Configure highly available ArcGIS Enterprise with AWS storage services—ArcGIS Enterprise on AWS

Portal for ArcGIS stores information about portal items in the portal content directory. When you configure a highly available portal, the two portal machines share the content directory. To make your content highly available, you need to store your Portal for ArcGIS content directory in a highly available, shared location. You can use Amazon Web Services (AWS) storage services for this.

In this workflow, you will create a bucket on AWS simple storage service (S3), create one ArcGIS Enterprise deployment using an Esri Amazon Machine Image (AMI), create a portal that uses the S3 bucket for its content directory, launch a second ArcGIS Enterprise deployment using an Esri Amazon Machine Image (AMI), and join the second portal to the portal on the first instance you launched.

Create a highly available portal with content directory on AWS

Follow these steps to create a highly available portal that uses an AWS S3 bucket to store the portal's content directory, thereby making the content directory highly available as well.

Create an AWS S3 bucket using the AWS Management Console. Create the bucket in the same region in which you will create your portal machines.
Use one of the Esri AMIs to launch an instance on AWS.
Note that if this is the first time using a particular AMI, you must first read and accept AWS Marketplace terms before launching the instance.
Create an Amazon Elastic IP and associate it with the instance.
Optionally set up CNAME mapping to create a more user-friendly Domain Name System (DNS) hostname.
Create a remote connection to the instance.
Start Portal for ArcGIS.
- On a Windows instance, start the Portal for ArcGIS service from the Windows Services panel.
- On an Ubuntu instance, log in as the arcgis user and run startportal.sh in /arcgis/portal to start Portal for ArcGIS.
Run the Portal for ArcGIS Software Authorization wizard to license your portal.

Do not proceed with creating a site from the portal website. You must open the ArcGIS Portal Directory, and create the portal there.

Open the ArcGIS Portal Directory. The URL is in the format https://portal.domain.com:7443/arcgis/portaladimin.
Click Create New Site.
Provide a user name, password, first and last name, email address, and security question and answer for the initial portal administrator account.
Copy one of the following blocks of JSON and paste it into the Content Store field. Be sure to replace connectionString values with information specific to your account and implementation. For the objectStore, provide the name of the S3 bucket you created in step 1 to store the content directory.
Use this JSON if you want to access the S3 bucket using the accessKeyId and secretAccessKey of your AWS account:
```
{
"type": "cloudStore",
"provider": "Amazon",
"connectionString": {"accessKeyId":"ABCDEFGHIJK123456","secretAccessKey": "ZYXWVUTSRQPONML98765432","region": "<region name>","credentialType": "accessKey"},
"objectStore": "<your S3 bucket>"
}
```
Use this JSON if you want to access the S3 bucket through an IAMRole you configured for your AWS account:
```
{
"type": "cloudStore",
"provider": "Amazon",
"connectionString": {"region": "<region name>","credentialType": "IAMRole"},
"objectStore": "<your S3 bucket>"
}
```
Click Create New Site.

Next, configure ArcGIS Web Adaptor.

Enable HTTPS on at least the ArcGIS Web Adaptor directory, using a CA-signed certificate.
The certificate is issued to the public DNS hostname for the Elastic IP or the CNAME DNS hostname that maps to the Elastic IP.
Note:
Do not use a self-signed certificate when running Portal for ArcGIS.
Configure ArcGIS Web Adaptor with Portal for ArcGIS. You can do this from a web browser on the local machine or from command line on Ubuntu.
1. If running from a web browser, open the ArcGIS Web Adaptor configuration page.
  The web adaptor registration page opens automatically when you install; however, change the URL to use the elastic IP of the AWS instance or the CNAME DNS hostname where ArcGIS Web Adaptor is installed. For example, change the URL from https://localhost/arcgis/webadaptor to https://<Elastic IP>/arcgis/webadaptor or https://<CNAME DNS hostname>/arcgis/webadaptor.
2. Use the elastic IP or CNAME DNS hostname in the URL rather than the portal machine name in the Portal URL. For example, type https://<Elastic IP>:7443/arcgis or https://<CNAME DNS hostname>:7443/arcgis.

Your first portal machine is now configured. Now, launch a second instance, authorize Portal for ArcGIS on it, and join it to the first portal.

Use the Esri AMI to launch a second instance.
Create a remote connection to the second instance and start Portal for ArcGIS.
Authorize Portal for ArcGIS on the second instance.
Open the portal website for the second Portal for ArcGIS installation (https://<fully qualified instance2 name>:7443/arcgis/home) and choose to Join existing portal.
Enter the Portal URL for the portal you configured on the first instance. The URL is in the format https://<fully qualified instance1 name>:7443.
Enter the user name and password for the initial portal administrator you created in step 9.
Click Join.

You now have two AWS instances running Portal for ArcGIS using a shared, highly-available content directory stored on AWS S3.

Note:

If you delete the portal deployment in future, you must manually empty and delete the S3 bucket used for the content directory; uninstalling Portal for ArcGIS will not delete the content directory or the bucket.

Next steps

To take advantage of publishing and analysis workflows, you need to configure a hosting server for your portal. Follow the instructions in these topics to manually configure a highly available GIS Server site and ArcGIS Data Store on AWS, and set the GIS Server site as your portal's hosting server.

Configure a highly available GIS Server with shared configuration store on AWS storage services.
Start and configure a relational data store.
You can launch two additional AWS instances from an Esri AMI to run ArcGIS Data Store on, or start ArcGIS Data Store on your two existing Portal for ArcGIS instances.
1. Once ArcGIS Data Store is started on a new instance or on the first Portal for ArcGIS instance, open the Data Store Configuration wizard on that instance to create a relational data store and register it with the highly available GIS Server site you configured in the previous step. The Data Store Configuration wizard URL is in the format https://<fully qualified instance name>:2443/arcgis/datastore. See Create a data store for instructions on creating a relational data store.
2. Once ArcGIS Data Store is started on the second new instance or second portal instance, open the Data Store Configuration wizard on that instance to create a relational data store and register it as the GIS Server site's standby data store. See Add a machine to your data store for instructions.
Federate the highly available GIS Server site with your portal.
Set the highly available GIS Server site as your portal's hosting server.
If you will use the webgisdr tool to create backups of your highly available ArcGIS Enterprise deployment, you must create an S3 bucket for the portal content directory backup. Beginning with 10.5.1, you can also create an S3 bucket to store the base ArcGIS Enterprise deployment backup. See Create an ArcGIS Enterprise backup in the Portal for ArcGIS Administrator Guide for instructions.
If you add a tile cache data store to your deployment and your hosting server machines have Windows Server 2016 operating systems, you must make a remote desktop connection to each machine in the hosting server site and enable SSL 3.0 in the Internet options. See Esri technical article 000016013 for instructions on enabling SSL 3.0 on Windows Server 2016.

Feedback on this topic?