GeoEvent Deployment on an Existing Federated Multimachine Enviroment

AKRRMapGuy · ‎08-09-2023

I am getting ready to deploy ArcGIS Geoevent Server on an existing Federated, multimachine deployment of Enterprise. I was looking at the server machine admin page and I could not locate the SSL upload area. The documentation I have states that the certificate from the new GeoEvent Server has to be uploaded to both the portal admin page and the existing server admin page. However, the documentation does not cover if the existing deployment is federated.

I know federating server with portal makes portal responsible for security of the server, is this why I can't find a place to upload a certificate in the server admin security page? Will uploading it to the portal admin security page take care of it? I found where to do it in the portal admin page and the documentation says it's done in the same place on the server, but it is not there on server.

JakeSkinner · ‎08-09-2023

Hi @AKRRMapGuy, you should not have to upload GeoEvent's certificate to Portal or ArcGIS Server. Are you deploying GeoEvent to it's own dedicated server? This is recommended. Once you have GeoEvent installed on it's own server, it is not required to federate with Enterprise. I typically recommend not federating.

In GeoEvent, you can create Data Store connections to Portal and/or ArcGIS Server. If you receive an error after registering one of these data stores, check the logs. You may receive an error that GeoEvent was unable to perform an SSL handshake to https://<portal>:7443/arcgis, or https://<server>:6443/arcgis, if this is the case, you will need to import Portal/ArcGIS Server's certificate into GeoEvent's admin directory (https://<geoevent>:6443/arcgis/admin/machines/<machine>/sslcertificates/importRootOrIntermediate.

AKRRMapGuy · ‎08-09-2023

Yes, it will be on its own virtual machine on the same subnet as the other machines.

May I ask why you recommend against federating? I would be mixing a federated and non federated server environment and that makes me feel weird.

Would I need to create datastore connections to both portal and server individually or would one store to portal give me access to server/SQL DBs as well? I would need to federate for that I think?

JakeSkinner · ‎08-10-2023

With federating, the only thing that changes is how you authenticate to GeoEvent. If Portal is down, you will be unable to connect to GeoEvent Manager.

If you are using the Spatiotemporal Data Store, you will need a Portal connection in order to create an output in this data store. If you are not, you should be good to just use an ArcGIS Server connection. I prefer to use ArcGIS Server rather than a Portal connection when not working with Spatiotemporal feature services. When using a Portal data store connection, you can only poll/update feature services owned by the credentials that created the data store connection. With an ArcGIS Server data store, if you connect as an admin account, you have access to poll/update ALL services, regardless if you are the owner or not.

GeoEvent will not be able to connect directly to SQL DBs. Any data you wish to use from SQL will need to be published as a service for GeoEvent to consume.

AKRRMapGuy · ‎08-10-2023

Interesting, that is kind of disappointing. How does the sharing inside of a portal app(Exp Builder) work for those services then? Are non portal admin users logged in through portal able to consume those services? It kind of sounds like I would have to create logins for everybody with the portal server if I don't federate? If the service from geoevent is shared with the org how would it know the portal users are part of the org?

JakeSkinner · ‎08-10-2023

The GeoEvent server will not host any services. All services that GeoEvent polls/updates will reside in your ArcGIS Server instance that's federated with Portal.

AKRRMapGuy · ‎08-10-2023

And that would be true weather I federated the Geoevent server or not? To make sure I am understanding, no services from Geoevent would live in the ArcGIS Server that Geoevent server runs on top of, they would live in our other existing ArcGIS server and would therefor be accessible by org users?

AKRRMapGuy · ‎08-10-2023

To put a point on it, I would access the Spatiotemporal services published from Geoevent in our existing ArcGIS Server where all of our services from SQL live for example? This would mean I don't need to access the ArcGIS Server on the GeoEvent machine to use the services published from the Geoevent machine. The datastore between ArcGIS Server and ArcGIS Server would do that?

JakeSkinner · ‎08-10-2023

Yes, that is correct. The only exception is if you create a Stream Service. Stream Services will reside on the ArcGIS Serer instance GeoEvent is installed on.

All of the other services will be access through the Data Store connections you create (i.e. to your federated ArcGIS Server instance):

AKRRMapGuy · ‎08-10-2023

Will the stream services be accessible to items(maps) and users in portal? Most of my services will likely be stream services.