You can take advantage of the full ArcGIS Enterprise suite (ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store) on Microsoft Azure.
You need the following to deploy ArcGIS Enterprise on Microsoft Azure:
- Microsoft Azure subscription
- Esri images
- ArcGIS Enterprise Cloud Builder for Microsoft Azure
- An ArcGIS Enterprise Standard or Advanced license
- Portal for ArcGIS licenses
- An SSL certificate from a certifying authority that you have exported to a .pfx file and for which you have set up CNAME mapping to the cloud service domain you specify in Cloud Builder (optional, but strongly recommended)
Get a Microsoft Azure subscription
A Microsoft Azure subscription and account are required to use Microsoft Azure infrastructure and services. Contact Microsoft to purchase a subscription.
Enable programmatic deployment of ArcGIS images
Before you can use the images from the Azure Marketplace, you must enable the programmatic deployment of ArcGIS. An administrator of your Azure subscription must enable programmatic deployment once for each type of ArcGIS image. This enables all current and future ArcGIS images of that type on the Azure Marketplace.
- Sign in to the Azure portal.
- Browse to the ArcGIS image in the Virtual Machine Marketplace.
- Click Marketplace on the home screen.
- Choose Virtual Machines.
- Type arcgis in the search text box.
- Choose the ArcGIS image you need from the search results.
- Click Want to deploy programatically? Get Started at the bottom of the pane.
The Configure Programmatic Deployment pane appears.
- Read the legal terms and Azure Marketplace Terms. If you accept their conditions, proceed with enabling programmatic deployment.
- Click Enable for your subscription.
- Click Save.
Your Azure subscription is now set to use an Esri image from Cloud Builder.
Configure a Windows Domain controller in your Azure environment (optional)
If you want to use a Windows Domain controller with your deployment, you must configure it before you create the deployment.
If you want to use a domain account to run the Windows services used by ArcGIS software, create that domain account before you create your deployment.
Obtain licenses from Esri
To deploy ArcGIS Enterprise, you need an ArcGIS GIS Server license and ArcGIS Enterprise portal license file.
To federate an ArcGIS Image, GeoAnalytics, GeoEvent, or Notebook Server with your ArcGIS Enterprise deployment, you need appropriate ArcGIS Server role licenses (ArcGIS Image Server, ArcGIS GeoAnalytics Server, ArcGIS GeoEvent Server, or ArcGIS Notebook Server).
Once these licenses are available to your account, you can download them from My Esri.
Install ArcGIS Enterprise Cloud Builder for Microsoft Azure
Download the ArcGIS Enterprise Cloud Builder for Microsoft Azure 10.9 installation file, and run it on a local Windows machine to install.
Deploy ArcGIS Enterprise
Use ArcGIS Enterprise Cloud Builder for Microsoft Azure to deploy all components of ArcGIS Enterprise.
- Start ArcGIS Enterprise Cloud Builder for Microsoft Azure.
- Sign in to Microsoft Azure.
If you want to use the Microsoft Azure Government cloud and have an Azure Government subscription, check U.S. Government Cloud.
- Choose an Azure Active Directory tenant, click next, choose a subscription in which to create a deployment, and click next.
- Ensure V2 Sites is selected and click Deploy a new site.
- For the base ArcGIS Enterprise deployment, choose ArcGIS Enterprise and click next to proceed to Image Options.
A base deployment provides the minimum components you need to implement ArcGIS Enterprise: Portal for ArcGIS, a GIS Server site for the portal's hosting server, plus relational and tile cache data stores created through ArcGIS Data Store to store your hosted feature and scene layer data.
- Create a resource group for your site. Click the add + button.
A resource group is a container that holds related resources for an application.
- Provide an intuitive name for the resource group. The name can contain alphanumeric characters, dashes (-), underscores (_), parentheses (()), and dots (.).
- Click Check Availability to ensure the name is unique and can be used for your resource group.
- Choose a region for the resource group.
- Click create.
- Once the resource group is created, click close.
- Choose the image to use: an Esri image, an image in your subscription, or an image you create.
- To use an Esri image or a custom image in your subscription, choose the image from the drop-down list.
- To create an image from a source VHD file, follow these steps:
- Click the add + button under Image in this Azure Subscription.
- Type a name for the image and click Check Availability to be sure the name is unique.
The image name can contain only letters, numbers, underscores (_), dots (.), and hyphens (-). The name must start with a letter or number and end with a letter, number, or underscore.
