You can export the components of your ArcGIS Enterprise deployment to a backup file that can later be used to restore your deployment in the event of hardware failure or data loss. The file includes your portal items and settings, hosted web layers, federated and hosting server settings, and, if using ArcGIS Data Store, your hosted feature layer data and hosted scene layer caches. The size of the backup file and the time it takes to create it vary depending on how many items are in your portal, the number and type of hosted web layers you have, how many federated servers you have, and how many ArcGIS Server machines are in your hosting and federated servers. When you back up a deployment that does not contain any data or services, the file that is generated is approximately 400 MB in size. Your file will always be larger than that.
Use the webgisdr utility with the export operation and a properties file to create a backup of ArcGIS Enterprise. You can find the utility in the Portal for ArcGIS tools directory. The following criteria must be met to use this utility:
- The shared directory you specify must be large enough to contain the exported file. Do a test export of your ArcGIS Enterprise deployment to get an idea how large the file will be, decide how many files you intend to keep in the shared directory, and size the directory accordingly.
- The domain account or accounts you use to run your ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store services must have write access to the shared directory you specify for the backup files.
- The backup for each component is placed in a temporary directory on each component's machine before being moved to the shared directory you specify; therefore, the following directories must be large enough to contain the backup of each component:
- Portal for ArcGIS: <Portal_content_directory>\temp
- ArcGIS Server: C:\Users\<user>\AppData\Local\Temp
- ArcGIS Data Store: <ArcGIS_Data_Store_directory>\temp
- The ArcGIS Data Store relational data store in your ArcGIS Enterprise deployment must have point-in-time recovery enabled if you intend to create incremental backups (BACKUP_RESTORE_MODE = incremental).
Follow these steps to create a backup of your ArcGIS Enterprise deployment:
- Make a copy of the template properties file. You can save the copy in the same directory as the template or to a new directory.
The template properties file—webgisdr.properties—is installed in C:\Program Files\ArcGIS\Portal\tools\webgisdr by default.
In this example, the copy of the file is named mywebgis.properties and saved in C:\propfiles.
- Open the copy of the properties file and edit it to include information specific to your site.
- PORTAL_ADMIN_URL = <portal admin directory URL>
Specify the URL of the Portal for ArcGIS admin directory. Use the format https://portalhostname.domain.com:7443/arcgis, where portalhostname.domain.com is the fully qualified name of the machine where Portal for ArcGIS is installed.
- PORTAL_ADMIN_USERNAME = <portal administrator user name>
Specify the user name of a portal member assigned to the Esri-defined Administrator role.
- PORTAL_ADMIN_PASSWORD = <portal administrator password>
Specify the password of the portal administrator account.
- PORTAL_ADMIN_PASSWORD_ENCRYPTED = <true | false>
Set this option to false the first time you populate the file with your administrator password. When you save the file, your password is encrypted and the value for PORTAL_ADMIN_PASSWORD_ENCRYPTED is set to true to indicate the password has been encrypted. If you need to change the password in the future, set PORTAL_ADMIN_PASSWORD_ENCRYPTED = false, provide your new administrator password, and save the file.
- BACKUP_RESTORE_MODE = <full | incremental>
If you only create full backups, you can set this property to full. To decrease the size of backups, though, you can create two different properties files—one with BACKUP_RESTORE_MODE = full, which you would use occasionally to create full backups, and one with BACKUP_RESTORE_MODE = incremental to generate incremental backups between full backups. Each incremental backup contains all changes since the last full backup.
- SHARED_LOCATION = <location for backup files>
Designate a shared location in which to create a temporary copy of the backup files for ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store. The domain account that runs the ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store service and the account running the webgisdr utility must have write access to this location. Be sure the location is large enough to hold the backup files for each component. Though the files are compressed, they can be quite large, depending on the amount and type of data you have. If you have hosted scene layers and caches and set INCLUDE_SCENE_TILE_CACHES to true, the ArcGIS Data Store backup file can be especially large.
Legacy:
At Portal for ArcGIS 10.4, this property was SHARED_FOLDER.
