I am looking for some gotchas and advice you all have when moving an ArcGIS Server and Portal for ArcGIS to a new Web Adaptor machine, in a DMZ network, to provide authenticated public access to the internal resources. Below is my plan of action from a high level, what am I missing?
When doing this I am planning on unregistering the internal network machine's Web Adaptor from an ArcGIS Server and Portal for ArcGIS. The ArcGIS Server site is federated with Portal via this internal network machine's Web Adaptor. I am planning on leaving that alone right now (should I unfederate?). Then I was planning on registering the new DMZ network machine with the ArcGIS Server and Portal for ArcGIS. The new DMZ network machine does have a new name, so it will not be the same as the old. The Web Adaptor also already provides Integrated Windows Authentication (IWA) to the Portal for ArcGIS.
I am guessing once this is done all the web maps (configs, popups, etc.), services, AGOL items, apps, 3rd party apps that use these things outside of Esri products, etc. will all need to be re-published, re-created, or at least re-configured for the new Web Adaptor name, is that correct?
Everything you mentioned is right, and you can make the DMZ version use secure web services if need be. That is what we did with our system, you do not need to unfederate the internal web server and portal. You are correct you will have to republish the services and reconfigure your 3rd party applications etc. Chad