You can export the components of your ArcGIS Enterprise organization to a backup file that can later be used to restore your organization in the event of hardware failure or data loss. The file includes your portal items and settings; hosted web layers; federated and hosting server settings; and, if using ArcGIS Data Store, your hosted feature layer data and hosted scene layer caches.
The size of the backup file and the time it takes to create it vary depending on how many items are in your portal, the number and type of hosted web layers you have, how many federated servers you have, and how many ArcGIS Server machines are in your hosting and federated servers.
Use the webgisdr utility with the export operation and a properties file to create a backup of ArcGIS Enterprise. You can find the utility in the Portal for ArcGIS tools directory. Ensure you meet these criteria when using the utility:
- The shared directory you specify must be large enough to contain the exported file. To estimate how large the file will be, use the webgisdr utility with the export operation to create a test export of your ArcGIS Enterprise organization. Check the file size, decide how many files you intend to keep in the shared directory, take into account that your organization will grow over time, and size the directory accordingly. Because the file size will likely increase over time, you should continue to monitor the size of these backup files and adjust storage size as needed.
- The account that was used to install each software component in ArcGIS Enterprise must have read and write privileges on the shared directory.
- The backup for each component is placed in a temporary directory on each component's machine before being moved to the shared directory you specify. Therefore, the following directories must be large enough to contain the backup of each component:
- Portal for ArcGIS: <Portal_content_directory>/temp
- ArcGIS Server: <ArcGIS_Server_installation_directory>/temp
- ArcGIS Data Store: <ArcGIS_Data_Store_directory>/temp
- The ArcGIS Data Store relational data store in your ArcGIS Enterprise deployment must have point-in-time recovery enabled if you intend to create incremental backups (BACKUP_RESTORE_MODE = incremental).
Note:
If your portal content is stored in the file system, real-time antivirus scanning can impact the performance of the backup. Consider excluding the portal content directory and your backup SHARED_LOCATION and BACKUP_LOCATION directories from your antivirus scanner.
Follow these steps to create a backup of your ArcGIS Enterprise organization:
- Make a copy of the template properties file. You can save the copy in the same directory as the template or to a new directory.
The template properties file—webgisdr.properties—is installed in /arcgis/portal/tools/webgisdr by default.
In this example, the copy of the file is named mywebgis.properties and saved in /home/ags/arcgis/portal/propfiles.
- Open the copy of the properties file and edit it to include information specific to your site.
- PORTAL_ADMIN_URL = <portal admin directory URL>
Specify the URL of the Portal for ArcGIS admin directory. Use the format https://portalhostname.domain.com:7443/arcgis, where portalhostname.domain.com is the fully qualified name of the machine where Portal for ArcGIS is installed.
- PORTAL_ADMIN_USERNAME = <portal administrator user name>
Specify the user name of a portal member assigned to the Administrator role.
- PORTAL_ADMIN_PASSWORD = <portal administrator password>
Specify the password of the portal administrator account.
- PORTAL_ADMIN_PASSWORD_ENCRYPTED = <true | false>
Set this option to false the first time you populate the file with your administrator password. When you save the file, your password is encrypted and the value for PORTAL_ADMIN_PASSWORD_ENCRYPTED is set to true to indicate the password has been encrypted. If you need to change the password in the future, set PORTAL_ADMIN_PASSWORD_ENCRYPTED = false, provide your new administrator password, and save the file.
- BACKUP_RESTORE_MODE = <backup | full | incremental>
Specify the type of backup you want to create. The default mode is backup. See Backup modes for information on the types of backup modes. To schedule both full and incremental backups, you will need to create separate properties files for each backup mode.
- SHARED_LOCATION = <location for backup files>
Designate a shared location in which to create a temporary copy of the backup files for ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store. The account that installed ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store and the account running the webgisdr utility must have read and write privileges on this location. Be sure the location is large enough to hold the backup files for each component. Though the files are compressed, they can be quite large, depending on the amount and type of data you have. If you have hosted scene layers and caches and set INCLUDE_SCENE_TILE_CACHES to true, the ArcGIS Data Store backup file can be especially large.
Ensure any backslashes in the path are escaped. For example, C:\backupswould be entered as C:\\backups and \\fileserver\backups would be entered as \\\\fileserver\\backups. - INCLUDE_SCENE_TILE_CACHES = <true | false>
If you publish hosted scene layers to your portal and want to include the scene cache data in the backup, set INCLUDE_SCENE_TILE_CACHES to true. Be aware that, if set to true, all scene cache data is included in the backup, not just the new cache data created since your last backup. If you know that no new scene caches have been created since your last backup or if you do not publish scenes to your portal, you can set INCLUDE_SCENE_TILE_CACHES to false.
