Skip to main content

Security best practices for ArcGIS Data Store

Security is a pillar of a well-architected ArcGIS system. As part of configuring a more secure ArcGIS Enterprise environment, consider implementing the configurations for ArcGIS Data Store and the machines where it is installed described below.

Tip:

For security best practices for the other base ArcGIS Enterprise components, read the following:

Enable a firewall on each machine and open only required ports

Secured servers use firewalls to limit access. Ensure that the machines where you install ArcGIS Data Store have a firewall enabled, and that you open only those ports required for communication. For specific port requirements for all ArcGIS Enterprise components, see Required ports.

Create backups of all data stores on a regular basis

Having usable backups of your ArcGIS Enterprise deployment, including all data stores, not only protects you from data loss in the event of machine failure or data corruption, it also protects you in the case of ransomware attacks. Hackers cannot hold your data hostage if you have restorable copies of it.

For information about backup options, see Manage ArcGIS Data Store backups and ArcGIS Enterprise backups.

Use the Transport Layer Security protocol for the relational store

By default, the hosting server and the relational store communicate using the Transport Layer Security protocol. Use this default setting; do not alter it.

Update passwords for relational store system accounts

Hosted feature layers access the data in the relational store using an internal user account (the managed user). Three other system users exist in the relational store to perform internal administrative tasks. Because these accounts are system generated and maintained, their names and passwords are system generated. But you can update these passwords on a regular basis as part of the password cycling protocols at your site.

See Alter relational store account passwords for more information.