Externally Facing Enterprise Deployment

666
4
04-23-2021 02:16 PM
mpboyle
Regular Contributor

We have an externally exposed Enterprise deployment (10.8.1).  Each individual component works over the internet BEFORE we federate Portal and Server.  Once we federate Portal and Server, we are getting errors when trying to access our Server Manager via the internet.

I believe, but am not certain, the issue is that the Portal URL in Server Manager is using the internal URL for the Portal (ex: https://servername/webadaptor) and not the external URL (ex: https://gis.webdomain.gov/webadaptor).  

Is there a specific workflow when exposing your Enterprise externally to the internet?  Or, is there a reason why once we federate our Portal and Server, the internet side of things are not working as expected when they do work internally?

0 Kudos
4 Replies
berniejconnors
Occasional Contributor III

I have been operating a publicly exposed ArcGIS Server system since 2009. We have never used portal so I have no experience with federating ArcGIS Server with Portal. Server Manager is a sensitive component of Enterprise. Why would you want it exposed to the Internet??  It should only be used by a very small number of administrators. This can be easily accomplished with a VPN.

Bernie.

0 Kudos
mpboyle
Regular Contributor

We have been able to access our Server Manager via the internet with our current Enterprise deployment.  The web adaptor that has admin access is not the default adaptor name and is a randomized string.  We also have our Portal configured to use SAML, in which, the only admins are using domain accounts, so user names and passwords are pretty well protected.

I find being able to access our Server Manager via the internet quite handy, especially now when most of us are working remotely.

0 Kudos
HenryLindemann
Esri Contributor

Hi @mpboyle, So using multiple URL's would make live a bit more difficult, when you federate Portal takes over the security of ArcGIS Server so when you hit the webadaptor/manager it redirects to portal to authenticate and this will be over the registered federation you can review it a portaladmin fedration. So I am thinking a reverse proxy is needed Configure your portal to use a reverse proxy server—Portal for ArcGIS | Documentation for ArcGIS Ent... or a url rewrite to accommodate for the different names.

0 Kudos
mpboyle
Regular Contributor

Setting the "WebContextURL" property in the Portal Admin settings is what I was after.

0 Kudos