Where to install the Enterprise Builder?

JanieGoddard · ‎02-05-2019

Hi,

I have a production release of ArcGIS Server 10.2.1 internally with a Web Adaptor on a forward facing server. I want to leave this as is.

I want to install Enterprise 10.6.1 on a virtual machine. I understand Enterprise Builder puts all the components on one machine. This includes the two web adaptors. The web adaptors have to be on the forward facing machine. So... can I install everything on my forward facing machine using Enterprise Builder?

This new server is using Windows Server 2016 Standard operating systems with IIS and SQL Server. Our IT Department is putting the new server in a "new to me" DMZ zone.

I appreciate your help, pretty please. I need to get this installed right away.

Janie

RandallWilliams · ‎02-05-2019

You can use the builder, unregister the web adaptors it installs, then register new web adaptors on the external facing server.

Unregistering ArcGIS Web Adaptor with Portal for ArcGIS—ArcGIS Web Adaptor (IIS) Installation Guide ...

Unregister ArcGIS Web Adaptor with ArcGIS Server—ArcGIS Web Adaptor (IIS) Installation Guide (10.6.1...

View solution in original post

RandallWilliams · ‎02-05-2019

Hi Janie,

A. At a minimal, you should install 10.2.2 on top of your 10.2.1 instance, then install the security patches for this version. 10.2.x will be retired in July 2019, ending support for this version. You should make plans to update this box.

B. If you're not going to the cloud, I'd install enterprise builder inside your firewall - not the forward facing machine. I'd put the web adaptors ONLY on the forward facing machine in the DMZ, and allow them to talk to your GIS Server through ports 6443 and 7443, which you'd open on your firewall. That way you can benefit from the web adaptors acting as a reverse proxy, obfuscating your internal infrastructure. I'm not a fan of directly exposing application and database servers to the outside world. If you need to SQL server from a remote server, you should use a VPN. IMO, exposing MS SQL Server on a forward facing server is a very bad idea.

JanieGoddard · ‎02-05-2019

Hi Randall,

Thanks so much for answering. I was trying to use the Option 2, to stand up a new version of ArcGIS Enterprise on new equipment. It was Option 2 in Derek Laws white paper on migrating from ArcGIS Server to ArcGIS Enterprise. Once the new version of Enterprise is working correctly, we were just going to take ArcGIS Server 10.2.1 down.

I certainly see your point of not exposing the SQL Server data, ArcGIS Server and ArcGIS Portal on the forward facing server.

However this means I can't use the Enterprise Builder, if I must put the two Web Adaptors on the Forward Facing server in the DMZ zone, right?? Enterprise Builder puts all the components on one server.

Thanks so much for your help.

Janie

RandallWilliams · ‎02-05-2019

You can use the builder, unregister the web adaptors it installs, then register new web adaptors on the external facing server.

Unregistering ArcGIS Web Adaptor with Portal for ArcGIS—ArcGIS Web Adaptor (IIS) Installation Guide ...

Unregister ArcGIS Web Adaptor with ArcGIS Server—ArcGIS Web Adaptor (IIS) Installation Guide (10.6.1...

JanieGoddard · ‎02-05-2019

Hi Randall,

I like this choice. It stops exposing the components and lets me use the builder. This is the best choice for sure! I will definitely read the above two documents.

Thanks again,

Janie

RandallWilliams · ‎02-06-2019

On second thought, you may want to just install the components individually instead of using the builder. I didn't mention that you'll need to unfederate and refederate Enterprise, and you'll have upgrade issues with the builder moving forward.

Given that, it would likely be easier in the long run to manually install instead of using the builder.

JanieGoddard · ‎02-06-2019

Thanks Randall. I appreciate all your help!

Janie