Since the release of ArcGIS 9 in 2004, ArcGIS Server has continued to grow and evolve. This evolution is ongoing and evident in the latest release of the ArcGIS platform, ArcGIS 10.5, released in December 2016. With the release of any new software version, comes changes in system requirements, licensing, and functionality. The 10.5 release of ArcGIS 10.5, now known as ArcGIS Enterprise, brought a substantial number of changes to administrators and users of this vastly popular and pervasive geographic information systems software package. At the time of this writing, ArcGIS Enterprise is at version 10.5.1, a quality improvement release set loose in the wild in the summer of 2017. This book will focus on ArcGIS Enterprise version 10.5.1. We will refer to both 10.5 and 10.5.1 versions, as many of the newest features were released at 10.5.
To fully understand how to install ArcGIS Enterprise, it is first important to know the structure of ArcGIS Enterprise, what it is and isn't, its different components, and, new to ArcGIS Enterprise at 10.5, server roles. This chapter will help you do just that; you will learn what ArcGIS Enterprise 10.5.1 is, how it differs from previous versions of ArcGIS, and how to install and initially configure the key components of ArcGIS Enterprise.
By the end of this chapter, you will be comfortable with the structure of ArcGIS Enterprise and capable of confidently installing and configuring it in your own environment.
In this chapter, we will cover the following topics:
- What is ArcGIS Enterprise and how is it different from previous versions of ArcGIS?
- What are the four components of ArcGIS Enterprise and how do they work together?
- What are server roles and how do they function?
- Installation and configuration of the following:
- ArcGIS Server
- Portal for ArcGIS
- ArcGIS Web Adaptors for both ArcGIS Server and Portal for ArcGIS
- ArcGIS Data Store
ArcGIS Enterprise 10.5.1 is the latest version of the ArcGIS Server product line from Esri. Released in summer 2017, ArcGIS Enterprise represents a substantial shift in how ArcGIS Server and its components are structured, licensed, and deployed.
ArcGIS Enterprise 10.5.1 is a complete web GIS in your own infrastructure, whether on-premises, in the cloud, or a combination of the two. At 10.5.1, ArcGIS for Server now becomes ArcGIS Enterprise, consisting of the following four major components:
- ArcGIS Server
- Portal for ArcGIS
- ArcGIS Data Store
- ArcGIS Web Adaptor
The underlying technologies behind these components remain the same as in previous versions, with enhancements.
Also new at ArcGIS Enterprise 10.5 were licensing roles. Prior to 10.5, ArcGIS Server was licensed with varying levels and editions. Roles at 10.5 offer differing capabilities and types of services that can be published.
The ArcGIS Enterprise product line consists of four software components that are designed to work together. These are as follows:
- ArcGIS Server: These are the core web services component to share maps authored in ArcGIS Desktop and ArcGIS Pro and perform geospatial analysis over the internet.
- Portal for ArcGIS: This allows users in your organization to share data, maps, and other geospatial content through application authoring (including Web AppBuilder) and hosting capabilities. Through federation with ArcGIS Server, Portal becomes the identity store for ArcGIS Enterprise, allowing for a single management point for access and authorization. Think of Portal for ArcGIS as an on-premises version of ArcGIS Online.
- ArcGIS Data Store: This is an application that will locally store your Portal's feature layer data, caches, and big data.
- ArcGIS Web Adaptor: This allows you to expose your ArcGIS Server through your organization's standard website and port, letting you easily share your map services over the internet. When paired with IIS and Active Directory, the Web Adaptor provides a smooth method for authentication and access using Integrated Windows Authentication (IWA).
A base ArcGIS Enterprise deployment consists of ArcGIS Server, Portal for ArcGIS, ArcGIS Data Store, and the Web Adaptor.
New to ArcGIS Enterprise 10.5 was the concept of roles. Roles provide added functionality to ArcGIS Enterprise as deployed in your own infrastructure. Need to serve out and analyze imagery, rasters, or remotely sensed data? ArcGIS Image Server, formerly known as the Image Server Extension, allows you to serve massive imagery collections on the fly. At ArcGIS Enterprise 10.5.1, there are five licensing roles:
- GIS Server
- Image Server
- GeoEvent Server
- GeoAnalytics Server
- Business Analyst Server
Each server role requires its own instance of ArcGIS Server and a dedicated hardware resource; it is no longer recommended to deploy multiple roles to a single server for performance concerns. Many of these roles can also be deployed as distributed servers, allowing for the spreading out of processing across multiple servers.
The GIS Server role is core ArcGIS Server; it is the role that provided many of the ArcGIS Server capabilities prior to ArcGIS Enterprise 10.5. ArcGIS GIS Server is still offered in three editions, with each successive edition offering additional functionality:
- Basic: This manages your geodatabase and public feature services (without the ability to edit); it cannot be deployed with Portal for ArcGIS.
- Standard: This is everything in Basic, plus the ability to edit feature services and publish geoprocessing services from any tool included in ArcGIS Desktop Standard or ArcGIS Pro Standard; it can be implemented with Portal for ArcGIS.
- Advanced: This is everything in Standard, plus the ability to publish geoprocessing services from any tool included in ArcGIS Desktop Advanced or ArcGIS Pro Advanced. It also includes additional geostatistical and Spatial Analyst tools, and it can be implemented with Portal for ArcGIS.
With ArcGIS Image Server, formerly known as Image Server Extension, large collections of satellite imagery, aerial photos, and rasters can be served dynamically on the fly. Image Server can also run raster processing models allowing distributed analysis of imagery and rasters.
