So I have a mixed security model that has the appearance of having 3 different portals;
1. Public --> Collab to ArcGIS Online
2. Secure --> Custom Applications
3. Internal --> Internal\Sensitive
So is there a functional/technical reason why I can't have 3 different portal instances all hosting to the same ArcGIS Server site? Based on what I see in the docs; there should not be a issue.
Solved! Go to Solution.
Hi David,
> Can one ArcGIS Server site have multiple portals?
Allow me to refine your question: can one GIS Server site be accessed/referenced by multiple Portal instances? Yes - to be clear, this means the GIS Server site is NOT federated with any of the Portals. And it is not a hosting server for any of the Portals. The web services in the GIS Server site can be referenced by the different Portals (e.g., add item to reference the web services) - but the GIS Server site would have its own security model.
> Or can multiple Portals connect to one ArcGIS Server site?
Following on the answer above, yes - you could have multiple Portals referencing resources from the same GIS Server site. But they cannot be federated to the same GIS Server site, nor could they all use the same GIS Server site as a hosting server.
FYI: a GIS Server site can only act as the hosting server for a single Portal instance. When a GIS Server site becomes a hosting server, it has to be federated with the Portal - which means it takes the security model of the Portal instance.
Hope this helps,
Hi David Wright,
Have a read in the comment sections of a similar question Multiple Portal instances. Can you clarify, you have 3 separate Portals? Ben Turrell
Shane
If this answer was helpful please mark it as helpful. If this answer solved your question please mark it as the answer to help others who have the same question.
Hi Shane Miles,
Yes I was considering at least 2, possibly 3 portal instances (I already have 1 well established) that would support a separate identity methods and group controls. That post you referenced was good; I do like Jonathan Quinn 's suggestion of a collaboration route as a fallback for not being able to cross-federate which I do recall.
For my public (non-authenticated) users I was going to do a pass-through from my AGOL which is easy enough; but for my other authenticated route that was not ADFS/IWA I was looking at a totally separate portal instance.where additional sets of controls would isolate things.
Hi David,
> Can one ArcGIS Server site have multiple portals?
Allow me to refine your question: can one GIS Server site be accessed/referenced by multiple Portal instances? Yes - to be clear, this means the GIS Server site is NOT federated with any of the Portals. And it is not a hosting server for any of the Portals. The web services in the GIS Server site can be referenced by the different Portals (e.g., add item to reference the web services) - but the GIS Server site would have its own security model.
> Or can multiple Portals connect to one ArcGIS Server site?
Following on the answer above, yes - you could have multiple Portals referencing resources from the same GIS Server site. But they cannot be federated to the same GIS Server site, nor could they all use the same GIS Server site as a hosting server.
FYI: a GIS Server site can only act as the hosting server for a single Portal instance. When a GIS Server site becomes a hosting server, it has to be federated with the Portal - which means it takes the security model of the Portal instance.
Hope this helps,
Hi Derek Law ,
That is the direction I am going to be operating from. Keeping my internal Portal which is federated and controlled by ADFS/IWA; but using a separate Portal instance that we will/can explicitly share/expose the services that are needed in that manner.
Since from the public(AGOL) or even secured-customer side (new Portal) side, the use of hosted services and doing Ad-Hoc functions are not needed. My main focus is using services/features such as Geocortex or even Vector-Tiles where I need a Portal or AGOL endpoint to host certain things.
Hi Derek,
So am i understanding this right. The base enterprise configuration can have server and portal federated and the additional portal instance will operate independently from the ArcGIS Server. In order to add services to the additional Portal we will just add by reference to the rest url?
Hi @JakeNeedle,
> The base enterprise configuration can have server and portal federated and the additional portal instance will operate independently from the ArcGIS Server.
I am not clear on what you mean in the second part of this statement. In a base deployment, portal is federated with the GIS Server - they share the same security model. There is only one portal. What do you mean by "additional portal instance"?
Hi @DerekLaw ,
Thank you for the response. We intend to have a second instance of Portal in our environment for outside consultants to access for editing purposes. I do not believe it is possible to have 2 portals federated with the same GIS Server? correct? We are trying to figure out the implementation design that will allow consultants editing access to feature services referencing our enterprise geodatabase without having access to data shared organization wide.
Hi @JakeNeedle,
> I do not believe it is possible to have 2 portals federated with the same GIS Server? correct?
Yes, this statement is correct. A GIS Server can only be federated with a single Portal instance.
> We intend to have a second instance of Portal in our environment for outside consultants to access for editing purposes. ... We are trying to figure out the implementation design that will allow consultants editing access to feature services referencing our enterprise geodatabase without having access to data shared organization wide.
There is not enough information for me to provide guidance. Maybe if you could provide some more details about your deployment and security I could comment. Alternatively, you could reach out to your local Esri account manager/Distributor and they could help.
Hope this helps,