iShare In The Cloud Connectivity

A virtual private network (VPN) is a technology that creates an encrypted connection over a less secure network - in this case the network being the Internet between the Customer Network and the Virtual Private cloud. The benefit of using a VPN is that it ensures the appropriate level of security to the connected systems when the underlying network infrastructure alone cannot provide it.

Search the following page for Q. What customer gateway devices are known to work with Amazon VPC?

• Highly Secure
• VPC can act as extension to corporate network

• Requires configuration by On Premise network team
  
  

Restricting Access by IP address is a mechanism that ensures that the only requests that originate from the customer Network Estate are permitted.  As the communications are occurring over the Internet there would be minimal risk that a Man-in-the-middle attack could occur but this is extremely rare.  If secure protocols are used this adds extra security i.e. https, ftps / sftp etc

The following page gives technical details of how this is configured - suitable reading for Network Engineers.

• Moderately secure
• Limits access for extra security

• Remote workers must have access to corporate network via VPN or similar
• Open to Man-in-the-middle attack (low risk)

No restriction on where a request originates from and no data is encrypted whilst in transit. This is the least secure and could be prone to Denial of Service attacks etc.  As with the Restrict Access by IP address above secure protocols can also be used i.e. https, sftp / ftps

• No local network configuration
• Anyone can access from anywhere

• Least secure option
• Vulnerable to Denial of Service attacks, Man-in-the-middle attack

• Preferred when available
• Simplified user management from the Network / User administrator
• Administrative savings on the GIS resources for user management

• None

Active Directory Federated Services (ADFS)

iShare In The Cloud can be fully integrated within a corporate Microsoft Active Directory domain via ADFS (the same method that Microsoft use with Office 365) ensuring internal security compliance. Therefore iShare In The cloud securely connected to the corporate network via a VPN (if required) via the most viable network location end point ensuring that remote workers have maximum bandwidth when securely connected to the network estate. 

• Preferred when available
• Simplified user management from the Network / User administrator
• Administrative savings on the GIS resources for user management

• On Premise ADFS Server required

• Still allows security
• Fine grained control

• Administrative burden for GIS Administrator
• May not be accepted by Security team due to Business as Usual

Third Party software Management solutions

Normally combined with either Virtual Private Network or Restrict Access by IP address connectivity options. Two options are:

• Self registration where any user can self register through a web portal. Role management can default to an open GIS profile and further Role based security would be configured by the GIS Administrator
• Password Management where existing local users (configured by the GIS administrator) can update / change their password. Often required for Corporate Security teams

• Less GIS Administrative burden
• Users can manage their own user names / passwords

• via Third Party Tools local user management tools
• Annual cost for tools up to £1500 per annum

• No administrative burden
• Still has partial security through connectivity options

• No Security
• Some features of iShareGIS not available (Annotations, Feature Editing)