Allowing ArcGIS Server accessing our Geodatabase Enterprise over the web

409
4
06-18-2019 05:32 AM
MaximeDemers
Occasional Contributor III
In my organization there is an installation of ArcGIS Server that is linked with an Enterprise geodatabase (PostgreSQL) in a DMZ for editing only over the web.

However, we have another installation of ArcGIS Server that is linked with an Enterprise geodatabase (SQLServer) for internal use only. The main data of the organization are stored in the internal SQLServer, and its not accessible from the web.

We use some automatization tools to copy edited data from PostgreSQL to SQLServer and vice versa, but the desynchronization is becoming a problem.

The DMZ was designed to prevent putting our data at risk. However, we know there is many organizationd that don't really care about that, and are not afraid to expose their main database through the web.

We would like to study the possibility to let ArcGIS Server to have read and write access to our main database over the web and at the same time removing the DMZ.

What could be the issues of doing such change in our organization? Is there some way to attenuate the risks if such risks exist?
0 Kudos
4 Replies
RobertScheitlin__GISP
MVP Esteemed Contributor

Maxime,

   We use a reverse proxy to allow web traffic through a port that is uncommon and this is the only port that is allowed to communicate through the firewall from the DMZ to internal servers like the IIS Server. Our IIS and SQL and three ArcGIS Servers are internal and the only thing thing that is outside the DMZ is our Apache webserver that acts as our reverse proxy. Web traffic come through as a standard url like https://www.google.com/arcgis or https://www.google.com/arcgis2 but based on the url it is redirected to the particular ArcGIS Server (i.e. https://www.google.com/arcgis2 traffic goes to http://server2:port####/arcgis2/) but the web user never sees that url with the undisclosed port number. IIS and our ArcGIS web adaptor are setup to use this undisclosed port. Using a reverse proxy was esris recommendation years ago before the web adaptor app cam e out, but we continue to use this as it has worked so well for us for many years.

https://enterprise.arcgis.com/en/server/latest/deploy/linux/using-a-reverse-proxy-server-with-arcgis...

MaximeDemers
Occasional Contributor III

Thank you for the information. That's a very interesting avenue. I am not sure what would be the implication of the web adaptor in this kind of settings. Also, do you know if Portal is compatible with such reverse proxy?

0 Kudos
RobertScheitlin__GISP
MVP Esteemed Contributor

Maxime,

   Sorry I am not a Portal user so I don't know, but I would bet that it would be.

0 Kudos
JonathanQuinn
Esri Frequent Contributor