Derek Law might be a good one to answer this, but I'll give you what I understand.
If I remember correctly, you typically need different web-adapters for AGS vs (internal) Portal (I think Derek mentioned that in another thread). Portal is typically internal only, and not exposed to the public, so if you plan to have public web services, for security purposes, you would want to have a web adapter installed.
But in the meantime, here are a few resources that may help:
Security is the key of course.
If at some point you are looking at getting into Web AppBuilder developer edition, check out my blog page /blogs/myAlaskaGIS/2016/03/09/web-appbuilder-developer-edition-customization-resource-list?sr=search... which has links to many of those resources. WAB is one of the nice benefits of using a portal (AGOL or Portal), but of course reliance on a portal is also a downside....but that's life. Custom JS apps don't have that reliance on a portal, so if you've got 'em...
> Our current thoughts are to put Server and Portal on one machine with a Data Store on a separate machine.
We recommend that you install Server and Portal in separate machines. In this way, if Server is really active or busy, it will not affect the performance of Portal.
> Portal with a Web Adapter will essentially do most of what a stand-alone (without Portal) Server with Web Adapter will do
Not quite true. Portal for ArcGIS requires a Web Adaptor to work, while the GIS Server can optionally use the Web Adaptor. Reasons why you would may want to use the Web Adaptor:
- enables web-tier authentication
- provides more flexibility to control access to the Server site
- you can leverage web server features
- it is conceptually like a reverse proxy for the Server site
> Does anyone know if I can still access the MapSevices directly using the Portal with Web Adapter, or will I need to install a separate WebAdapter for Server?
This will greatly depend on the security model you configure for your Server site and for Portal for ArcGIS. To be clear, Server and Portal have 2 separate security models, you can optionally "federate" your Server site with Portal so that it uses the same security model as Portal.
Within the context of your situation where you have an existing web app that is currently referencing web services directly from the Server site, you can "switch" it to access web services from your new 10.4 Server site, but Portal would not be a factor in your deployment. If you decide to change the web app to work with Portal, then you should evaluate what security you would like to set for the Server site.
A good starting point for understanding Server/Portal security:
Hope this helps,
Thank you all! Let me read through some of these resources and get back to you. I'm sure I will have more questions. As a note, the website that I am referencing is currently an internal intranet website that is not exposed outside of our network. We have plans to play with Azure and/or another portal deployment that would be exposed to external users...but one step at a time! We are a global company and have purchased licenses so that we can play with an Azure deployment in the near future. I am in a bit of a hard spot because our IT department is not the best and I only have 1 other person helping me with the deployment. I am trying to find a good mix so that we can quickly deploy a system that works with our current setup, but is scalable and doesn't depend on the IT department too much (my manager really wants to go with Azure for this reason...sad, I know). We want to use portal, have external users, and completely update the above referenced internal website within the year.
Ok, I am running into another snag while trying to make this decision. I am confused about the authentication. We use Active Directory. If I read this:
it seems that I have to deploy both of the adapters (Portal and Server) on a Java machine. However there is also this:
that seems as if we can just set up windows authentication in IIS. The last link is kind of old, but I have found references to it in other places, too. So, what gives? Is the Java implementation somehow doing a different job? I just want my users to be able to log into their computer and not have to log in again to use portal (windows authentication). Will the Java implementation only come into play when we start publishing websites with external access? Does anyone know a good link to explain the difference between setting up the adapter on an IIS machine with windows authentication vs a Java machine with LDAP?
Thanks for your help! I am slowly muddling through everything...
As shown above you can use web adapter on same machine or different also,
while using LDAP based authentication you need to configure on ArcGIS server manager
We are using single machine configuration with web adapter and NLB,
Services have LDAP based ArcGIS Server Security....
> ... it seems that I have to deploy both of the adapters (Portal and Server) on a Java machine.
No. If you're using Windows OS for your Server and Portal installations, then you don't need to install anything on a Java machine.
> I just want my users to be able to log into their computer and not have to log in again to use portal (windows authentication).
Yes, you can set-up security for your GIS Server site with windows authentication, help topic:
As I stated previously, by default the GIS Server and Portal for ArcGIS have 2 separate security models. You can keep them separate, or you can federate your Server site with Portal. It depends on if you want a single-sign on user experience when someone logins into Portal, then can access secure web services on the Server site. Please watch the UC tech session video I referenced in my earlier post.
Hope this helps,