- BACKUP_STORE_PROVIDER = {FileSystem | AmazonS3 | AzureBlob}
Define whether you want to save the webgissite backup file on the file system or on cloud storage.
To store your ArcGIS Enterprise backup in a file share location on-premises, specify FileSystem, and the webgisdr utility will store your backup files in the file share you specify for BACKUP_LOCATION.
To store your ArcGIS Enterprise backups in an Amazon Simple Storage Service (S3) or an S3 compatible bucket storage location, create one specifically for storing backup files generated by the webgisdr utility, and update the S3 properties with the information needed to access your bucket.
To store your ArcGIS Enterprise backups in Microsoft Azure Blob storage, create an Azure Blob storage container specifically for storing backup files generated by the webgisdr utility, and update the Azure properties with the information needed to access your container.
Note:
If your ArcGIS Enterprise organization is on-premises but your backups are stored in the cloud, creating backups and restoring will take longer than it would if you stored your backups in an on-premises file share.
- BACKUP_LOCATION = <location of on-premises backup file>
Designate the location for the webgissite backup file.
Ensure any backslashes in the path are escaped. For example, C:\backupswould be entered as C:\\backups and \\fileserver\backups would be entered as \\\\fileserver\\backups.
Backup files are initially stored in the SHARED_LOCATION but are copied to the BACKUP_LOCATION. Be sure the location is large enough to hold the backup file. Although the file is compressed, it can be quite large depending on the amount and type of data you have. The account that runs the webgisdr utility must have read and write privileges on the BACKUP_LOCATION.
If you set BACKUP_LOCATION to a folder, the disaster recovery tool imports the latest backup file available in that folder. If you set BACKUP_LOCATION to a specific backup file in the folder, that file is imported by the disaster recovery tool.
Note:
During an export, if it is taking a long time to package the backup, consider setting the BACKUP_LOCATION to a local path. You can then copy the finished package to its intended location. Make sure there is enough space on the local drive to store the backup temporarily.
- COMPRESSION_METHOD= <copy | fastest | fast | normal | maximum | ultra>
Determine the compression method for the webgissite backup. The default value if it's not populated or commented out is copy. In most situations, this can be left commented. An administrator can choose to compress backups further at the expense of increased time to complete the backup.
- If you set BACKUP_STORE_PROVIDER to AmazonS3, provide information for the following properties:
- S3_ACCESSKEY= <The access key for your Amazon Web Services (AWS) account>
You only need to set this if you set S3_CREDENTIAL_TYPE=accessKey. The IAM user represented by this access key must have read and write access to the S3 bucket you specify with the S3_BUCKET property.
- S3_SECRETKEY= <The secret key for your AWS account>
Specify the secret key associated with the access key for your AWS account. This is used only if you set S3_CREDENTIAL_TYPE to accessKey.
- S3_ENCRYPTED = false
Leave this set to false. If you have S3_CREDENTIAL_TYPE set to accessKey when you run the webgisdr utility, the utility will encrypt the access key and secret key and set S3_ENCRYPTED to the encrypted access key value.
- S3_BUCKET= <name of the S3 bucket>
This is the name of the Amazon S3 bucket in which you want to store your ArcGIS Enterprise backup file.
- S3_CREDENTIAL_TYPE= <IAMRole | accessKey>
Set S3_CREDENTIAL_TYPE to IAMRole if you will access the S3_BUCKET using an AWS IAM role. Set it to accessKey if you will access the S3_BUCKET using an AWS IAM user via an access key. The IAM role or user must have read and write access to the S3 bucket you specify with the S3_BUCKET property.
- S3_REGION= <AWS region in which you created the S3 bucket>
- S3_BACKUP_NAME = <backup file name>
This property is only used when you restore an ArcGIS Enterprise organization. Specify the name of the backup file you want to restore. If you do not specify a backup file name, the latest backup file is restored.
- S3_ACCESSKEY= <The access key for your Amazon Web Services (AWS) account>
- If your ArcGIS Enterprise organization is running on AWS and your portal content directory is stored in Amazon S3, you need a backup bucket for the content directory. This should not be the same bucket that the portal itself is in; otherwise, a duplication of content will occur each time you perform a backup. Create a backup bucket in S3, set PORTAL_BACKUP_S3_BUCKET in the properties file to the name of the bucket, and set PORTAL_BACKUP_S3_REGION to the AWS region in which you created the S3 bucket. See Configure highly available ArcGIS Enterprise with AWS storage services in the ArcGIS Enterprise on Amazon Web Services help for more information on this type of implementation.
