Skip To Content

Security best practices for ArcGIS Data Store

As part of configuring a more secure ArcGIS Enterprise environment, consider implementing the configurations for ArcGIS Data Store and the machines where it is installed described below.

Tip:

For security best practices for the other base ArcGIS Enterprise components, read the following:

Enable a firewall on each machine and open only required ports

Secured servers use firewalls to limit access. Ensure that the machines where you install ArcGIS Data Store have a firewall enabled, and that you open only those ports required for communication. For specific port requirements, see Ports used by ArcGIS Data Store and the port information for all ArcGIS Enterprise components.

Create backups of all data stores on a regular basis

Having usable backups of your ArcGIS Enterprise deployment, including all data stores, not only protects you from data loss in the event of machine failure or data corruption, it also protects you in the case of ransomware attacks. Hackers cannot hold your data hostage if you have restorable copies of it.

For information about backup options, see Manage ArcGIS Data Store backups and ArcGIS Enterprise backups.

Use the Transport Layer Security protocol for the relational data store

By default, the hosting server and the relational data store communicate using the Transport Layer Security protocol. Use this default setting; do not alter it.

Update passwords for relational data store system accounts

Hosted feature layers access the data in the relational data store using an internal user account (the managed user). Three other system users exist in the relational data store to perform internal administrative tasks. Because these accounts are system generated and maintained, their names and passwords are system generated. But you can update these passwords on a regular basis as part of the password cycling protocols at your site.

See Alter relational data store account passwords for more information.