Communication Security Overview

If your agency is using Accela GIS in Citizen Access or Mobile Office, then your agency installs Accela GIS in a demilitarized zone (DMZ) on a separate machine than the ArcGIS server. It is likely that your agency installs Citizen Access or Mobile Office on the same machine as Accela GIS, and that machine is publicly accessible. However, if your agency is using Accela GIS in Civic Platform, then your agency installs Accela GIS in an Intranet zone on a separate machine than the ArcGIS server. A tier of communication exists between the Accela GIS client machine and the Accela GIS server, and another tier of communication exists between the Accela GIS and ArcGIS servers. See Figure 1 for the illustration that shows how an agency integrates the GIS system with Mobile Office.

There may be sensitive information or sensitive customer data that you want to protect on the machines. Accela recommends that you implement security for each tier of communication to protect sensitive data.

Figure: Accela GIS Deployment

Topics

• Securing Communication between the Accela GIS Client and Server

• Securing Communication between the ArcGIS and Accela GIS Servers

Securing Communication between the Accela GIS Client and Server

The Accela GIS server supports both secure (HTTPS) and insecure (HTTP) access from the Accela GIS client either by an Internet browser or an Accela application. You must follow these steps to secure communication between the Accela GIS client and server.

• Obtain an SSL certificate from a certificate authority and issue it to the Accela GIS web server.

  For more information about how to obtain a certificate, see http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis.

• Require the use of HTTPS for the Accela GIS server. See Requiring the Use of HTTPS.

• Import an SSL certificate from the Accela GIS Server to the Civic Platform biz server. See Importing the Accela GIS Server Certificate.

Securing Communication between the ArcGIS and Accela GIS Servers

The Accela GIS server retrieves map services from the ArcGIS server. The communication between the Accela GIS and ArcGIS servers supports both anonymous and non-anonymous access. To ensure the security of sensitive information, you must disable anonymous access and choose an authentication method such as Integrated Windows Authentication or Digest Authentication. You must follow these steps to secure communication between the ArcGIS and Accela GIS servers.

• Obtain an SSL certificate from a certificate authority and install it on the ArcGIS server.

• Require the use of HTTPS for the ArcGIS server.

  For more information about how to obtain an SSL certificate and configure the use of HTTPS, see the ArcGIS Server documentation > Configure HTTPS on ArcGIS Server.