Note:
If your organization's machines access Amazon S3 using a VPC endpoint, cross-region copying is not allowed. When implementing geographic redundancy, create a bucket in the same region as the standby and ensure the exported portal content backup bucket is synchronized using the AWS CLI (or an automated process) prior to running the WebGISDR import operation. This replicated bucket would need to be specified in the webgisdr.properties restore file as PORTAL_BACKUP_S3_BUCKET with the appropriate region.
- If you set BACKUP_STORE_PROVIDER to AzureBlob, provide information for the following properties:
- AZURE_BLOB_ACCOUNT_NAME = <Azure storage account>
Specify the Azure Blob storage account name.
Tip:
You specified this storage account name when you chose the Use Azure Cloud Storage for the configuration and content store option in the Deployment Options panel of Cloud Builder.
- AZURE_BLOB_ACCOUNT_KEY = <account key>
Specify the account key associated with your Azure Blob storage account.
- AZURE_BLOB_ACCOUNT_KEY_ENCRYPTED = false
Specify false when you first add the ACCOUNT_KEY values to the file. When you save the webgisdr.properties file, the key will be encrypted and the tool will set these properties to true.
- AZURE_BLOB_CONTAINER_NAME = <Name of your Azure Blob storage container>
Specify the Blob container name.
- AZURE_BLOB_ACCOUNT_ENDPOINT_SUFFIX = <Blob storage account endpoint>
Specify the Blob service storage account endpoint.
- (Optional) AZURE_BLOB_ENDPOINT_URL = <Blob service URL>
Specify the Blob service endpoint URL if you are using a custom Blob storage endpoint. If you aren't using a custom endpoint, don't uncomment this line. The default URL is in the format https://<BLOB_ACCOUNT_NAME>.blob.core.windows.net.
- AZURE_BLOB_ACCOUNT_NAME = <Azure storage account>
- You can also store your portal content directory in an Azure Blob storage container. If you are doing so, you need a backup bucket for the content directory in Azure. This should not be the same bucket that the portal itself is in; otherwise, a duplication of content will occur each time you perform a backup. The set of properties beginning with PORTAL_BACKUP_BLOB defines the account used for the portal content directory. The values for these properties should match those set in the AZURE_BLOB section above; the definitions for that section apply here as well.
- PORTAL_BACKUP_BLOB_ACCOUNT_NAME = <Azure storage account>
- PORTAL_BACKUP_BLOB_ACCOUNT_KEY = <account key>
- PORTAL_BACKUP_BLOB_ACCOUNT_KEY_ENCRYPTED = false
- PORTAL_BACKUP_BLOB_CONTAINER_NAME = <Name of your Azure Blob storage container>
- PORTAL_BACKUP_BLOB_ACCOUNT_ENDPOINT_SUFFIX = <Blob storage account endpoint>
- (Optional) PORTAL_BACKUP_BLOB_ENDPOINT_URL = <custom Blob service URL>
- IS_PORTAL_PKI_AUTHENTICATED = <true | false>
If you have configured a public key infrastructure (PKI) to secure access to your portal, set this value to true.
Learn more about portal authentication options
If set to true, provide values for the following additional properties:
- PORTAL_CLIENT_CERTIFICATE_FILE_PATH = <full certificate file path>
Specify the full file path of the portal's PKI certificate in PKCS12 format.
- PORTAL_CLIENT_CERTIFICATE_PASSWORD = <password for certificate>
Specify the corresponding password for the PKI certificate.
- PORTAL_CLIENT_CERTIFICATE_PASSWORD_ENCRYPTED = false
When you first enter the value for the certificate password, leave this value as false. When you first run the tool after saving this value, the tool will encrypt the password and change this property to true.
- PORTAL_CLIENT_CERTIFICATE_FILE_PATH = <full certificate file path>
In this example, a backup of the portal at URL https://portalhostname.domain.com:7443/arcgis, plus the services and settings of its hosting and federated servers, and the hosted feature layer data stored in the ArcGIS Data Store relational data store will be initially output to files in \\\\myserver\\tempbackups. The separate files will be compressed into a single backup file (entbackup) and copied to \\mybuserver\\wgbackups. Scene layer caches from the ArcGIS Data Store tile cache data store will not be included because INCLUDE_SCENE_TILE_CACHES is set to false.
