ArcGIS Monitor Architecture for external facing Enterprise Deployment

258
2
07-29-2020 07:53 PM
ClintonBallandis1
Occasional Contributor

Hi,

I have an environment with three ArcGIS 10.7.1 enterprise deployments that I'm looking to use ArcGIS monitor with.

The deployments are as follows:

1) Internal Production ArcGIS Enterprise base deployment used by organisation staff only -  hosted on a local network behind a firewall.

2) Internal Test / Dev  ArcGIS enterprise base deployment hosted on local network behind a firewall

3) External facing Production base ArcGIS Enterprise deployment used to share content with the public. The Portal Server, ArcGIS Server and Datastore Server all all on the local network behind the firewall with the corresponding  web adaptors in a DMZ.

I'm wanting to know if I can use a centralized ArcGIS Monitor deployment installed on a single machine on the local network and still be able to monitor the External Facing ArcGIS enterprise components out in the DMZ as per the simplified architecture diagram below? 

Any help would be appreciated Andrew Sakowicz  Evan Mosby

Thanks,

Clinton

2 Replies
by Anonymous User
Not applicable

Coincidentally, my group is looking to do the same thing soon and we have a very, very similar set-up. I am interested in what the official response is to this, but... My understanding is that you will probably need to punch a hole through your firewall with a port to reach the monitor, or set up a second monitor on the external side if you'd rather not.

I'm imagining it's going to be similar to if you were using an internal license-manager and needed to grab a license for an external server (granted we use a single use license instead for that scenario).

I hope we get a better expert in here on this soon enough though lol, but I'll try to update if we work something out on our end.

0 Kudos
AndrewSakowicz
Esri Contributor

Dustin is correct, the issue is access to ArcGIS Enerprise Admin API.  This is general rule for ArcGIS Monitor.  If you can access from one machine, this is recommended deployment.  If not, use distributed.  Note, in your case, you could potentially access Admin API  directly through machine:port, (not DMZ web adapter).