Configuring the end user Web Adaptor
You have your own Web server software (IIS), and ArcGIS for Server has its own 6080 Web server; we need a way to make these two understand and forward information to each other. For that, we will install a Web Adaptor. You can install as many Web Adaptors as you want, thus creating different websites to be managed independently.
You can now log in to WEB SERVER01
using the GIS\arcgis.server
Windows account. From your ArcGIS for Server media disk, run ESRI.EXE
and select ArcGIS Web Adaptor (IIS). If you do not have IIS installed on your machine, the software will do it for you. This is valid when you have ArcGIS for Server 10.1 SP1 or higher; otherwise, you have to install IIS manually. In the Select Features options, make sure Cross-Domain Policy Files is unchecked.
Note
Cross domain
Cross-domain policy is the behavior by which a web application running on machine "A" requests information from another machine "B". This can introduce various security vulnerabilities. Esri doesn't mention this, but enabling cross-domain policy files opens a security flaw on your server; if you do not have a good reason to enable it, keep it disabled.
Esri recommends enabling cross-domain policy because Silverlight and Flex viewers need it in order to function. Since we will use neither in our exercises, you will not need this option as shown in the following screenshot:
Click on Next to view the next form, where you will configure the virtual directory for your Web Adaptor.
Tip
Best practice
Enabling Cross Domain Policy Files on the Web server allows attackers to inject harmful code using Cross Side Scripting (XSS) on websites hosted on the Web server, which might allow them to send and receive sensitive information from a remote server.
The Web Adapter will create a new virtual directory on your Web server, and all your services will go under this directory. In the New Virtual Directory form, type wa
—short for Web Adaptor—in the Name of the ArcGIS Web Adaptor field, and then click on Next.
Now that the Web Adaptor is installed, we need to join it to the Server site. Launch Chrome and type this address in the address bar: http://WEB SERVER01:6080/wa/webadaptor
.
Starting with 10.2, the Web Adaptor is used to configure
Portal for ArcGIS, another product Esri is currently focusing on along with ArcGIS for Server. This is why you will be prompted to select which product you want to configure; select ArcGIS for Server and click on Next. You will be prompted to join the web adaptor to the Server site. Here, we need to specify a URL that will point to our master Server site. In our case, both http://GIS-SERVER01:6080
and http://GIS-SERVER02:6080
point to the same site; therefore, using any of them will work. In the GIS Server URL field, type http://GIS-SERVER01:6080
; in the Administrator Username field, type siteadmin
, which is the site primary administrator; and in the Administrator Password field, type the password. Click on Configure.
Make sure the Enable administrative access to your site through the Web Adaptor checkbox is unchecked. It is recommended that you disable end users to have access to the site manager and change site configurations. We will separately create another adaptor especially for administrators.
Once you click on Configure, and you will get the following message:
The following GIS Servers are registered to your Web Adaptor
GIS-SERVER01
GIS-SERVER02
Your end users can now access the GIS servers through the Web server with the URL http://WEB SERVER01/wa/rest/services
. They do not need to worry about port 6080
, and they need not know your GIS servers. Note that when you try to access the manager with the URL http://WEB SERVER01/wa/manager
, you will get this error message:
Administrator access is disabled.
Please contact your system administrator to enable it.
Tip
Best practice
Do not enable administrator access through the Web Adaptor that the end users will be using.