Federation to server questions

440
6
02-05-2018 06:16 AM
PanGIS
by
Regular Contributor

Hi guys,

I need to understand a couple of things regarding federation. Sorry for the dull questions.

Upgrading to 10.6

the server is in production and is serving already many external app and webmaps.

I have to upgrade and I want to install Portal as well on the same machine.

No federation for the time being, as they want to test it.

My first concern is to not affect the existing apps and maps and I understand that federation will do it, even though I am still trying to understand.

If I want to use collector, what is the best way for making the map available: add the service as item in Portal, and make a Map, is this enough?

In case I will federate, will the services be available directly on Portal?

Tags (2)
0 Kudos
6 Replies
JonathanQuinn
Esri Frequent Contributor

Federating a production Server may not be the best idea as there are a number of effects that operation will have on services and accessibility.  If you have a dev or staging Server, consider installing Portal on that machine and then federating so you know what to expect.

In general, though, the biggest impact federating will be on clients is by default, all services will become secured.  You'll need to share them with everyone to make them public, or configure your groups/users similar to how Server is configured to achieve the same permissions.

If you want to use Collector, (again, ideally testing in a staging/test environment first), federate your Server to Portal, share your services with everyone if everyone should have access, add them to a map, and then open the map in Collector.

Another thing you should consider is externally available feature services pose a security problem as anyone can edit the data.

PanGIS
by
Regular Contributor

Jonathan , thank you.

but your answers have generated more questions, sorry   

When you say "the biggest impact federating will be on clients is by default, all services will become secured." -----> web maps created and online already (created with API for JS, App studio or Web App builder.....), will become empty, because the layers are not accessible? or what? 

What is missing in my picture is the real effect. Believe me, I read the docs many times.

For the time being (I will check tomorrow) I don't even know if the services are secured or not and how the security is generale on this server.

"If you want to use Collector, (again, ideally testing in a staging/test environment first), federate your Server to Portal," ----> in this case federation is the only option? collector works only in a federated environment?

"Another thing you should consider is externally available feature services pose a security problem as anyone can edit the data."  

Are you referring to the share with everyone in portal?

Another question not related directly to the previous: is an upgrade of  4 versions (AGS from 10.2 to 10.6) advisable? or should I go for a gradual upgrade (considering also LM and Desktop)

0 Kudos
RebeccaStrauch__GISP
MVP Esteemed Contributor

I can answer some of this from my experience, but we are facing similar upgrades here too.

Another question not related directly to the previous: is an upgrade of  4 versions (AGS from 10.2 to 10.6) advisable? or should I go for a gradual upgrade (considering also LM and Desktop)

re: the LM...LM 10.6 supports all the previous versions, so I would start with that and make sure all your current Desktop clients are still working.  The newer Desktop install will detect older version and uninstall if needed.  We have gone from 10.1 to 10.5 with no issues, but most of our will be upgrading from 10.3.1 when we do it.

We are not jumping to 10.6 of the server software yet, mainly because of internal reasons....we are just now moving from 10.2.2 to 10.5.1.  We are doing a clean install, and then using a python script that will help migrate about 80% (guessing) of our services.  The rest we will be doing manually.  (this is after moving all the mxd's and data...and registering, etc.).

Keep in mind that there were/are changes between Desktop versions (read the various What's New docs) due to either bug fixes (or new bugs) and/or enhancements.  Also, if you have many custom scripts, there may be tweaks that need to be done.  Test on one machine and give things updated before you deploy to all.

Be careful not to open and view parameters for a custom toolbox in 10.5x+ (at least) if you want it to work in 10.2.x again.  It auto updated something that makes it un-view-able in 10.2....so work on a copy.

We do not plan to federate because of the taking over the security role from ArcGIS Server.  At some point, with the new Portal level 1 policy, we may reconsider, so this is a very interesting thread.  I know there will be URL changes if we federate, but had not thought about other ramifications if we do it at a later time.  However, I think moving from 10.5.to 10.6 for us will be pretty easy, once we are ready.

So, watching this thread with interest.

PanGIS
by
Regular Contributor

Rebecca, thank you.

Yes I have thought already to start with LM and Desktop as they are less concerning. Then starting with Server. 

Are the upgraded desktop connecting without problem to your server? (I have admin and publisher connection from my desktop 10.5.1 to  another server 10.2 but I have never used them for managing or publishing service, I use another desktop 10.2.2 for that).

Thanks for the advice on the custom toolboxes, I haven't thought of it.

Are you thinking to upgrade to 10.5.1 because you are waiting for 10.6.1?

In my case is not going to be a clean install, but I will make sure that all possible backups are made. Thankfully Portal is not installed yet.....

Federation is out of our plan too right now, tomorrow I will know more about all the services and data. 

0 Kudos
RebeccaStrauch__GISP
MVP Esteemed Contributor
Are the upgraded desktop connecting without problem to your server? (I have admin and publisher connection from my desktop 10.5.1 to  another server 10.2 but I have never used them for managing or publishing service, I use another desktop 10.2.2 for that).

I can probably answer this better in a few days.  Just waiting for our servers to be release to us (GIS) from IT.

Are you thinking to upgrade to 10.5.1 because you are waiting for 10.6.1?

Partially.  But also, it's taken so long for us to get to this stage with IT taking over what I used to do, (and with our servers being moved to another location, AND testing the remote connections to find a stable environment for editing our master SDE databases), that I just don't want to throw another wrench in the machine.  Just need to get moved.  The 10.6.x issue will be after we are once again stable.

0 Kudos
JonathanQuinn
Esri Frequent Contributor
web maps created and online already (created with API for JS, App studio or Web App builder.....), will become empty, because the layers are not accessible? or what? 

The webmaps themselves won't become empty or lose their layers, but users opening the webmaps won't see the layers if they don't have access to them. They'll likely be met with an error indicating which layers were not accessible.

What is missing in my picture is the real effect.

The major effect is accessibility.  If all of your services are available externally, once you federate, all of those services are only accessible to the user you signed into Portal with when you federated.  If you share them with everyone, that makes them accessible to anyone with access to the REST endpoint.

"If you want to use Collector, (again, ideally testing in a staging/test environment first), federate your Server to Portal," ----> in this case federation is the only option? collector works only in a federated environment?

No, you can connect Collector to any ArcGIS Online organization or on-premises Portal, (otherwise knwon as a lower case portal).  I only mentioned federation to put it in context with your original post.

"Another thing you should consider is externally available feature services pose a security problem as anyone can edit the data."  

Are you referring to the share with everyone in portal?

Yes, you should be careful about an unsecured feature service, (whether the service is unsecured in a non-federated Server or it's shared with everyone in a federated Server). Anyone can make edits to the feature service.

0 Kudos