Versions:
  • 3.7.0

Deploy Highly Available ArcGIS Enterprise #

This workflow demonstrates how to deploy a highly available ArcGIS Enterprise 10.9 base deployment across three machines:

  • Machine 1: File Server machine
  • Machine 2: ArcGIS Enterprise primary machine
  • Machine 3: ArcGIS Enterprise standby machine

To run Chef, the workflow uses Cinc Client in local mode.

The workflow will:

  • Create a file share for the Portal for ArcGIS content directory, ArcGIS Server config-Store/directories and ArcGIS Data Store relational/tile cache backup directories.
  • Install a primary Portal for ArcGIS and authorize it. Create the initial administrator account.
  • Install a standby Portal for ArcGIS and join it to the primary.
  • Install Portal for ArcGIS Web Styles on both the primary and standby machines.
  • Install and configure ArcGIS Web Adaptor for Portal for ArcGIS on both primary and standby machines.
  • Install ArcGIS Server, authorize it, create a site, and enable HTTPS in the ArcGIS Server Administrator Directory on the primary machine.
  • Install ArcGIS Server on the standby machine, authorize it, and join it to the ArcGIS Server site.
  • Install/configure web server (IIS on Windows or Tomcat on Linux) on both the ArcGIS Enterprise primary node and ArcGIS Enterprise standby node.
  • Import the CA-issued certificate, if it’s defined, or generate a self-signed certificate for the web servers.
  • Install and configure ArcGIS Web Adaptor for ArcGIS Server on both primary and standby machines.
  • Install a primary and standby ArcGIS Data Store and configure it as a relational and tile cache store with ArcGIS Server.
  • Federate the ArcGIS Server site with the portal and configure the site as the hosting server.

Supported Platforms:

  • Windows
    • Windows Server 2016 Standard and Datacenter
    • Windows Server 2019 Standard and Datacenter
  • Linux
    • Ubuntu Server 18.04 LTS
    • Ubuntu Server 20.04 LTS
    • Red Hat Enterprise Linux Server 7
    • Red Hat Enterprise Linux Server 8
    • CentOS Linux 7

Before setting up the deployment, you’ll need to have obtained:

  • ArcGIS Enterprise 10.9 setups from My Esri.
  • ArcGIS Enterprise 10.9 authorization files. Make sure to use the correct authorization file for different products.
  • Load balancer configured to balance load between the primary and standby machines.
  • Domain name for your web site routed to the load balancer.
  • SSL certificate in PKCS12 (a.k.a. pfx) format issued by certification authority (CA) for the domain (Note: If you don’t define a CA-cert, this tool will generate and use a self-signed certificate for testing purposes. Self-signed certificates are not supported by Portal for ArcGIS.)

Step 1. Install Cinc Client #

On all of the machines, install Cinc Client version 15 recommended for Chef Cookbooks for ArcGIS 3.7.0.

On Windows #

Start a Windows PowerShell terminal as an administrator and run:

> . { iwr -useb https://omnitruck.cinc.sh/install.ps1 } | iex; install -version 15

On Linux #

Run the following command as superuser:

$ curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -v 15

Step 2. Download Chef Cookbooks for ArcGIS #

Chef Cookbooks for ArcGIS is a collection of cookbooks for configuration, deployment, and management of ArcGIS Enterprise, ArcGIS Pro, and ArcGIS Desktop.

On all of the machines, download and extract Chef Cookbooks for ArcGIS 3.7.0.

On Windows #

Download the arcgis-3.7.0-cookbooks.zip archive to the machine.

Extract the contents of the arcgis-3.7.0-cookbooks.zip archive to C:\cinc.

On Linux #

Download the arcgis-3.7.0-cookbooks.tar.gz archive to the machine.

Delete /opt/cinc/cookbooks and /opt/cinc/templates directories and extract the contents of the arcgis-3.7.0-cookbooks.tar.gz archive to /opt/cinc.

Step 3. Configure the File Server Machine #

The file server machine is used for the ArcGIS Server configuration store and server directories, Portal for ArcGIS content store directories, and ArcGIS Data Store backup directories.

