Resources to integration with external web service at desktop level

Resources to integration with external web service at desktop level

I am using ESRI based GIS software, I looking a way to integrate ESRI solutions with external web service of other information system. For start I would like to join feature class to external tables and change there symbology dynamically by the on line data. later i would like to develop custom applications for the collection, conversion, maintenance, and analysis of data. Mainly visualization of external data in maps when data is streamed online.

1. is it possible to connect JSON web service to ArcGIS desktop without ArcGIS Server ? I'm using version 10.1 sp 1 Advance level

2. Where can i find resources to integrate GIS to external web service at desktop level ? I have no idea on where to start and to proceed further.

3. What ArcMap Tools and Commands host the trigger for calling the services ?

As others have stated, you should narrow down your question scope. However I decided to give an answer:

  1. is it possible to connect JSON web service to ArcGIS desktop without ArcGIS Server ? I'm using version 10.1 sp 1 Advance level.

    • off course it is. I don't know what do you mean by a json web service! If you mean the response type (xml,json) of the web service, I can say most webservices requests and response can be both xml and json. With Arcmap you can consume all Esri (Map service,Feature Service,… ) and standard spatial webservices (WMTS,WMS,WFS,WFS-T,WPS,WMTS) without programming. By the power of .Net programming (C#,VB) you can consume other w3c webservices such as custom soap and rest webservices. you should just write addins for ArcGIS Desktop.
  2. Where can i find resources to integrate GIS to external web service at desktop level ? I have no idea on where to start and to proceed further.

  3. What ArcMap Tools and Commands host the trigger for calling the services ?

    • using addins you can consume a web service when a button is clicked or you can consume web services spontaneously without user interaction and in the background (recommended). In the latter case I highly recommend you reading the multi-threading topic of ArcObject.Writing multithreaded ArcObjects code

Integration between Finance and Operations apps and third-party services

This topic will be updated soon to reflect the latest terminology.

This topic is intended to help architects and developers make sound design decisions when they implement integration scenarios.

The topic describes integration patterns, integration scenarios, and integration solutions and best practices. However, it doesn't include technical details about how to use or set up every integration pattern. It also doesn't include sample integration code.

When providing guidance and discussing scenarios for choosing a pattern, data volume numbers are mentioned. These numbers must be used only to gauge the pattern and must not be considered as hard system limits. The absolute numbers will vary in real production environments due to various factors, configurations are only one aspect of this scenario.

The following table lists the integration patterns that are available.

Pattern Documentation
Power Platform integration Microsoft Power Platform integration with Finance and Operations apps
OData Open Data Protocol (OData)
Batch data API Recurring integrations
Data management package REST API
Custom service Custom service development
Consume external web services Consume external web services
Excel integration Office integration overview

For on premise deployments, the only supported API is the Data management package REST API. This is currently available on 7.2, platform update 12 build 7.0.4709.41184.

Security guidance for remote desktop adoption

As the volume of remote workers quickly increased over the past two to three months, the IT teams in many companies scrambled to figure out how their infrastructures and technologies would be able to handle the increase in remote connections. Many companies were forced to enhance their capabilities to allow remote workers access to systems and applications from their homes and other locations outside the network perimeter. Companies that couldn’t make changes rapidly enough to increase capacity for remote workers might rely on remote access using the remote desktop protocol, which allows employees to access workstations and systems directly.

Recently, John Matherly (founder of Shodan, the world’s first search engine for internet-connected devices) conducted some research on ports that are accessible on the internet, surfacing some important findings. Notably, there has been an increase in the number of systems accessible via the traditional Remote Desktop Protocol (RDP) port and a well-known “alternative” port used for RDP. A surprising finding from John’s research is the ongoing prevalent usage of RDP and its exposure to the internet.

Although Remote Desktop Services (RDS) can be a fast way to enable remote access for employees, there are a number of security challenges that need to be considered before using this as a remote access strategy. One of these challenges is that attackers continue to target the RDP and service, putting corporate networks, systems, and data at risk (e.g., cybercriminals could exploit the protocol to establish a foothold on the network, install ransomware on systems, or take other malicious actions). In addition, there are challenges with being able to configure security for RDP sufficiently, to restrict a cybercriminal from moving laterally and compromising data.

