ArcGIS Enterprise on development Server

AndreaB_

Hi all,

I have successfully installed ArcGIS Enterprise 11.1 on a single machine on a Production server. It has GIS Server, Portal, Data Store (relational and tile cache), 2 web adaptors, and Image Server. It has a CA-signed Certificate on all of the apps and is open to the public through an F5 and using DNS address and Portal is configured to use a WebContext URL.

I am now setting up a GIS development server. I am going to install ArcGIS Enterprise 11.1. However, in dev I'm not going to have a CA-signed certificate, nor is it going to be open to the public through the F5 or have a DNS address.

So what are my steps in this scenario? For example, I am to the step that says "enable HTTPS on your web server" so in Prod I used the CA-signed certificate. What do I do here? Maybe I don't do this step?

And later when I used the DNS address in Prod, I think here I would just use the machine name.

I appreciate any help and ideas. Thanks!

A_Wyn_Jones

This is a good question - in your dev environment, you could skip this step but keep in mind that you may receive "unexpected behaviour" as per: https://enterprise.arcgis.com/en/portal/latest/administer/windows/scan-your-portal-for-security-best...

This may show itself as issues with printing secured content.

A workaround would be to import (on the dev client and Enterprise machine) either the default selfSignedCertificate or your own self-signed cert as shown in this article: https://enterprise.arcgis.com/en/server/latest/administer/windows/configuring-https-using-a-self-sig...

under the "Import the certificate into the OS certificate store" section.

Regarding DNS, as a workaround, you could use a host file like this on the Enterprise machine:

mymachine.dev.com 10.0.0.1

madeupDNS.dev.com 10.0.0.1

Make sure the ArcGIS Server doesn't rename itself to "madeupDNS.dev.com" https://developers.arcgis.com/rest/enterprise-administration/server/renamemachine.htm#:~:text=Versio....

Your client machine in dev would need a host file like this:

madeupDNS.dev.com 10.0.0.1

Then you can config Portal webcontextURL etc. I'm assuming you have 1 Enterprise machine and 1 Client machine in your dev - you would have to do this for every client machine which isn't ideal.

I'd urge you to make sure you have a test environment setup like your production - hosts files can introduce some weird and wonderful conditions which I try to avoid wherever possible.

In an ideal world, you would have another domain/subdomain for your dev environment and access to a CA certificate

"We've boosted the Anti-Mass Spectrometer to 105 percent. Bit of a gamble, but we need the extra resolution."

View solution in original post

A_Wyn_Jones

This is a good question - in your dev environment, you could skip this step but keep in mind that you may receive "unexpected behaviour" as per: https://enterprise.arcgis.com/en/portal/latest/administer/windows/scan-your-portal-for-security-best...

This may show itself as issues with printing secured content.

A workaround would be to import (on the dev client and Enterprise machine) either the default selfSignedCertificate or your own self-signed cert as shown in this article: https://enterprise.arcgis.com/en/server/latest/administer/windows/configuring-https-using-a-self-sig...

under the "Import the certificate into the OS certificate store" section.

Regarding DNS, as a workaround, you could use a host file like this on the Enterprise machine:

mymachine.dev.com 10.0.0.1

madeupDNS.dev.com 10.0.0.1

Make sure the ArcGIS Server doesn't rename itself to "madeupDNS.dev.com" https://developers.arcgis.com/rest/enterprise-administration/server/renamemachine.htm#:~:text=Versio....

Your client machine in dev would need a host file like this:

madeupDNS.dev.com 10.0.0.1

Then you can config Portal webcontextURL etc. I'm assuming you have 1 Enterprise machine and 1 Client machine in your dev - you would have to do this for every client machine which isn't ideal.

I'd urge you to make sure you have a test environment setup like your production - hosts files can introduce some weird and wonderful conditions which I try to avoid wherever possible.

In an ideal world, you would have another domain/subdomain for your dev environment and access to a CA certificate

"We've boosted the Anti-Mass Spectrometer to 105 percent. Bit of a gamble, but we need the extra resolution."

AndreaB_

Thank you so much! Exactly the info I needed. I'm going to proceed to set up a dev DNS and a CA certificate to use in dev.

Side question on that - for Prod we are using a * wildcard CA certificate for our whole domain (example *.address.org) with the GIS machine name added in the SAN. Do you think I could use that CA cert for Dev (it's going to be the same domain, for example, my prod is prod.address.org, and this would be dev.address.org)? also I read somewhere that you should have the GIS machine name listed in the SAN - but maybe don't need that? (If I do need that I'll need a new Cert just for dev listing the dev machine in SAN.)

Thanks!