Hi, our org has deployed an Enterprise 10.8.1 base setup with a SAML idp.
The web adaptors for the federated hosting server as well as the Portal are installed on a machine in the DMZ part of the org network (though not publicly available). We've currently evaluating the environment for internal use but have preliminary hopes of using one Enterprise deployment for both organization users, in the field and on the company network, as well as making everything shared with "everyone" and Public available to the general public.
When attempting to research how one would setup the following, if it's at the minimum case enough to expose the Portal web adaptor url, I've found the high availability setup scenarios ( https://enterprise.arcgis.com/en/portal/latest/administer/windows/ha-scenarios-web-gis.htm ) as well as the Security Best Practices ( https://enterprise.arcgis.com/en/portal/latest/administer/windows/security-best-practices.htm ) that mention that anonynous access is best left off.
So being aware that we would obviously need to make sure the right users/roles had "share things to the Public" and that we are planning to start small in terms of users and data, having a part exposed externally is nevertheless going to need following one of the HA scenarios I think, as the Enterprise deployment possibly/probably becomes mission critical; correct?
Our initial plan was for an unfederated ArcGIS Server to supply AGOL with services for the general public but we have initially rejected that idea in order to administer only one Portal environment and also because there are currently some not entirely resolved questions regarding GDPR.
Thanks for reading and for any pointers on further (mandatory) reading : )
