GEOG 868
Spatial Database Management

Create a Cloud-Based Enterprise Geodatabase

PrintPrint

Create a Cloud-Based Enterprise Geodatabase

Using the Amazon service mentioned above, Esri makes it possible to set up cloud-based installations of ArcGIS Enterprise, software required for implementing an enterprise geodatabase. Because our Cloud and Server GIS course also guides students through putting together an instance of ArcGIS Enterprise, the instructions below are borrowed from that course. While our focus in this course will be on the enterprise geodatabase that we'll implement on the instance with ArcGIS Enterprise, a side benefit is that you'll also be able to experiment with ArcGIS Enterprise functionality if you like.

A. Prepare to work in the Amazon cloud environment

Go to Amazon Web Services and click on "Create an AWS Account."

If prompted to create a Business or Personal account, choose Personal. Please make careful note of the password you select when setting up your account, you will be needing it. It is characteristic of Amazon Web Services that things work the way they are supposed to, but you don't get a lot of hand-holding. So, if you lose your password, I'm not sure it would be easy to recover it, and you will need to fill out a form with personal information.

Second, you will need to provide payment information, including a credit card number. If you are careful and follow the course instructions about explicitly stopping your instance (virtual machine) when you are not using it, you should be able to complete the coursework while incurring charges of $20-$40. The current step of signing up is free, but you should be aware that you will start being charged immediately upon starting to use AWS services. As part of this step, you'll be asked to select a support plan. The Basic (Free) support is all you need for this class.

Third, there is an identity confirmation step during which you will receive a phone call and enter a code. This ensures you are a human. Amazon does not use the phone number provided here for other purposes.

You can monitor your billing status by clicking your user name at the top-right of the AWS screen and choosing "My Billing Dashboard." On the right side of the billing dashboard, you should see a "Month-to-Date Spend by Service" section, from which you can view details about what you're being charged for in the current month or any other month.

If any of these directions are confusing or inaccurate, please post a question or comment to the Lesson 6 discussion forum.

B. Create a VPC and key pair

In a few moments, we'll see that two of the settings involved in launching a new instance in EC2 are the VPC and key pair.  A VPC (Virtual Private Cloud) is sort of your own special space carved out of Amazon's cloud. Instances in a VPC can see each other and your own network fairly easily, but they're not immediately accessible from elsewhere without some extra work on your part. That's a good thing for security.

A key pair is another security measure that will come into play when you log in to your instance for the first time. You will be logging in to your instance as a user named Administrator. The password for the Administrator user will be encrypted by AWS. The procedure for getting that password so that you can log in to your instance involves 1) creating a key pair (one key held by Amazon and another key given to you) in the AWS Management Console, 2) providing the name of that key pair when launching the instance, and 3) using the key pair after the instance has been created to decrypt the password.

Note: If you've taken our Cloud and Server GIS course (GEOG 865), you will have already created a VPC and key pair. You may skip over the steps in this section (or do them again if you like) and pick up with section C below.

  1. Go to the AWS Management Console and go to Services > Networking & Content Delivery > VPC.  The Services menu can be accessed by clicking the 3x3 matrix icon in the upper left of the page.

    Creating a VPC is potentially a very technical and complex activity, but it's something most people have to do at first. For that reason, Amazon has made a wizard for setting up a real basic VPC. This will suffice for our purposes.
     
  2. Click Create VPC.
  3. Select the VPC and more option, then under the Name tag auto-generation heading confirm that the Auto-generate box is checked and enter a name tag of geog868. These two settings will automatically name some of the AWS resources that are about to be created.
  4. Set the Number of Availability Zones to 1. In a real-world implementation, you'd probably want at least two, but one should be fine for our classwork.
  5. Set the Number of public subnets to 1 and Number of private subnets to 0.
  6. Leave the other settings at their defaults and click Create VPC.
  7. After a few moments, AWS should be done doing its thing, and you can click the View VPC button.