GeoEvent Server, known as the GeoEvent Extension prior to 10.5, enables the integration of real-time data into your enterprise GIS from a variety of sources and sensors. With GeoEvent Server, you can stream event data to client applications, view feature statuses with the Operations Dashboard for ArcGIS, filter geoevents, and detect and analyze the spatial proximity of events with geofences. With GeoEvent Server, real-time data can be published to a spatiotemporal big data store.
With ArcGIS GeoAnalytics Server, new at 10.5, big data analysis can be distributed across multiple ArcGIS Server machines, allowing users to perform analyses more quickly on even larger amounts of data than before.
ArcGIS Business Analyst Server, when used with ArcGIS Enterprise, enables your organization to host business analyst-based capabilities such as site analytics and custom reporting. Business Analyst Server also allows you to host the Esri GeoEnrichment service on-premise and behind your firewall.
As in previous versions of ArcGIS Server, Enterprise is broken down by editions and levels.
As discussed earlier in this chapter, ArcGIS GIS Server is offered in three editions, with each successive edition offering additional functionality--Basic, Standard, and Advanced. Let's examine these editions a bit closer.
ArcGIS GIS Server Basic edition includes geodatabase management and the ability to publish read-only feature services. Also included are the geodata service and geometry service. Web editing is not available and this edition cannot be federated with Portal for ArcGIS. No ArcGIS Server extensions are available for purchase and implementation at the Basic edition.
The Standard edition of ArcGIS GIS Server adds all GIS web service types (cached map and image, dynamic map, feature, geocoding, geoprocessing, image from a single raster, print, and schematic) offered by the ArcGIS GIS Server. Geoprocessing services can utilize any tool included with ArcGIS Desktop Standard. The Standard edition can be deployed with Portal for ArcGIS, allowing hosted layer types such as feature layers, scene layers, and tile layers. Most ArcGIS Server extensions are available for purchase and implementation at the Standard edition.
The Advanced edition includes everything at the Standard edition plus the ability to publish geoprocessing models and scripts utilizing any tool included in ArcGIS Desktop Advanced. The ArcGIS Network Analyst for Server extension is included, and all Server Extensions are available for purchase and implementation. Portal for ArcGIS can be implemented with the Advanced edition.
There also exist two levels of ArcGIS Enterprise--ArcGIS Enterprise and ArcGIS Enterprise Workgroup.
The ArcGIS Enterprise level is designed for medium to large-sized teams. At this level, enterprise geodatabases are utilized with ArcGIS Enterprise allowing an unlimited number of simultaneous connections to the database. This level comes with one four-core processor license and is scalable with additional two-core add-on packs.
The ArcGIS Enterprise Workgroup level is designed for smaller teams and organizations, allowing a maximum of 10 simultaneous connections to workgroup and file geodatabases; enterprise geodatabases are not supported. The base ArcGIS Enterprise deployment (Server, Portal, Web Adaptor, or Data Store) must be deployed all in one on a single machine with up to four cores. Server roles have a maximum of four cores--no add-on two-core packs are available.
Licensing for ArcGIS Enterprise 10.5.1 is like licensing at 10.4. With your purchase of ArcGIS Enterprise is included a set of named user entitlements to be used within Portal for ArcGIS. A named user is a specified user for running ArcGIS Pro or a Premium App through ArcGIS Online of Portal for ArcGIS. The number of entitlements you receive depends on the edition and level of ArcGIS Enterprise purchased by your organization. Named user entitlements also differ for licensing under an Enterprise Licensing Agreement (ELA), education site license, or any other special licensing agreement with Esri.
The following are the named user entitlements:
ArcGIS Enterprise with GIS Server Basic cannot be deployed with Portal for ArcGIS; therefore, named users are not available in this edition.
Level 1 (L1) users are content viewers who can only view content shared with them through the organization. L1 users cannot own items or edit items. Level 2 (L2) users can view, create, edit, and share content and can be assigned into the Portal roles of
Administrator. L1 access is no different than public anonymous (Share with Everyone), but allows named users to participate in focused sharing through groups.
ArcGIS Server installation at 10.5.1 is very similar to installation at 10.4 and will be a familiar process for many.
The following is a high-level overview of some of the more important system and hardware requirements of ArcGIS Server 10.5. Consult the official ArcGIS Server 10.5 online documentation for further information and an exhaustive list of all requirements.
ArcGIS Server is supported on Windows Server 2012 R2 Standard and Datacenter; Windows Server 2012 Standard and Datacenter; Windows Server 2008 R2 Standard, Enterprise, and Datacenter; and Windows Server 2008 Standard, Enterprise, and Datacenter. Flavors of Windows 10, 8.1, and 7 are also supported for basic testing and application development only, not for production environments. Throughout this book, we will focus on ArcGIS Server on Windows.
ArcGIS GIS Server, GeoEvent Server, Image Server, or Business Analyst for Server are recommended to have 8 GB of RAM per unique license role in a production environment. ArcGIS Server requires a minimum of 10 GB of available disk space.
ArcGIS Server requires several ports be open to allow communication with machines both externally on the internet and internally on an intranet. The following ports need to be allowed on your firewall:
- HTTP port
- HTTPS port
6443: If HTTPS is enabled, ArcGIS Server uses port
4002: These ports are used for communication between ArcGIS Servers.
- Internally used ports: Other ports such as
6099, and others are used by ArcGIS Server to start processes with each ArcGIS Server machine. These ports do not have to be open for access by other machines.
