If you have a Enterprise deployment with ArcGIS Server, Portal, Data Store(relational, tile cache), Enterprise Database, Image Server, File Server, etc. that are accessible via a webserver with Web Adapter for Portal. Is there a need for Web Adapter for Server? Is this intended more for multiple ArcGIS Server deployments?
Sorry, I am getting lost in how all of this gets integrated. Add in federating and my pea size brain implodes to nothingness. I have read through the many installation guides available but these seam to deal with the individual pieces and not the whole picture.
Solved! Go to Solution.
The note regarding the URL to use when federating is stating use the Web Adaptor or load balancer URL when federating. This ensures that the Portal can still communicate with the Server site in the event one of the Server machines go down.
I haven't tried to federate Portal and Server with Server using IWA, but yes, I don't think it'd go well. There are requests made from Portal to the services URL, (which would be secured with IWA), and I don't think it can pass the 401 challenge presented by the Web Adaptor/Web Server, so those requests will fail.
In terms of the order of operations, you can generally follow the tutorial for setting up a base ArcGIS Enterprise deployment:
Anything regarding permissions should be done during the install and anything regarding certificates can really be done whenever while being aware that Portal or Server may need to be configured to trust the certificate:
Data registration workflows can happen before or after federating, but I'd modify any security settings, (IWA, etc), after the base deployment is configured. Your web adaptor for the Image Server can be installed/configured after the base deployment is finished and can exist on the same web server as the other web adaptors.
The Web Adaptor can perform load balancing, (send requests to each backend machine within a site) and thus allows you to scale well. It doesn't provide redundancy, though, which means if your web server goes down, so does the web adaptor and the entry point to any components that rely on the web server for the web adaptor. A fault-tolerant load balancer, (F5, etc), should be used if you're concerned about availability.
Hi Lance,
It is not mandatory for you to configure the ArcGIS Web Adaptor with ArcGIS Server, as it is for Portal for ArcGIS. However, configuring the ArcGIS Web Adaptor with ArcGIS Server allows for the integration of ArcGIS Server with your existing web server. Please see the following document that explains the purpose of integrating ArcGIS Web Adaptor with ArcGIS Server:
Hi Lance, just to add to Jacob's reply.
One of the best things the web adaptor does is to 'mask' your AGS ports (6080, 6443) and install folder from the public.
"Allows you to expose your ArcGIS Server through your organization's standard website and port. Use the Web Adaptor if you don't want users to see the default port 6080 or the default site name arcgis."
So for instance on the server machine, you can access your services url as https://gisserver.domain.com:6443/arcgis/rest/services and for security reasons, you don't want to give people that url. With a WA, you can have it as https://webadaptorhost.domain.com/webadaptorname/rest/services
I hope this helps.
The Web Adaptor is not required for either Portal nor Server. The only reasons to use the web adaptor are 1) you don't want to manage your own reverse proxy or load balancer in the case of a multi-machine site and 2) you want to use IWA. If you want to use your own reverse proxy or load balancer in front of either Portal or Server, then you can send the traffic directly to 6443 (Server) or 7443 (Portal).
Thanks for the input. Sill been rebuilding my sandbox to test this again. Going to make a full backup this time before attempting to connect anything together. We currently have one ArcGIS Server and one Portal server in our production environment. The ArcGIS server is federated to the portal and a hosting server to a ArcGIS Datastore. The ArcGIS Server is also referenced to an enterprise geoDatabase. Everything is running great.
We want to add a two additional ArcGIS servers. One to share the processing load and one to run as an imaging server. Also adding a file server for hosting shared ArcGIS Configuration files, image files, etc. Every time I try and connect and federate the servers everything goes to pieces. It is most likely the order that I am connecting everything together or federating the servers.
I did learn that for multimachine site a webadapter for ArcGIS Server is required.
Note:
If you federate with a multimachine site or highly available ArcGIS Server, or if your ArcGIS Server is hosted in a cloud environment, use the Web Adaptor or load balancer URL in this field instead. The Administration URL setting must be a URL that the portal can use to communicate with all servers in the site, even when one of them is unavailable. If you use a Web Adaptor for this URL, ensure that you have enabled administrative access to the server through the Web Adaptor.
I also learned that you MUST disable IWA on any ArcGIS server BEFORE federating.
If you have an existing ArcGIS Server site that is using IWA, you must disable IWA on the ArcGIS Server site before you can federate it with your portal. Follow the instructions in the section below to disable IWA on your server before proceeding. If your ArcGIS Server site is not already using IWA, you can skip this section.
Source: Setting up your portal and federated server to use Windows accounts
Currently, I have the following built on separate VMs but nothing configured or connected together:
What order is best to connect these together, implement windows based identity stores, register file shares and enterprise databases, federate which servers and set a host server? We will may add an additional web adapter for the Image server and keep it separate from the other two (Yes/No?).
Any input would greatly be appreciated.
The note regarding the URL to use when federating is stating use the Web Adaptor or load balancer URL when federating. This ensures that the Portal can still communicate with the Server site in the event one of the Server machines go down.
I haven't tried to federate Portal and Server with Server using IWA, but yes, I don't think it'd go well. There are requests made from Portal to the services URL, (which would be secured with IWA), and I don't think it can pass the 401 challenge presented by the Web Adaptor/Web Server, so those requests will fail.
In terms of the order of operations, you can generally follow the tutorial for setting up a base ArcGIS Enterprise deployment:
Anything regarding permissions should be done during the install and anything regarding certificates can really be done whenever while being aware that Portal or Server may need to be configured to trust the certificate:
Data registration workflows can happen before or after federating, but I'd modify any security settings, (IWA, etc), after the base deployment is configured. Your web adaptor for the Image Server can be installed/configured after the base deployment is finished and can exist on the same web server as the other web adaptors.
The Web Adaptor can perform load balancing, (send requests to each backend machine within a site) and thus allows you to scale well. It doesn't provide redundancy, though, which means if your web server goes down, so does the web adaptor and the entry point to any components that rely on the web server for the web adaptor. A fault-tolerant load balancer, (F5, etc), should be used if you're concerned about availability.