Security considerations for remote desktop include:

  • Direct accessibility of systems on the public internet.
  • Vulnerability and patch management of exposed systems.
  • Internal lateral movement after initial compromise.
  • Multi-factor authentication (MFA).
  • Session security.
  • Controlling, auditing, and logging remote access.

Some of these considerations can be addressed using Microsoft Remote Desktop Services to act as a gateway to grant access to remote desktop systems. The Microsoft Remote Desktop Services gateway uses Secure Sockets Layer (SSL) to encrypt communications and prevents the system hosting the remote desktop protocol services from being directly exposed to the public internet.

Identify RDP use

To identify whether your company is using the Remote Desktop Protocol, you may perform an audit and review of firewall policies and scan internet-exposed address ranges and cloud services you use, to uncover any exposed systems. Firewall rules may be labeled as “Remote Desktop” or “Terminal Services.” The default port for Remote Desktop Services is TCP 3389, but sometimes an alternate port of TCP 3388 might be used if the default configuration has been changed.

Use this guidance to help secure Remote Desktop Services

Remote Desktop Services can be used for session-based virtualization, virtual desktop infrastructure (VDI), or a combination of these two services. Microsoft RDS can be used to help secure on-premises deployments, cloud deployments, and remote services from various Microsoft partners (e.g., Citrix). Leveraging RDS to connect to on-premises systems enhances security by reducing the exposure of systems directly to the internet. Further guidance on establishing Microsoft RDS can be found in our Remote Desktop Services.

On-premises deployments may still have to consider performance and service accessibility depending on internet connectivity provided through the corporate internet connection, as well as the management and maintenance of systems that remain within the physical network.

Leverage Windows Virtual Desktop

Virtual desktop experiences can be enhanced using Windows Virtual Desktop, delivered on Azure. Establishing an environment in Azure simplifies management and offers the ability to scale the virtual desktop and application virtualization services through cloud computing. Leveraging Windows Virtual Desktop foregoes the performance issues associated with on-premises network connections and takes advantage of built-in security and compliance capabilities provided by Azure.

To get more information about setting up, go to our Windows Virtual Desktop product page.

Microsoft documentation on Windows Virtual Desktop offers a tutorial and how-to guide on enabling your Azure tenant for Windows Virtual Desktop and connecting to the virtual desktop environment securely, once it is established.

Secure remote administrator access

Remote Desktop Services are being used not only by employees for remote access, but also by many system developers and administrators to manage cloud and on-premises systems and applications. Allowing administrative access of server and cloud systems directly through RDP elevates the risk because the accounts used for these purposes usually have higher levels of access across systems and environments, including system administrator access. Microsoft Azure helps system administrators to securely access systems using Network Security Groups and Azure Policies. Azure Security Center further enhances secure remote administration of cloud services by allowing “just in time” (JIT) access for administrators.

Attackers target management ports such as SSH and RDP. JIT access helps reduce attack exposure by locking down inbound traffic to Microsoft Azure VMs (Source: Microsoft).

Azure Security Center JIT access enhances security through the following measures:

Open Data Compliance

The vendor is responsible for adherence to the Open Data Policy and Technical Standards Manual, which mandates that all new City projects comply with open data legislation, policies, and technical standards.

    : Local Law 11 of 2012 declared that City of New York agencies and departments make their data available online using open standards. : The Open Data Policy and Technical Standards Manual, whose publication was required by Local Law 11 of 2012, defines open data policies and technical standards and mandates that all new City projects comply with the legislation, policies, and standards.

United States Department of Agriculture

Service Description

ICAM (Identity, Credential, and Access Management) provides enterprise-class services for managing digital identities, credentials, and access to systems and applications. These services include centralized identity lifecycle management, role management for access control, automated account and access provisioning and de-provisioning, and electronic identification of employees, partners, and customers, for access to applications and system.

What Is Included

ICAM Base Services


The USDA eAuthentication service protects web application, and web application programming interface (API) resources through centralized credentialing, multi-factor authentication, single sign-on, and authorization services.

The eAuthentication service supports both internal employee-facing applications as well as external citizen-facing applications that service USDA customers and partners. For external customers, the service supports a range of credential types tailored to application risk profiles, from simple usernamepassword credentials to strong multi-factor authentication with identity verification. For internal users, the service enables strong PIV (LincPass) based credentials. The eAuthentication service meets NIST and OMB standards for identity and access management.

