Community

Moving the Web Adaptor from an internal network machine to a DMZ machine

3078
11
03-13-2018 07:36 PM
ShawnPOWER
by
New Contributor III
‎03-13-2018 07:36 PM

I am looking for some gotchas and advice you all have when moving an ArcGIS Server and Portal for ArcGIS to a new Web Adaptor machine, in a DMZ network, to provide authenticated public access to the internal resources. Below is my plan of action from a high level, what am I missing?

When doing this I am planning on unregistering the internal network machine's Web Adaptor from an ArcGIS Server and Portal for ArcGIS. The ArcGIS Server site is federated with Portal via this internal network machine's Web Adaptor. I am planning on leaving that alone right now (should I unfederate?). Then I was planning on registering the new DMZ network machine with the ArcGIS Server and Portal for ArcGIS. The new DMZ network machine does have a new name, so it will not be the same as the old. The Web Adaptor also already provides Integrated Windows Authentication (IWA) to the Portal for ArcGIS.

I am guessing once this is done all the web maps (configs, popups, etc.), services, AGOL items, apps, 3rd party apps that use these things outside of Esri products, etc. will all need to be re-published, re-created, or at least re-configured for the new Web Adaptor name, is that correct?

11 Replies
ShawnPOWER
by
New Contributor III
‎03-20-2018 10:09 AM

Rebecca Strauch, GISP‌, no problem on the hijacking. A federation for Portal has been very useful so I would recommend moving that way for sure. I think what I have learned here is that it is important to user a DNS alias (CNAME record) to augment your machine name when leveraging the Esri Web Adaptor. More importantly, if you are ever going to externalize (or make public) your GIS services or Portal, secured or not, you should really think about putting your Esri Web Adaptor in the location that makes sense from the get go for that to occur, so for some that is the DMZ. We have opted to build out a new Server and Portal to attach to the DMZ based Web Adaptor to limit production downtime during this change and avoid the unfederating activity all together here.

Thanks again JQuinn-esristaff‌!

EricPeña
by
Occasional Contributor
‎02-05-2020 09:30 AM

Jonathan, I think I have a slightly different setup that I'm hoping won't require re-federating.  Here is what I have:

  • ArcGIS and GeoEvent server sites are federated without internal web adaptor
  • current web adapter is in DMZ and public facing and working fine
  • I need to change to a new DMZ web server and new public URL

Will unregistering current WAs, reregistering WAs on new server, and updating the WebContextURL be enough to keep things going or will re-federating be required?  Thanks for any advice you can give.

0 Kudos