In its most basic configuration, an ArcGIS Server site can run on a single machine. The deployment scenario described below is straightforward to set up, maintain, and upgrade. It can support a sandbox environment for development and testing, but it is also a valid (and in some cases ideal) configuration for some production environments. The site can either be federated with an ArcGIS Enterprise portal or stand alone.
A single ArcGIS Server machine is configured with the ArcGIS Server account set as a local operating system account on the machine or a domain account. To learn more about the ArcGIS Server account, see Accounts used by ArcGIS Server.
Server directories and configuration store
Since this deployment uses only one machine, the server directories and configuration store location should reside locally on the machine, as opposed to a network share, for example, /opt/arcgis/server/usr/config-store instead of /net/config-store.
Keeping your configuration store and server directories on the local file system typically results in better performance than accessing them over a network share. It also reduces dependencies between the machine running ArcGIS Server and the remote storage device. If you plan to host cached map and image services, using local directories, direct attached, or storage area network volumes (dedicated to the server) are recommended, as this typically yields the highest performance. Cache tile retrieval over a shared network location is a particularly expensive operation.
You can also use cloud storage for some or all of your server directories. However, if your ArcGIS Server site is deployed on physical machines (on-premises), it is recommended that you keep your server directories on-premises as well. The one exception is the cache directory, which can be deployed on cloud infrastructure even if the rest of your site is deployed on-premises. If your ArcGIS Server site is deployed on cloud infrastructure, it's recommended that you use cloud infrastructure for your server directories as well.
There are also particular considerations when using cloud data stores for cache directories.
See Data sources for ArcGIS Server for more information about registering and operating data sources for your site.
ArcGIS Web Adaptor
The server site is configured with ArcGIS Web Adaptor in this example, though it can also be configured with a third-party reverse proxy server. Clients query the services on the site and make administrative and publishing requests using the URL format https://gisserver.domain.com/server. The Web Adaptor handles each request and distributes it to one of the machines in the server site using port 6443. If you have not disabled it, direct administrative access to the server site is available through port 6443.
At 10.7 and later, HTTPS communication is enforced by default by ArcGIS Server sites. Though it's recommended that you maintain this setting, you can also enable HTTP communication as well.
If you choose to deploy ArcGIS Server without ArcGIS Web Adaptor or a reverse proxy server, be aware of the following:
Services not available over standard port
Typically, web applications expect HTTPS resources to be accessed over port 443, as opposed to 6443. Access over port 443 requires use of ArcGIS Web Adaptor or a third-party reverse proxy server. ArcGIS Server does not run on standard ports because it would conflict with third-party web servers that you may already have running in your organization. In some organizations, especially intranet environments, having your applications access services directly over 6443 could be a viable solution.
ArcGIS Server administrative endpoints exposed
ArcGIS Server Manager and the ArcGIS Server Administrator Directory are exposed through the same port (6443) that everyone else uses to access services. This does not imply that anyone can administer your server, because a user must provide administrative credentials to perform administrative operations on the server. However, it is a best practice to block general access to the administrative endpoints, especially if your server is exposed to the internet. If exposing the administrative endpoints is a concern in your deployment environment, overcome this by specifying that only certain IP addresses can access the server. To learn more, see Update Security Configuration in the ArcGIS REST API.
Cannot use web-tier authentication
If you're required to support public key infrastructure (PKI) or any authentication method provided by your existing web infrastructure, complement your site with ArcGIS Web Adaptor. For example, the basic single-machine deployment without ArcGIS Web Adaptor is inadequate if you're required to enable a single sign-on (SSO) experience for your users. Although you can secure ArcGIS Server services and connect to organization-specific identity stores such as LDAP or even your own, this implementation always uses Esri's token-based authentication.
In this configuration, data in file format (file geodatabases, images, and shapefiles) must be stored locally for optimal performance. If using databases, place them on a dedicated server.
This is a basic configuration that is straightforward to configure and upgrade. While this configuration represents the typical choice for development and testing environments, it is also valid in some production environments (particularly intranet) with moderate security policies. For higher-security environments, a single-machine configuration with ArcGIS Web Adaptor or a reverse proxy server is recommended.
This configuration is ideal for production environments where cached map and image services must deliver the maximum throughput possible. In organizations with large ArcGIS Server deployments, a single-machine site is a good choice for hosting all cached services. Other services can be hosted in a parallel site with one or multiple GIS servers. The performance gains of serving cache tiles from a single-machine deployment may overcome the overhead of having to administer a dedicated GIS server for that purpose.
Since there is only one GIS server, there is a single point of failure. Software or hardware failures can make your services unavailable. Consider other site configurations to eliminate possible downtime.
In this configuration, the configuration store and server directories reside locally on the GIS server, as opposed to a network share. It is not possible to add extra GIS servers to the site to increase computing power. Scalability is vertical only and can be increased by adding cores to the GIS server. This configuration can efficiently take advantage of modern hardware with many cores.
- Straightforward to install, maintain, and upgrade.
- High performance because local paths are used to access resources; this is ideal for hosting cached map and image services.
- May not fit your security requirements, since ArcGIS Server Manager and ArcGIS Server Administrator Directory are exposed through the same port (6080) that everyone else uses to access the services. Overcome this by specifying that only certain IP addresses can access the server in the Administrator Directory. This is controlled by the allowedAdminAccessIPs property in the server's Security Configuration. To learn how to configure this property to limit access to the server, see the example in Update Security Configuration. To completely isolate administrative access, route inbound traffic through a reverse proxy server or ArcGIS Web Adaptor.
- Nonstandard HTTP ports (6080 and 6443 if using HTTPS) are used to expose services to clients. To overcome this, route inbound traffic through a reverse proxy server or ArcGIS Web Adaptor.
- Web-tier authentication is not available without ArcGIS Web Adaptor. If you need web-tier authentication, include ArcGIS Web Adaptor.
- Not highly available; the GIS server is a single point of failure if it goes offline. Refer to the Single-machine high-availability (active-passive) deployment for details.