USDA eAuthentication also supports federated authentication, enabling external trusted partners and non-USDA federal agencies to access authorized USDA resources using existing credentials..

  • User Authentication:
    • Securely authenticate users to web-based applications as well as web services and application program interfaces (APIs) and using secure department-approved credentials.
    • Single Sign-On (SSO) to any participating web application, eliminating the need for users to remember multiple user names and passwords for each application they access.
    • Provide secure access to applications and APIs for both USDA employees and contractors, as well as external USDA customers and partners.
    • Role-based access control (RBAC) and attribute-based access control (ABAC) providing course-grained authorization tailored to each application&rsquos unique business requirements.
    • Automatic account creation for USDA employees and contractors, improving &ldquotime to productivity&rdquo.
    • Self-registration for external customers and partners for Assurance Level 1 and 2 public-facing applications.
    • Identity proofing (verification) services for public citizens, both remote/online and in-person providing a higher assurance in user identity.

    Enterprise Entitlements Management Service (EEMS)

    The USDA Identity, Credential and Access Management (ICAM) Program provides a common, standardized, and trusted solution for digital identity and access management across the USDA enterprise.

    The ICAM Enterprise Entitlements Management Service (EEMS) is an enterprise-wide solution that centrally manages the identity, entitlements, and roles of all USDA &ldquopersons&rdquo (including employees, contractors, partners, affiliates, and customers). EEMS manages access control policies and provides automated provisioning, management, and de-provisioning of both identities and access entitlements across USDA enterprise and agency IT systems.

    EEMS benefits identity lifecycle management by providing a repository of identity data, roles, and entitlements to make access decisions accurately and consistently 24x7x365 monitoring and incident resolution will improve management of user identities and entitlements including the automation of provisioning and de-provisioning. EEMS also provides crucial A-123 and FISMA auditing, reporting, and regulatory compliance.

    By improving the speed, efficiency, and accuracy of identity management, EEMS provides cost savings of unneeded manual processes EEMS reduces the business risk exposure of USDA networks and data.

    • Identity Lifecycle Management (ILM):
      • Workflow engine to manage the on-boarding, off-boarding, transfer, access requests, and security events for USDA employees and contractors.
      • Flexible business rule engine to streamline and automate access management.
      • Integration with authoritative identity sources for accurate and timely information.
      • Automated provisioning and de-provisioning of accounts based on customized business rules.
      • Synchronization of attributes and access permissions from authoritative data sources.
      • Web service API for customized integration with agency applications.
      • Role based access control (RBAC) enables dynamic authorizations based on the presence of predefined attributes.
      • Workflow-based approvals and notifications for granting access.
      • Automated access revocation based on agency business rules.
      • Integrated with the eAuthentication Service for authorization to web and mobile applications.

      Enterprise Public Key Infrastructure

      The USDA Enterprise Public Key Infrastructure (EPKI) enables a department-wide trust model of internally issued PKI certificates for secure websites, web services authentication, code signing, or other uses. EPKI enables LincPass (PIV) authentication to USDA Windows Active Directory domains and supports issuance of PKI-based user credentials.

      • Secure key storage in dedicated cryptographic hardware security modules (HSM).
      • Issuance of customer-specific certificate authorities with private keys protected by redundant HSM appliances.
      • Centralized and highly available certificate revocation list (CRL) distribution point.
      • A highly redundant infrastructure providing automated failover and redundancy across multiple geographically separated enterprise data centers.

      For All Services a Highly Available & Reliable Environment

      • Highly available and scalable architecture.
      • Automated load balancing and fail-over capacities across multiple data centers (select services).
      • 24x7x365 monitoring and incident response.

      EAuthentication Integration Services

      • Work with agency customers to integrate endpoint systems and applications with eAuthentication capabilities for authentication and authorization services.
      • Includes services time to analyze customer requirements, complete integration design, and implement eAuthentication security policies, and deploy eAuthentication software in the customer environment, when needed.
      • Ongoing support and maintenance of agency integrations, including eAuthentication software update efresh, updates to application eAuthentication security policies, and 24x7 monitoring and technical support.