    When we launch our instance in a few moments, we want it to be assigned a public IP address so that we can connect to it using Windows Remote Desktop. Whether the instance is assigned a public IP address or not depends on whether the subnet we just created allows for that. The default setting is for it to not assign one, but that's something we can change.
  8. Under the Virtual Private Cloud heading in the left-hand pane of the console, click on the Subnets link. You'll see just one subnet listed, unless you've created a VPC/subnet before.
  9. In any case, you want to right-click on the named subnet and choose Edit subnet settings.
  10. Check the Enable auto-assign public IPv4 address box and click Save.

    With a VPC and subnet created and configured, let's turn our attention to the key pair.
     
  11. Go to the EC2 Management Console (click the link to the left or select Services > Compute > EC2) and under the Network & Security heading click on the Key Pairs link in the navigation pane on the left side of the page.
  12. Click Create Key Pair.
  13. Give it a Name (e.g., geog868_keypair) and change the file format to .pem. Then click Create.
  14. Save the .pem file produced by AWS to a folder on your machine where you'll be able to find it later. (It will likely be automatically saved to your Downloads folder. You may want to move it to a location where you're less likely to delete it mistakenly.)

C. Create your own cloud-based instance of ArcGIS Enterprise

Esri provides two ways to deploy ArcGIS in AWS: using Amazon's CloudFormation service and Amazon's AWS Management Console. For our purposes, the AWS Management Console is the best option, so we will lead you through the launching of an instance via that route. However, if you decide to deploy ArcGIS in the cloud as part of your job, you may want to explore the CloudFormation option as well. Instructions for both can be found in Esri's documentation [http://server.arcgis.com/en/server/latest/cloud/amazon/use-aws-management-console-with-arcgis-server.htm]. Note that this link opens the Management Console instructions; instructions for the CloudFormation method can be found through the navigation headings on the left side of the page.

The basic idea behind what we're about to do is that Amazon has made it possible for vendors like Esri to create machine images (configurations of operating system, software, data, etc.) that can serve as blueprints for the making of child instances. Esri has created several of these AMIs (Amazon Machine Images): one that runs ArcGIS Enterprise on the Linux OS Ubuntu with Postgres, one that runs ArcGIS Enterprise on Windows with SQL Server, etc. Third parties (like us) can discover and "subscribe" to these AMIs through the AWS Marketplace. 

  1. Browse to the AWS Marketplace description of the ArcGIS Enterprise 10.9.1 AMI [https://aws.amazon.com/marketplace/pp/prodview-rh32a6tw3ju4a?sr=0-3&ref_=beagle&applicationId=AWSMPContessa].
  2. In the upper right, click the View purchase options button.  On the next page, click the Subscribe button in the lower right. 
  3. After subscribing, look for (and click on) a Launch your software button.
  4. On the Launch page, under Setup, choose Amazon EC2
  5. Under Launch method, choose Launch from EC2 Console.
  6. On the subsequent Launch an instance page, give a Name to your instance, like geog868.  
  7. The Application and OS Images section should be filled out already. 
  8. For Instance Type, select m5.xlarge. This is a lower-cost option for running ArcGIS Enterprise at a reasonable speed for this course. At the time of this writing, it costs about 37 cents per hour to run an m5.xlarge instance of Windows in most regions.

    In a real-world implementation, you would probably want to use a higher performing instance. Amazon provides pricing info on the various instance types available through EC2. Pricing info for current generation instance types such as m5 can be found here [https://aws.amazon.com/ec2/pricing/on-demand/]. (Scroll down to the On-Demand Pricing section.)
  9. Under Key Pair, you should see the key pair you created in the step above (or one that you had created at some other time).
  10. Under Network Settings, you may see the VPC you created above (or one that you had created at some other time) already set for the Network/VPC option.  If not, go ahead and select it.
  11. Likewise, the Subnet may already be set.  If not, choose any option from the dropdown list.