ArcGIS Server comes preconfigured with a self-signed secure socket layer (SSL) certificate. Although not required, it is highly recommended that you purchase and install an SSL certificate from a trusted certificate authority (CA) or a local domain CA. SSL provides encryption of sensitive information (such as usernames and passwords for logging in to ArcGIS Server and Portal) and authentication to ensure that information is being sent where it is intended to go, and not to an imposter. The downside to SSL is that certificates do cost money, but at the time of this writing, SSL certificates can be purchased for around $70 USD, a small price to pay for peace of mind for you and your end users. See the SSL certificate installation section, discussed later in this chapter, for more information.
For the latest system requirements, please consult the ArcGIS Enterprise online help.
There are several ways that ArcGIS Enterprise can be deployed. These range from simple single-machine deployments to more complex multi-machine scenarios. Prior to ArcGIS Enterprise 10.5, a base deployment consisted primarily of ArcGIS Server and the ArcGIS Web Adaptor. At 10.5, a base deployment consists of the four main components of ArcGIS Enterprise--ArcGIS Server, Portal for ArcGIS, ArcGIS Data Store, and ArcGIS Web Adaptor, all working together.
In a single-machine deployment, all components of ArcGIS Enterprise are installed in one single machine, either physically or virtually. This means the one machine acts as a database server, application server, and web server. This is a minimalist configuration that can be used in a production environment, but it is better suited for a testing or development environment. For the purposes of this book, we will use a single-machine deployment in Amazon Web Services. In a minimalist, conceptual form, a single-machine deployment would look like the following diagram:
Esri recently released ArcGIS Enterprise Builder, which provides a simple installation and configuration experience for a base ArcGIS Enterprise single-machine deployment.
The multi-machine, or multi-tiered (where each machine is a tier), is the most common deployment scenario. Here, each component of ArcGIS Enterprise is installed on a separate virtual or physical machine. This means that there is a separate machine for each of the following:
- ArcGIS Web Adaptor (web server)
- Portal for ArcGIS
- ArcGIS Server
- ArcGIS Data Store
- Enterprise geodatabase
If absolutely necessary, Portal and the Web Adaptor can reside on one server, with ArcGIS Server and Data Store on another. Bear in mind that, for performance reasons, this is not what is recommended for production environments.
Although more complex than the single-machine deployment, the multi-tiered deployment allows for isolation of the different components and distribution of the workload. A multi-machine configuration would conceptually look like the following diagram:
Hardware virtualization, utilized today by even the smallest of organizations, makes having and utilizing a multi-tiered deployment feasible.
Within the multi-tiered deployment, it is possible to have multiple ArcGIS Server machines functioning as a single logical unit. These servers operate in conjunction with the ArcGIS Web Adaptor to form a collective unit referred to as an ArcGIS Server site. Within a site, all ArcGIS Servers share the same configuration store and ArcGIS Server directories. Once configured, the site can be administered from any of the servers within it. For more information on ArcGIS Enterprise deployment scenarios, consult the online documentation.
In addition to hosting ArcGIS Enterprise within your own infrastructure, whether it is on physical or virtual hardware, ArcGIS Enterprise can also run in the cloud. Esri supports ArcGIS Enterprise deployments on Amazon Web Services and Microsoft Azure. Standing up your ArcGIS Enterprise instance in the cloud offers several advantages to traditional on-premise deployments, such as:
- Ease of setup: Get an account set up and you can have a server up and running in just a few minutes.
- Maintenance: You don't have to maintain hardware infrastructure.
- Scalability: Machines can be added and removed as necessary, allowing you to distribute workloads for increased performance. Resources such as hard drives, CPUs, and memory can be easily scaled up as needed. Adding machines may require additional licensing depending on your licensing terms.
With Amazon Web Services (AWS), there are several options available for launching ArcGIS Enterprise architectures.
Through the AWS Marketplace (https://aws.amazon.com/marketplace), you can purchase an Amazon Machine Image (AMI) with ArcGIS Enterprise that can be easily deployed from your AWS account. Using the Marketplace, you purchase an AMI and then launch it as a virtual machine through the AWS Management Console:
CloudFormation is an AWS service that utilizes infrastructure as code to let you define architectures for the services you want to set up and utilize. Esri provides sample AWS CloudFormation templates that you can use to configure ArcGIS Server or ArcGIS Enterprise deployments for AWS. These template architectures vary in complexity, ranging from a simple single machine, ArcGIS Enterprise Deployment to a disaster recovery-ready configuration of multiple ArcGIS Enterprise deployments in two different AWS regions. See the ArcGIS Enterprise online documentation on AWS CloudFormation and ArcGIS for more information.
ArcGIS Server Cloud Builder is an Esri application that allows you to build and maintain a simple to complex ArcGIS Server site on AWS. With Cloud Builder, you can build, maintain, access, and backup your site, all from the Cloud Builder interface. It is perfect for those without cloud experience wanting to stand up infrastructure on AWS.
For the adventurous and those preferably with AWS experience, the AWS Management Console (AWS Console) can be used to administer any facet of the entire AWS ecosystem. From the AWS Console, you can stand up servers, manage security, view billing information, and add or remove any piece of AWS architecture to or from your system. With a manual deployment, you are responsible for planning, creating, and deploying all the machines in your site; setting up storage; configuring and managing security; and installing and configuring all components of ArcGIS Enterprise. For the purpose of this book, a single-machine deployment will be utilized in AWS, configured completely manually.
As with AWS, there are options for using Azure to deploy ArcGIS Enterprise.
