General Set-Up Questions with ArcGIS Javascript API

NickAlexandrou1 · ‎07-07-2016

My company has ArcServer, as well as the ability to publish to it.

We can pull our map/feature services either from the server directly, or from a Web Adaptor we set up in our DMZ that's secured with our Windows Domain Active Directory.

We have a couple applications that have been created by consultants, which are good... but we are interested in creating a couple smaller, more specific applications for other departments.

For an application that needs to remain behind our firewall and only accessible on our secured domain, what would be the standard method of creating this application? Would we reference JS API's CDN, or download the API and put it on the hosted web server, then point the config file to look at that? We will probably put the application on the same server that is housing ArcServer so for internal use applications we probably don't need to worry about CORS communication between servers (unless I'm misunderstanding the need for this).

What about trying to set up an application that is secure, but facing outward. Meaning it pulls data through the Web Adaptor? I'm assuming we would host the application files on the DMZ server, and when a user tries to access the application, a credentials request will pop up. Same questions though, CDN or hosted API?

And then the final question, of those situations, which I feel are fairly common.... do either of these situations require the use of a proxy on either the internal server for internal applications, or the DMZ server for outward facing apps? (probably the DMZ server right?)

Any help would be appreciated, I've taking a few HTML courses a couple years back, I'm just not the best ArcGIS developer as I haven't really needed to do any, but as of late, the desire to start creating my applications has came about.

Thanks!

Any one have an links to examples I could look at the underlying scripts to get a grasp on what is needed for either situation?

AdrianWelsh · ‎07-11-2016

I'm curious about this question too.

SteveCole · ‎07-11-2016

Within my organization, we have two ArcGIS Server installs- one internal development server and a second which serves up public facing data and apps. Both installs use the default ESRI web adaptor. I have publishing rights to the internal development server but not the public facing instance. As such, I've developed several apps for staff to use within our network. Our IT department used to use a proxy but now uses some sort of 3rd party filtering service.

I think the answer regarding self hosting the API vs ESRI's CDN largely depends on what your staff are generally allowed to do. Can they freely access the internet during their normal duties or is their work environment completely isolated? If it's isolated, I don't think you have much choice other than hosting the API yourself. If the staff can access the web from their machines, I think hitting ESRI's CDN is the way to go. That way, you're not responsible for making sure the ESRI code base is current.

As for the location of the code, I do what you described- I created folders on the ArcGIS Server machine in it's c:\intepub\wwwroot folder so the app is accessed via http:\\<server name>\<app folder>

RebeccaStrauch__GISP · ‎07-12-2016

In contrast to Steve's setup, we have only one ArcGIS Server (that is what we are licensed for) and have two web adapters, on the same IIS machines. One I have set up for all my secrure secures, the other for those that are public. We used a proxy to access both, one that just passes the requests thru for the public version, the other that passes a token, but I am currently swapping that to user/pass credentials and locking it down to only certain machines as referers. This is working for both internal and external Javascript and Web AppBuilder web pages. We do not have editing yet, and I have not tried it with any of the mobile apps like Collector or AppStudio, so I can't comment about that yet.

there are some situations that the proxy with referers enabled will not work, like OpenData, but that is something I will be working on later this month (to figure out other options).

NickAlexandrou1 · ‎07-12-2016

Thanks Rebecca,

The only public facing services we have, I would say 80% or so need feature services access for data editing. Currently everything is working out with just Web-map access on Collector, however. We want to start venturing into hosting applications. I naturally want to use the Web App Builder out of ease and efficiency, but we are having a slight issue with the certificate our IT department has on the server in our DMZ. When I try to host a Web App on our local machine, it isn't prompting users to input their Windows Domain credentials to access the secure services... it just says operational layers were not able to load. This will be an issue if using Web Apps, or custom JS applications pulling REST endpoints through our Web Adaptor. I've found a few threads previously and it all seems to boil down to the certificate on the DMZ server. So we are looking into that for our "public facing" applications.

As for internal applications, I haven't tested anything out yet. I'm having a test environment made so I can try out a few different config. set-ups to see what will/ won't work.

Thanks!

NickAlexandrou1 · ‎07-12-2016

Thanks Steve, I'm having our IT department make a test environment within our Firewall (just a virtual server, CORS enabled, with Windows Authentication and IIS). To test a few applications I've been working on. That way I can see it's functionality before hand instead of creating it at home and then trying to find bugs when I deploy a live version. That will come in handy for our internal applications. As for external public facing (which is really just secure services accessible through the Web Adaptor in our DMZ). That's another beast I'll have to try out. But as for moving forward, internal doesn't seem like it will be too difficult. I'm going to try both methods in a very simple web viewer to see what works best before fully diving into it.