    Note: It's not important that you have much understanding of VPCs and subnets for the purpose of this course.  However, if you are interested in implementing a real-world cloud solution, it would be smart to read into them further. This overview from Amazon[https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html] might be a good starting point.
     
  12. Confirm that the Auto-assign Public IP option is set to Enabled.  (We'll want a public IP when it comes time to connect to the instance.)
  13. Under Firewall, choose the Create security group option.
  14. There should be an auto-generated Name and Description, which should be fine to keep.  Or you can apply your own settings like geog868_securitygroup and Security rules for my Geog 868 ArcGIS Enterprise instance

    The security group will be configured with two rules, one for allowing http connections from anywhere, and the other for allowing https connections from anywhere.  In order to connect to the instance using the Windows Remote Desktop Connection app, we need to add another rule allowing RDP (Remote Desktop Protocol) connections.  
  15. Beneath the existing two rules, click the Add security group rule button.  
  16. Under Type, select rdp.  
  17. Next, choose My IP from the Source type dropdown list.

    Important: You've just specified that your instance should accept remote desktop connections from only your current IP address, and you'll shortly make your first remote desktop connection. It's possible that your IP address will change over the rest of the term. For example, your Internet service provider might use dynamic IP address assignment. Or you might be working on a laptop in a different location. If that's the case, then you'll need to come back and edit your RDP rule to accept connections from whatever your new IP address happens to be at that time. Alternatively, you could also choose to set the Source to Anywhere - IPv4, which would allow any IP address to attempt an RDP connection, but eliminate the need to update the RDP rule whenever your connecting-from IP address changes. For a low-stakes instance such as the one you're using in this class, you may decide it's worth the risk. (Anyone wanting access to your instance would still need to supply your password. More on that below.)
     
  18. Leaving the storage options unchanged, click the Launch instance button in the lower right.
  19. On the page that follows, there will hopefully be a green box indicating Success.  You should see a link containing a randomly-generated instance ID.  Click that link to open the EC2 Console up to a summary of your newly created instance. 

    Your instance is now running, but it will take a few minutes before it is ready to use.  This is easier to see if you click the Instances link in the left-hand pane, opening up a table listing all of your instances.  You should see an entry for the instance you just launched. The instance is running (shown under Instance state), but still initializing (shown under Status check).

    It should take anywhere from 5-30 minutes for your instance to be ready for use. You'll know it's ready when you see the Status change from Initializing to 2/2 checks. The Status sometimes fails to refresh itself, so you can click the Refresh button (built into the console, not your browser's) every few minutes if you don't see the 2/2 checks status.

    Note: If the status check reports a failure (i.e., 0 or 1 passed checks), troubleshooting is often as simple as turning the instance off and on again. Do this by right-clicking on the instance, selecting Stop Instance, waiting until its state changes to Stopped, then right-clicking and selecting Start Instance.

    Your instance should appear with the name you assigned as part of the launch configuration.  If you'd ever like to change that, you can hover your mouse over the instance's Name field, and click on the pencil icon that appears. 

    Every instance you create has a public-facing address, or Public DNS that can be used to reference the instance from anywhere on the Internet. The challenge is that this address changes every time you stop and then start your instance. To give your machine a more permanent address, you'll set up an Amazon Elastic IP. This is an unchanging address that Amazon allocates to you for your use. You can then associate it with any instance you choose. Every time you stop and start the instance, you'll associate it with this IP address.  Let's get one of these elastic IPs while we wait for the instance to finish initializing.
  20. In the left-side navigation pane of the Console, under Network & Security, click Elastic IPs.
  21. Click Allocate Elastic IP Address, accept all of the default settings in the resulting panel, and click Allocate.

