Community
Select to view content in your preferred language

Highly available ArcGIS Server on DMZ with third party NLB

2078
4
Jump to solution
07-20-2017 03:21 PM
AzinSharaf
by
Frequent Contributor
‎07-20-2017 03:21 PM

We are going to deploy a highly available ArcGIS Server on DMZ side with ArcGIS built-in store security. Since we use third party NLB, I believe we don’t need Web Adaptor. Correct? Can I remove green boxes in diagram below? 

0 Kudos
1 Solution

Accepted Solutions
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎07-20-2017 05:23 PM

Yes, that should be fine:

There's internal communication that needs to be through redundant URLs as well, (handled by lb2).  In this diagram, that internal communication stays internal whereas only user/public traffic is handled externally.  You can use the same load balancer for both types of URLs, (defined using the privatePortalURL prior to federation and admin URL during federated).

View solution in original post

4 Replies
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎07-20-2017 05:03 PM

If you plan on using IWA, the Web Adaptor is required for Portal.  If you plan on using SAML or built-in users, the Web Adaptors are not required.

Deployment scenarios for a highly available ArcGIS Enterprise—Portal for ArcGIS (10.5.x) | ArcGIS En... 

AzinSharaf
by
Frequent Contributor
‎07-20-2017 05:15 PM

Thanks Jonathan! This is just for public faced ArcGIS Server without having Portal. Can I remove green boxes in this scenario?

0 Kudos
JonathanQuinn
by Esri Notable Contributor
Esri Notable Contributor
‎07-20-2017 05:23 PM

Yes, that should be fine:

There's internal communication that needs to be through redundant URLs as well, (handled by lb2).  In this diagram, that internal communication stays internal whereas only user/public traffic is handled externally.  You can use the same load balancer for both types of URLs, (defined using the privatePortalURL prior to federation and admin URL during federated).

MasterAdmin
by
Emerging Contributor
‎11-20-2017 02:43 AM

Hi Jonathon

I have set up portal in a DMZ.  All seems to be working correctly with Windows Integrated security login. 

I have also set up ArcGIS server inside the firewall. It is also functioning correctly.

I now wish to federate the server with portal and I am having some trouble.  Can you please tell me which ports need to be opened in the firewall so that the server can be federated with portal and function correctly?  

Is it 6443 or 7443 or both? (using https in both environments).  Any others.

Each change to the firewall needs to go through a long approval process so I'd like to put in one request if possible.

Thanks in advance, Rob

0 Kudos