Back in Lesson 2, we installed ArcGIS Enterprise. Per the Esri help topic What is ArcGIS Enterprise, the product comes with:
- ArcGIS Server
- Portal for ArcGIS
- ArcGIS Data Store (this holds data used by the portal)
- ArcGIS Web Adaptor (this is a small application that allows the portal and server to hook onto your organization’s existing web server)
Up to this point, we've only really interacted with the ArcGIS Server portion of the Enterprise suite of products. And that's perfectly reasonable, because Server is the backbone of Enterprise, and is the component that does the heavy lifting of publishing your data and services. There are many use-cases in which only an ArcGIS Server is utilized in a production setting. Portal is an optional component and one that may be very useful in some cases. A very common setting for a Portal installation is an organization that has a collection of datasets to manage and some number of users that need to interact with the data with varying levels of access and editing privileges. Portal provides a way to interact with Server through a GUI that presents functionality, like users, groups, permissions, and sharing, in a perhaps more user-friendly manner. Read more about Portal on the esri website.
As we saw earlier, installing and configuring ArcGIS Enterprise requires close collaboration with IT staff in your organization. In particular, if you recall, there were a couple things I needed to set up for you before you could run the CloudFormation installation. The installation requires a fully-qualified domain name and an SSL certificate that will allow for encrypted connections. These are things that we typically don't acquire on our own; instead, we work with our local IT folks or other organizations to set them up for us. Let's revisit these items and talk about why they are necessary for an Enterprise installation.
Internet Protocol (IP) Addresses
Every computer that's on the Internet, whether a physical machine like your desktop or laptop computer, a physical computer server in a server farm somewhere in the world, or a virtual machine like the ones we created in AWS, has a unique number that identifies it on the network. This is its IP number (or address). IP numbers typically have the form of four sets of values separated by periods, and the values can be between one and three characters. For example, 220.127.116.119 is a possible IP address.
(In order to expand the range of possible IP numbers, a new style of IP addresses with much longer values has been developed. This is called IPv6, and you may see computers with such numbers, particularly when connecting to wi-fi networks hosted by large Internet Service Providers (ISPs) like Verizon or Comcast. But we won't get into that here and just focus on IPv4.)
When we created our EC2 Instances in AWS, they were assigned a local IP number that's only unique within the Amazon ecosystem. So, we created an Elastic IP number and attached it to our Instance so that our machine is now uniquely identified on the Internet. Organiaztions, like Penn State and Amazon, are allocated a specific range of IP numbers that it is allowed to use for its computers, and those IP numbers are unique and do not exist in any other place on the Internet. By creating an Elastic IP (and paying a fee to reserve it for ourselves), Amazon assigned each of us one of its allotted IP numbers, which assures us that our IP address is, in fact, unique.
Domain Name System (DNS)
At this point, our virtual machine (EC2 Instance) is uniquely identifiable on the Internet. You could open a web browser and type the IP number into the address bar and connect to your computer's web server. But, as you know, it's rarely the case that you enter an IP number to visit a website. Rather, we use a more friendly-looking address to reference a server. These fully-qualified domain names (FQDN) consist of a specific server name, like baxtergeog865xxxx, and a domain, like e-education.psu.edu. In Geog865, we all have addresses on the same domain (e-education.psu.edu), but we each have our own individual name in front of it. Like IP numbers, these FQDNs are unique on the Internet and are a more convenient way to specify a web address. However, for that to work, the FQDN must be associated with the IP number of the machine it's intended for.
DNS is the resource that registers domain names and their corresponding IP addresses on the Internet. DNS entries must be made by an authoritative provider to be sure that the information is properly registered on the Internet, so that anyone typing the name into their browser will direct them to IP address of the correct server. In Geog865, I asked the IT department to register our names in DNS, since they have authoritative access and ownership over the e-education.psu.edu domain. Amazon has it's own mechanism called Route53, which may be used for some domain names. When we began this semester, I asked you to send me your Elastic IP. I then created a FQDN for you (using your last name and semester with geog865xxxx.e-education.psu.edu). Finally, I provided your domain name and corresponding IP address to the Penn State IT folks to register then in DNS.
Secure Sockets Layer (SSL)
Another reason it is important for us to utilize a FQDN (and why it is required by ArcGIS Enterprise) is that we need to enable Secure Sockets Layer (SSL) on our servers. SSL encrpyts all traffic to and from our webserver to make it more secure and harder for hackers to intercept. You know that SSL is enabled on a website when you see the https prefix on its URL instead of http. Most web servers, ISPs, and software products (like ArcGIS Enterprise) are now requiring SSL to be enabled. Similar to DNS, SSL is enabled by generating a certificate from an authoritative provider that is specific to a particular domain name. SSL certificates aren't associated with IP addresses, which is one reason why it is neccessary for us to utilize FQDNs on our ArcGIS Enterprise installs.
The SSL certificate verifies your web address’s identity and is usually obtained for a fee from a certificate authority. IT departments typically manage the acquisition and distribution of these certificates throughout their organizations. In the case of our Geog865 installations, I asked the Penn State IT department to request an SSL certificate containing all of our domain names from an authoritative provider, in our case, an organization called InCommon. I provided this certificate, in the form of a .pfx file, to everyone to supply to the CloudFormation template. You can inspect your SSL certificate by visiting your ArcGIS Server or Portal website and clicking the lock icon next to the https url and browsing its contents.
Deploying ArcGIS Enterprise on clouds like AWS or Microsoft Azure might be simpler in some ways than doing it on-premises because Esri has automated parts of the configuration process with tools like Cloud Formation. This is possible because all the software and configuration on the AMIs are well known. Installation in your on-premises environment could become complex if you are running some kind of software, scan, or policy that doesn't "play nicely" with one of the ArcGIS Enterprise components. Furthermore, if you're not on the IT staff, you might have greater control over cloud accounts and environments than you typically do in your on-premises environment. Tools, like Enterprise Builder, exist to facilitate the installation of Enterprise on an existing machine.
Since we used the Cloud Formation template to install Enterprise on our AWS machines, Portal was installed as well. You should be able to connect to your Portal with a URL like namegeog865####.e-education.psu.edu/portal. You should see a default-looking ArcGIS Online page, which illustrates essentially what Portal is: your own local, stand-alone instance of ArcGIS Online.
Sign in using the ArcGIS Site Admin username and password you created in the Cloud Formation template. You will see options to manage Members (users), view your software licenses (esri software like ArcGIS Pro and other extensions have the option to be licensed through Portal in some cases), monitor the usage of your Enterprise installation, and configure the Settings of your Portal. Explore the Settings options that are available and check out esri documentation to learn more about options like configuring your home page with a custom look and feel, managing your Servers, and specifying default settings.