ArcFM Solution Center and Designer XI – Configuration Guide

Security Considerations

This topic provides security considerations for ArcGIS configuration, in addition to security recommendations that are relatively standard across all XI series apps.

ArcGIS Server Considerations

  • All ArcGIS Servers must be protected against cross-site scripting attacks by configuring the origins allowed to be accessed alongside content from ArcGIS Server.

    IMPORTANT: It is crucial that you follow the instructions to Restrict cross-domain requests to ArcGIS Server and also secure your ArcGIS Server site according to the guidelines that Esri provides.

  • ArcGIS Server is usually hosted within another HTTP stack (IIS, Apache). Follow the vendor's best practices for hardening the server against attack.

  • If you install ArcGIS Web Adaptor to allow ArcGIS Server to integrate with your existing web server, you must enable HTTPS on your web server, which means you need to obtain a server certificate and bind it to the website that hosts ArcGIS Web Adaptor.

  • You must specify the log retention period for ArcGIS Server logs. The retention period aligns with your policy but we recommend the debug level be set to the default value of Error. Only change this setting when actively troubleshooting an issue. The ArcGIS Server logs should never be disabled. See the Esri topic about how to specify server log settings for more information.

Portal for ArcGIS Considerations

  • Your Portal-based authentication can use Portal built-in users or Active Directory-based users.

  • Whether you use built-in users or AD-based users, you need to let traffic come from Auth0 (a hosted service that enables single sign-on) through the firewall to your Portal instance.

  • Decide which groups, whether built-in or AD-based, map to which roles as specified in the ArcFM Solution XI Series Named User Functionality Matrix. We make assignments via group information from the identity provider so that group membership can be managed in a central location.

  • Refer to Esri’s recommendations for securing your portal, which are outlined in their securing your portal article.

For Windows, refer to Microsoft's documentation on BitLocker.

Recommendations specifically for securing client devices:

  1. Enable full disk encryption on devices that host Solution Center.

  2. Configure screen lock timeout for a maximum of five minutes.

  3. For Windows specific settings:

    • Do not grant local administrator privileges to end users.

    • Do not grant end-user account permissions to install applications.

    • Use application “allow-listing” to permit only approved applications or executables to run.

    • Use real-time endpoint protection to detect unauthorized changes to installed components.

    • Schneider Electric recommends you give users access only to secure locations determined by your IT department. File permissions are managed by the user’s Windows profile.

Refer to the following links for more information about XI series apps and their individual Security Considerations:

QR Code is a registered trademark of DENSO WAVE INCORPORATED in Japan and other countries.

Was this helpful?

Contact Information
Legal Information
Privacy Policy
Change your cookie settings