ArcGIS Enterprise version 10.9.1
We currently have two installations of ArcGIS Server running. One ArcGIS Server site on a dedicated machine that is used as an internal-only access server and is not running any web adaptor, and another instance of ArcGIS Server that is federated with Portal with a web adaptor installed on a web server on the DMZ to allow public access to services we publish.
This seems like overkill considering we are a very small city government agency and have very few services published to each of these sites. The reason we set up an internal-only server installation was to publish XY event services we use to create apps/dashboards that our employees can access without logging in as long as they're on our network. We set up the federated environment to share services with third-party software companies that we integrate our GIS data with.
Is there a way to host all of our services on the server that is federated with portal to cut down on the number of GIS machines we're maintaining, or does having the publicly available web adaptor diminish our ability to secure our services enough if we wanted to maintain some internal-only services? I understand we can configure some services to require logins through our portal but I'm wondering if you can set up access in a way that allows sharing services to internal users publicly while not allowing public users to access them.
Just looking for best practices here.