In this topic
- GIS server
- Server directories and configuration store
- ArcGIS Web Adaptor or reverse proxy server
In its most basic configuration, an ArcGIS Server site can run on a single GIS server machine without needing any additional components. The deployment scenario described below is straightforward to set up, maintain, and upgrade. It can support a sandbox environment for development and testing, but it is also a valid (and in some cases ideal) configuration for some production environments.
A single GIS server is configured with the ArcGIS Server account set as a local operating system account on the machine or a domain account. To learn more about the ArcGIS Server account, see Accounts used by ArcGIS Server.
Server directories and configuration store
Since this deployment uses only one GIS server, the server directories and configuration store location should reside locally on the machine as opposed to a network share, for example, C:\arcgisserver\config-store instead of \\share\config-store. Keeping your configuration store and server directories on the local file system typically results in better performance than accessing them over a network share. It also reduces dependencies between the machine running the GIS server and the remote storage device. If you plan to host cached map and image services, using local directories, direct attached, or storage area network volumes (dedicated to the server) are recommended, as this typically yields the highest performance. Cache tile retrieval over a shared network location is a particularly expensive operation.
ArcGIS Web Adaptor or reverse proxy server
No ArcGIS Web Adaptor or reverse proxy server is used in this configuration. Your GIS web services and administrative requests are applied directly against the GIS server's default port (6080). Clients access the site by connecting directly to the GIS server through HTTP on port 6080. For example, the URL to the site would be http://gisserver.domain.com:6080. Clients can optionally use HTTPS on port 6443 to access the site securely.
The advantage of not using ArcGIS Web Adaptor or a reverse proxy server is that the installation and configuration of your site does not require any knowledge of third-party web technologies. The absence of extra components between your clients and your services eliminates additional overhead that may potentially occur at the web tier.
While deploying ArcGIS Server without ArcGIS Web Adaptor or a reverse proxy server is a valid option, be aware of the following:
GIS services not available over standard ports
Typically, web applications expect HTTP resources to be accessed over port 80, as opposed to 6080 or 6443. Access over port 80 requires use of ArcGIS Web Adaptor or a third-party reverse proxy server. ArcGIS Server does not run on standard ports because it would conflict with third-party web servers that you may already have running in your organization. It is not possible to change the default HTTP ports used by ArcGIS Server. In some organizations, especially intranet environments, having your applications access services directly over 6080 or 6443 could be a viable solution.
ArcGIS Server administrative endpoints exposed
ArcGIS Server Manager and the ArcGIS Server Administrator Directory are exposed through the same ports (6080 or 6443) that everyone else uses to access services. This does not imply that anyone can administer your server, because a user needs to provide administrative credentials to perform administrative operations on the server. However, it is a recommended best practice to block general access to the administrative end points, especially if your server is exposed to the Internet. If exposing the administrative end points is a concern in your deployment environment, overcome this by specifying that only certain IP addresses can access the server. To learn more, see Update Security Configuration in the ArcGIS REST API.
Cannot leverage web tier authentication
If you need to support Integrated Windows Authentication (IWA), public key infrastructure (PKI), or any authentication method provided by your organization's existing web infrastructure, complement your site with ArcGIS Web Adaptor. For example, the basic single-machine deployment without ArcGIS Web Adaptor is inadequate if you're required to enable a single sign-on (SSO) experience for your users. Although you can secure ArcGIS Server services and connect to enterprise identity stores such as Windows Active Directory, LDAP, or even your own, this implementation always leverage Esri's token-based authentication.
In this configuration, data in file format (file geodatabases, images, and shapefiles) must be stored locally for optimal performance. If using databases, place them on a dedicated server.
This is a basic configuration that is straightforward to configure and upgrade. While this configuration represents the typical choice for development and testing environments, it is also valid in some production environments (particularly intranet) with moderate security policies. For higher-security environments, a single GIS server configuration with ArcGIS Web Adaptor or a reverse proxy server is recommended.
This configuration is ideal for production environments where cached map and image services must deliver the maximum throughput possible. In organizations with large ArcGIS Server deployments, a single-machine site is a good choice for hosting all cached services. Other services can be hosted in a parallel site with one or multiple GIS servers. The performance gains of serving cache tiles from a single-machine deployment may overcome the overhead of having to administer a dedicated GIS server for that purpose.
Since there is only one GIS server, there is a single point of failure. Software or hardware failures can make your services unavailable. Consider other site configurations to eliminate possible downtime.
In this configuration, the configuration store and server directories reside locally on the GIS server, as opposed to a network share. It is not possible to add extra GIS servers to the site to increase computing power. Scalability is vertical only and can be increased by adding additional cores to the GIS server. This configuration can efficiently take advantage of modern hardware with many cores.
- Straightforward to install, maintain, and upgrade.
- High performance because local paths are used to access resources; this is ideal for hosting cached map and image services.
- May not fit your security requirements, since ArcGIS Server Manager and ArcGIS Server Administrator Directory are exposed through the same port (6080) that everyone else uses to access the services. Overcome this by specifying that only certain IP addresses can access the server in the Administrator Directory. This is controlled by the allowedAdminAccessIPs property in the server's Security Configuration. To learn how to configure this property to limit access to the server, see the example in Update Security Configuration. To completely isolate administrative access, route inbound traffic through a reverse proxy server or ArcGIS Web Adaptor.
- Nonstandard HTTP ports (6080 and 6443 if using HTTPS) are used to expose services to clients. To overcome this, route inbound traffic through a reverse proxy server or ArcGIS Web Adaptor.
- Web tier authentication is not available without ArcGIS Web Adaptor. If you need web tier authentication, include ArcGIS Web Adaptor.
- Not highly available; the GIS server is a single point of failure if it goes offline. Refer to the Single-machine high-availability (active-passive) deployment for details.