Chapter 19Patching ArcGIS Enterprise

Objectives

Learn about patching principles for connected and disconnected environments.
Understand how to prepare ArcGIS Enterprise before installing a patch or an update.
Apply an available patch to your ArcGIS Enterprise deployment.

Introduction

Esri is committed to providing users with the most secure and issue-free experience across the ArcGIS platform. Before a new version of ArcGIS Enterprise is released, the software is tested through a set of internal quality assurance and quality control (QA/QC) tests and processes to ensure quality. At times, beta testing and other supporting events occur months before release to stress test implemented defect fixes and new features in real-world scenarios. Before the latest version of software releases, Esri completes a thorough certification process to ensure that the software will reliably run on all supported systems.

Esri’s commitment to software development does not stop at the release of the latest version of ArcGIS Enterprise. New defects and security issues are certain in an actively changing technological landscape. In response, patches and updates are vital to maintain the security and function of all software. The ArcGIS Enterprise life cycle defines all versions of ArcGIS Enterprise in general availability and extended support to receive software patches and updates.

Patching for Windows and Linux variations on ArcGIS Enterprise is delivered as executables that can be run on the machines that host the installable software components of ArcGIS Enterprise. Because the product life cycle for ArcGIS Enterprise on Kubernetes is more accelerated, patches are delivered through system updates in ArcGIS Enterprise Manager. This chapter will focus primarily on applying Windows and Linux patches; however, communication principles will still be relevant to ArcGIS Enterprise on Kubernetes.

By the end of this chapter, you will know how to get information about new patches for ArcGIS Enterprise, as well as how to install these patches properly. Additionally, we will present an ideal patch installation workflow that will help administrators be accountable to users of ArcGIS Enterprise.

Patching basics

Part of the core mission of all software providers is to create and maintain a secure and issue-free environment for their user base. They do this through regular patch releases that resolve critical software defects and security vulnerabilities. Patches can and should be applied to every part of an enterprise-grade system as they become available. For example, if Esri releases a security patch, this should be applied within one month of release to maintain a secure environment. Similarly, if the operating system provider releases a security patch, the same rule applies. Although the source will vary, developing a consistent plan for applying patches is crucial to establishing good habits and recovering from unforeseen circumstances.

Patches developed for ArcGIS Enterprise by Esri typically fall into one of two categories: security patches and feature patches. Security patches are regular updates that address security-related problems within ArcGIS Enterprise. Feature patches include resolutions to issues that affect the usage of an application or component within ArcGIS Enterprise. Although these patches are named for a function or feature that may not be actively used within your workflow, it is best practice to install these patches as well. Most times, these patches will include important updates that are closely related to the feature and will improve the overall functionality of ArcGIS Enterprise. Because it is considered best practice to apply patches to ArcGIS Enterprise once they are available, it is essential to learn when patches have been released.

is the primary source of all patches released for ArcGIS Enterprise. Users can filter the site according to the ArcGIS Enterprise component and version. For notification purposes, you may choose to receive emails from Esri related to new patches being released in My Esri, a self-service portal for accessing Esri products and services. Each patch that is released has a corresponding web page that includes information about the name and version of the patch, release date, summary, issues addressed list, and detailed instructions on how to download and install the patch. Installing patches on ArcGIS Enterprise will incur system downtime. The next section of this chapter will review the steps administrators can take to ensure that patching is successful.

The ArcGIS Trust Center will also release trust advisories for major security patches on its page at . Configuring an RSS feed to forward live updates on this page will make monitoring easier for security-minded administrators.

