You can take advantage of the full ArcGIS Enterprise suite (ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store) on Microsoft Azure.
You need the following to deploy ArcGIS Enterprise on Microsoft Azure:
- Microsoft Azure subscription
- Esri images
- ArcGIS Enterprise Cloud Builder for Microsoft Azure
- An ArcGIS Enterprise Standard or Advanced license
- Portal for ArcGIS licenses
- An SSL certificate from a certifying authority that you have exported to a .pfx file and for which you have set up CNAME mapping to the cloud service domain you specify in Cloud Builder (optional, but strongly recommended)
Get a Microsoft Azure subscription
A Microsoft Azure subscription and account are required to use Microsoft Azure infrastructure and services. Contact Microsoft to purchase a subscription.
Enable programmatic deployment of ArcGIS images
Before you can use the images from the Azure Marketplace, you must enable the programmatic deployment of ArcGIS. An administrator of your Azure subscription must enable programmatic deployment once for each type of ArcGIS image. This enables all current and future ArcGIS images of that type on the Azure Marketplace.
- Sign in to the Azure portal.
- Browse to the ArcGIS image in the Virtual Machine Marketplace.
- Click Marketplace on the home screen.
- Choose Virtual Machines.
- Type arcgis in the search text box.
- Choose the ArcGIS image you need from the search results.
- Click Want to deploy programatically? Get Started at the bottom of the pane.
The Configure Programmatic Deployment pane appears.
- Read the legal terms and Azure Marketplace Terms. If you accept the conditions, proceed with enabling programmatic deployment.
- Click Enable for your subscription.
- Click Save.
Your Azure subscription is now set to use an Esri image from Cloud Builder.
Configure a Windows Domain controller in your Azure environment (optional)
To use a Windows Domain controller with your deployment, you must configure it before you create the deployment.
To use a domain account to run the Windows services used by ArcGIS software, create that domain account before you create your deployment.
Obtain licenses from Esri
To deploy ArcGIS Enterprise, you need an ArcGIS GIS Server license and ArcGIS Enterprise portal license file.
To federate an ArcGIS Image Server, ArcGIS GeoAnalytics Server, ArcGIS GeoEvent Server, ArcGIS Knowledge Server, or ArcGIS Notebook Server site with your ArcGIS Enterprise deployment, you need appropriate ArcGIS Server role licenses (ArcGIS Image Server, ArcGIS GeoAnalytics Server, ArcGIS GeoEvent Server, ArcGIS Knowledge Server, or ArcGIS Notebook Server).
Once these licenses are available to your account, you can download them from My Esri.
Install ArcGIS Enterprise Cloud Builder for Microsoft Azure
Download and install ArcGIS Enterprise Cloud Builder for Microsoft Azure 11.2.
Deploy ArcGIS Enterprise
Use ArcGIS Enterprise Cloud Builder for Microsoft Azure to deploy all components of ArcGIS Enterprise.
Steps are organized into subsections to help you use Cloud Builder.
Connect and begin configuration of ArcGIS Enterprise
Start Cloud Builder, sign in to your Microsoft Azure account, and choose to create a deployment.
- Start ArcGIS Enterprise Cloud Builder for Microsoft Azure.
- Sign in to Microsoft Azure.
If you want to use the Microsoft Azure Government cloud and have an Azure Government subscription, check U.S. Government Cloud.
注意:
The account you use to connect must be assigned the following roles at minimum:
- The Azure Reader role at the subscription scope level
- The Azure Contributor role at the resource group scope level if you will use resource groups that you create outside Cloud Builder
- Choose an Azure Active Directory tenant, click Next, choose a subscription in which to create a deployment, and click Next.
- Ensure the V2 Sites option is selected and click Deploy a new site.
- For the base ArcGIS Enterprise deployment, choose ArcGIS Enterprise and click Next.
A base deployment provides the minimum components you need to implement ArcGIS Enterprise: Portal for ArcGIS, a GIS Server site for the portal's hosting server, and relational and tile cache data stores created through ArcGIS Data Store to store hosted feature and scene layer data.
