In an organization where downtime must be minimized, Portal for ArcGIS needs to be configured in a highly available fashion. The way you achieve this is by installing the software on two machines. On the first machine, you will create the portal. The second machine will then join that portal.
Configuring high availability is an advanced task that requires an extensive understanding of portal administration, scripting, and networking. Before you install and configure Portal for ArcGIS, you'll be required to configure your organization's load balancer to forward requests to the portal software. Additionally, you'll also need to set up a file server to contain the portal's content directory. It's recommended that you coordinate with your organization's information technology staff so they understand the requirements for configuring a highly available portal.
In this architecture, a load balancer or reverse proxy server is configured and acts as a gateway to the organization. If you intend to use web-tier authentication, ArcGIS Web Adaptor is required. The Web Adaptor can also be the gateway if your web server is highly available. Otherwise, you can configure a second Web Adaptor. In this case, the load balancer must have already been configured with the portal. If you're not using web-tier authentication, ArcGIS Web Adaptor is not required.
Both portal machines include databases that store information about content. The database on the first machine replicates changes to the database on the second machine. An index service keeps users and item searches in sync between both machines.
If you'll be using ArcGIS Server with your highly available portal, it's recommended that you use the network load balancer to balance requests between the two components. This ensures that requests from ArcGIS Server are sent to the portal in a highly available fashion. If you are using the load balancer as the gateway and you don't want to use it for internal communication with ArcGIS Server as well, you can add a second network load balancer that is only available internally. If you are using ArcGIS Web Adaptor as the gateway, all public traffic is handled by the Web Adaptor and all internal traffic is handled by the added load balancer that's directly in front of the two portal machines balancing to port 7443.
Prerequisites for configuring a highly available portal
To configure high availability for your portal, the following components are required:
Load balancer—A third-party component that uses a distribution algorithm to load balance network traffic across both portal machines, helping to enhance the scalability and availability of the portal. It must provide high availability by detecting machine failures and automatically redistributing traffic to the available portal machine. The load balancer context name must be set to be the same context as the context for ArcGIS Web Adaptor (for example, https://lb.domain.com/portal if the Web Adaptor context is portal). Set the load balancer context to arcgis if you are not using ArcGIS Web Adaptor. A network load balancer is optional if you use ArcGIS Web Adaptor as the gateway.
Highly available file server—A third-party component that stores and shares the portal's content directory. The file directory you select must be accessible by both machines and the account that will be used to run the portal (known as the Portal for ArcGIS account). This can be a local or domain account. If it is a local account, it must exist on both portal machines.
Two Portal for ArcGIS machines—You'll need two separate machines installed with Portal for ArcGIS to configure high availability. These machines must meet the minimum operating system requirements and be configured with the same Portal for ArcGIS account.
ArcGIS Web Adaptor—An optional component included with Portal for ArcGIS that you can use to provide web-tier authentication. If you're not using web-tier authentication, ArcGIS Web Adaptor is not required. To learn more, see About ArcGIS Web Adaptor.
ArcGIS Server—An optional component that makes GIS web services available to others in your organization. Using ArcGIS Server with your portal provides many benefits as described in About using your server with Portal for ArcGIS. If you'll be federating your ArcGIS Server site with your portal, there are some additional steps you'll need to perform as described below.
Caution:
If you plan to use ArcGIS Web Adaptor (IIS) for web-tier authentication, you'll need to perform some complex configuration steps in IIS to ensure the Web Adaptor works correctly with your highly available portal deployment. It's recommended you review the configuration steps in Step 7 to ensure your organization can support web-tier authentication in IIS.
Configuring a highly available portal
To configure your portal to be highly available, follow these steps.
Note:
To upgrade your highly available portal to 10.4.1, follow the steps in the upgrade section below.
- Set up the portal content directory on a file server
- Install and configure the first portal machine
- Install and configure the second portal machine
- If using web-tier authentication, install and configure ArcGIS Web Adaptor
- Configure a network load balancer
- Install and configure the second ArcGIS Web Adaptor
- Configure web-tier authentication in IIS
- Federate an ArcGIS Server site with your portal
Step 1: Set up the portal content directory on a file server
In a highly available configuration, the portal's content directory is shared between both machines. You must set up the content directory so that it is accessible by both machines and the account that will be used to run the portal (known as the Portal for ArcGIS account). This can be a local or domain account. If it is a local account, it must exist on both portal machines.
