Hello. I come to you great people with a question(s) about migrating from AD FS to Azure. This is not my area of expertise and I'll do my best to try and explain our current setup.
We are currently on ArcGIS Enterprise 11.2, this is running on a single server.
We also have an ArcGIS Online portal.
We have 2 hosting servers that house our published layers (both running web adapter and enterprise 11.2).
We have 2 databases that house our gis data. These are on 2 different servers. (Not quite sure if we want to migrate these to Azure).
I also found out that Azure allows:
For AD groups to be migrated to Azure
AD groups permissions can be migrated to Azure.
What are some architecture setup(s) can you recommend based on my needs?
Thanks in Advance!
This area is not my strong suit either, but the following Esri document has architectural diagrams that can give you ideas and a good starting point:
It's targeted at high-availability deployment scenarios, but can still be used to look at non-HA deployment scenarios.
Thank you!
Hi @GIS412,
If you have domain integration, you will not be able to use this in Azure unless if you spin up an AD server in a VM, what I would recommend is that you use SAML for your authentication, here is a link for that, Tutorial: Microsoft Entra SSO integration with ArcGIS Enterprise - Microsoft Entra ID | Microsoft Le...
Then you mentioned that you will perhaps keep your databases on premise, this has a few pros and cons,
Depending on what you can afford it is usually a good approach to apply something called workload separation, this is where you deploy a server for each workload this will give your servers breathing room because congestion on ArcGIS Server will not impact portal for ArcGIS.
Web Layer
Webserver
ArcGIS Webadaptor
portal For ArcGIS
Applications Layer
ArcGIS Server
Database Layer
ArcGIS Datastore
SQL Servers
I would also suggest that you have a proper plan in place for backups azure only provides hardware redundancy so if you application fails you would need application-level backups like webgisdr for ArcGIS Enterprise or vm snapshots.
Hope it helps.
regards
Henry
Thank you! This is very helpful.
For our enterprise portal, we currently use SAML for logins and we also have arcgis login enabled (for users outside our org that need read only access).
Our ArcGIS Online does not use SAML and the users create their own passwords.
AD FS groups and permissions can be migrated to Entra ID as well?