Specify site options
Specify a resource group, choose how many machines to include in the deployment, and choose the virtual machine image that will be used to create the machines. Optionally, you can add a user-assigned managed identity to access Azure Blob storage locations.
- Choose a resource group or click the Add button to create a resource group for your site.
A resource group is a container that holds related resources for an application.
- Provide an intuitive name for the resource group.
The name can contain alphanumeric characters, dashes (-), underscores (_), parentheses (()), and dots (.).
- Click Check Availability to ensure the name is unique and can be used for your resource group.
- Choose a region for the resource group.
- Click Create.
- Once the resource group is created, click Close.
- Provide an intuitive name for the resource group.
- Choose one of the following deployment types, which determine how ArcGIS Enterprise components will be distributed across virtual machines:
- Multi Machine Multi Tier—Each ArcGIS Enterprise component will be deployed on a separate virtual machine to distribute resources.
Portal for ArcGIS, ArcGIS GIS Server (the hosting server), and ArcGIS Data Store (relational and tile cache) will each run on their own machine.
This type is recommended for production deployments. Also, use this type if you require a spatiotemporal big data store, a graph store, or an object store in your deployment.
You must have an enterprise edition license to use this option.
- Single Machine Single Tier—All ArcGIS Enterprise components will be created on one Azure machine.
This deployment type is appropriate for development and testing environments.
- Dual Machine Single Tier—Two Azure machines will be created. Each machine will contain Portal for ArcGIS, ArcGIS GIS Server, and ArcGIS Data Store (relational and tile cache).
Portal for ArcGIS and the data stores on the second machine provide a standby for each of those components. The ArcGIS GIS Server installation on the second machine is joined to the site on the first machine, providing you with a two-machine site.
If you size the virtual machines large enough, and you do not require a spatiotemporal big data store, a graph store, or an object store in your deployment, this deployment type can be used in production.
- Multi Machine Multi Tier—Each ArcGIS Enterprise component will be deployed on a separate virtual machine to distribute resources.
- To avoid duplication of Azure resource names in resource groups, Cloud Builder allows you to prefix resources with a specified string. Check Prefix Azure Resource Manager (ARM) Resource names with and provide up to three alphanumeric characters.
Cloud Builder automatically populates this value with a random two-character string. To change the string, type a different prefix to add to Azure resource names such as load balancers and availability sets.
Prefixes must start with an alphabetic character.
Adding a prefix avoids duplication of resource names and allows you to categorize resources according to your requirements for managing in the Azure portal or billing.
For disaster recovery configurations, create multiple resource groups with the same prefix.
- Choose the machine image to use: an Esri image, an image in the Azure Compute Gallery, or an image you create.
The image must exist in the region in which you will create the deployment.
- To use an Esri image, choose the image from the drop-down list.
- To use a machine image in the Azure Compute Gallery, choose the gallery from the Select Gallery drop-down list, choose the machine image from the Select Image drop-down list, and choose the ArcGIS software version to include on the image from the Select Version drop-down list.
- To create an image from a source VHD file, choose Managed Images, and follow these steps:
- Click the Add button next to Select Image.
- Type a name for the image and click Check Availability to ensure the name is unique.
The image name can contain only letters, numbers, underscores (_), dots (.), and hyphens (-). The name must start with a letter or number and end with a letter, number, or underscore.
- Choose or create a resource group in which to store the image.
- Choose the region in which to create the image.
Use the same region that contains the .vhd file from which you create the image.
- For Source Disk, click the button to browse to the .vhd file in your storage account. Choose the storage account that contains the file, choose the file, and click OK.
The storage accounts available on the Select Image Disk dialog box are based on the region you chose in the previous step.
- Choose the type of image to create.
HDD uses magnetic storage. SSD images use faster, solid-state drives.
- For Size, choose the image size.
The image size determines the minimum size of the operating system disk (C:\) of the virtual machine created from the image. You can increase the size of the provisioned disk for the virtual machine created from the image, but you cannot decrease the size below the image size.
See the Microsoft Azure documentation for more information about Azure managed disks.
- Click Create to create the image.
- Optionally, add one or more user-assigned managed identities for authentication purposes when accessing an Azure Blob storage container used for the configuration store, content directory, or cloud storage data stores.