- INCLUDE_SCENE_TILE_CACHES = <true | false>
If you publish hosted scene layers to your portal and want to include the scene cache data in the backup, set INCLUDE_SCENE_TILE_CACHES to true. Be aware that, if set to true, all scene cache data is included in the backup, not just the new cache data created since your last backup. If you know that no new scene caches have been created since your last backup or if you do not publish scenes to your portal, you can set INCLUDE_SCENE_TILE_CACHES to false.
- BACKUP_STORE_PROVIDER = {FileSystem | AmazonS3 | AzureBlob}
Define whether you want to save the webgissite backup file on the file system or on cloud storage.
If you want to store your ArcGIS Enterprise backup in a file share location on premises, specify FileSystem, and the webgisdr utility will store your backup files in the file share you specify for BACKUP_LOCATION.
If you want to store your ArcGIS Enterprise backups in an Amazon Simple Storage Service (S3) bucket, create an S3 bucket specifically for storing backup files generated by the webgisdr utility, and update the S3 properties with the information needed to access your bucket.
If you want to store your ArcGIS Enterprise backups in Azure Blob storage, create an Azure Blob storage container specifically for storing backup files generated by the webgisdr utility, and update the Azure properties with the information needed to access your container.
- BACKUP_LOCATION = <location of on-premises backup file>
Designate the location for the webgissite backup file.
Backup files are initially stored in the SHARED_LOCATION but are copied to the BACKUP_LOCATION. Be sure the location is large enough to hold the backup file. Although the file is compressed, it can be quite large depending on the amount and type of data you have. The account that runs the webgisdr utility must have write access to the BACKUP_LOCATION.
If you set BACKUP_LOCATION to a folder, the disaster recovery tool imports the latest backup file available in that folder. If you set BACKUP_LOCATION to a specific backup file in the folder, that file is imported by the disaster recovery tool.
- If you set BACKUP_STORE_PROVIDER to AmazonS3, provide information for the following properties:
- S3_ACCESSKEY= <The access key for your AWS account>
You only need to set this if you set S3_CREDENTIAL_TYPE=accessKey. The IAM user represented by this access key must have read and write access to the S3 bucket you specify with the S3_BUCKET property.
- S3_SECRETKEY= <The secret key for your AWS account>
Specify the secret key associated with the access key for your AWS account. This is used only if you set S3_CREDENTIAL_TYPE to accessKey.
- S3_ENCRYPTED = false
Leave this set to false. If you have S3_CREDENTIAL_TYPE set to accessKey when you run the webgisdr utility, the utility will encrypt the access key and secret key and set S3_ENCRYPTED to the encrypted access key value.
- S3_BUCKET= <name of the S3 bucket>
This is the name of the Amazon S3 bucket in which you want to store your ArcGIS Enterprise backup file.
- S3_CREDENTIAL_TYPE= <IAMRole | accessKey>
Set S3_CREDENTIAL_TYPE to IAMRole if you will access the S3_BUCKET using an AWS IAM role. Set it to accessKey if you will access the S3_BUCKET using an AWS IAM user via an access key. The IAM role or user must have read and write access to the S3 bucket you specify with the S3_BUCKET property.
- S3_REGION= <AWS region in which you created the S3 bucket>
- S3_BACKUP_NAME = <backup file name>
This property is only used when you restore an ArcGIS Enterprise deployment. Specify the name of the backup file you want to restore. If you do not specify a backup file name, the latest backup file is restored.
- S3_ACCESSKEY= <The access key for your AWS account>
- If your ArcGIS Enterprise deployment is running on AWS and your portal content directory is stored in Amazon S3, you need a backup bucket for the content directory. Create a backup bucket in S3 and set PORTAL_BACKUP_S3_BUCKET in the properties file to the name of the bucket and set PORTAL_BACKUP_S3_REGION to the AWS region in which you created the S3 bucket. See Configure highly available ArcGIS Enterprise with AWS storage services in the ArcGIS Enterprise on Amazon Web Services help for more information on this type of implementation.
Legacy:
Prior to ArcGIS Enterprise 10.5.1, the PORTAL_BACKUP_S3_BUCKET property was BACKUP_BUCKET_NAME.
