What is the correct way to setup Citrix Netscaler with ArcGIS Enterprise base deployment for public access?

417
1
08-30-2019 05:33 AM
Highlighted
New Contributor III

What is the correct way to setup Citrix Netscaler with ArcGIS Enterprise base deployment for public access?


Here is my setting:

  • ArcGIS Enterprise base deployment: Web adapter, portal, hosting ArcGIS Server, datastore all in one single VM.
  • a web adapter "gisportal" for ArcGIS Portal
  • a web adapter "gisserver" for ArcGIS hosting server
  • an internal URL - example https://servername.ad_domain.lcl
  • a public URL - example https://gis.companyname.com
  • a Citrix Netscaler redirect that maps the public URL to the internal URL
  • a DMZ DNS entry to map the public IP to the public URL
  • Authentication through company active directory


No surprise. All portal functions work fine if I use the internal URL within company network.

But for an external request using the public URL "https://gis.companyname.com/gisportal", that's a different story. It does show the portal home page correctly. I can navigate the portal without problem. Opening a feature/image layer or image layer does not work. The URL box in the layer description page shows the internal URL (something like https://servername.ad_domain.lcl/gisserver/...)


Travis S. from Esri pointed me to an Esri article "Configure your portal to use a reverse proxy server".
https://enterprise.arcgis.com/en/portal/latest/administer/windows/using-a-reverse-proxy-server-with-portal-for-arcgis.htm

I followed the instruction on the document,

  1. Add Portal for ArcGIS to your reverse proxy server -> already done in Netscaler
  2. Add ArcGIS Web Adaptor to proxy server directives -> already done in Netscaler
  3. Set the WebContextURL property -> I made those changes for both the Portal and the hosting server.
  4. Add a X-Forwarded-Host header to your proxy -> Our Netscaler admin was confused about this item. He added a X-Forwarded-Host in a header config page Netscaler. 

After those changes, I'm still having the same issue with the portal from the Internet. I think the reason is the article is for Apache Reverse Proxy, not for Citrix Netscaler. 

Anyway, our Netscaler guy came up with a workaround solution. First, he added a Netscaler policy that will replace the internal URL with the public URL on the page HEADER. He then added a second Netscaler policy that replaces the internal URL with the public URL on the page BODY. I'm able to access all ArcGIS portal contents from the Internet now. I'm able to add hosted feature layers and run analysis tools. (BTW, I removed WebContextURL changes from both the portal and the hosting server.) 

Still, there are two issues:

  1. The page response time is slower.
  2. I cannot save or update content on the following pages via the Public URL
    - ArcGIS Portal > Organization > Settings > General
    - ArcGIS Portal > Organization > Settings > Home
    - Any of pages in ArcGIS Sites

I am able to save/update the same pages with the internal URL. 

I can live with those two issues for now. But just want to know if there is a better way to set up reverse proxy on Netscaler for ArcGIS Portal. Any suggestion will be greatly appreciated. Thank you.

Luke

Reply
0 Kudos
1 Reply
Highlighted
New Contributor III

Hi, Did you open any support ticket and got some answer for this question or did you solve it your self?

Do you have anymore solution that you could share with me regarding netscaler configuration?

//Jonas

Reply
0 Kudos