PORTAL_ADMIN_URL = https://portalhostname.domain.com:7443/arcgis PORTAL_ADMIN_USERNAME = admin PORTAL_ADMIN_PASSWORD = Th3.Ad.Pass PORTAL_ADMIN_PASSWORD_ENCRYPTED = false BACKUP_RESTORE_MODE = backup SHARED_LOCATION = \\\\myserver\\tempbackups INCLUDE_SCENE_TILE_CACHES = false BACKUP_STORE_PROVIDER = FileSystem BACKUP_LOCATION = \\\\mybuserver\\wgbackups\\entbackup
In this example, a backup of the portal at URL https://portalonaws.mydomain.com:7443/gis, its content directory (stored in S3 bucket portalcontent), the services and settings of the portal's hosting and federated servers, and the data stored in the relational and tile cache data stores will be output to the S3 bucket entbackups in the AWS region eu-west-1. The backup file name is fullbackup06June. An IAM role is used to access the AWS account.
PORTAL_ADMIN_URL = https://portalonaws.mydomain.com:7443/arcgis PORTAL_ADMIN_USERNAME = entadmin PORTAL_ADMIN_PASSWORD = p0rtl.a.p PORTAL_ADMIN_PASSWORD_ENCRYPTED = false BACKUP_RESTORE_MODE = backup SHARED_LOCATION = \\fileserver\backups INCLUDE_SCENE_TILE_CACHES = true BACKUP_STORE_PROVIDER = AmazonS3 S3_BUCKET = entbackups S3_CREDENTIAL_TYPE = IAMRole S3_REGION = eu-west-1 S3_BACKUP_NAME = fullbackup06June PORTAL_BACKUP_S3_BUCKET = contentbackups PORTAL_BACKUP_S3_REGION =eu-west-1
This example is for Microsoft Azure Blob storage. A backup of the portal at URL https://portalonazure.domain.com:7443/arcgis, its content directory, the services and settings of the portal's hosting and federated servers, and the data stored in the relational and tile cache data stores will be output to the Azure Blob drbackups.
PORTAL_ADMIN_URL = https://portalonazure.domain.com:7443/arcgis PORTAL_ADMIN_USERNAME = entadmin PORTAL_ADMIN_PASSWORD = p0rtl.a.p BACKUP_RESTORE_MODE = backup SHARED_LOCATION = \\fileserver\backups BACKUP_STORE_PROVIDER = AzureBlob AZURE_BLOB_ACCOUNT_NAME = entbackups AZURE_BLOB_ACCOUNT_KEY = <key> AZURE_BLOB_ACCOUNT_KEY_ENCRYPTED =false AZURE_BLOB_ACCOUNT_ENDPOINT_SUFFIX = core.windows.net AZURE_BLOB_CONTAINER_NAME = drbackups PORTAL_BACKUP_BLOB_ACCOUNT_NAME = entbackups PORTAL_BACKUP_BLOB_ACCOUNT_KEY = <key> PORTAL_BACKUP_BLOB_ACCOUNT_KEY_ENCRYPTED = false PORTAL_BACKUP_BLOB_ACCOUNT_ENDPOINT_SUFFIX = core.windows.net PORTAL_BACKUP_BLOB_CONTAINER_NAME = contentbackups
- PORTAL_ADMIN_URL = <portal admin directory URL>
- Save the properties file.
The PORTAL_ADMIN_PASSWORD value will be encrypted in the file and PORTAL_ADMIN_PASSWORD_ENCRYPTED is set to true once you run the webgisdr utility with this file.
- Open a command shell on the Portal for ArcGIS machine, change the directory to the location of the webgisdr utility, and run the utility with the export option.
The webgisdr utility is installed to <Portal for ArcGIS installation directory>/tools/webgisdr.
Syntax for the webgisdr utility is as follows:
webgisdr --{export | import} --file <location and name of properties file>
As previously mentioned, the properties file (mywebgis.properties) was saved in the user-created directory /home/ags/arcgis/portal/propfiles.
webgisdr --export --file /home/ags/arcgis/portal/propfiles/mywebgis.properties
The backup file is created in the location you specified for the SHARED_LOCATION in the properties file. The file name is <timestamp>.webgissite.
- If your ArcGIS Enterprise organization includes map service or hosted tile layer caches, manually make a backup copy of all directories where your cache tiles are stored (for example, the entire arcgiscache directory under C:\arcgisserver\directories\ or <ArcGIS Server installation directory>/arcgis/server/usr/directories).
These directories contain the map cache tiles and the tiling scheme file conf.xml. The cache directories may also contain a file geodatabase, status.gdb, which contains information about what tiles were built.
You can use this file to restore ArcGIS Enterprise.