- Choose or create a resource group in which to store the image.
- Choose the region in which to create the image. Use the same region that contains the .vhd file.
- For Source Disk, click the button to browse to your .vhd file in your storage account. Choose the storage account that contains the file, choose the file, and click ok.
The storage accounts available on the Select Image Disk dialog box are based on the region you chose in the previous step.
- Choose the type of image to create.
HDD uses magnetic storage. SSD images use faster, solid state drives.
- For Size, choose the image size.
The image size determines the minimum size of the operating system disk (C:\) of the virtual machine created from the image. You can increase the size of the provisioned disk for the virtual machine created from the image, but you cannot decrease the size below the image size. See the Microsoft Azure documentation for more information on Azure managed disks.
- Click create to create the image.
- Choose how ArcGIS Enterprise components will be distributed. Note that you must check Single tier deployment if you are licensing your deployment with a workgroup edition license.
- For a single-machine deployment, check Single tier deployment and leave Add secondary machine unchecked. All ArcGIS Enterprise components will be created on one Azure machine.
- To deploy each ArcGIS Enterprise component on a separate virtual machine to distribute resources, uncheck Single tier deployment. Portal for ArcGIS, ArcGIS GIS Server (the hosting server), and ArcGIS Data Store (relational and tile cache), will each run on their own machine. You must have an enterprise edition license to use this option.
- If you want an ArcGIS Enterprise deployment with additional capacity, check Single tier deployment and Add secondary machine. Two Azure machines will be created. Each machine will contain Portal for ArcGIS, ArcGIS GIS Server, and ArcGIS Data Store (relational and tile cache). Portal for ArcGIS and the data stores on the second machine provide a standby for each of those components. The ArcGIS GIS Server installation on the second machine is joined to the site on the first machine, providing you with a two-machine site.
- To avoid duplication of Azure resource names in resource groups, Cloud Builder allows you to prefix resources with a specified string by checking Prefix Azure Resource Manager (ARM) Resource names with and providing up to three alphanumeric characters. Cloud Builder automatically populates this value with a random two-character string. If you want to change this, type a prefix to add to Azure resource names such as load balancers and availability sets.
Prefixes must start with an alphabetic character.
Adding a prefix avoids duplication of resource names and allows you to categorize resources according to your requirements for managing in the Azure portal or billing.
For disaster recovery configurations, create multiple resource groups with the same prefix.
- Click next to proceed to the Networking Options settings.
- Choose an existing virtual network from the drop-down list or click the Create button to create a virtual network.
- To create a virtual network using Cloud Builder, specify the following:
- Type a name for the virtual network. Names must be unique within your Azure subscription.
- Click Check Availability to be sure the name you typed is unique. If the name is unique, a check mark appears in the Name field.
- Choose the range of TCP/IP addresses (the address space class) to be used by your virtual network. See Microsoft documentation for more information on address classes.
- Choose the CIDR value from the VM Count drop-down list to determine the maximum number of addresses to be used in your address space.
- Click create.
- Once the virtual network is created, click close.
- Choose or create a subnet for your virtual network.
If you create a subnet, you must provide a unique name and an address range. See Microsoft Azure documentation for information on virtual network subnet addresses.
- Choose or create a second subnet for the Application Gateway Subnet setting.
All V2 deployments are accessed through an Azure Application Gateway. Azure Application Gateways require a dedicated subnet.
- The application gateway requires an IP address provided by Microsoft Azure, and the IP address must have a DNS name associated with it. This name is in the format mydomain.<location>.cloudapp.azure.com. Either choose an existing public IP address, type a name for a new public domain that ArcGIS Enterprise Cloud Builder for Microsoft Azure will create, or type a name for a new private IP address Cloud Builder will create.
Domain names must be unique within an Azure region. A green check mark appears if your domain name is unique.
If you use an existing public IP address, the IP address must use a standard SKU. See Microsoft Azure documentation for more information on public IP addresses and SKU.
For the private IP option, Cloud Builder assumes that you have already configured DNS entries for the private IP that will be allocated dynamically from the Application Gateway subnet.
Note:
To use a certificate authority issued SSL certificate, the domain name must match the CNAME mapping you configured for the certificate.
Also note that, even if you use a private IP address, Azure requires and Cloud Builder creates a second, public IP address for use by Azure internally. See Microsoft Azure documentation for more information.
- Click next to proceed to Certificate Options.