    You should see a message in a banner along the top of the page indicating that your request was successful along with the address that was allocated to you, such as 107.20.220.152. You might write down your IP address, but you should be able to easily locate it in the AWS Console when you need to.
  22. As you did with the instance, you may want to assign a name to your new Elastic IP address. Hover your mouse over the Name field and click the pencil icon to assign a name like geog868_elasticip.
  23. You'll now want to associate the new Elastic IP address with your instance. Performing this step can be initiated by clicking the Associate this Elastic IP address button on the message banner, or by selecting Actions > Associate Elastic IP address.
  24. Either way, you'll be shown a page with a box for specifying the instance ID. Click in this Instance box, and you should see a list of the instances you've launched. Choose the correct instance and then click the Associate button. You'll now be able to access your instance through a consistent IP address, even after stopping/re-starting it.

There were a lot of steps involved in launching this instance and some of it may have seemed confusing, but the good news is you should not need to go through these steps again. Stopping and re-starting your instance now that it's been created is a much simpler process.

D. Starting and Stopping your Instance via the AWS Management Console

Whether starting or stopping your instance, you'll want to be viewing the Instances page in the AWS Management Console.

When you've finished your coursework for the day, you can Stop your instance as follows:

  • Right-click on the instance, and select Stop instance.

When you want to Start your instance:

  • Right-click on the instance, and select Start instance.

Note: The biggest benefit to having a consistent IP address associated with an ArcGIS Enterprise/Server instance comes when you're using it to develop map/feature/geoprocessing services to be consumed by an app or a third party. A constantly changing IP address would render such services practically unusable. We won't be authoring such services in this course, though you can check out our Cloud & Server GIS course if you're interested in learning how to do that. In this course, the benefit to the Elastic IP will be avoiding the need to locate the instance's new Public DNS address each time you want to re-start it and connect to it through remote desktop. If you'd rather not bother with associating an Elastic IP with your instance, then you're welcome to skip that step and instead look up the instance's new Public DNS and connect through that address.

If you just completed section B above, then your Enterprise Geodatabase instance is currently running, and we're going to work with it in the next section. If you are going to continue on, you don't need to stop your instance now. But be sure to stop it when you're ready to quit working.

E. Logging in to your Enterprise Geodatabase Instance

Now that your site has been created, you can get ready to log in to the instance and start working with your software.

Your instance needs to be running, so if you did Stop it at the end of the previous section, open the AWS Management Console and Start it again.

Recall that when launching the instance, you created a new Security Group and added a security rule allowing remote desktop connections.  With that done, there are two bits of information we'll need to make a connection: the instance's IP address and the password of the Administrator account.

  1. Open the Windows Remote Desktop Connection app on your machine. (If you're working on a Mac, which you're welcome to do for Lessons 6-8, the Microsoft Remote Desktop app should operate much the same as what's described here.)
     
  2. In the Remote Desktop Connection dialog, expand the Show Options list > Local Resources tab > More button and ensure that the box for Drives is checked, then click OK. This will permit you to copy data from your machine on to the remote machine (in this case, your Amazon EC2 instance).
     
  3. Under the General tab, type or paste the Elastic IP of your instance into the Computer input box.  Before attempting to connect, let's get the password assigned to the Administrator account by AWS.

  4. In your web browser, return to your list of EC2 Instances in the AWS Management Console, right-click your instance name, select Security > Get Windows Password, then follow the Upload private key file button to browse to the key pair file you downloaded to your local machine when launching the instance. (It's the .pem file.)

    The text box will fill with the key pair information.

  5. Click on Decrypt Password. The Password can be seen at the bottom of the window.

    Click the Copy button next to the password. 

    Hit the OK button to dismiss the password dialog.
     
  6. Back in the Remote Desktop app, in the User name input box, type Administrator, then click the Connect button.
     

  7. In the Windows Security dialog, log in with the following credentials:

    User name: Administrator
    Password: the password you decrypted in the AWS Management Console

    Click OK.

  8. You'll probably receive a warning that "the identity of the remote computer cannot be verified." Go ahead and answer Yes, that you want to connect anyway.

    You should see the desktop of your remote instance open up.