- If you set BACKUP_STORE_PROVIDER to AzureBlob, provide information for the following properties:
- AZURE_BLOB_ACCOUNT_NAME = <Azure storage account>
Specify the Azure Blob storage account name.
Tip:
You specified this storage account name when you chose to Use Azure Cloud Storage for the configuration and content store on the Deployment Options panel of Cloud Builder.
- AZURE_BLOB_ACCOUNT_KEY = <account key>
Specify the account key associated with your Azure Blob storage account.
- AZURE_BLOB_ACCOUNT_KEY_ENCRYPTED = false
Specify false when you first add the ACCOUNT_KEY values to the file. When you save the webgisdr.properties file, the key will be encrypted and the tool will set these properties to true.
- AZURE_BLOB_CONTAINER_NAME = <Name of your Azure Blob storage container>
Specify the Blob container name.
- AZURE_BLOB_ACCOUNT_ENDPOINT_SUFFIX = <Blob storage account endpoint>
Specify the Blob service storage account endpoint.
- (Optional) AZURE_BLOB_ENDPOINT_URL = <Blob service URL>
Specify the Blob service endpoint URL if you are using a custom blob storage endpoint. If you aren't using a custom endpoint, don't uncomment this line. The default URL is in the format https://<BLOB_ACCOUNT_NAME>.blob.core.windows.net.
- AZURE_BLOB_ACCOUNT_NAME = <Azure storage account>
- You can also store your portal content directory in an Azure Blob storage container. If you are doing so, you need a backup bucket for the content directory in Azure. The set of properties beginning with PORTAL_BACKUP_BLOB defines the account used for the portal content directory. The values for these properties should match those set in the AZURE_BLOB section above; the definitions for that section apply here as well.
- PORTAL_BACKUP_BLOB_ACCOUNT_NAME = <Azure storage account>
- PORTAL_BACKUP_BLOB_ACCOUNT_KEY = <account key>
- PORTAL_BACKUP_BLOB_ACCOUNT_KEY_ENCRYPTED = false
- PORTAL_BACKUP_BLOB_CONTAINER_NAME = <Name of your Azure Blob storage container>
- PORTAL_BACKUP_BLOB_ACCOUNT_ENDPOINT_SUFFIX = <Blob storage account endpoint>
- (Optional) PORTAL_BACKUP_BLOB_ENDPOINT_URL = <custom Blob service URL>
- IS_PORTAL_PKI_AUTHENTICATED = <true | false>
If you have configured a public key infrastructure (PKI) to secure access to your portal, set this value to true.
Learn more about portal authentication options
If set to true, provide values for the following additional properties:
- PORTAL_CLIENT_CERTIFICATE_FILE_PATH = <full certificate file path>
Specify the full file path of the portal's PKI certificate in PKCS12 format.
- PORTAL_CLIENT_CERTIFICATE_PASSWORD = <password for certificate>
Specify the corresponding password for the PKI certificate.
- PORTAL_CLIENT_CERTIFICATE_PASSWORD_ENCRYPTED = false
When you first enter the value for the certificate password, leave this value as false. When you first run the tool after saving this value, the tool will encrypt the password and change this property to true.
- PORTAL_CLIENT_CERTIFICATE_FILE_PATH = <full certificate file path>
In this example, a full backup of the portal at URL https://portalhostname.domain.com:7443/arcgis, plus the services and settings of its hosting and federated servers, and the hosted feature layer data stored in the ArcGIS Data Store relational data store will be initially output to files in \\\\myserver\\tempbackups. The separate files will be compressed into a single backup file (entbackup) and copied to \\mybuserver\\wgbackups. Scene layer caches from the ArcGIS Data Store tile cache data store will not be included because INCLUDE_SCENE_TILE_CACHES is set to false.