- Specify the SSL certificate to use for your deployment. Esri recommends that you use a certificate issued by a certificate authority (CA).
- Choose Certificate issued by a Certificate Authority to use a CA certificate and, in the Domain Name (Alias) text box, type the CNAME you mapped to the site domain you created in step 15. The format of the domain is <domain>.<location>.cloudapp.azure.com.
You can either choose From File, specify the Pfx File you exported from your certificate, and specify the Password set on the file, or choose From Key Vault to specify or create an Azure key vault to store your certificate.
- If your ArcGIS Enterprise deployment is for testing purposes only and, therefore, you are not using a CA certificate, choose Self Signed Certificate (Automatically generated). Cloud Builder will generate a self-signed certificate for your virtual machines. Note that people connecting to your portal will receive warnings that the site is not trusted if you use a self-signed certificate.
- Choose Certificate issued by a Certificate Authority to use a CA certificate and, in the Domain Name (Alias) text box, type the CNAME you mapped to the site domain you created in step 15. The format of the domain is <domain>.<location>.cloudapp.azure.com.
- Click next to proceed to Machine Options.
- Type a user name and password for Machine Administrator.
This is the Windows login you will use to administer the virtual machines in your site. The same login and password are used for all machines in your site.
The user name must contain three or more characters and contain no spaces, and it cannot be admin or administrator. The password must meet Windows Server complexity requirements.
- Choose the virtual machine type and size.
As ArcGIS Server is licensed by core, see the Azure compute unit information in the Microsoft Azure help to determine how many virtual cores are present on each type of Azure virtual machine.
- If you have an existing Windows Domain in your Azure environment to which you want to add your machine (or machines), click Domain Join Options.
- On the Domain Join Options dialog box, be sure the Join Existing Windows Domain? option is checked.
- Provide the name of the Active Directory domain.
- Provide the user name and password for the domain administrator.
- Check the box next to Is ArcGIS Service Account a Domain Account? to use an existing domain account to run your ArcGIS Server, Portal for ArcGIS and ArcGIS Data Store Windows services.
- Click apply.
- Choose the time zone you want your virtual machines to use.
- Type a Name for the virtual machine.
Note:
For disaster recovery configurations of ArcGIS Enterprise, give your primary and secondary sites an identical name, but place them in separate virtual networks and in separate resource groups that have been assigned the same prefix.
- If you want Microsoft Azure to apply updates to the operating systems on your virtual machines, check the box next to Enable automatic operating system updates.
- If you do not require access to your deployment during specific hours of the day, you can configure the machines to shut down at a specific time each day. To do this, check the box next to Enable daily automatic shutdown and set the shutdown time from the drop-down list. The time is in the time zone you chose for the virtual machines.
This allows you to save money because the machines are not running when you do not need them. However, the machines do not automatically restart; you'll need to restart each machine in the deployment when you need them again. You can restart the machines from Cloud Builder or the Microsoft Azure portal.
- If you want to directly log in to your virtual machines, check Enable remote desktop access using a jumpbox port. The port shown in the UI is the port through which you will access your machines.
In a multimachine deployment, the remote desktop connection provides access to the file share machine. To access the other machines in your deployment, connect to the file share machine and, from there, use remote desktop connections to the other machines using the machine host names, fully qualified domain names, or IP addresses.
- Click next to proceed to ArcGIS Data Store Options.
- Choose which type or types of data store you want to create. For the base ArcGIS Enterprise deployment, you must create a relational data store.
See Apps and functionality that require ArcGIS Data Store in the Portal for ArcGIS administrator guide for help in determining which types of data store you need. If you later decide you need a spatiotemporal big data store, you can add one to your deployment.
- Click next to proceed to the License and Credentials page.
- Provide the portal license file and an ArcGIS GIS Server license file to authorize the portal and its hosting server.
- Browse to your Portal for ArcGIS license file (.json).
- Choose the user type for this portal deployment. The type of user you define here determines what apps are available to portal members.
- Browse to your ArcGIS GIS Server license file.
- Type a user name and password for the Site Administrator.
This will be used for the ArcGIS Server primary administrator account and the Portal for ArcGIS initial administrator account.
- Type a user name and password for ArcGIS Service Account.
This is the Windows login under which the Portal for ArcGIS, ArcGIS Server, and ArcGIS Data Store services will run.
If you have an existing Windows domain in your Azure environment and created a domain account to use for this purpose, specify that domain account information for the user name and password. You'll join the machines to an existing domain on the next window.