- Click the Add button in the Assign User Managed Identity section.
- Choose the subscription that contains the identity.
- Choose the user-assigned managed identity from the Identity drop-down list and click Add.
ヒント:
The Azure Storage Blob Data Owner role and Storage Table Data Contributor role must be assigned to the user-assigned managed identity to access the configuration store.
If you will use the webgisdr utility installed with Portal for ArcGIS to back up and restore the deployment, assign the Azure Blob Data Storage Owner role to the user-assigned managed identity. See the Microsoft Azure documentation for instructions to assign a role to a user-assigned managed identity.
- Click Next to proceed to the Networking Options settings.
Set networking options
Choose or create a virtual network, its subnets, and IP address.
- Choose an existing virtual network from the drop-down list or click the Create button to create a virtual network.
- To create a virtual network using Cloud Builder, specify the following:
- Type a name for the virtual network.
Names must be unique within your Azure subscription.
- Click Check Availability to ensure the name you typed is unique.
If the name is unique, a check mark appears in the Name field.
- Choose the range of TCP/IP addresses (the address space class) to be used by your virtual network.
See the Microsoft documentation for more information about address classes.
- Choose the CIDR value from the VM Count drop-down list to determine the maximum number of addresses to be used in your address space.
- Click Create.
- Once the virtual network is created, click Close.
- Type a name for the virtual network.
- Choose or create a subnet for your virtual network.
If you create a subnet, you must provide a unique name and an address range. See the Microsoft Azure documentation for information about virtual network subnet addresses.
- Choose or create a second subnet for the Application Gateway Subnet setting.
All V2 deployments are accessed through an Azure Application Gateway. Azure Application Gateways require a dedicated subnet.
- The application gateway requires an IP address provided by Microsoft Azure, and the IP address must have a DNS name associated with it. Use one of the following:
- Existing Public IP—Choose an IP address from the drop-down list.
If you use an existing public IP address, the IP address must use a standard SKU. See the Microsoft Azure documentation for more information about public IP addresses and SKU.
- New Public IP—Type a name for a public domain that ArcGIS Enterprise Cloud Builder for Microsoft Azure will create.
- New Private IP—Type a name for a private IP address that Cloud Builder will create.
注意:
Before you can use this option, you must configure your Azure subscription to use preview features. See the Azure help for information.
Also, you must configure DNS entries for the private IP that will be allocated dynamically from the Application Gateway subnet before you use this option.
The domain name is in the format mydomain.<location>.cloudapp.azure.com.
Domain names must be unique within an Azure region. A green check mark appears if your domain name is unique.
注意:
To use a certificate authority-issued SSL certificate, the domain name must match the CNAME mapping you configured for the certificate.
- Existing Public IP—Choose an IP address from the drop-down list.
- Click Next to proceed to the Certificate Options settings.
Use SSL certificates
For production deployments, use an SSL certificate issued by a certificate authority (CA).
- Specify the SSL certificate to use for the deployment.
- Choose Certificate issued by a Certificate Authority to use a CA certificate and, in the Domain Name (Alias) text box, type the CNAME you mapped to the site domain you created in step 15. The format of the domain is <domain>.<location>.cloudapp.azure.com.
- If your ArcGIS Enterprise deployment is for testing purposes only and, therefore, you are not using a CA certificate, choose Self Signed Certificate (Automatically generated). Cloud Builder will generate a self-signed certificate for the virtual machines in the deployment. People connecting to your portal will receive warnings that the site is not trusted if you use a self-signed certificate.
- If you deploy ArcGIS Enterprise in separate regions for disaster recovery, check the box next to Provide secondary domain name and type an alias for the secondary domain in the Secondary Domain Name (Alias) field.
When you include a secondary domain name, the CA certificate you provide in the next step must include two subject alternative name entries: one for the public deployment and one for the private portal URL of the secondary deployment. Your CNAME mapping must include the secondary deployment URL.
If you do not check the box next to Provide secondary domain name, the secondary domain name value defaults to the same as the public domain defined for the CA certificate.
