I would like to know what is the best practice for deploying ArcGIS Enterprise on Azure with respect to Vnet. i.e. should ArcGIS Enterprise be deployed on a separate Vnet of its own? We have a Vnet with Data Bricks deployed and we intend to deploy ArcGIS Enterprise in the same Vnet, just want to know if it would impose any issues deploying ArcGIS Enterprise on the same Vnet as Data Bricks?
Solved! Go to Solution.
It will work to keep all your applications in separate subnets (and Application Security Groups) within the same Vnet. The deployment tools do allow for this pattern.
You are right that data transferred between different Vnets using Vnet peering will incur transfer charges (but less than the egress to internet costs that would apply if there was no peering).
be aware that even within one Vnet, if your resources are in different Availability Zones, from Feb 1st 2021, MS will start charging for these transfers as well.
I don't think there is any issue deploying it to the same vnet, the only concern would be if you need to make any substantial changes to the vnet, you now have two application stacks impacted instead of one by any downtime.
Since virtual networks are free in Azure, I would personally suggest a second, separate vnet for ArcGIS Enterprise unless you have a specific network or security reason for keeping them on the same vnet.
I agree with Sam,
while technically do-able, it would be better practise to deploy your ArcGIS Enterprise in a separate vnet.
If you use ArcGIS Enterprise Cloud Builder for Microsoft Azure, you get the option to create a new vnet and also to provide the IP ranges for any new subnets that will be created. These all become part of a single Resource Group and allows you to manage these as one bundle.
In most of the implementations we have designed for our customers, we even use different vnets for Production and non-Production environments to provide real isolation.
Thanks Sam and DavidHoy.
Apart from the downtime factor is there any other reason for keeping ArcGIS in a separate Vnet? I have an understanding that keeping both the application stacks in different Vnets will involve using Vnet pairing which will incur cost in transfer of data from one Vnet to the other(both egress and ingress). Considering ArcGIS will be integrated with Data LakeGen there will lot of data flow to ArcGIS and hence the cost.
It will work to keep all your applications in separate subnets (and Application Security Groups) within the same Vnet. The deployment tools do allow for this pattern.
You are right that data transferred between different Vnets using Vnet peering will incur transfer charges (but less than the egress to internet costs that would apply if there was no peering).
be aware that even within one Vnet, if your resources are in different Availability Zones, from Feb 1st 2021, MS will start charging for these transfers as well.
Thanks DavidHoy for your prompt response.
I have created separate subnet and App Gateway subnet for ArcGIS. I will keep in mind your suggestion on Availability Zones.