AWS cloudformation template for allinone behind load balancer

TimHaverlandNOAA · ‎11-26-2024

We want to build an arcgis enterprise allinone system, but because we can't provision elastic IP addresses, we would like it to be behind a load balancer much like the high-availability cloudformation templates do.

Has anyone created a cloudformation template to build a system like this?

MikeSchonlau · ‎11-27-2024

We had the same experience with the HA stack - it was more hassle than it was worth. We transitioned to stand-alone stacks last year and it's been mostly smooth-sailing since. Much easier for us to troubleshoot and make adjustments.

Unfortunately, I'm not sure I can offer much help regarding the private ip's. We currentlyuse elastic ip's in all of our deployments. We also use a load balancer in just one of those deployments, though. When we transitioned to all-in-one deployments, we decided to bypass the AWS load balancer since there was only one machine and we were also using the ArcGIS Web Adaptor for routing requests. We were also able to do this because we bought an external wildcard SSL certificate and loaded it into the AWS Certificate Manager (for use with our AWS ALB), but also use that locally in IIS on our Portal machines.

If you have any more questions about the all-in-one deployment, I'm happy to share what we've learned, so reach out.

View solution in original post

MikeSchonlau · ‎11-26-2024

Are you restricted by your organization from provisioning elastic IPs? We have deployments both ways - one with a load balancer and another with just an elastic ip. I'm happy to share notes on what we've learned if you're interested.

TimHaverlandNOAA · ‎11-26-2024

Hi Mike, yes, we are restricted organizationally from provisioning elastic IPs. Being able to stand up portal/enterprise behind an internal load balancer would also be very useful in our development VPC where all IPs are private.

Would appreciate learning from your experiences!

To be honest, we've been using HA cloudformation templates and it's been a royal pain. I'm looking to simplify and hopefully have a more solid experience with portal/enterprise.

Tim

MikeSchonlau · ‎11-27-2024

We had the same experience with the HA stack - it was more hassle than it was worth. We transitioned to stand-alone stacks last year and it's been mostly smooth-sailing since. Much easier for us to troubleshoot and make adjustments.

Unfortunately, I'm not sure I can offer much help regarding the private ip's. We currentlyuse elastic ip's in all of our deployments. We also use a load balancer in just one of those deployments, though. When we transitioned to all-in-one deployments, we decided to bypass the AWS load balancer since there was only one machine and we were also using the ArcGIS Web Adaptor for routing requests. We were also able to do this because we bought an external wildcard SSL certificate and loaded it into the AWS Certificate Manager (for use with our AWS ALB), but also use that locally in IIS on our Portal machines.

If you have any more questions about the all-in-one deployment, I'm happy to share what we've learned, so reach out.

TimHaverlandNOAA · ‎12-12-2024

I just learned that at 11.4, the cloudformation has a parameter called "Deployment mode" that you can set to either "primary" or "primary-standby." I tried the "primary" option and it creates a single instance behind a load balancer with portal, server, datastore and webadaptors on it, and if you choose FileSystem as the config store, it will create a file server for server/portal directories and config-store. Optionally, if you already have a file server, you can provide the instance id as a parameter. This new cloudformation template inspired me to make the leap to 11.4, and so far the "primary" mode seems to be working well without the hassle and fragility of the primary-standby (high-availability) mode.

MikeSchonlau · ‎12-12-2024

Good to know. We're planning an 11.4 upgrade in January. I'll keep an eye out for it.