Accounts used by ArcGIS Velocity
When you install ArcGIS Velocity, a series of accounts are used to run, access, and use the app.
ArcGIS Velocity services account
Velocity starts and stops system processes, reads and writes data to locations on the local file system, and can be configured to read and write real-time data to files stored in locations elsewhere on a network. To perform these tasks securely, it uses an operating system account that is specified when installing Velocity. This account is referred to as the ArcGIS Velocity services account.
The ArcGIS Velocity services account is used for the following purposes:
Start and stop processes that support Velocity and its real-time items. This includes processes, such as the Feed Manager, Stream Service Manager, and ArcGIS Velocity Gateway.
Read and write files to the configuration store.
Create new configuration backup files every 24 hours.
Deploy new folder structures to handle the creation and management of Kafka components on disk.
Read and write log messages to the logs directory.
Read from local files to process real-time data with feed types.
Write to local files to store real-time data with output types.
The ArcGIS Velocity services account defaults to the name arcgis as a local account. Accepting this default is sufficient for most non-production deployments. For production systems, it is recommended that you create a domain or group managed services account before installing Velocity. These account types provide greater flexibility for accessing, reading, and writing data across networked resources; not just the machine where Velocity is installed.
If you choose to use a domain account, use the format DOMAIN\username. If no domain is specified, the Velocity installation wizard creates a local account using the username you specified. If you specify a domain account that does not exist, the installation process returns an error.
The installation wizard offers the option to use a group managed service account (gMSA). This is a special Active Directory domain account that provides automatic password management.
The ArcGIS Velocity services account does not require special permission on the operating system other than full control permissions to the Velocity installation location, logs root, configuration root, and configuration backup locations. If these locations are changed, you must manually grant the ArcGIS Velocity services account the same permissions for the new locations. The ArcGIS Velocity services account does not need to be an administrator on the machine.
The ArcGIS Velocity services account is the one used when installing the software. The installation makes this service account the owner of all files that it places on the system.
The ArcGIS Velocity services account does not require special permission on the operating system other than the file access to the installation location, logs root, configuration root, and configuration backup locations. The ArcGIS Velocity services account does not need to be an administrator on the machine.
ArcGIS Velocity primary site administrator account
After installing Velocity, a Velocity site is created. At this point, you need to provide a username and password for a new account that is used initially to federate with the ArcGIS Enterprise portal. This account is called the ArcGIS Velocity primary site administrator account.
The primary site administrator account is neither an operating system account, such as the ArcGIS Velocity services account, nor is it a portal managed user account that can create, own, or share real-time items. It should not be confused with the primary site administrator of other ArcGIS apps, such as ArcGIS Server. This username and password are strictly used by Velocity to federate with an Enterprise portal. Once Velocity is federated, you can create other administrative accounts that are recognized by both Velocity and an Enterprise portal.
A system administrator can reset the primary site administrator password using the resetPassword utility located on the machine where Velocity is installed. This can be found at \<installation directory>\arcgis\tools.
A system administrator can reset the primary site administrator password using the resetPassword utility located on the machine where Velocity is installed. This can be found at /<installation directory>/arcgis/tools.
Portal users
Velocity requires federation with an Enterprise portal. Velocity uses the portal’s identity store to allow access to the Velocity home app and to manage privileges for creating feed and real-time analytic items. Any item that is created in Velocity, such as feeds, real-time analytics, and layers, are associated by ownership with the member of the portal who created the item.
Velocity requires that a member of the portal be either a Creator user type or higher to access the app. Members of the portal must have the Publish feeds and Publish real-time analytic content privileges to create feeds and real-time analytics, respectively.