Much like the AWS Marketplace, in the Azure Marketplace, you can search for a wide variety of preconfigured, readily available machines ready to be purchased and easily launched in the Azure cloud. The following is an example of an ArcGIS Enterprise machine available for purchase in the Azure Marketplace:
ArcGIS Enterprise Cloud Builder for Microsoft Azure is an application provided by Esri that you can use to deploy ArcGIS Enterprise and ArcGIS Server standalone sites on the Azure platform. With Cloud Builder for Azure, you can complete tasks, such as deploying ArcGIS Enterprise, adding sites to your deployment, installing an SSL certificate, adding a data store, and managing machines in your deployment.
The ArcGIS Server installation process is straightforward. With a little planning and preparation, things can go smoothly.
Before starting the installation of ArcGIS Server, there are a few items to acquire:
ArcGIS Server runs as a Windows service on the application server. All Windows services have an operating system service account that they run under; the ArcGIS Server default service account is a local account called
arcgis, and it is commonly referred to as the ArcGIS Server account. The default local
arcgis account is sufficient for development or testing environments, but Esri recommends using a domain account for production environments. If your organization uses a domain account, try to get the account set so that the password never expires. If your organization has security policies in place that require password expirations, determine when your ArcGIS Server account password will expire, and set a calendar reminder in advance. Once the password expires, the ArcGIS Server service will not be able to start and your ArcGIS Server site will be down. Always use a strong password, such as one generated at https://xkpasswd.net. To update the (expired) password, run the
Configure ArcGIS Server Account Utility located in the Windows Start menu. See Chapter 10, Troubleshooting ArcGIS Enterprise Issues and Errors for more information on troubleshooting and issues with permissions and the ArcGIS Server account.
If you will be utilizing an SSL certificate with your ArcGIS Server site, which is the recommended practice, Esri recommends installing this first before the installation of ArcGIS Server. The acquisition and installation of SSL certificates are quite often not well understood by GIS professionals. This is understandable, as SSL certificates are usually handled by systems administrators. That said, your systems administrator may indeed handle all aspects of SSL certificates within your organization, so contact them first before proceeding with purchasing one yourself. Regardless, let's demystify the process of acquiring and installing SSL certificates.
Requesting and purchasing an SSL certificate is not as scary as it may seem. Armed with the knowledge of the process, it can be done in a few hours spread out over a few days in most cases.
To acquire a basic SSL certificate, a few items are necessary:
- Web server access
- An account with a certificate authority
- A domain name and unique IP address
First, you will need administrative access to the web server that the ArcGIS Web Adaptor will be installed on. For our purposes here, we will be using IIS 8.5 on Windows Server 2012 R2. SSL certificates can, of course, be installed on any flavor of web server. See your web server's documentation for details on SSL certificate installation. Secondly, you, or someone in your organization, will need an account with a certificate authority, such as Digicert, GoDaddy, or Entrust, through which you will apply for and purchase the certificate. Again, check with your systems administrator before proceeding with the purchase of any SSL certificates. Finally, you will need a unique IP address and domain name to go along with it.
Getting the certificate
The first step in acquiring an SSL certificate is the generation of a certificate signing request or CSR. A CSR is a block of encoded text generated on the server where the certificate will be installed; it contains information that will be included in the certificate, such as the organization and domain name. Think of CSR as a digital signature for your server. To generate a CSR in IIS, follow these steps:
- Launch IIS, select the machine name in the left
Connectionsmenu, then double-click on
- In the right
Actionsmenu, click on
Create Certificate Request...:
- Fill out the
Distinguished Name Properties, being careful to match these items (especially the
Organizationname) to those of the
WHOISrecord for your domain name. Click on
Cryptographic Service Provider Properties, select
Microsoft RSA SChannel Cryptographic Providerwith a
2048; these are typical industry standards:
Specify a name and location for your CSR text file, as shown in the following screenshot:
- Open your CSR in a text editor; it will look like the following screenshot:
The second step in acquiring an SSL certificate is to purchase the certificate from the certificate authority, or CA. All CAs are different, but the process is the same in principle. First, log in to your account and purchase your SSL certificate. There are different options, so research them and find out which is best for your needs. Next, purchase your certificate. After you make the purchase, it will be available to you in your account.
The final step in this process is to apply your CSR to the certificate in your account. Here, you are requesting the certificate with the certificate signing request from your web server--this will bind the SSL certificate to your server, ensuring your end users that the site they are going to is indeed your site. After a successful request of the certificate from the CA, you will be able to download the certificate as a ZIP file.