- On the file server, create a directory for the portal's content directory, and share it so that it can be accessed by both portal machines. For example, \\share\portal\content.
- Grant the Portal for ArcGIS account Full control level file permissions to the folder.
- Verify that the directory can be accessed by the Portal for ArcGIS account on both machines.
If you need to change the content directory location once your portal has been configured, see Changing the portal content directory for details.
Step 2: Install and configure the first portal machine
- On the first portal machine, open the ports described in Ports used by Portal for ArcGIS. Additionally, open ports 57800, 57900, 57950, and 57975. These ports are used by an index service to keep users and item searches in sync between both portal machines.
- Install Portal for ArcGIS on the first machine. For full instructions, see Installing Portal for ArcGIS.
- Open the portal website and create a portal. The URL to the website is formatted https://p1.domain.com:7443/arcgis/home. When you create a portal, you define information and credentials for the initial administrator account and specify the location for the content directory. Ensure that the content directory location can be accessed by both portal machines. The initial administrator is not an operating system account, and it has no relation to the Portal for ArcGIS account. To learn more about the Portal for ArcGIS account, see the Portal for ArcGIS account. You can change this account by following the instructions in Changing the Portal for ArcGIS account.
- When the portal is created, you'll see a message stating that the portal will be restarted. Click OK.
Step 3: Install and configure the second portal machine
- On the second portal machine, open the ports described in Ports used by Portal for ArcGIS. Additionally, open ports 57800, 57900, 57950, and 57975. These ports are used by an index service to keep users and item searches in sync between both portal machines.
- Install Portal for ArcGIS on the second machine. For full instructions, see Installing Portal for ArcGIS.
- Open the portal website and join the portal you created in Step 2. The URL to the website is formatted https://p2.domain.com:7443/arcgis/home. You cannot join a portal through ArcGIS Web Adaptor. Ensure that both portal machines are at the same version of Portal for ArcGIS and that the two installations are licensed at the same level.
- Click Join existing portal.
- Enter the Portal URL for the existing portal you want to join. This URL is formatted https://p1.domain.com:7443.
- Enter an Administrator Username and Administrator Password for the existing portal.
- Click Join.
- Optionally, you can define the portal's failover properties. A highly available portal checks to see if a failure has occurred with the portal machines. You can define the interval in seconds and frequency for checking machine status using the steps below. These properties must be changed on each machine in the portal and should be the same on both machines.
- Go to <installdir>\ArcGIS\Portal\framework\etc and open portal-ha-config.properties.
- Edit the portal.ha.monitor.interval property to set the time to wait between checks. The default is 30 seconds.
- Edit the portal.ha.monitor.frequency property to define the number of times the check will take place before failover. The default is 5 times.
- Save the portal-ha-config.properties file.
Note:
Keep the failover properties identical across both portal machines.
Step 4: Install and configure ArcGIS Web Adaptor
If you'll be using web-tier authentication, you're required to install and configure ArcGIS Web Adaptor. You can only use the Web Adaptor with web server ports 80 and 443. Using different ports is not supported. If you're not using web-tier authentication, ArcGIS Web Adaptor is not required.
- Install ArcGIS Web Adaptor on a web server machine. For full instructions, see the installation topic for IIS, Java (Windows), or Java (Linux).
- Configure the Web Adaptor with the first portal machine. When specifying the Portal URL, enter the URL of one of the portal machines, for example, https://p1.domain.com:7443. For instructions, see the configuring topic for IIS, Java (Windows), or Java (Linux).
Note:
You cannot create or join a portal through the Web Adaptor. Use the portal website URLs in the format https://portal.domain.com:7443 for creating the portal and for joining the portal.
Step 5: Configure a network load balancer
- Set the load balancer context name to arcgis (for example, https://lb.domain.com/arcgis) if there's no Web Adaptor configured. Set the context name to be the same as the Web Adaptor context otherwise.