Considerations before patching ArcGIS Enterprise

Before installing any patches on either the underlying system or to ArcGIS Enterprise, administrators should consider and take the following precautionary steps:

Back up ArcGIS Enterprise: Verifying that ArcGIS Enterprise has been backed up within an acceptable time frame to your user community can save time and effort in recovery if any anomalies are encountered during patch installation. If your user community is particularly active, it may be necessary to set the organization to read-only mode before installing the patch for content consistency. For more information on establishing sound backup practices, see chapter 18.
Test patch installation in lower-tier environments: It is best practice to apply any major software and system changes to nonproduction environments to test the installation process and understand how long system downtime will last. Additionally, it’s an opportunity to check on critical projects and workflows to verify their function before moving on to production. ArcGIS Enterprise administrators should apply ArcGIS Enterprise patches to development or quality assurance environments to understand the estimated downtime of the system during patch installation, verify the patch resolved the expected errors, and catch and address any irregularities before committing to production. At this stage, it is good practice to conduct the confidence tests you run on the system when changes, such as the application of patches, occur.
Communicate and coordinate downtime: Depending on the version of ArcGIS Enterprise, installing patches may take a substantial amount of downtime. Enhancements have greatly improved the efficiency of patch installation to all components in ArcGIS Enterprise. However, downtime should still be expected and communicated. Administrators should communicate potential downtime to their user base with informational banners and any other internal communication channels. Having an IT member available to address any added challenges when applying patches to a production environment is a good preventive step.

Following these steps before applying any patches to ArcGIS Enterprise will yield a solid backup point, a general idea on how long a patch may take to install, and transparency with your user base on how long ArcGIS Enterprise may be unavailable when applying the patch. Once this state of readiness is achieved, patches can be applied safely to a product deployment.

Applying patches to an ArcGIS Enterprise component

Installing patches requires access to the machine that has either ArcGIS Server, Portal for ArcGIS, ArcGIS Data Store, or ArcGIS Web Adaptor (IIS). The Patch and Update page for the selected page may identify additional prerequisites before applying a patch. As an added level of security, each patch contains a checksum that can be used to verify that the downloaded patch matches what Esri has released.

Each patch may apply to multiple versions of ArcGIS Enterprise on either Windows or Linux. Once the proper file is verified and placed on the target machine, it can be installed. There are differences to the Windows and Linux user experience; it is best to consult the patch documentation for specific steps. Once the patch installs, the service running the ArcGIS Enterprise component will restart, completing the installation.

If you are applying patches to multiple components at once, consider these additional factors when installing patches:

Single and multiple machine ArcGIS Enterprise Environments: Patches may be installed on any components in any order.
Multiple machine ArcGIS Server sites: Ensure that one machine is always available; patches may be applied to all other machines in any sequence.
Highly Available (HA) ArcGIS Enterprise Environments: Administrators may choose to promote a standby ArcGIS Enterprise portal machine during the upgrade process of the primary to ensure uptime during patch installation. If this is not possible, the standby should be updated first. The same applies to the hosting ArcGIS Data Store machines, although ArcGIS Server may be updated in any order, as long as at least one machine is active.

Once patches have been installed, administrators should test ArcGIS Enterprise’s basic functions. Publishing hosted feature layers and editing referenced feature services will verify whether all components in ArcGIS Enterprise are functioning as expected and have retained the access permissions they need to function. Looking through ArcGIS Server and ArcGIS Enterprise portal logs for any outstanding or unexpected errors can verify the absence of any outstanding errors.

Patching is an important maintenance task that should be completed on a regular basis. IT teams and administrators should work together to create reasonable opportunities to apply patches to your system. Documenting and standardizing the patching process will ensure a repeatable experience that may avoid unnecessary downtime and limit potential failures.

Fictional user story

The SuperBiz ArcGIS Enterprise organization has an international user base of more than 5,000 users. With a high level of adoption, system uptime is a vital goal for the long-term success of the ongoing projects within the system. Viktor Dudnyk, the ArcGIS administrator, and the IT team have deployed a two-tiered environment that includes a development and production environment.

Over the past week, Esri released a Portal for ArcGIS security update patch. This patch addresses a set of defects that are related to the overall security of the environment, as well as other supportive defect resolutions. Viktor received an advisory note from the trust center that a new patch was released and begins to investigate the patch on the Technical Support web page.

