Highly available ArcGIS Server on DMZ with third party NLB

1739
4
Jump to solution
07-20-2017 03:21 PM
AzinSharaf
Occasional Contributor II

We are going to deploy a highly available ArcGIS Server on DMZ side with ArcGIS built-in store security. Since we use third party NLB, I believe we don’t need Web Adaptor. Correct? Can I remove green boxes in diagram below? 

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
Esri Notable Contributor

Yes, that should be fine:

There's internal communication that needs to be through redundant URLs as well, (handled by lb2).  In this diagram, that internal communication stays internal whereas only user/public traffic is handled externally.  You can use the same load balancer for both types of URLs, (defined using the privatePortalURL prior to federation and admin URL during federated).

View solution in original post

4 Replies
JonathanQuinn
Esri Notable Contributor

If you plan on using IWA, the Web Adaptor is required for Portal.  If you plan on using SAML or built-in users, the Web Adaptors are not required.

Deployment scenarios for a highly available ArcGIS Enterprise—Portal for ArcGIS (10.5.x) | ArcGIS En... 

AzinSharaf
Occasional Contributor II

Thanks Jonathan! This is just for public faced ArcGIS Server without having Portal. Can I remove green boxes in this scenario?

0 Kudos
JonathanQuinn
Esri Notable Contributor

Yes, that should be fine:

There's internal communication that needs to be through redundant URLs as well, (handled by lb2).  In this diagram, that internal communication stays internal whereas only user/public traffic is handled externally.  You can use the same load balancer for both types of URLs, (defined using the privatePortalURL prior to federation and admin URL during federated).

MasterAdmin
New Contributor II

Hi Jonathon

I have set up portal in a DMZ.  All seems to be working correctly with Windows Integrated security login. 

I have also set up ArcGIS server inside the firewall. It is also functioning correctly.

I now wish to federate the server with portal and I am having some trouble.  Can you please tell me which ports need to be opened in the firewall so that the server can be federated with portal and function correctly?  

Is it 6443 or 7443 or both? (using https in both environments).  Any others.

Each change to the firewall needs to go through a long approval process so I'd like to put in one request if possible.

Thanks in advance, Rob

0 Kudos