On your web server, you are now ready to install your SSL certificate. Launch IIS and complete the following steps:
- In the
Connectionspane, select your server. Next, in
Features View, double-click on
Server Certificates. Finally, in the
Actionspane, click on
Complete Certificate Request...:
- Enter the path to your
.crtSSL certificate, then enter the friendly name (your domain name) and select the
- Your SSL certificate is now installed on your web server and should be listed in the
Server Certificatespane, as shown here:
Next, you need to bind your server's IP address and host header to port
443 with your SSL certificate. This is done through the
Site Bindings settings in IIS. Again, open IIS and complete the following steps:
- In the
Connectionsleft pane, select your website. In the right
- In the
Site Bindingswindow, you will more than likely only have one binding for port
http. Click on
- Add a binding for
443. Select your
certificatefrom the SSL certificate dropdown, as shown in the following screenshot, and then click on
Your SSL certificate is now bound to port
443. In a browser, navigate to your site over
https; in my case, it is
Now that your SSL certificate is in place and you have your software authorizations and installers from Esri, it is finally time to install ArcGIS Server. The installation of ArcGIS Server is a straightforward process; as such, we will walk through the process at a high level, while highlighting some of the more important sections:
- Double-click on the setup executable to launch it. The first step is to choose a location for setup installation files. This typically defaults to a path such as
C:\Users\Administrator\Documents\ArcGIS 10.5. It is good practice to change this to a temp directory such as
C:\temp\ags. Why, you ask? During this step of the installation, several very large
.cabfiles (compressed files containing the installation pieces for ArcGIS Server), totaling almost 2 GB in size, are extracted to setup installation location. If you leave this location as the default, you will be placing almost 2 GB of files in the profile directories of the user running the installation. By storing them in a known location such as
C:\temp, these files are more likely to get cleaned up and not be left sitting around needlessly on your system:
- After the extraction of the installation files, check the checkbox to launch the setup program and click on
- Accept the license agreement and click on
- Choose features and the location in which to install them. Select all features (the default). The default installation directory for ArcGIS Server is
C:\Program Files\ArcGIS\Server. However, some organizations, as a best practice, often have additional drives on servers to house application installs and data. If you have the option, it is a best practice to keep the ArcGIS Server installation off the operating system drive and installed on a secondary drive. This helps mitigate risks such as having an oftentimes relatively small operating system drive fill up and cause performance issues. To change the installation location, click on the
Change...button and simply change the drive letter in the folder name path:
- If you changed the installation location to another drive for ArcGIS Server, do the same for the Python installation by simply changing the drive letter.
Next, we come to the setup of the ever-important ArcGIS Server account. The ArcGIS Server account was discussed earlier in this chapter. If you will be using an existing domain account, enter it as domain\user along with the proper password. If you will be using a local account, you can stick with the default name of
arcgis or change it. Remember to use a strong password, and it must meet the Windows password requirements. If you have previously saved a configuration file during a previous ArcGIS Server installation and would like to use the same account to run ArcGIS Server, you can use that here to avoid entering the ArcGIS Server account information:
- Next, you can optionally save a configuration file to use in later installations of ArcGIS Server. These configuration files can be useful to allow someone to do an installation without needing to know the ArcGIS Server account credentials, performing multiple installations of ArcGIS Server in a multi-server environment, or just to keep on hand in case of disaster recovery.
- After you have specified ArcGIS Server account, the process will continue and install ArcGIS Server. Once finished, you will need to authorize your software.
Once the ArcGIS Server installation is completed, the Software Authorization Wizard launches. You can authorize with an authorization file you downloaded from https://my.esri.com, or authorize by email or additional extensions through the wizard.
Using an authorization file from https://my.esri.com is usually the easiest and most common method of authorization. To authorize with an authorization file, follow these steps:
- Select the
I have received an authorization file and am now ready to finish the authorization processradio box. Navigate to and select your provisioning file (
.prvc), and then click on
Authorize with Esri now using the Internet.
- When using a provisioning file, your
Authorization Informationshould fill in for you, as this was entered when the license was provisioned on https://my.esri.com. If not, fill in the contact and organizational details. Click on
- Continue by entering the organization information.
- Your software authorization number, commonly referred to as an ECP number, will get populated from your provisioning file. Click on
- Next, you can authorize extensions for which you have licensing or authorize trial extensions for evaluation copies of several ArcGIS Server extensions.
- Finally, your authorization information is sent to Esri and your software is authorized. Click on
Once ArcGIS Server is installed and authorized, you need to either create a new ArcGIS Server site or join an existing ArcGIS Server site. When you open ArcGIS Server Manager, the web-based ArcGIS Server administration panel, for the first time, you will be prompted to create a new site or join an existing site. An ArcGIS Server site is a deployment of ArcGIS Server.
If you are installing ArcGIS Server on a single application server, or you are doing the first of several installations in a multi-machine environment, then you will create a new site:
To begin, go to
https://localhost:6443/arcgis/manager in a web browser. There is also an installed shortcut on the Start menu called
ArcGIS Server Manager:
- Step one of setting up an ArcGIS Server site is to create the Primary Site Administrator (PSA) account. This account is often referred to as the
siteadminaccount, as that is the default username, which most people utilize. This is not an operating system account, nor is it the same as the ArcGIS Server account (this is often a point of confusion). The
siteadminaccount has unrestricted access to the ArcGIS Server site. You can name this account differently, or you can disable it once you have configured other administrative accounts. Regardless, choose a very strong password for this account, enter it, and click on
- Specify your root server directory and configuration store (config store) locations. These will default to
D:\arcgisserver\config-storerespectively, with the drive letter matching the drive you installed ArcGIS Server onto. In single-machine deployments, it is common to keep the config store and root directory on a local drive. With a multi-machine ArcGIS Server setup, all machines in the site share a configuration store, so it needs to be accessible by all machines. This is typically accomplished by using a network share for the config store.
- Click on
Finishto create your ArcGIS Server site. You may now login to your new ArcGIS Server site with your
In a multi-machine ArcGIS Server configuration, once the first server in the site is stood up and an ArcGIS Server site is configured there, you will add subsequent ArcGIS Server machines to that first site. This process is referred to as joining to an existing site. Before joining an ArcGIS Server machine to an existing site, make sure it meets the following criteria:
- Ensure that the machine to join is running the same operating system as the other machines in the site. It is best practice to have all site machines running on the same hardware and operating system.
- The ArcGIS Server version of the joining machine must match that of the other site machines, and it must be running under the same license.
