Community

GIS Architecture Question

1003
2
06-28-2017 05:17 PM
AzinSharaf
by
Occasional Contributor II
‎06-28-2017 05:17 PM


I have a question regarding the GIS architecture. I have attached our architecture diagram. Let me describe it here.
We have one internal ArcGIS Server site that has been configured with Microsoft Active Directory. Internal users connect to the GIS services via Web Adaptor (internal) based on the allowed AD groups that we have chosen for services.
We have two kinds of external users: Public users and Public-Secured users.
We have installed and configured the Web Adaptor (public) on DMZ server and has been set the security to anonymous so everybody can connect to internal GIS Server and consume the public services.
The problem is the public users who need to use some secured services. We have some specific map services that are being used by external users but they are not accessible by public. What kind of security configuration helps us to resolve the issue?
The easiest way is change the ArcGIS Server security from Win AD group to ArcGIS built -in, but we prefer to stay in Win AD group. Another solution would be building a second ArcGIS Server site on DMZ side that is not an ideal way for us.
Any idea?

Preview file
32 KB
0 Kudos
2 Replies
RebeccaStrauch__GISP
by MVP Emeritus
MVP Emeritus
‎06-28-2017 10:58 PM

We have a similar set up in our organization.  I suggest you look into using a proxy

GitHub - Esri/resource-proxy: Proxy files for DotNet, Java and PHP. 

There is quite a bit of info in the help 

There have been many threads on setting up proxies, but I don't have any handy right now.  

ScottFierro2
by
Occasional Contributor III
‎06-29-2017 03:28 AM

Sounds about like the boat we were in for authenticating internal and external AD accounts. Just had this come out yesterday and breaks some ESRI rules but might resolve things for you.

http://www.directionsmag.com/entry/leveraging-a-multi-forest-active-directory-environment-for-use-wi...