- Choose one of the following to specify the .pfx file that you exported from your certificate:
- From File—Type or browse to the .pfx file in the Pfx File field, and, in the Password field, type the password configured for the file.
- From Key Vault—Specify the Azure key vault where the CA certificate is stored, and choose the certificate file using the Certificate drop-down list.
注意:
You can only choose a CA certificate that you uploaded to the key vault using Cloud Builder when you created another deployment. If this is the first time using this certificate, choose the key vault from the drop-down list, click the Create button next to the Certificate drop-down list, and upload the certificate.
- Click Next to proceed to the Machine Options settings.
Specify machine options
Specify credentials for the virtual machine administrator and enable optional machine settings such as remote desktop access, automatic shutdown, and automatic operating system updates. You can also add the machines to an existing domain in Azure.
Additional options on this Cloud Builder page vary depending on whether you create a single tier or multiple tier deployment.
- Type a username and password for Machine Administrator.
This is the Windows login you will use to administer the virtual machines in the site, and you will need it when you upgrade the deployment. The same login and password are used for all machines in the site.
The username must contain three or more characters and contain no spaces, and it cannot be admin or administrator. The password must meet Windows Server complexity requirements.
- If you chose Single Machine Single Tier or Dual Machine Single Tier on the Site Options page, click the Configure Virtual Machine button to define specifications for the machine (or machines) in the deployment.
The machine specifications you assign will also apply to machines used for any ArcGIS Data Store types you add to the base ArcGIS Enterprise deployment in the as part of the initial deployment.
- Choose the time zone you want your virtual machines to use.
- Type a name for the virtual machine.
注意:
For disaster recovery configurations of ArcGIS Enterprise, give the primary and secondary deployments an identical name, but place them in separate virtual networks and in separate resource groups that have been assigned the same prefix.
- If you have an existing Windows Domain in your Azure environment to which you want to add your machine (or machines), click Domain Join Options.
- On the Domain Join Options dialog box, check the Join Existing Windows Domain check box.
- Provide the name of the Azure Active Directory domain.
- Provide the username and password for the domain administrator.
- Click Apply.
- If you check the box next to Enable automatic operating system updates, Microsoft Azure will apply updates to the operating systems on your virtual machines.
- If you do not require access to your deployment during specific hours of the day, you can configure the machines to shut down at a specific time each day. To do this, check the box next to Enable daily automatic shutdown and set the shutdown time from the drop-down list.
The time is in the time zone you chose for the virtual machines.
Shutting down machines allows you to save money because the machines are not running when you do not need them. However, the machines do not automatically restart; you must restart each machine in the deployment when you need them again. You can restart the machines from Cloud Builder or the Microsoft Azure portal.
- If you need to directly sign in to your virtual machines, check Enable remote desktop access using a jumpbox port.
The port shown is the port through which you will access the machines.
In a multiple-machine deployment, the remote desktop connection provides access to the file share machine. To access the other machines in the deployment, connect to the file share machine and, from there, use remote desktop connections to the other machines using the machine host names, fully qualified domain names, or IP addresses.
- If you're creating a multiple machine deployment (Multi Machine Multi Tier), accept the default machine name prefix or type a prefix to add to the virtual machine names.
Cloud Builder automatically populates this value with a random two-character string. To change the string, type a different prefix to add to Azure resource names such as load balancers and availability sets.
Prefixes must start with an alphabetic character.
Adding a prefix avoids duplication of resource names and allows you to categorize resources according to your requirements for managing in the Azure portal or billing.
- If you're creating a multiple machine deployment, accept default machine types and sizes or define your own.
- Use default names and sizes for the machines—All virtual machines in the deployment must be the same type with the same disk sizes, based on the virtual machine image you chose on the Cloud Builder Site Options page.
By default, a highly available deployment is created. That means there are two machines in the portal, two machines in the hosting server site, and two machines in the relational data store.
For other data stores you include, the default numbers are two machines in the tile cache data store (deployed in primary-standby mode), three machines in the spatiotemporal big data store, one machine in the graph store, and one machine in the object store.
- Specify names and sizes for the individual machines—When you choose this option, Cloud Builder presents you with the Machine Names page, where you will choose the number, types, and sizes of machines in the deployment and the machine names.