The ArcGIS Enterprise environment does not have the ability to connect to the internet, so the administrator must download the patch that matches their ArcGIS Enterprise version as well as their operating system. While the patch is downloading, Victor reads the installation instructions on the patch page to check for any special instructions outside of installing the patch. In this instance, all users will need to clear their browser’s cache to complete the update.

With the patch downloaded, Victor accesses the ArcGIS Enterprise development environment. To get a general sense of how long the update will take, Victor starts by taking a full backup of ArcGIS Enterprise, including a WebGISDR backup and a system image. After this, Viktor sets ArcGIS Enterprise into read-only mode to simulate environment status.

He begins to install the patch as prescribed in the product documentation. The patch installs successfully as indicated by the installation wizard reporting completion, and Viktor removes the read-only mode from the development environment. He verifies that key applications are accessible and that basic workflows, such as publishing hosted feature layers, are available. The operation took about two hours, factoring in taking backups, installing the patch, and verifying that the system works.

With this information, Viktor begins to inform his user base and other stakeholders of the impending downtime. He starts by approaching his IT team to coordinate an installation time for the patch. It’s agreed that conducting the update after business hours will have the least impact on everyone’s day-to-day operation. Viktor sets an information banner, which lists the date and time of the downtime, as well as the estimated time needed to install the patch.

As the date approaches, Viktor ensures that an IT representative is on call, ready to help if something unexpected occurs. Because the development and production environments mirror each other, Victor implements the same action plan. He starts by taking a backup of the production environment and setting ArcGIS Enterprise to read-only mode. Victor then installs the security update patch and verifies system availability and workflow stability.

Recalling that the Portal for ArcGIS security patch required an added step after installation, Viktor opts to update the informational banner to include instructions on how to clear users’ browser cache. Taking this further, Viktor also tells his IT teammate about the requirements, preparing that department for a possible influx of tickets and questions.

Through Viktor’s careful work, SuperBiz International’s ArcGIS Enterprise environment was patched to include important security updates. In addition to a successful application, Viktor’s work in testing, verifying, and communicating the installation of this patch built trust with the ArcGIS Enterprise user base.

Tutorial 19: Install a patch for ArcGIS Enterprise

Create a patch application plan for your ArcGIS Enterprise organization

Prepare your organization’s downtime rules or expectations in writing.
- On what days or times will downtime be least disruptive?
- How long can the system be down before it becomes unacceptably disruptive?
- What will you do if the system is down longer than acceptable?
Create or review a backup strategy for ArcGIS Enterprise.
Tip: See chapter 18 for a full discussion of backup and restore strategies.
Create a communication plan.
- Who needs to be informed about the impact of the patch?
- How far in advance do they need to be notified?
- What level of detail do they need to be provided?
- How will you distribute the information?
- Do you need to use multiple distribution channels to ensure the information reaches everyone?

Install available patches

For ArcGIS Enterprise systems that have access to the internet, you can use the patch notification utility to check for and install available patches.

Sign in as a user with administrator privileges to the machine where ArcGIS Server is installed.
Navigate to the ArcGIS Server installation directory and then move to the tools/patchnotification directory.
Run the patchnotification executable.
Click the link for any available patch to read the details of issues addressed by the patch.
When you are ready, in accordance with your patch application plan, click the Install Security Patches or Install All Patches button to apply the patch.
From the Install Patches window, choose the patches you wish to install and then click Start.

Summary

This chapter covered how to prepare and install patches for ArcGIS Enterprise. Taking backups, installing patches in lower tier deployments, planning and communicating downtime, and verifying the efficacy of the patch post installation will build your user base’s confidence in your ability to maintain a deployment that is secure and up-to-date.

Назад: Chapter 17: Troubleshooting in ArcGIS Enterprise

Дальше: Chapter 20: Upgrading ArcGIS Enterprise