We set up our staging environment for ArcGIS Enterprise 10.6.1. Everything works fine when webmaps, apps, and etc. are accessed internally; however, we are not able to view any of the layers in the webmap when accessed outside of our network using the ArcGIS field apps(collector and Explorer). We get the error "a server with the specified hostname could not be found".
We have a multi-machine deployment with the VMs for the datastore and Server for ArcGIS and web adaptor inside our network. The VM with Portal for ArcGIS and the web adaptor is in the DMZ... image of setup is attached.
What is wrong or missing in this setup?
Solved! Go to Solution.
We worked via esri professional services and they had us move the server with portal installed to the inside and only the 2 web adapters sit in DMZ. Both servers(portal and AGS) had to be exposed to our users on the outside.
Hope this helps.
Sent from my iPhone
Although outside clients/devices are able to access web maps in Portal since Portal is in your DMZ, the outside clients/devices cannot access layers in those web maps that are published from internal, federated servers since those servers are not accessible from the Internet. Given your diagram, the results you are seeing are expected.
I don't have time, at the moment, to dive into what changes need to happen to make it work. Overall, I suggest you open a case with Esri Support to get additional guidance because securing an ArcGIS Enterprise deployment is involved. I don't see a reverse proxy server in your diagram, is that because there isn't one or it just wasn't included?
Thanks for responding. I do have a ticket open and the 1st analyst told me to expose the federated server, but didn't have much detail on how we should do it without having to expose all of my services to the public. We decided it would be best that he forward me to the right team. In the meantime, I thought I would post the question here in case I sit in the queue for another few days. I'll wait for Esri to respond. Thanks!
The common way to expose the federated server, or parts of it, are through the use of a reverse proxy. Since reverse proxies are common in the web sphere, and commonly not managed by GIS shops, usually folks that deploy ArcGIS Enterprise will need to engage with other parts of the IT organization to have them configure the reverse proxies to support GIS server. While you are waiting for Esri Support to get back with you, I suggest you read Configure your portal to use a reverse proxy server—Portal for ArcGIS (10.6) | ArcGIS Enterprise and Using a reverse proxy server with ArcGIS Server—ArcGIS Server Administration (Windows) | ArcGIS Ente....
Our network team helped with setting up the servers. I now have the senior engineer from the team looking at it. She thinks the reverse-proxy was not setup the right way. Thanks for your input!
Sorry to semi-hijack the thread, but I have a similar problem. I was under the impression that the Web Adaptor was a reverse proxy for this purpose and could handle this scenario? Are you saying a third party reverse proxy is required?
You are correct, the web adaptor is a reverse proxy. Is your ArcGIS Server web adaptor in the DMZ? If it is, are the layers being used in your map viewer being accessed via the web adaptor URL or the internal (https://host.domain.com:6443/arcgis) address?
I have both web adaptors (for server and portal) in the DMZ while the server and portal themselves are in the internal network. That should still allow for internet access to both the portal and server, right?
Edit: I am still setting this up and running into some bumps along the way, so I don't have services being accessed right now. Thanks for you help.
do you have the possibility to access a WebMap or WebApp of the portal from outside with a notebook? If yes, please activate the developer tools (e.g. in IE) and see which URL is used to access the services? This should be a WebAdaptor URL without a port - what kind of URL is it for you?
Did you set the WebContextURL correctly?