Moving ArcGIS Servers to AWS Cloud Hosting - NCES, Blue Raster, Sanametrix - 2013 Esri Federal GIS Conference

2,134 views

Published on

The U.S. Department of Education (ED) participated in the Federal Geographic Data Committee's (FGDC) GeoCloud Program in 2012. The GeoCloud initiative provides selected agencies an Amazon Web Services (AWS) hosting platform to on-ramp their geospatial applications. ED migrated its on-premises ArcGIS for Server for the School District Demographic Data System (SDDS) Map Viewer (http://nces.ed.gov/surveys/sdds) to Amazon EC2. SDDS is publicly available and allows access to information about demographics, social characteristics, and economics of children and school districts from the National Center for Education Statistics (NCES). Using GeoCloud, ED gained experience with cloud-based Windows 2008R2 Server and Esri ArcGIS 10.1 for Server platform. It has been almost one year now and we'll reflect on various lessons learned including planning, security/hardening, AWS console, server configuration, reliability, licensing, and backup strategy. We will discuss the current state of our server deployments and future plans for ED in the Cloud.

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,134
On SlideShare
0
From Embeds
0
Number of Embeds
1,123
Actions
Shares
0
Downloads
13
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Allows users to view maps of states, school districts and school points, while overlaying U.S. Census Bureau and Education data. It provides access to information about demographics, social characteristics, and economics of children and school districts from the National Center for Education Statistics (NCES) of the U.S. Department of Education (ED).Informs users on concepts, uses and applications of data to facilitate effective use of resources.Census 2010: Demographics aggregated to school district boundariesAmerican Community Survey: 2006 – 2010 (5 – year estimates)Small Area Income and Poverty Estimates
  • Built using ArcGIS 10.1 and API for FlexRunning using Amazon EC2Includes mobile version for both iOS and Android Devices
  • Instances on Zone D non-responsiveSome needed an AWS console shutdownAdditional volumes re-attached that were someone else’s
  • Identity and Access Management
  • Identity and Access Management
  • Moving ArcGIS Servers to AWS Cloud Hosting - NCES, Blue Raster, Sanametrix - 2013 Esri Federal GIS Conference

    1. 1. MOVING ARCGIS SERVERS TO AWS CLOUD HOSTING 2013 ESRI Federal GIS Conference – February 27, 2013Presented by Tai Phan & Amy RamsdellNCES, Blue Raster, Sanametrix
    2. 2. FGDC’S GEOCLOUD INITIATIVE FGDC-sponsored hosting in Amazon Web Services (AWS) A Geospatial Platform activity lead by FGDC’s Douglas Nebert GeoCloud provides a common platform for deploying and documenting geospatial cloud services Enables organizations to  Leverage other agencies’ experiences  Reuse and share server configurations  Gain experience in cloud-based server and application deploymenthttp://www.fgdc.gov/initiatives/geoplatform/geocloud
    3. 3. DEPT OF ED PARTICIPATES IN GEOCLOUD National Center for Education Statistics (NCES) The primary federal entity for collecting and analyzing education-related data NCES uses ESRI technologies to provide geospatial context to education data Hosting migrated to GeoCloud in 2012  School District Demographic Data System  Public School Boundary Collection and Verification Project http://nces.ed.gov/surveys/sdds/
    4. 4. SCHOOL DISTRICT DEMOGRAPHIC DATA SYSTEM
    5. 5. PUBLIC SCHOOL BOUNDARY COLLECTION AND VERIFICATION TOOL
    6. 6. GEOCLOUD ARCHITECTURE
    7. 7. PLANNING Costs:  Operating hours – Reserved instances  BYOL for RDS and AMIs with database Disk space  35 GB root drive with ~5 GB free Support forums or paid support  Amazon staff active in forums Amazon restrictions:  Elastic IPs – Limit of 5  Security groups – Can’t change once applied  SMTP – Undisclosed limit, consider SES
    8. 8. SERVER CONFIGURATION – AWS CONSOLE
    9. 9. SERVER CONFIGURATION - AGS AMI Considerations for ArcGIS Server Windows 2008 Server AMI  Need Web Adaptor for port 80 otherwise open port 6080 in security group  WWW service turned off by default
    10. 10. SERVER CONFIGURATION - AGS AMI  Apply any Windows updates
    11. 11. SERVER CONFIGURATION - AGS AMI  Lock down SQL Server Express dynamic port setting to 1433
    12. 12. SERVER CONFIGURATION - AGS AMI  ArcGIS license manager is based on machine id  Id will change when used as an AMI template  Lock down the license manager ports to 27000 and 27001
    13. 13. MONITORING IN AWS CONSOLE System/Instance Status Checks - 2/2 checks  Can create status check alarm
    14. 14. MONITORING Amazon Service Health Dashboard Amazon Elastic Compute Cloud (N. Virginia) http://status.aws.amazon.com/ Website monitoring
    15. 15. BACKUP STRATEGY
    16. 16. BACKUP STRATEGY Instance backups  Powershell scripts  http://messor.com: AWS Disaster Recovery Automation  Scheduled task on Micro instance Windows 2008 server  Daily volume snapshots  Weekly AMIs  Clean up snapshots and AMIs Database backup to S3  Using Cloudberry and Powershell
    17. 17. SECURITY – AMAZON LEVEL AWS admins  All accesses logged and audited  Cannot log in to instances EC2 Instance isolation on physical machine  Use VPC for dedicated instances
    18. 18. SECURITY – IAM CONSOLE Control users and groups within account Unique security credentials for access keys and login/passwords
    19. 19. SECURITY – INBOUND RULES Inbound network traffic controlled through security groups  Ports 80 and 443 only open to the internet  RDP 3389, MS SQL 1433, ArcGIS License Manager 27000, 27001 ports by IP
    20. 20. SECURITY – AMI TEMPLATE Security hardened AMI template provided by USGS under GeoCloud program
    21. 21. FUTURE PLANS Transition from GeoCloud Amazon account Deploy on security hardened AMIs with Cloud Builder FISMA C&A for Low Impact/Low Risk system Migrate front-facing applications to cloud
    22. 22. GAL (GIANT ACRONYM LIST)1) AGS – ArcGIS Server2) AMI - Amazon Machine Images3) AWS – Amazon Web Services4) BYOL - Bring Your Own License5) C&A - Certification and Accreditation6) EC2 - Elastic Cloud Compute7) FISMA - Federal Information Security Management Act of 20028) IAM – Identity and Access Management9) RDP - Remote Desktop Protocol10) RDS - Relational Database Service11) S3 - Simple Storage Service12) SES – Simple Email Service13) SMTP - Simple Mail Transfer Protocol14) VPC – Virtual Private Cloud
    23. 23. FOR MORE INFORMATION: Amy RamsdellTai Phan aramsdell @ blueraster.com tai.phan@ed.gov 703-842-0177202-502-7431 www.blueraster.comnces.ed.gov/surveys/sdds/index.aspx blog.blueraster.com

    ×