- Configure HTTPS on the network load balancer. This is necessary as Portal for ArcGIS requires HTTPS for some communication. Consult the product documentation for your load balancer to learn how to set up HTTPS.
- Configure your load balancer to distribute requests to both of your portal machines (p1.domain.com and p2.domain.com).
- If you're not using web-tier authentication, configure the load balancer to send requests to ports 7080 (HTTP) and 7443 (HTTPS). By default, Portal for ArcGIS uses these ports for communication; you'll need to include these ports as part of the configuration. For example, on Apache, the ports are specified in the httpd.conf and httpd-ssl.conf configuration files. To learn more, see Ports used by Portal for ArcGIS. In the load balancer configuration, set an X-Forwarded-Host header. Portal for ArcGIS expects to see this property set in the header sent by the load balancer and will return requests to the load balancer that match the load balancer's URL. For example, a request to the ArcGIS Portal Directory (https://lb.domain.com/arcgis/sharing/rest) will be returned to the client as the same URL. If the property is not set, Portal for ArcGIS may return the URL of the internal machine where the request was directed (for example, https://p1.domain.com/arcgis/sharing/rest instead of https://lb.domain.com/arcgis/sharing/rest). This is problematic, as clients will not be able to access this URL (commonly noted as a browser 404 error). Also, the client will have some knowledge about the internal machine.
- If you're using web-tier authentication, configure the load balancer to send requests to ports 80 (HTTP) and 443 (HTTPS). You can only use ArcGIS Web Adaptor with web server ports 80 and 443. Using different ports is not supported.
- Set the WebContextURL property.
- Open a web browser and sign in to the ArcGIS Portal Directory as an Administrator of your organization. The URL is formatted https://portal.domain.com:7443/arcgis/portaladmin.
- Click System > Properties > Update Properties.
- On the Update System Properties dialog box, insert the following JSON, substituting your own load balancer URL.
{ "WebContextURL": "https://lb.domain.com/arcgis" } - Click Update Properties.
Step 6: Install and configure the second ArcGIS Web Adaptor to achieve web server tier high availability
The second Web Adaptor can only be configured if the portal already has the WebContextURL property configured.
- Install ArcGIS Web Adaptor on a web server machine. For full instructions, see the installation topic for IIS, Java (Windows), or Java (Linux).
- Configure the Web Adaptor with the portal. When specifying the Portal URL, enter the URL of one of the portal machines, for example, https://p1.domain.com:7443. For instructions, see the configuring topic for IIS, Java (Windows), or Java (Linux).
Step 7: Configure web-tier authentication in IIS
If you have two Web Adaptors (IIS) behind your load balancer, you'll need to perform some additional configuration steps in IIS to ensure web-tier authentication works correctly with your highly available portal deployment. For more information about web-tier authentication, see Use Integrated Windows Authentication with your portal.
For full instructions, see technical article 000012357 on the Esri Support website.
Step 8: Federate an ArcGIS Server site with your portal
- Set up a load balancer following the steps in Step 5. The load balancer will balance directly to port 7443 on both portal machines. The load balancer context must be arcgis, for example, https://lb.domain.com:7443/arcgis.
- Set the privatePortalURL property.
- Open a web browser and sign in to the ArcGIS Portal Directory as an Administrator of your organization. The URL is formatted https://portal.domain.com:7443/arcgis/portaladmin.
- Click System > Properties > Update Properties.
- On the Update System Properties dialog box, insert the following JSON, substituting your own load balancer URL.
{ "privatePortalURL": "https://lbprivate.domain.com:7443/arcgis" } - Click Update Properties.
- Follow the instructions in Federating an ArcGIS Server site with your portal to federate the server with your highly available portal deployment.
Upgrade a highly available portal
Upgrading a highly available portal to 10.4.1 involves the steps described in the sections below.
Delete the highly available configuration
The steps to delete your highly available configuration depend on the version of your current portal. Follow the steps below for the correct version of the portal you are upgrading to 10.4.1.
Delete the configuration for Portal for ArcGIS 10.3.1 and 10.3
- On the first portal machine, log in with the Portal for ArcGIS account (selected in Step 2).
