Highly secure environments

In highly secure or air‑gapped environments, most users do not have direct access to the internet. Instead, a small number of IT staff retrieve, validate, and distribute files for use behind a firewall.

ArcGIS Documentation Center supports this model by allowing documentation sets to be downloaded, scanned, and copied into a controlled environment where they can be accessed locally.

Typical roles

This workflow usually involves two roles:

• IT staff:

  Have controlled access to the internet and are responsible for downloading, validating, and distributing software and documentation.

• Organization users:

  Work behind the firewall and access documentation from a shared location with read‑only permissions.

Typical workflow

A common workflow in a highly secure environment looks like the following:

1. An IT staff member installs ArcGIS Documentation Center on a machine with internet access.

2. Using the Library tab, the IT staff member downloads the required documentation sets.

3. The downloaded files are scanned according to organizational security policies.

4. The entire root folder is copied into a shared location behind the firewall.

5. Organization users configure ArcGIS Documentation Center to point to the shared root folder.

   Alternatively, the IT staff replaces the appSettings.json file with a preconfigured version that points to the shared root folder and optionally restricts internet access or sets default ports..

6. Organization users open and use documentation from the shared location without using the internet.

Permissions and access

In this model:

• IT staff typically have read/write access to the root folder.

• Organization users typically have read‑only access.

  Read‑only access helps prevent accidental deletion or modification of documentation sets.

Documentation sets are only updated when IT staff repeat the download, validation, and copy process.

Network access restrictions

In highly secure environments, ArcGIS Documentation Center may be configured to prevent outbound network calls, even if a machine has limited internet connectivity.

This is typically done by editing the appSettings.json file to restrict which domains, if any, the application is allowed to contact.

Related topics

• Understand the root folder

• Download documentation sets

• Work with limited or no internet access

• The appsettings.json file reference