I am wondering if it is possible to have an activ-activ deployment of "Portal for ArcGIS" component in a HA deployment ?
The requirement from the security team is the following: "ArcGIS Enterprise" should be accessible from 2 differents networks and hit different servers.
One network should be able to hit a "Portal for ArcGIS" component opened to the outside world and another network should be able to hit the same "Arcgis Enterprise" (same maps, config, ...) but hosted on different dedicated server thanks to networking configuration.
While I think it could be possible with "ArcGIS Server" component as they can all be "activ" in the deployment, I am under the impression that it is not possible with "Portal for ArcGIS" component as there is one activ and one passiv:
"If you stop the Portal for ArcGIS service or the primary machine becomes unavailable (for example, if the hard drive fails), the portal will failover to the standby" (from documentation).
Did I miss anything ? Any suggestion regarding this requirement ?
/cc Jonathan Quinn
Just wanted to add that I read the following thread that could seems similar:
But the requirement would be to have HA deployment for one network and HA deployment for the other one (ie: we do not want one network to fall back on the other network when portal is down). So it implies 4 "Portal for ArcGIS" basically. But nowhere it is mention that you can multiply "Portal for ArcGIS" component just like you can with "ArcGIS Server".
Just for clarification, portal HA is active-active; each machine in a highly available portal configuration can respond to requests. Internally, there is a primary database which runs on one of the machines. If any request comes in to standby that requires data from the database, it will get that data from the primary database. Portal does not support a "siloed" architecture, like Server does, where you can have two distinct sites that are behind a load balancer.
Portal HA can't function if the machines are split between two data centers for geographic redundancy. If you wanted to support geographic redundancy, you need to set up the two environments separately and use the WebGIS DR tool to replicate content from one site to the other.
Portal can support a SplitDNS approach if you/your IT staff knows what they're doing. External users access an externally accessible endpoint, while internal users reach a different endpoint secured with Windows Authentication. In both cases, the URL has to be the same. Another approach to achieve that is use SAML, and all end users access the deployment through the same endpoint.