publish data to ArcGIS Online in the form of hosted feature or tile services and some data then resides in ArcGIS Online.

The following scenarios typically apply to this option:

• You want to leverage the full capabilities of the ArcGIS platform creating and sharing web maps with both on-premises and hosted services and have complete flexibility in how you deploy ArcGIS to everyone in your organization, contractors, and your customers.
• This scenario may be combined with the fully hosted option, such that all internal users access the hybrid environment and external users access the fully hosted ArcGIS Online organization.

Hybrid ArcGIS Online deployment architecture