- Use default names and sizes for the machines—All virtual machines in the deployment must be the same type with the same disk sizes, based on the virtual machine image you chose on the Cloud Builder Site Options page.
- Click Next to proceed to the ArcGIS Data Store Options settings.
ヒント:
You can change disk types and sizes after you deploy.
Set ArcGIS Data Store options
For the base ArcGIS Enterprise deployment, you must create a relational data store.
You can add other types of data stores depending on functionality that you require.
See Apps and functionality that require ArcGIS Data Store in the Portal for ArcGIS administrator guide for help in determining which types of data store you need.
If you don't include them now and later decide you need a spatiotemporal big data store or tile cache data store, you can add one to the deployment.
- Check the box next to the type or types of data store to create in addition to the relational data store.
注意:
If you are creating a single tier deployment, all data stores will be installed on the same machine as each other and as the other ArcGIS Enterprise components. You should not run all components and data stores on the same machine in production deployments.
You cannot include an object store or graph store in a single tier deployment when you create the deployment. You can add an object store or graph store to ArcGIS Enterprise after you create the deployment, because that will add the data stores on separate machines.
- Click Next.
If you are creating a multiple tier deployment and chose to specify machine names and sizes, clicking Next will open the page to specify settings for the machines; otherwise, clicking Next will take you to the License and Certificates settings.
Customize machine names, numbers, and other settings
If you're creating a multiple tier deployment and need to customize the machine settings, you can specify the number of machines in each component (except the file share and graph store, which only support one machine at this time), the names of the machines, and the specifications for the machines.
This settings page will always contain portal, server, file share, and relational data store settings. Settings for other data store types are present for the types you added to the deployment on the previous Cloud Builder page.
- Optionally, type a different name for any of the machines in the deployment.
注意:
All machines in the same deployment should include the same two to three character prefix. - To change the type and size of any of the virtual machines, and to add disks to any of the machines, click the Configure Virtual Machine button .
You can do this for any of the components in the deployment.
- To create a single-machine portal, uncheck Add Secondary Machine.
- To create a single-machine relational data store, uncheck Add Secondary Machine.
- Click the plus or minus buttons to change the number of machines in the hosting server site (Server), tile cache data store, spatiotemporal big data store, or object store.
When you increase the number of machines in the tile cache data store to three or more, the tile cache data store is created in cluster mode. Esri recommends that clustered tile cache data stores and spatiotemporal big data stores contain an odd number of machines.
- Click Next to proceed to the License and Certificates settings.
Specify license and certificates
Specify the Portal for ArcGIS and ArcGIS Server license files as well as authentication information for ArcGIS and Windows service administrators.
- Provide the portal license file and an ArcGIS GIS Server license file to authorize the portal and its hosting server.
- Browse to your Portal for ArcGIS license file (.json).
- Choose the user type for this portal deployment.
The type of user you define here determines what apps are available to portal members.
- Browse to your ArcGIS GIS Server license file.
- Type a username and password for the site administrator.
This will be used for the ArcGIS Server primary administrator account and the Portal for ArcGIS initial administrator account.
- Type a username and password for ArcGIS Service Account.
This is the Windows login under which the Portal for ArcGIS, ArcGIS Server, and ArcGIS Data Store services will run.
If you have an existing Windows domain in your Azure environment and created a domain account to use for this purpose, specify that domain account information for the username and password. You'll join the machines to an existing domain on the next window.
- Click Next to proceed to the Deployment Options settings.
Specify deployment options
Deployment options include specifying storage locations for deployment artifacts and choosing logging settings.
- Choose or create a storage account for your deployment. To create a storage account, follow these steps:
- Type a name for the storage account.
Names must be unique. Click Check Availability to confirm the storage account name is unique.
- Choose the Azure region where your storage will reside.
- Choose an existing resource group for the storage account or create one.
- Choose the type of redundancy for your storage account: Geo-Redundant, Locally Redundant, or Read-Access Geo-Redundant.
See Azure Storage redundancy in the Microsoft Azure documentation for a description of each option.
