ArcGIS Server behind F5 Load Balancer: Do I need the Web Adaptor?

JasonTipton · ‎02-10-2015

I have 6 ArcServers participating in 1 site that I am deploying. I have setup the IIS webadaptor on 2 machines that are being load balanced behind an F5. Do I need the webadaptor? All the webadaptor does is forward traffic from port 443 to 6443. It also does a little load balancing (maybe).

With the F5, I can do SSL offloading at the hardware level (much more efficient). I can decrypt once at the F5 instead of having to decrypt at IIS, then re-encrypt to pass on to ArcGIS to un-encrypt and have to do it all again on the return. I don't have to have IIS do any URL routing like the web-adaptor does. All traffic to that particular subdomain will be forwarded to the ArcGIS Server site.

The way I see it, you are using IIS as a router/load balancer. If I have access to the real thing, it will be much more efficient and I don't see that I lose anything.

What am I missing? And has anybody already done this?

TobiasFimpel1 · ‎02-10-2015

I have been running a 2-Server site behind a F5 load balancer without web adaptor for ~2 years. It works, but next upgrade will move to using 2 web adaptors behind f5 load balancer. Reasons: SSL certificates easier to manage for ssl-newbies (like myself), being able to take advantage of ArcGIS server clustering (this is the major plus), possibility of using web tier authentication.

View solution in original post

JakeSkinner · ‎02-10-2015

Hi Jason,

In most deployment scenarios when you are using a Load Balancer, the use of ArcGIS Web Adaptor is optional and typically only necessary if you would like to take advantage of web tier authentication.

Here is a helpful link:

Deployment scenarios—Documentation | ArcGIS for Server

JasonTipton · ‎02-11-2015

Great link. Good info. Thanks

TobiasFimpel1 · ‎02-10-2015

I have been running a 2-Server site behind a F5 load balancer without web adaptor for ~2 years. It works, but next upgrade will move to using 2 web adaptors behind f5 load balancer. Reasons: SSL certificates easier to manage for ssl-newbies (like myself), being able to take advantage of ArcGIS server clustering (this is the major plus), possibility of using web tier authentication.

JasonTipton · ‎02-11-2015

Tobias Fimpel What prevents you from taking advantage of clustering? I will be clustering in this environment, but I don't see that a load balancer would affect that.

TobiasFimpel1 · ‎02-11-2015

Your Web Adaptor(s) know which http requests to forward to which cluster. They know that for example map service A runs on servers 1,2,3 (because those three make up one cluster) and map service B runs on server 4 (because that server makes up another cluster). Likely your F5 does some kind of a round-robin forwarding, but F5 would forward http request for service A to servers 1,2,3,4 and it would forward requests for service B to servers 1,2,3,4 as well. Using F5 without Web Adaptors, how would you ensure that calls are being sent to the correct cluster?

pheede-esri · ‎02-13-2015

Tobias,

You are perfectly fine using clusters even without the web adaptor. The GIS server performs internal load balancing and in the case of clusters forwards requests that come in to an appropriate machine that has the requested service available. Do note updated advice on use of clusters in this help topic: Multiple machine deployment with GIS server clusters—Installation Guides | ArcGIS for Server

The Web Adaptor is required with the GIS server only if you need Web Tier authentication. In all other cases it is an optional component. For customers that have another reverse proxy and load-balancing solution available, such as the F5 in this thread, it can be an excellent choice to use that instead and not introduce additional components into the system architecture. It really boils down to manageability and functional requirements (web tier authentication).

For the original author's question and situation it sounds like the F5 would be a good choice.

Thanks,

Philip

ArcGIS for Server Product Manager

TobiasFimpel1 · ‎02-13-2015

Thanks Philip. Great info! Is this new at 10.3?

I'm asking because in the past I have always been told/read that Web Adaptor is necessary for forwarding to the correct cluster.

pheede-esri · ‎02-13-2015

This is unchanged since 10.1 and applies to all current versions of ArcGIS Server: 10.1 - 10.3.

Cheers,

Philip

AmyKlug · ‎06-16-2016

Has anyone had success implementing the F5 with the web adapter and portal (on premise) on the external environment? We are having trouble getting communication.