- The joining machine must be able to read and write to the site's configuration store and server directories, and it must be running ArcGIS Server under the same ArcGIS Server account as all other machines on the site.
In this scenario, the ArcGIS Server account can be a local account with the exact same name and password on all site machines, but it is highly recommended to use a domain account for the ArcGIS Server account in a multi-machine setup.
- The joining machine must be able to communicate with all other site machines through the required ArcGIS Server ports.
- The joining site must be able to read any data referenced by any machines in the site.
To join a new ArcGIS Server machine to an existing ArcGIS Server site, follow these steps:
- Open ArcGIS Server Manager by going to
https://localhost:6443/arcgis/managerfrom the machine to be joined, or use the Start menu shortcut called
ArcGIS Server Manager.
If you are prompted to login instead of being presented with the option to create or join an existing site, then this machine is already either its own ArcGIS Server site or it has been joined to another site.
- Click on
Join an existing site.
- Enter the fully qualified domain name (FQDN) to the ArcGIS Server site you want to join this machine to. This should follow the format of
- Enter in administrator credentials of the site you are joining to. This is typically
siteadmin, but could be any other administrator credentials as well.
- If you have more than one cluster on your main site, then choose the cluster to join to. Otherwise, you will join the new machine to the default cluster.
- Review your selected configuration and click on
Finishto join the machine to the site.
The ArcGIS Web Adaptor is one of the four components of ArcGIS Enterprise. Running in your existing website, the Web Adaptor forwards requests to your ArcGIS Server machines, typically forwarding incoming traffic on port
6080. In addition, the Web Adaptor keeps track of the ArcGIS Server machines on your site and forwards and distributes traffic to only currently participating machines. The Web Adaptor also allows you to do the following:
- Expose your ArcGIS Server through your standard website and port by leaving off the default port
6443, if using SSL)
- Block the ArcGIS Server Administrator Directory and ArcGIS Server Manager from external viewers outside of your network
- Use web-tier authentication, such as Integrated Windows Authentication, to secure your ArcGIS Server
The Web Adaptor can be installed in your ArcGIS Server application machine, but is often put in an existing web server or a web server dedicated to GIS services.
The ArcGIS Web Adaptor comes as a separate installer that you can download from http://my.esri.com.
The Web Adaptor for ArcGIS is supported on IIS 10 on Windows Server 2016 Standard and Datacenter 64-bit and Windows 10 Pro and Enterprise; IIS 8.5 on Windows Server 2012 R2 Standard and Datacenter and Windows 8.1 Pro and Enterprise; IIS 8 on Windows Server 2012 Standard and Datacenter; and IIS 7.5 on Windows Server 2008 R2 Standard, Enterprise, and Datacenter and Windows 7 Ultimate and Professional. Windows 10, 8.1, and 7 are also supported for basic testing and application development only, not for production environments.
The ArcGIS Web Adaptor installation process is quick and easy:
- Double-click on the installation executable to launch it.
- Select a location to unpack the installation files to; a known temporary location is best for easy cleanup later.
- After the installation files are unpacked, launch the setup program.
- The ArcGIS Web Adapter for IIS requires certain components of IIS to be installed. At 10.5, there is a verification step in the installer that will detect what components are missing, and it will install them for you. Click on
I Agreeto install the missing IIS components, if any:
- Click on
Nextand agree to the license agreement.
- Select a port to install the Adaptor to. Since we installed and configured our SSL certificate already, port
443is available to us. Select port
443and click on
- Specify the name of the ArcGIS Web Adaptor for your ArcGIS Server instance. The default here is
arcgis. This is an important step in the process, as the Adaptor name will be in your services URL; for example,
- Click on
Installto begin the installation and click on
Once the Web Adaptor for the ArcGIS installation process is complete, the configuration page should open in your default web browser (
https://localhost/arcgis/webadaptor). To configure the Web Adaptor for ArcGIS Server, do the following:
There is also a Web Adaptor shortcut in the Windows Start menu named
ArcGIS Web Adaptor - <web-adaptor name> (port), such as
ArcGIS Web Adaptor - arcgis (443).
- First, select the product to configure with the Web Adaptor. Here, we are configuring the Web Adaptor for ArcGIS Server. Later, we will also configure a Web Adaptor for Portal for ArcGIS. When we get to the Portal Web Adaptor configuration later, this configuration page will tell us that a server IS configured with our Web Adaptor. Here, select
ArcGIS Serverand click on
Next is the final and main configuration page.
- Enter your
ArcGIS Server URL. This is the URL to any one of the ArcGIS Server machines in your ArcGIS Server site (remember that all the machines in a site function together as one). The URL should take the form of
http://gisserver.domain.com:6080if you do not have SSL in place. Here, my ArcGIS Web Adaptor server is not on a domain, so my URL takes the form of my machine name, that is,
- Enter your primary site administrator account credentials or the credentials of another administrative account.
- Finally, choose whether or not to allow administrative access to your ArcGIS Server site through the Web Adaptor. Esri recommends disabling administrative access, but there are considerations, which are as follows:
- If disabled, administrators cannot access ArcGIS Server Manager and the ArcGIS Server Administrator Directory through the Web Adaptor URL. More importantly, ArcGIS Desktop users cannot establish administrative or publisher connections to ArcGIS Server, meaning publishers cannot publish services directly from their desktops (user connections can still be made regardless of this setting). However, if ArcGIS Server's internal URL is accessible, these connections can be made from there.
