Running Monitor Administrator tool remotely

390
3
Jump to solution
06-10-2020 03:52 AM
VictorTey
Esri Contributor

Hi Michael Reither‌, hope you can assist with this question. We have ArcGIS Monitor setup on a virtual machine. However to configure ArcGIS monitor will remote desktop access and admin access to the machine. This has been raised as a risk in security to provide user with RDP access to ArcGIS monitor server.

We tested installing administrator on a local machine and connect to ArcGIS monitor (port 8000 and 443 opened) however it isn't able to view the collection service that has been configured on ArcGIS monitor server.

My question here being, is it possible to administer ArcGIS monitor that has been setup on a virtual server without resorting to providing RDP access?

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
MichaelReither
New Contributor III

Let's take a step back. Regarding your comment:

"However to configure ArcGIS monitor will remote desktop access and admin access to the machine."

The ArcGIS Monitor Service (data collector) does not have to given an Administrator account. We realize some facilities don't allow Administrator privileges to a software monitor. You can setup an account with the minimal permissions required instead of using a full Admin account. 

The Non-Admin account requires:

* the account is added to the Performance Monitor Users group and Distributed DCOM Users group

Windows Management Instrumentation (WMI) is configured for Enable Account, Remote Enable, and Read Security

The procedure for configuring the Non-Admin account is listed below.

https://enterprise.arcgis.com/fr/monitor/10.6/administration/configure-wmi-access-for-nonadministrat...https://enterprise.arcgis.com/fr/monitor/10.6/administration/configure-wmi-access-for-nonadministrat...

 Using the Non-Admin account and running the ArcGIS Monitor Administrator and Server on the same machine is easier than the more complex configuration of splitting it up on different servers. 

View solution in original post

0 Kudos
3 Replies
MattD
by Esri Contributor
Esri Contributor

Yes this is possible, it is called a Distributed deployment - 

In this deployment, ArcGIS Monitor Administrator and the ArcGIS Monitor Server application (with MongoDB) are installed on different machines. This option should be used when there's significant network latency between ArcGIS Monitor Administrator and the target environment from which the counters are collecting data.

Deployment scenarios—Installation Guides | Documentation for ArcGIS Enterprise 

Troubleshoot ArcGIS Monitor Server application problems—ArcGIS Monitor Administrator | Documentation... 

0 Kudos
VictorTey
Esri Contributor

Hi Matthew Dusch‌,  I understand how the distribute monitor works however that is not the intention. For example if administrator is deployed on machine A,  and monitor is deployed on Machine B, registering a collection on machine A will create a windows service on machine A which will collect the metrics and report to Machine B. If machine A is a client local laptop, that won't be feasible right?

Maybe my question would be better phrased, can we have administrator on a client's laptop so they can configure arcgis monitor which is deployed on a server instead of providing user RDP access to the server.

0 Kudos
MichaelReither
New Contributor III

Let's take a step back. Regarding your comment:

"However to configure ArcGIS monitor will remote desktop access and admin access to the machine."

The ArcGIS Monitor Service (data collector) does not have to given an Administrator account. We realize some facilities don't allow Administrator privileges to a software monitor. You can setup an account with the minimal permissions required instead of using a full Admin account. 

The Non-Admin account requires:

* the account is added to the Performance Monitor Users group and Distributed DCOM Users group

Windows Management Instrumentation (WMI) is configured for Enable Account, Remote Enable, and Read Security

The procedure for configuring the Non-Admin account is listed below.

https://enterprise.arcgis.com/fr/monitor/10.6/administration/configure-wmi-access-for-nonadministrat...https://enterprise.arcgis.com/fr/monitor/10.6/administration/configure-wmi-access-for-nonadministrat...

 Using the Non-Admin account and running the ArcGIS Monitor Administrator and Server on the same machine is easier than the more complex configuration of splitting it up on different servers. 

View solution in original post

0 Kudos