      Other Services

      EEMS Integration Services

      • Work with agency customers to integrate endpoint systems and applications with EEMS capabilities for identity lifecycle management, authoritative attribute exchange, and roleentitlement management. Includes services time to analyze customer requirements, complete integration design, and developmentdeploy agency specific configuration and policies.
      • Ongoing support and maintenance of agency integrations

      eAuthentication API Security (APISEC)
      APIs (application programming interfaces) have become essential to USDA&rsquos digital transformation by enabling applications to talk to each other and share data with other authorized applications. As the &ldquoconnective tissue&rdquo between applications, unsecured APIs present a significant risk to USDA systems and data.

      The eAuth API Security service is an additional capability providing security and management of API&rsquos and web services to internal, SaaS, and internet based consumers and applications. By combining policy based API security with ICAM policy enforcement, role based access and strong authentication, the API security service enables agencies to better manage and secure their APIs and enables greater collaboration between systems, business units, and customers.

      • API Authentication & Authorization:
        • Control access to APIs with SSO and identity management.
        • Strong authentication options for users or service accounts processing web service or API transactions.
        • Logging and auditing of all authentication events.
        • Flexible role and rule based access control to APIs and web services.
        • Protocol transformation (e.g. SOAP to REST, XML to JSON, etc.).
        • API rate limiting and denial of service protection (throttling).
        • Message schema validation for threat detection, content filtering, and protection against OWASP vulnerabilities.
        • Complex API orchestration and aggregation across both structured and unstructured data sources.
        • API traffic management, caching, and compression.
        • Redundant and load balanced clustered appliances.
        • Internal and external facing clusters.
        • FIPS 140-2, PCI, DISA STIG certified appliances.
        • Choice of agency administered &ldquotenant&rdquo or a fully managed service.

        Professional Services
        Also available are Professional Services to support agencies in custom development or implementations not specifically listed above.

        How We Charge

        • For ICAM base services, a per-seat cost will be charged for all USDA staff (e.g., employees, contractors, volunteers, interns). This cost is based on an aggregate of all USDA staff who have an active employment relationship with USDA at any time (and for any length of time) during the invoice sampling period.
        • For eAuthentication integration services, a per-application subscription cost will be charged for each application integrated in the production environment. Charges are effective the fiscal year following the integration completion. There is no upfront cost to integrate with eAuthentication.
        • For other services not specifically listed above, integration and support charges will be assessed based on the complexityscope of the integration or project.

        Service Level Metrics

        Identity, Credential, and Access Management Services Performance Measures

        Performance Performance Measure Performance Target
        ICAM eAuthentication Availability Actual # of Operating Minutes that Core Production eAuthentication is running and available to customer agency users ÷ Total Scheduled Operating Minutes. (Planned outages excluded.) 99.9%
        ICAM EEMS Availability Actual # of Operating Minutes that Core Production EEMS is running and available to customer agency users ÷ Total Scheduled Operating Minutes. (*Planned outages excluded.) 99.5%
        ICAM Enterprise PKI Availability Actual # of Operating Minutes that Core Production EPKI is running and available to customer agency users ÷ Total Scheduled Operating Minutes. (*Planned outages excluded) 99.9%

        Measurement Tool - ICAM AlertSite

        NOTE: ICAM services utilize the USDA Universal Telecommunication Network (UTN) for Wide Area Network services. The UTN is contractually guaranteed to be 99.9% available but has historically delivered 99.997% availability.

        Information Sharing in Supply Chain Management ☆

        Information sharing serves as an essential approach for the survival of enterprises and enabler of supply chain integration. Nowadays, with the advancement in information and communication technology, information sharing has become more conceivable. Furthermore, information sharing in supply chains has become more efficient by the global introduction of long- term cooperation and coordination which leads ultimately to the improvement of companies’ competitive advantages. There is a lack of information sharing within companies nowadays, which results in inefficiency of coordinating actions within the units in the company or organization. The purpose of this study is to investigate and overview the effectiveness of information sharing in supply chain management, in order to increase the efficiency of the organizational performance in the manufacturing sector. This study elaborates the benefits and barriers of information sharing leading to enhanced supply chain integration among enterprises, as a result.