- If your ArcGIS Server will be configured with web-tier authentication (more on that later), you must enable administration through the Web Adaptor, allowing administrative and publisher users in the enterprise identity store to publish services from ArcGIS Desktop.
- Click on
Configureto continue. When the Web Adaptor configuration is successful, you will be presented with the following message telling you that your server is successfully configured with the Web Adaptor:
For a secure production environment, it is not recommended to allow administrative access through the same Web Adaptor used to host the REST services. Rather, install a second Web Adaptor with administrative access enabled through the Web Adaptor, possibly on an internal server that is only accessible to local users. This configuration ensures that public users are not presented with the option to access the ArcGIS Server Manager application. If an internal server is not available, a second Web Adaptor with additional security applied to it (Integrated Windows Authentication) that only publishers/administrators have access to can be installed on the same server.
Once the Web Adaptor is successfully configured, you can access your ArcGIS Server site without the port number, such as
As stated earlier, you can think of Portal for ArcGIS as being like an on-premise version of ArcGIS Online. Portal for ArcGIS is a website hosted on your network that serves as a repository for and gateway to your GIS data and content.
Before diving into installation, let's first talk about system requirements. These have changed since earlier versions, so refer to the online documentation carefully for details and ensure that your hardware meets the minimum requirements.
Portal for ArcGIS is supported on Windows Server 2016 Standard and Datacenter 64-bit; Windows Server 2012 R2 Standard and Datacenter 64-bit; Windows Server 2012 Standard and Datacenter 64-bit; Windows Server 2008 R2 Standard, Enterprise, and Datacenter 64 bit; and Windows Server 2008 Standard, Enterprise, and Datacenter 64 bit. Windows 10, 8.1, and 7 64-bit are also supported for basic testing and application development only, not for production environments.
Portal for ArcGIS 10.5 requires one four-core processor for every 100 concurrent users, 8 GB of RAM, and 10 GB of disk space minimum for installation.
Like ArcGIS Server, Portal communicates through several predetermined ports. You must ensure that your firewall allows traffic through these ports:
- HTTP port
7080: This is the main HTTP communication port for Portal for ArcGIS
- HTTPS port
7443: This is the default port used to send encrypted information, such as user credentials
- Intermachine communication ports:
7220are used by Portal for ArcGIS for intermachine communications and must be allowed by your firewall
Again, much like ArcGIS Server, Portal for ArcGIS comes preconfigured with a self-signed server certificate suitable for installations and initial testing. However, Portal for ArcGIS requires that you must request a SSL certificate from a trusted certificate authority and configure your Portal to use it. This is especially important if you will be federating your ArcGIS Server with your Portal.
The ArcGIS Web Adaptor is a required component of Portal for ArcGIS; Portal for ArcGIS cannot be deployed without the Web Adaptor, unless you are implementing Portal in a highly available configuration with a load balancer.
Much like with ArcGIS Server, the Portal for ArcGIS installation process is a simple and straightforward one. Double-clicking on the installation executable launches the installation process:
- Choose a well-known temporary location to extract the installation files to. After the extraction is complete, select
Launch the setup program.
- Accept the license agreement.
- Change the installation destination folder, if necessary.
- Change the Portal configuration store location, if necessary.
- Specify the Portal for the ArcGIS service account. This is the Windows account that the Portal for ArcGIS Windows service runs under. This can be either a local account or a domain account. For production systems, it is recommended to use a Windows domain account.
- Optionally, save an installation configuration file.
- Install the Portal for the ArcGIS software.
After installation of the Portal for the ArcGIS software is complete, it must be authorized for use. The Software Authorization Wizard launches automatically after the installation is complete, but can also be launched from the Start menu as
Software Authorization for Portal for ArcGIS. As with the authorization of ArcGIS Server, there are several ways to complete the authorization, but, for Portal for ArcGIS, a common method is to enter ECP numbers for your Level 1 and Level 2 Portal for ArcGIS entitlements. In the Software Authorization Wizard, do the following:
- For the authorization option, select
I have installed my software and need to authorize it.
Authorize with Esri now using the Internet.
- Enter in pertinent organizational information related to licensing.
- Enter in your ECP numbers for Level 1 and 2 users:
Your Portal for the ArcGIS software is now installed and authorized.
The final step in the Portal for the ArcGIS installation process is to create your Portal. Once your Portal for ArcGIS software authorization completes, your default web browser will launch and prompt you to create or join a Portal. The URL will be in the form of
https://<machine name>:7443/arcgis/home/createadmin.html. Perform the following steps to initially configure your portal:
- If you are creating a new Portal instance, select
Create New Portal.
- Create the Portal for the ArcGIS primary site administrator (PSA) account. This account will be the first administrator account created for your Portal. You can add additional administrator accounts later, but this account will be used to initially log on to your Portal. Common practice is to name this account
portaladmin. Your Portal content directory is automatically chosen for you based on your installation location:
- Click on
Create. It may take several minutes to create your Portal and PSA account, after which you will be informed that you must install and configure the ArcGIS Web Adaptor for your Portal.
Much like with the Web Adaptor for ArcGIS Server, a Web Adaptor is needed with Portal for ArcGIS to forward incoming traffic over port
7443, the port which Portal listens on.
The ArcGIS Web Adaptor comes as a separate installer you can download from http://my.esri.com. A completely additional, separate installation of the ArcGIS Web Adaptor is required for Portal for ArcGIS, in addition to any you already have installed for ArcGIS Server.
For the requirements for the ArcGIS Web Adaptor, see the earlier section under ArcGIS Web Adaptor for ArcGIS Server.