- Specify the kind of Azure storage account to use: Storage (a legacy account type), StorageV2 (a basic account type), or BlobStorage (only supports Azure Blob storage).
- Once the storage account is created, click Close.
- Type a name for the storage account.
- Check Use Azure Cloud Storage for the configuration and content store? to store directories for your deployment in Azure Cloud Storage.
Placing directories in Azure Cloud Storage makes them highly available. If you do not check this option, the directories are stored on disk on the virtual machine used as the file share for the deployment.
- If you check Use Azure Cloud Storage for the configuration and content store?, choose which storage option to use.
- Choose Azure Files (SMB) to store the Portal for ArcGIS content directory, ArcGIS Server configuration store, and ArcGIS Server directories in Azure Files.
For ArcGIS Notebook Server, directories are stored on the Notebook Server machine.
- Choose Azure Blobs and Tables to store the Portal for ArcGIS content directory and ArcGIS Server configuration store in Azure Blob Storage. ArcGIS Server directories will be stored on the ArcGIS Server machines.
- Choose Azure Files (SMB) to store the Portal for ArcGIS content directory, ArcGIS Server configuration store, and ArcGIS Server directories in Azure Files.
- Optionally, if you check Use Azure Cloud Storage for the configuration and content store?, specify an Azure storage account that is in the same region you used for the ArcGIS Enterprise deployment.
You can use the same storage account used for the deployment or create a new storage account. To create a storage account in the region group for this site, follow these steps:
- Click the Add button .
- Type a name for the storage account.
Names must be unique. Click Check Availability to confirm the storage account name is unique.
- Choose the type of redundancy for your storage account: Geo-Redundant, Locally Redundant, or Read-Access Geo-Redundant.
See Azure Storage redundancy in the Microsoft Azure documentation for a description of each redundancy option.
- Click Create. When the storage account is created, click Close to return to Deployment Options.
- If you use the Azure Blobs and Tables option, choose one of the following from the Authentication Type drop-down list, and provide credentials necessary for each authentication type.
- AccessKey—When you choose this option, Cloud Builder will obtain the access key for the account.
- UserAssignedIdentity—This option is available if you added a user-assigned managed identity to the machines in the deployment when you configured site options. If you choose this option, choose one of the identities from the Identity drop-down list.
- ServicePrincipal—If you configured a service principal for the account specified in the previous step, provide the tenant ID, client ID, and client secret for the service principal. See Microsoft Azure help for an explanation of service principals.
The Azure Storage Blob Data Owner role and Storage Table Data Contributor role must be assigned to the service principal.
You cannot use this authentication type if the deployment is the in Microsoft Azure Government cloud.
- Click Next to view a summary of all the options you chose.
Review the summary and deploy
Ensure the deployment contains what you need and create the deployment.
You can also estimate costs for the infrastructure you chose and export the deployment options so you can automate the creation of future deployments.
- Review the settings in the Summary pane. If anything needs to be changed, click Back to go to the pane where you need to change the information.
ヒント:
Click Save Summary to save your site configuration information to a text file so you can refer to it for information such as the usernames or machine names.
- Click Generate Cost Estimate to calculate the approximate cost of the Azure infrastructure you will use in your deployment. When you finish generating the estimate, click Close.
This estimate does not include data storage costs.
- Click Save Automation Artifacts to export an archive file (.zip file) containing information and files you can use in automation scripts to re-create this deployment.
- Browse to a location on the local disk where the archive file will be created and type a name for the file.
- Choose the type of automation format you will use.
- Click Generate to create the file.
- When all settings are correct, click Finish to deploy the base ArcGIS Enterprise components.
When the site successfully deploys, a link to the portal appears in the message box. To connect to the portal at a later time, use the URL format https://<DNS_name>.<region>.cloudapp.azure.com/portal/home.
You can configure Azure Active Directory as a SAML-based identity provider for your ArcGIS Enterprise portal if you require it. See Configure Azure Active Directory in the ArcGIS/idp GitHub repository for instructions.
To publish hosted imagery layers or use GeoAnalytics or raster analysis tools in the portal, add the corresponding ArcGIS Server roles to your deployment.