GIS Architecture Question

06-28-2017 05:17 PM
Occasional Contributor II

I have a question regarding the GIS architecture. I have attached our architecture diagram. Let me describe it here.
We have one internal ArcGIS Server site that has been configured with Microsoft Active Directory. Internal users connect to the GIS services via Web Adaptor (internal) based on the allowed AD groups that we have chosen for services.
We have two kinds of external users: Public users and Public-Secured users.
We have installed and configured the Web Adaptor (public) on DMZ server and has been set the security to anonymous so everybody can connect to internal GIS Server and consume the public services.
The problem is the public users who need to use some secured services. We have some specific map services that are being used by external users but they are not accessible by public. What kind of security configuration helps us to resolve the issue?
The easiest way is change the ArcGIS Server security from Win AD group to ArcGIS built -in, but we prefer to stay in Win AD group. Another solution would be building a second ArcGIS Server site on DMZ side that is not an ideal way for us.
Any idea?

0 Kudos
2 Replies
MVP Esteemed Contributor

We have a similar set up in our organization.  I suggest you look into using a proxy

GitHub - Esri/resource-proxy: Proxy files for DotNet, Java and PHP. 

There is quite a bit of info in the help 

There have been many threads on setting up proxies, but I don't have any handy right now.  

Occasional Contributor III

Sounds about like the boat we were in for authenticating internal and external AD accounts. Just had this come out yesterday and breaks some ESRI rules but might resolve things for you.