Installation of the Web Adaptor for Portal is identical to the installation done previously for ArcGIS Server (see the preceding section, Web Adaptor for ArcGIS Server installation), except for one step. Your Portal Web Adaptor must have a different name from your ArcGIS Server Web Adaptor (we named our
arcgis earlier--standard practice). Standard practice is to name your Portal for ArcGIS Web Adaptor
See the earlier section, Web Adaptor for ArcGIS Server configuration, for more details on the Web Adaptor configuration parameters. To configure the Portal for ArcGIS Web Adaptor, do the following:
- Select the
Portal for ArcGISradio box.
- Your Portal URL must be the fully qualified domain name and port to your Portal. This URL must be reachable from the server you are installing your Portal Web Adaptor to. This means that all required ports for Portal must be open inbound on your Portal server. In our case here, our Portal URL is
https://www.masteringageadmin.com:7443. The administrator username and password are your Portal PSA--typically,
- Upon successful configuration, you will be informed of the machine that has been configured with your Web Adaptor.
With the configuration of the ArcGIS Web Adaptor, your Portal for ArcGIS installation and initial configuration is now complete. You can proceed to your Portal from your Portal server at
https://<machine name>:7443/arcgis/home or, externally, at your fully qualified URL, such as
https://www.masteringageadmin.com/portal, and log in as your Portal PSA.
ArcGIS Data Store is an application to host data within your Portal. It provides a relational data store for your Portal's hosted feature data, a tile cache data store for storing your Portal's hosted scene layer caches, and a spatiotemporal big data store for storing observational data to use with ArcGIS GeoEvent Server and to store results generated from ArcGIS GeoAnalytics Server.
Some of the benefits of the ArcGIS Data Store include the following:
- Publishing large numbers of hosted feature layers: The ArcGIS Data Store relational data store can efficiently host thousands of feature layers with a smaller memory footprint, thus requiring less resources
- Archiving high volume, real-time data: With ArcGIS GeoEvent Server, you can use a spatiotemporal big data store to archive GeoEvent observation data
As with the other components of ArcGIS Enterprise, system and hardware, minimum requirements must be met.
ArcGIS Data Store is supported on Windows Server 2016 Standard and Datacenter 64-bit; Windows Server 2012 R2 Standard and Datacenter 64-bit; Windows Server 2012 Standard and Datacenter 64-bit; Windows Server 2008 R2 Standard, Enterprise, and Datacenter 64-bit; and Windows Server 2008 Standard, Enterprise, and Datacenter 64-bit. Flavors of Windows 10, 8.1, and 7 64-bit are also supported for basic testing and application development only, not for production environments.
Esri recommends installing ArcGIS Data Store on machines with large quantities of available disk space. The minimum amount of disk space required to install ArcGIS Data Store is 13 GB, but this does not include any data stores or backups. An empty relational data store alone uses up to 2.5 GB of disk space.
The ports used by ArcGIS data store are as follows:
- HTTPS port
2443: Data Store is accessed over port
- Data store ports:
- Relational data stores: Port
- Tile cache data store: Ports
- Spatiotemporal big data store: Ports
- Internal communication with Tomcat: Port
- Relational data stores: Port
After ensuring that all the preceding requirements have been met, complete the following steps to install ArcGIS Data Store:
- Double-click on the ArcGIS Data Store installer to begin.
- As with all other ArcGIS Enterprise installations, choose a well-known temporary location to extract the installation files to, and then launch the setup program.
- Accept the license agreement.
- If you are installing to a drive other than C or to a non-default location, change the install directory accordingly.
- Specify a Windows service account for Data Store to run under. As with ArcGIS Server and Portal for ArcGIS, this can be either a local account you create during this step of the installation process or a domain account. Best practice is to use a domain account for production systems. If using a local account, name it appropriately, such as
- Continue with the installation process.
Once the Data Store installation is complete, the ArcGIS Data Store Configuration Wizard will launch in your default web browser (
https://localhost:2443/arcgis/datastore). Complete the following steps to configure your Data Store:
- Enter the machine name and port to your GIS server; for example, in our case,
https://WIN-25FPFGEMUA9:6443. Also, enter your ArcGIS Server PSA account credentials.
- Specify your Data Store content directory that will be used to store data, logs, and backup files. This directory should be located on the same machine that Data Store is installed on.
- Choose the types of ArcGIS Data Stores to configure. Your choices are Relational (default), Tile Cache, and Spatiotemporal. See the preceding introductory section on Installing ArcGIS Data Store for more information on these Data Store types.
- Review your configuration summary and click on
If your ArcGIS Server site is not federated with your Portal, you will need to do this and then set that ArcGIS Server site as your Portal's hosting server. See Chapter 5, Portal for ArcGIS Administration for more information on federation.
ArcGIS Enterprise 10.5 brings many changes to the world of ArcGIS Server and Portal for ArcGIS. Portal is now a core component along with ArcGIS Server, Data Store, and the Web Adaptor. The concept of server roles is introduced at 10.5, with former extensions now becoming added functionality to ArcGIS Enterprise as deployed in your own infrastructure. Installation of ArcGIS Enterprise consists of installing and configuring the core components. These components can live internally in your own infrastructure on physical or virtual hardware, in the cloud, or a combination of the two. Configuration options abound and it is important to find the optimal setup for your organization's needs. Now that core software is installed, next, in Chapter 2, Enterprise Geodatabase Administration, we will look at how to go about creating, configuring, loading data into, and maintaining an enterprise geodatabase.