        APIs enable businesses

        Connect with customers

        An effective API can give existing and potential customers new reasons to interact with a business and connect with it on a personal level — and to share their experiences with others. As an example, take the hypothetical case of a national auto insurance provider. Over the years, as part of its normal business operations and planning, it has assembled and maintained comprehensive, detailed, and up-to-date data on the quality and condition of local roads all across the country. By making this previously internal data publicly accessible through an API, the company unleashes the creativity of developers and related businesses to devise new uses for the data. Developers create apps that recommend driving routes based in part on road quality. Civic groups develop apps that empower citizens to band together and petition local officials for better funding of transit infrastructure. The insurance company itself gives potential customers a way to get rate quotes — whenever they want, and from wherever they happen to be — through web and mobile apps. Simply exposing this previously isolated and hidden data through a public API has given the insurance company a powerful way to extend its reach to thousands of new customers — who now regularly connect with the company in a more personal, meaningful way. This API strategy has allowed the company the opportunity to improve customer engagement as well as creating new products and new channels that can be used in increasingly innovative ways.

        Streamline operations

        The insurance company could also develop private APIs for use by its own employees — for example, to provide its sales team with information that can help them give accurate quotes more efficiently, even when they are on the road, through web and mobile apps. Another API could enable the company’s claims department to more easily access data that will help them process customer claims more quickly, more conveniently, and with fewer errors. These are just a few examples of how an internal API strategy can improve operational efficiency and customer service for businesses.

        • Smart Card
        • HTML 5
        • 2 factor authentication
        • SAML authentication (Citrix FAS)

        Workspace ONE Access supports the following XenApp and XenDesktop features.

        • Application and desktop launch with Citrix StoreFront API 2.6 and later
        • Application group functionality

        Workspace ONE Access supports the application group feature introduced in XenApp and XenDesktop 7.9. Application groups are a logical grouping of applications and desktops, and entitlements can be provided at the application group level.

        If the administrator disables an application on the XenApp or XenDesktop server, the application is hidden in Workspace ONE Access .

        This feature sets the visibility for an application. Workspace ONE Access honors the entitlements set at the application level.

        In XenApp and XenDesktop, visibility for an application can be set to Show this application to entire delivery group . The application inherits the entitlements from the delivery group.

        Workspace ONE Access honors entitlements for desktops that are set at the desktop level.

        Static desktops configured in XenApp and XenDesktop can be synced and launched from Workspace ONE Access .

        How does Modern Business influence Information Systems?

        With the constant change and evolution of customer preferences and requirements – businesses that can bring about new methods and innovative techniques can survive the market and continue to function as per the customer demands. The implementation of information system can benefit a lot in businesses and helps in controlling the internal and external processes.

        Following are the benefits of information system

        New Products and Services

        Any business striving to enhance and to give a strong hold on the future has to instill a well organized Business Information System. An IS can help in analyzing independent processes and enables organized work activities. Hence an information system entitles the companies to understand how the company generates, develops and sells the services or products.

        Keeping a log of activities is important for all the organizations, to understand the reason for the problems and so to provide solution to the same. Business Information System makes it simple to store operational data, revision histories, communication records and documents. The storing of data manually involves a lot of time and money. A sophisticated Information system stores the information in the database which simplifies the process of finding the data easily.

        Simplified Decision Making

        Business Information System, eases the process of decision making and simplifies the process of delivering the required information and hence assists in taking better decisions instantly.

        Business Information System can be effectively implemented to help communication better between the employers and the employees. Information Systems work better as it stores documents and files in folders that can be accessed and shared by the employees. This ensures to oversee the flow of information between the management and the lower-level employees. This also allows the the front-line employees to be a part of the decision making process and hence feel motivated and committed towards doing a task.

        What is FME?

        FME is recognized as the data integration platform with the best support for spatial data worldwide. However, it can handle much more than just spatial data. FME can help you integrate business data, 3D data, and applications all within the same platform. FME has a range of supportive data transformation tools called transformers that make it easy to integrate over 450 formats and applications. With FME you have the flexibility to transform and integrate exactly the way you want to.

        Safe Software, the makers of FME, are leaders in the technology world that strive to stay one step ahead of data integration trends. FME is continuously upgraded to ensure it has been adapted to support new data formats, updated versions of existing data formats, and large amounts of data. Gone is the idea that individual departments must work in their data silos, with IT structures limiting the company’s potential to truly work as one. Data should be able to flow freely no matter where, when, or how it’s needed.

        Watch the video: Απομακρυσμένη επιφάνεια εργασίας