F. Disabling IE ESC

As a security precaution, it's usually not a good idea to go around browsing the web from your production server machine. To do so is to invite malware intrusions onto one of your most sensitive computers. The operating system on your instance, Windows Server 2016, enforces this by blocking Internet Explorer from accessing most sites. This is called IE Enhanced Security Configuration (ESC). IE ESC gets burdensome when you're using the server solely for development or testing purposes, like we are. To smooth out the workflows in this course, you'll disable IE ESC right now and leave it off for the duration of the course.

  1. In your remote instance, go to Start > Server Manager.
  2. Click Local Server.
  3. Scroll over to the right and find IE Enhanced Security Configuration. Click the On link to access the options for turning it off.
  4. Select Off for both Users and Administrators and click OK. (Heads-up – the IE Enhanced Security Configuration will still show “On” until you close the Server Manager.)
  5. Close the Server Manager.

G. Resetting your instance password

Amazon gave you a pretty strong password for this instance, but it's not one you're liable to remember easily. You should change the administrator password to something you'll remember.

  1. On the remote instance, click Start > Windows Administrative Tools.
  2. Click on Computer Management.
  3. Expand Local Users and Groups and click Users.
  4. In the list of users, right-click Administrator and click Set Password > Proceed. The password rules are fairly stringent; please see them in the image in Figure 6.1, below.

    Type and confirm a new password that you can remember. In the future, you can use this password when logging in to your instance.

    Close the Computer Management and Administrative Tools windows.

    Do NOT close your Remote Connection desktop.

    List of password restriction rules

    Figure 6.1: Password Security Setting Rules and Restrictions

H. Licensing ArcGIS Server on the Instance

As with the resetting of the instance password, these licensing steps need only be performed once after launching your instance.

  1. In preparation for completing the software authorization, go into the Lesson 6 module in Canvas and click on the Authorization file for ArcGIS Server link. This file has a .prvc file extension. You can download this authorization file on the instance or on your local machine.
  2. Run the Software Authorization for ArcGIS Server Authorization app on your instance (found in the ArcGIS folder on the Start menu).
  3. Select the I have received an authorization file... option, and click Browse. You should see drives from both your instance and your local machine.
  4. Locate where you stored the .prvc file you downloaded from Canvas, select it, then click Next.
  5. Select Authorize with Esri now using the Internet, and click Next.
  6. Accept the filled-in information (for one of the course authors/instructors), and click Next.
  7. Set Your Organization to Education/Student, Your Industry to Higher Education, Yourself to Student, and click Next.
  8. The Authorization Number should be filled in. Click Next.
  9. Authorization numbers may/may not also be filled in for several extensions. We won't need extensions for what we're doing in this class, so just click Next regardless.
  10. Leave the boxes for other extensions unchecked, and click Next.
  11. Click Finish.

I. Installing SQL Server Express on the instance

Esri supports the implementation of enterprise geodatabases using a number of relational database management packages (e.g., Oracle, SQL Server, Postgres). To expose you to another RDBMS that's commonly used in the industry, I'm going to ask you to install SQL Server Express. (This is a free, lite version of Microsoft's SQL Server package. For everything we'll do in this class, the two SQL Server packages operate the same.)

  1. In Canvas, download the SQL Server Express 2017 executable and copy it to your instance.
  2. Run the executable, choosing the Basic installation type.

    After a few minutes, you should see that installation completed successfully. We'll also want to install SQL Server Management Studio, an app that's analogous to pgAdmin from earlier in the course.
  3. Click the Install SSMS button at the bottom of the SQL Server Express installation dialog, which should open a page in your web browser.
  4. Locate and click on the Free Download for SQL Server Management Studio (SSMS) link.
  5. Run the SSMS installation executable, clicking Install on the resulting dialog.

With that, we're ready to begin playing with our enterprise geodatabases. First, you'll read a bit about ArcSDE, a technology that enables the ArcGIS products to work with data stored in an RDBMS.

Credit for all screenshots: © Penn State is licensed under CC BY-NC-SA 4.0