PORTAL_ADMIN_URL = https://portalhostname.domain.com:7443/arcgis PORTAL_ADMIN_USERNAME = admin PORTAL_ADMIN_PASSWORD = Th3.Ad.Pass PORTAL_ADMIN_PASSWORD_ENCRYPTED = false BACKUP_RESTORE_MODE = full SHARED_LOCATION = \\\\myserver\\tempbackups INCLUDE_SCENE_TILE_CACHES = false BACKUP_STORE_PROVIDER = FileSystem BACKUP_LOCATION = \\\\mybuserver\\wgbackups\\entbackup
In this example, a full backup of the portal at URL https://portalonaws.mydomain.com:7443/gis, its content directory (stored in S3 bucket portalcontent), the services and settings of the portal's hosting and federated servers, and the data stored in the relational and tile cache data stores will be output to the S3 bucket entbackups in the AWS region eu-west-1. The backup file name is fullbackup06June. An IAM role is used to access the AWS account.
PORTAL_ADMIN_URL = https://portalonaws.mydomain.com:7443/arcgis PORTAL_ADMIN_USERNAME = entadmin PORTAL_ADMIN_PASSWORD = p0rtl.a.p PORTAL_ADMIN_PASSWORD_ENCRYPTED = false BACKUP_RESTORE_MODE = full SHARED_LOCATION = \\fileserver\backups INCLUDE_SCENE_TILE_CACHES = true BACKUP_STORE_PROVIDER = AmazonS3 S3_BUCKET = entbackups S3_CREDENTIAL_TYPE = IAMRole S3_REGION = eu-west-1 S3_BACKUP_NAME = fullbackup06June PORTAL_BACKUP_S3_BUCKET = portalcontent PORTAL_BACKUP_S3_REGION =eu-west-1
This example is for Microsoft Azure Blob storage. A full backup of the portal at URL https://portalonazure.domain.com:7443/arcgis, its content directory, the services and settings of the portal's hosting and federated servers, and the data stored in the relational and tile cache data stores will be output to the Azure blob drbackups.
PORTAL_ADMIN_URL = https://portalonazure.domain.com:7443/arcgis PORTAL_ADMIN_USERNAME = entadmin PORTAL_ADMIN_PASSWORD = p0rtl.a.p SHARED_LOCATION = \\fileserver\backups BACKUP_STORE_PROVIDER = AzureBlob AZURE_BLOB_ACCOUNT_NAME = entbackups AZURE_BLOB_ACCOUNT_KEY = <key> AZURE_BLOB_ACCOUNT_KEY_ENCRYPTED =false AZURE_BLOB_ACCOUNT_ENDPOINT_SUFFIX = core.windows.net AZURE_BLOB_CONTAINER_NAME = drbackups PORTAL_BACKUP_BLOB_ACCOUNT_NAME = entbackups PORTAL_BACKUP_BLOB_ACCOUNT_KEY = <key> PORTAL_BACKUP_BLOB_ACCOUNT_KEY_ENCRYPTED = false PORTAL_BACKUP_BLOB_ACCOUNT_ENDPOINT_SUFFIX = core.windows.net PORTAL_BACKUP_BLOB_CONTAINER_NAME = portalcontent
- PORTAL_ADMIN_URL = <portal admin directory URL>
- Save the properties file.
The PORTAL_ADMIN_PASSWORD value will be encrypted in the file and PORTAL_ADMIN_PASSWORD_ENCRYPTED is set to true once you run the webgisdr utility with this file.
- Open a command window on the Portal for ArcGIS machine, change the directory to the location of the webgisdr utility, and run the utility with the export option.
The default location of the webgisdr utility is C:\Program Files\ArcGIS\Portal\tools\webgisdr.
Syntax for the webgisdr is as follows:
webgisdr --{export | import} --file <location and name of properties file>
As mentioned previously, the properties file (mywebgis.properties) was saved in the user-created folder C:\propfiles.
webgisdr --export --file C:\propfiles\mywebgis.properties
- If your ArcGIS Enterprise deployment includes map service or hosted tile layer caches, manually make a backup copy of all directories where your cache tiles are stored (for example, the entire arcgiscache directory under C:\arcgisserver\directories\ or <ArcGIS Server installation directory>/arcgis/server/usr/directories).
These directories contain the map cache tiles and the tiling scheme file conf.xml. The cache directories may also contain a file geodatabase, status.gdb, which contains information about what tiles were built.
You can use this file to restore your ArcGIS Enterprise.