- Click next to proceed to Deployment Options.
- Choose or create a storage account for your deployment. To create a storage account, follow these steps.
- Type a name for the storage account. Names must be unique. Click Check Availability to confirm the storage account name is unique.
- Choose the Azure region where your storage will reside.
- Choose an existing resource group for the storage account or create one.
- Choose the type of redundancy for your storage account: Geo-Redundant, Locally Redundant, or Read-Access Geo-Redundant.
See Azure Storage redundancy in Microsoft Azure documentation for a description of each option.
- Specify the kind of Azure storage account to use: Storage (a legacy account type), StorageV2 (a basic account type), or BlobStorage (only supports Azure Blob storage).
- Once the storage account is created, click close.
- To use Azure Monitor logs, check Enable Monitoring using Azure Monitor Logs and choose or create a log workspace.
- Check the Transfer server logs to Azure Monitor Logs check box to enable ArcGIS Server to harvest logs
at a specified location on the ArcGIS Server machines.
Note:
To allow Azure Monitor Logs to gather ArcGIS Server logs (services.log and server.log files), you must define a custom logs data source on the Log Analytics page in the Microsoft Azure portal. The ArcGIS Server log files are stored in the C:\ArcGIS\serverlogs directory on the ArcGIS Server machines.
- Check Use Azure Cloud Storage for the configuration and content store? if you want to store directories for your deployment in Azure Cloud Storage.
Placing directories in Azure Cloud Storage makes them highly available. If you do not check this option, the directories are stored on disk on the virtual machine used as the file share for the deployment.
- If you check Use Azure Cloud Storage for the configuration and content store?, choose which storage option to use.
- Choose Azure Files (SMB) to store your Portal for ArcGIS content directory, ArcGIS Server configuration store, and ArcGIS Server directories in Azure Files.
For ArcGIS Notebook Server, directories are stored on the Notebook Server machine.
- Choose Azure Blobs and Tables to store Portal for ArcGIS content directory and ArcGIS Server configuration store in Azure Blob Storage. ArcGIS Server directories will be stored on the ArcGIS Server machines.
- Choose Azure Files (SMB) to store your Portal for ArcGIS content directory, ArcGIS Server configuration store, and ArcGIS Server directories in Azure Files.
- If you check Use Azure Cloud Storage for the configuration and content store?, optionally specify a storage account where the Azure Cloud Storage will reside. The storage account must be in the same region as your deployment. If you do not have a storage account in that region, click the + button to create a storage account in the resource group for this deployment.
- Type a name for the storage account. Names must be unique. Click Check Availability to confirm the storage account name is unique.
- Choose the type of redundancy for your storage account: Geo-Redundant, Locally Redundant, or Read-Access Geo-Redundant.
See Azure Storage redundancy in Microsoft Azure documentation for a description of each redundancy option.
- Click create. When the storage account is created, click close to return to Deployment Options.
- Click next to view a summary of all the options you chose. You can also estimate costs for the infrastructure you chose and export the deployment options so you can automate the creation of future deployments.
- Review the settings in the Summary pane. If anything needs to be changed, click back to go to the pane where you need to change the information.
Tip:
Click Save Summary to save your site configuration information to a text file so you can refer to it for information such as the user names or machine names.
- Click Generate Cost Estimate to calculate the approximate cost of the Azure infrastructure you will use in your deployment. When you finish generating the estimate, click close.
This estimate does not include data storage costs.
- Click Save Automation Artifacts to export an archive file (.zip file) containing information and files you can use in automation scripts to re-create this deployment.
- Browse to a location on the local disk where the archive file will be created and type a name for the file.
- Choose the type of automation format you will use.
- Click generate to create the file.
- When all settings are correct, click finish to deploy the base ArcGIS Enterprise components.
Tip:
You can change disk types and sizes after you deploy.
When the site successfully deploys, a link to the portal appears in the message box. To connect to your portal at a later time, use the URL format https://<DNS_name>.<region>.cloudapp.azure.com/portal/home.
If you want to configure Azure Active Directory as a SAML-based identity provider for your ArcGIS Enterprise portal, do so now. See the topic Configure Azure Active Directory in the Portal for ArcGIS Administrator Guide for instructions.
If you want to publish hosted image layers or use GeoAnalytics or raster analysis tools in your portal, add the corresponding ArcGIS Server roles to your deployment.