Load Balancing ArcGIS Enterprise with F5 and No Web Adaptors

1621
2
Jump to solution
11-20-2018 09:27 AM
JustinGreco1
New Contributor III

After experiencing some issues with Tomcat using the Web Adaptor for our new ArcGIS Enterprise environment, Esri premium support recommended that we use our enterprise's network load balancer in place of the Web Adaptor.  Our load balancer is F5 and we had our network team setup the load balancing, which was somewhat successful, but we still had one remaining issue.

When the trailing slash is left off the URL, for example, https://lb.domain.com/images/rest ends up redirecting to https://lb.domain.com/arcgis/rest/.  The same is true for https://lb.domain.com/portal/portaladmin redirecting to https://lb.domain.com/arcgis/portaladmin/, which causes the sign in page not to load.  

https://lb.domain.com/arcgis/rest/ does exist on the load balancer and is being used for our main ArcGIS Server site.

I am not too familiar with F5, I am more familiar with Nginx and Apache, so I am wondering if anyone has any experience setting up F5 irules for load balancing ArcGIS Enterprise and possibly has a configuration they could share with us.

We are running ArcGIS Enterprise 10.6.1 on RHEL 7.4.

We have done the following:

- inserted the X-Forwarded-Host header

- setup an internal load balancer on port 7443 (without the X-Forwarded-Host header inserted per the documentation)

- set the WebContextUrl on portal to "https://lb.domain.com/portal"

- set the privatePortalUrl on portal to "https://lb.domain.com:7443/arcgis"

We do have a case with support, but they cannot help with setting up the F5.

1 Solution

Accepted Solutions
JonathanQuinn
Esri Frequent Contributor

Do any other URLs redirect? I don't work with F5 either, but if it's only rest and portaladmin, you can update F5 to append the trailing slashes if it's missing off of certain URLs:

Add a Trailing Slash to the URL 

View solution in original post

0 Kudos
2 Replies
JonathanQuinn
Esri Frequent Contributor

Do any other URLs redirect? I don't work with F5 either, but if it's only rest and portaladmin, you can update F5 to append the trailing slashes if it's missing off of certain URLs:

Add a Trailing Slash to the URL 

View solution in original post

0 Kudos
JustinGreco1
New Contributor III

Thanks Jonathan, our network engineer's fix was to alter the response back to the client.  However, using the ProxyPass rules module for F5 appears to be the best option.  However, our network team is feeling uncomfortable with doing all this load balancing directly through F5.  We are now looking into going with Windows, IIS, and the Web Adaptor since that configuration has been solid for several years.  Also we may want to use IWA authentication in the future.