Implementing Portal

529
2
Jump to solution
02-28-2018 01:07 PM
Lake_Worth_BeachAdmin
Occasional Contributor III

Currently my Organization uses ArcServer consuming data from SQL Server, we host these services in webmaps on AGOL (also being utilized in Collector).

We are also integrating Survey123 and Collector and want easier access to secured services by authenticating with their AD creds (same creds used for ArcGIS Server).

We dont want users to have a AGOL user/pass to login the app and then use their AD creds to access the service.

So Portal will fix this by federating (I hope).

I watched ESRI UC workshops (2016) and read a few articles that stated I need 2 web adapters? 1 for Server and 1 for Portal? The ArcGIS Server is currently using SSL cert on the web-adapter;

do I need to purchase a new SSL Cert for Portal?

I also read its ideal to have server and portal on separate machines for isolation which is not a problem but will this cause issues with the web-adapters?

so my question is on a separate machine do I need to just install Portal or also Web Adapter and Portal? And will this require me to purchase a separate SSL Cert?

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
Esri Notable Contributor

Yes, setting up Portal and federating with your existing Server will be a good way to integrate the security models between items and services.

In regards to your other questions:

I watched ESRI UC workshops (2016) and read a few articles that stated I need 2 web adapters? 1 for Server and 1 for Portal? The ArcGIS Server is currently using SSL cert on the web-adapter;

do I need to purchase a new SSL Cert for Portal?

You will need two web adaptors, one for Portal and one for Server. They can exist on the same web server machine, (just name the new one differently from the Server one). Since they'll exist on the same web server, you don't need a new SSL cert as the existing one will be used for the new web adaptor.

I also read its ideal to have server and portal on separate machines for isolation which is not a problem but will this cause issues with the web-adapters?

If your machine is large enough to run both Portal and Server, there's no problem putting Portal on the same machine as Server. There are arguments both ways, though. If you have everything on one machine, if the machine goes down, all components go down. If you separate components and the Portal goes down, that's the authentication mechanism for secure services, so those services won't be accessible, but non-secured ones will be. If Server goes down, you can still access webmaps and web apps and all services not running on the Server will display.

To wrap up, it's up to you:

1) You can install the Portal on another machine, the new web adaptor on the existing web server machine, and then use your existing certificate and register the new web adaptor with the Portal.

2) You can install Portal on the other machine, install the web adaptor on that machine, and then you'll need to acquire a new certificate for the new web server.

3) You can put everything on one machine. You won't need a new certificate in this case.

View solution in original post

2 Replies
JonathanQuinn
Esri Notable Contributor

Yes, setting up Portal and federating with your existing Server will be a good way to integrate the security models between items and services.

In regards to your other questions:

I watched ESRI UC workshops (2016) and read a few articles that stated I need 2 web adapters? 1 for Server and 1 for Portal? The ArcGIS Server is currently using SSL cert on the web-adapter;

do I need to purchase a new SSL Cert for Portal?

You will need two web adaptors, one for Portal and one for Server. They can exist on the same web server machine, (just name the new one differently from the Server one). Since they'll exist on the same web server, you don't need a new SSL cert as the existing one will be used for the new web adaptor.

I also read its ideal to have server and portal on separate machines for isolation which is not a problem but will this cause issues with the web-adapters?

If your machine is large enough to run both Portal and Server, there's no problem putting Portal on the same machine as Server. There are arguments both ways, though. If you have everything on one machine, if the machine goes down, all components go down. If you separate components and the Portal goes down, that's the authentication mechanism for secure services, so those services won't be accessible, but non-secured ones will be. If Server goes down, you can still access webmaps and web apps and all services not running on the Server will display.

To wrap up, it's up to you:

1) You can install the Portal on another machine, the new web adaptor on the existing web server machine, and then use your existing certificate and register the new web adaptor with the Portal.

2) You can install Portal on the other machine, install the web adaptor on that machine, and then you'll need to acquire a new certificate for the new web server.

3) You can put everything on one machine. You won't need a new certificate in this case.

Lake_Worth_BeachAdmin
Occasional Contributor III

thank you for detailed response JQuinn-esristaff

this cleared things up a lot

0 Kudos