ArcGIS enterprise configuration in an intranet environment

SaraEL_MALKI · ‎10-26-2017

Hi guys,

I've been reading the documentation for hours and hours but it's getting me LOST,

I wanna know briefly what's the optimal configuration for an intranet environnement for arcGIS server and Portal?

we do have a windows server standard, arcGIS enterprise 10.5.1, Oracle enterprise database and a geodatabase.

some developers will use WAB Dev edition, edit and add content to the portal and server and others viewers of the Portal.

- for the SSL certificate, I will create a domain certificate, but what I didn't understand is will I need to buy a domain site and use it for this certificate or just create one by my own ?

- Will I need a multi-tiered deployment or all-in-one deployment ?

Deployment scenarios—Installation Guides (10.5) | ArcGIS Enterprise

Excuse my basic questions because I'm a literal beginner

Derek Law‌ Robert Scheitlin, GISP Rebecca Strauch, GISP

Portal for ArcGIS‌ ArcGIS Server (10.0 and prior)‌

thanks in advance for your help,

Sara

SaraEL_MALKI · ‎11-08-2017

Hi William,

I was reading the documentation and I found that :

About the ArcGIS Web Adaptor—Portal for ArcGIS (10.5.x) | ArcGIS Enterprise

Accessing your portal with the Web Adaptor installed
After installing and configuring the Web Adaptor, the URL that you use to access your portal will be in the format https://webadaptorhost.domain.com/webadaptorname/home. For example, if the machine hosting your Web Adaptor is named wa with the domain myorg.net and your Web Adaptor is named arcgis, you'll access the portal using the URL https://wa.myorg.net/arcgis/home.

1. I don't get the domain part, for an intranet environnement will I need to come of a name of a domain from my head (of my choice) then create its domain certificate then use it to access the Portal, OR I need to buy that domain (the myorg.net) ?

2. Once I have a domain certificate for myorg.net on the port 443 and then install Portal and ArcGIS web Adaptor I will be able to access the Portal via that link https://wa.myorg.net/arcgis/home without having to mention that domain (myorg.net) while installing Portal or the Adaptor because the certificate on the port 443 is enough to configure that domain with the adaptor, is that true?

I found this in the docs:

How to install ArcGIS Web Adaptor
The ArcGIS Web Adaptor setup program should start automatically after the download is complete. If the setup does not start automatically, browse to the location of the downloaded setup files, and double-click Setup.exe.
Review the terms and conditions of the master agreement. You must agree to the terms to proceed.
Choose a website running on port 80 for ArcGIS Web Adaptor. Available websites are listed as <website name (port)>. If you don't see the Select website dialog box, this means you only have one website. If only one website is found on your machine, ArcGIS Web Adaptor is automatically placed on that website without displaying the Select website dialog box.

for number 3, is the website name is the machine name or what ? I know that the Portal is on https://portal.domain.com:7443/nameOfThePortal/home

so the website name in this case is portal and the domain name is domain.com, isn't it ?

so If I don't have a website name, the default will be my machine name, right ?

3. Is the basic deployment of ArcGIS Enterprise suitable for a production environnement (6-8 users) ?

Derek Law‌ Randall Williams Robert Scheitlin, GISP

thanks in advance for your help,

Sara

RandallWilliams · ‎11-08-2017

Q: I don't get the domain part, for an intranet environnement will I need to come of a name of a domain from my head (of my choice) then create its domain certificate then use it to access the Portal, OR I need to buy that domain (the myorg.net) ?

A: Unless you're starting your organization's domain from scratch, no. Typically, and organization will have a directory server (in Windows terms, that's a domain controller). On a windows machine, you can open a command prompt and enter the command 'IPCONFIG -ALL'. The first set of responses should specify your hostname and your primary DNS suffix. Together, that makes your fully qualified domain name (FQDN) in the format machine.domain.suffix. For instance, I may have a domain called 'randallswidgets.net', and a machine called 'production'. Together, the FQDN will be production.randallswidgets.net. The certificate I obtain will be for *.randallswidgets.net - I'd use the wildcard so that I can apply the cert to multiple machines on the domain. Ask your network administrator if you have an in-house certificate authority from which you can obtain a certificate.

Q: Once I have a domain certificate for myorg.net on the port 443 and then install Portal and ArcGIS web Adaptor I will be able to access the Portal via that link https://wa.myorg.net/arcgis/home without having to mention that domain (myorg.net) while installing Portal or the Adaptor because the certificate on the port 443 is enough to configure that domain with the adaptor, is that true?

A: Kind of. In this case, I'd obtain a certificate with a CN of "*.myorg.net". At the same time, you'd want to set the SAN (Subject Alternative Name) of the cert to just the hostname. You should specify one or more SANs when requesting the cert. Again, your admin can help.

Q: ...for number 3, is the website name is the machine name or what ? I know that the Portal is on https://portal.domain.com:7443/nameOfThePortal/home

so the website name in this case is portal and the domain name is domain.com, isn't it ?

so If I don't have a website name, the default will be my machine name, right ?

A. On Windows machines, when IIS is freshly installed, there is only one website (called Default Website), and it's running on port 80. While the name of the machine *is* used to access the web servers that run on a given machine (a machine may host one or more web servers), unless the default website has been renamed, the identifier will be 'default web site'. You'll need to understand that there are two separate web servers in play: The internal Portal web server (which is not IIS) that runs on port 7443, and the website that runs on the web server that supports the web adaptor (which on Windows is IIS).

Q: Is the basic deployment of ArcGIS Enterprise suitable for a production environnement (6-8 users) ?

A: Yes.

SaraEL_MALKI · ‎11-09-2017

Okay thank you very much for your clear explanations,

one last question, the Portal needs a local/ domain account and the same thing for the ArcGIS Server,

in a basic deployment, will I have TWO different accounts ? one for Portal an the other for the ArcGIS for Server ?

but If so, while installing the Data Store which account will I use ?

in an intranet, using a local account for both, would it affect the workflow ?

randall_williams-esristaff‌

RandallWilliams · ‎11-09-2017

In a basic deployment, while it's possible to use multiple accounts as 'Service Account' (or 'RUNAS' accounts), most users use the same account own processes for the components of ArcGIS Enterprise (Portal/Server/Data Store). If you are distributing ArcGIS Enterprise across multiple machines, you'd likely want to use the same domain account. In my test installs where I run everything on a single machine, I use the same local account as the RUNAS account for all of the components. While the installers for ArcGIS Enterprise have the ability to create a LOCAL account on your behalf, the cannot create a domain account. If you opt to use a domain account, have it pre-created and supply that detail when prompted during the install.

Keep in mind that domain accounts are subject to domain policies. It's easy to forget to update a password after x number of days for an account that most users don't regularly log in with. If the password for your RUNAS account expires, there may be an availability issue until corrected.

SaraEL_MALKI · ‎11-09-2017

Okay thank you so much, I will use ONE LOCAL account for all the components,

best regards