- Open a command prompt as an administrator (Run as administrator), browse to <Portal for ArcGIS installation directory>\tools\portalha, and run the portalha.bat tool with the -d command (for example, portalha.bat -d).
- Type Y and press Enter to delete the configuration.
- If you use ArcGIS Web Adaptor, uninstall both of the Web Adaptors. For instructions, see the uninstallation topic for IIS, Java (Windows), or Java (Linux).
Delete the configuration for Portal for ArcGIS 10.4
- Open a web browser and sign in to the ArcGIS Portal Directory on the primary machine. The URL is in the format https://p1.domain.com:7443/arcgis/portaladmin.
- Go to Machines > Unregister.
- Choose the standby machine from the drop-down menu and click Unregister. Allow a few minutes for the portals to restart after unregistering the standby machine.
- If you use ArcGIS Web Adaptor, uninstall both of the Web Adaptors. For instructions, see the uninstallation topic for IIS, Java (Windows), or Java (Linux).
Upgrade the first portal machine
- Delete the high availability configuration as described in Delete the highly available portal above.
- Install Portal for ArcGIS 10.4.1. You do not need to uninstall the software first; run the 10.4.1 setup on the machine to upgrade the portal. For full instructions, see Installing Portal for ArcGIS.
- Open the portal website and create a portal. The URL to the website is formatted https://p1.domain.com:7443/arcgis/home. This triggers the upgrade. Do not interrupt this process. The initial administrator is not an operating system account, and it has no relation to the Portal for ArcGIS account.
- When the upgrade completes, you'll see a message stating that the portal will be restarted. Click OK.
- Open the ArcGIS Portal Directory and sign in with the initial administrator account. The URL is formatted https://p1.domain.com:7443/arcgis/portaladmin.
- Click System > Indexer > Reindex.
- Click the Mode drop-down list, and select Full.
- Click Reindex. This step will complete the upgrade of your portal. Depending on the number of users and volume of content in your portal, it will take some time for the reindex to complete. Do not interrupt the reindex process. You can monitor the indexing status by opening a new browser window (or tab), browsing to System > Indexer > Index Status, and refreshing the page. When the store and index counts are equal, the reindex and upgrade is complete.
Upgrade the second portal machine
After completing the upgrade steps on the first portal machine, follow the steps below to upgrade the second portal machine.
- Install Portal for ArcGIS 10.4.1. Run the 10.4.1 setup on the machine to upgrade the portal. For full instructions, see Installing Portal for ArcGIS.
- Open the portal website and join the portal you created on the first portal machine. The URL to the website is formatted https://p2.domain.com:7443/arcgis/home.
Install and configure Web Adaptors
If you use ArcGIS Web Adaptor, follow the steps below to install and configure new Web Adaptors with the portal.
- Install ArcGIS Web Adaptor version 10.4.1 on a web server machine. For full instructions, see the installation topic for IIS, Java (Windows), or Java (Linux).
- Configure the Web Adaptor with the portal. When specifying the Portal URL, enter the URL of one of the portal machines, for example, https://p1.domain.com:7443. For instructions, see the configuring topic for IIS, Java (Windows), or Java (Linux).
- Set the WebContextURL property.
- Open a web browser and sign in to the ArcGIS Portal Directory as an Administrator of your organization. The URL is formatted https://portal.domain.com:7443/arcgis/portaladmin.
- Click System > Properties > Update Properties.
- On the Update System Properties dialog box, insert the following JSON, substituting your own load balancer URL.
{ "WebContextURL": "https://lb.domain.com/arcgis" } - Click Update Properties.
- Reconfigure the first Web Adaptor once the WebContextURL property has been set.
- Install the second ArcGIS Web Adaptor and configure it with your portal.
Upgrade remaining ArcGIS components
Upgrade the remaining ArcGIS components in your deployment to 10.4.1. These must be updated to 10.4.1 to be used with your high availability configuration. Upgrade the following components:
- ArcGIS Server (run the 10.4.1 setup to upgrade)
- ArcGIS Data Store (run the 10.4.1 setup to upgrade)
Tip:
Upgrade Portal for ArcGIS outlines additional considerations when upgrading your deployment to 10.4.1.