Enterprise and federate or stand alone

679
7
Jump to solution
09-30-2019 11:10 AM
MichelleD
New Contributor III

We have ArcGIS Server 10.3 running on an old server.  We are setting up a new sever and will install 10.7.1 (single-machine deployment).  My current workflow is to publish a map service from ArcMap, create a web map in AGOL, then use WebApp Builder (developer version) to create a web application that I copy to the server.  I am trying to determine if I should use Enterprise Builder and federate, or keep ArcGIS Server stand alone as on the old server.

I do have one application (and may build more) where I used ArcGIS Server Manager to secure the service.  I published the service with Feature Access enabled.  In ArcGIS Server Manager I created a user name and password and assigned it a role, I made the service private and assigned it the role.  I created the web map and application as described above.  I provide the person who needs to use it the link, user name, and password, and they are able to make updates.  From everything I have read, it appears I would no longer be able to secure the service that way if we federated and user management was taken over by Portal?

0 Kudos
1 Solution

Accepted Solutions
ErikLash1
Occasional Contributor

+1 on the recommendation for a 10.7.1 single machine deployment of an ESRI base install. 

Your workflows will need to be modified for use with it. However, it's well worth  the enhanced capability and configuration options that are available. More work up front but a much better result down the line.

Note of caution on Enterprise Builder > it's extremely inflexible in control of default configuration settings during install.  Run a test deployment to see if the defaults meet your needs. 

One other consideration with Enterprise Builder, its pieces can't be treated separately after they are installed.  Package deal that also requires Enterprise Builder use to update the components down the road.

We ended up setting up our own workflows for implementation of single machine deployment installations so that we could control how each component was initialized and how they could be re-configured and updated later on.

View solution in original post

7 Replies
JakeSkinner
Esri Esteemed Contributor

Hi  Michelle,

I recommend federating ArcGIS Server with Portal.  This will eliminate the need for two logins.  In the example you gave above, the user would need to login to Portal to access the web application, and then login again to access the secure service. 

When you federate, there will only be one security model, which is Portals.  To secure a service, you share it to a Group within Portal rather than a Role within ArcGIS Server.  With federation, you can share the service with the same Group the web map/app are shared with.  Then the user will have permissions to the application and service using their Portal credentials.

0 Kudos
MichelleD
New Contributor III

Jake,

Thank you for the suggestion.  Currently, the user doesn't have to log in twice.  The web application is public, just one service within it is secured.  When the user goes to the link a dialog box requests a user name and password.  If entered, the full app opens with the secured service.  If the user cancels past the user name and password, unsecured services will display, but the secured service won't be added to the map.

0 Kudos
CodyMarsh
Occasional Contributor

Hello Michelle,

I would agree with Jake's assessment and would also recommend that you federate your ArcGIS Server with a Portal for ArcGIS.

As a side benefit to this setup, with Portal for ArcGIS you do not have to rely on AGOL to create your Web Maps. You will be able to create them with your on site Portal.

Also for more information about federation and what it allows your Portal to do you can read our documentation: Federate an ArcGIS Server site with your portal—Portal for ArcGIS (10.7 and 10.7.1) | ArcGIS Enterpr...

MichelleD
New Contributor III

Thank you both for the recommendation to federate.  I do see there are benefits, but my concern is the functionality I would lose.  I have a simple web app that our foreman uses to simply mark something as done.  I don't want him to have to go to Portal to log in.  I want to give him the link to the web app, when he goes there it asks him for a user name and password, he changes a few features to "Done", then he closes the app.  He does this in the field on his phone, or on his desktop in the office.  This works perfectly now by securing the service in Server Manager.  Would it still be that simple for him if we federate and user management is in Portal?   

0 Kudos
JakeSkinner
Esri Esteemed Contributor

Yes, you can share the web map and app with Everyone.  However, only share the service with a Group that the foreman is a member of.  When they click on the URL for the web app, they will only have to enter credentials for the service.

0 Kudos
ErikLash1
Occasional Contributor

+1 on the recommendation for a 10.7.1 single machine deployment of an ESRI base install. 

Your workflows will need to be modified for use with it. However, it's well worth  the enhanced capability and configuration options that are available. More work up front but a much better result down the line.

Note of caution on Enterprise Builder > it's extremely inflexible in control of default configuration settings during install.  Run a test deployment to see if the defaults meet your needs. 

One other consideration with Enterprise Builder, its pieces can't be treated separately after they are installed.  Package deal that also requires Enterprise Builder use to update the components down the road.

We ended up setting up our own workflows for implementation of single machine deployment installations so that we could control how each component was initialized and how they could be re-configured and updated later on.

MichelleD
New Contributor III

Erik - Thank you for the recommendations.  I thought one advantage of federating would be to have a simple install with Enterprise Builder, but based on your comments I did some research and think I will follow your suggestions for a manual install.

0 Kudos