On Windows #

Copy file C:\cinc\templates\arcgis-enterprise-base\10.9\windows\arcgis-enterprise-fileserver.json to C:\cinc.

Edit the C:\cinc\arcgis-enterprise-fileserver.json file in a text editor.

  • arcgis.run_as_password - Change to the password of the ‘arcgis’ Windows user account.

Start a command prompt window as administrator, change directories to C:\cinc and run:

> cinc-client -z -j arcgis-enterprise-fileserver.json

After the cinc-client run completes, it will create the following shared directories:

  • \\<File Server Machine hostname>\arcgisportal\content
  • \\<File Server Machine hostname>\arcgisserver
  • \\<File Server Machine hostname>\arcgisbackup\relational
  • \\<File Server Machine hostname>\arcgisbackup\tileCache

On Linux #

Copy file /opt/cinc/templates/arcgis-enterprise-base/10.9/linux/arcgis-enterprise-fileserver.json to /opt/cinc.

As a superuser, run the following command:

$ cinc-client -z -j arcgis-enterprise-fileserver.json

Note: Your machines need to allow running sudo to execute commands without a password. On some Linux distributions, sudo is configured to require a tty as a default configuration. This is usually set in /etc/sudoers with the entry of Defaults requiretty. You can either change the entry to Defaults !requiretty in the /etc/sudoers file or change this configuration for certain users, groups, or commands. RedHat will remove this default setting, as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1020147.

After the cinc-client run completes, it will create the following shared directories:

  • /net/<File Server Machine hostname>/gisdata/arcgisportal/content
  • /net/<File Server Machine hostname>/gisdata/arcgisserver
  • /net/<File Server Machine hostname>/gisdata/arcgisbackup/tilecache
  • /net/<File Server Machine hostname>/gisdata/arcgisbackup/relational

Step 4. Set up Local ArcGIS Software Repository #

The deployment templates require ArcGIS setup archives to install ArcGIS applications. The setup archives must be located in a local or shared ArcGIS Software Repository directory specified by the arcgis.repository.archives attribute. Before running the setups, the setup archives are extracted into a local directory specified using the arcgis.repository.setups attribute.

On the ArcGIS Enterprise primary and standup machines, set up local ArcGIS software repositories.

Note: Alternatively, instead of copying ArcGIS setup archives on the primary and standby machines, a shared ArcGIS software repository can be set up on the file server machine.

On Windows #

Create directory C:\Software\Archives and copy the ArcGIS Enterprise 10.9 setup archives to that directory:

  • ArcGIS_DataStore_Windows_109_177788.exe
  • ArcGIS_Server_Windows_109_177775.exe
  • ArcGIS_Web_Adaptor_for_Microsoft_IIS_109_177789.exe
  • Portal_for_ArcGIS_Windows_109_177786.exe
  • Portal_for_ArcGIS_Web_Styles_Windows_109_177787.exe

Create directory C:\Software\AuthorizationFiles\10.9 and copy the software authorization files for 10.9 ArcGIS Server and Portal for ArcGIS to that directory.

Create directory C:\Software\Certificates and copy the SSL certificate to that directory.

On Linux #

Create directory /opt/software/archives and copy the following ArcGIS Enterprise 10.9 setup archives to that directory:

  • ArcGIS_DataStore_Linux_109_177887.tar.gz
  • ArcGIS_Server_Linux_109_177864.tar.gz
  • ArcGIS_Web_Adaptor_Java_Linux_109_177888.tar.gz
  • Portal_for_ArcGIS_Linux_109_177885.tar.gz
  • Portal_for_ArcGIS_Web_Styles_Linux_109_177886.tar.gz
  • apache-tomcat-8.5.63.tar.gz (will be downloaded from the internet if not present in the local ArcGIS software repository)
  • openjdk-11_linux-x64_bin.tar.gz (will be downloaded from the internet if not present in the local ArcGIS software repository)

Create directory /opt/software/authorization_files/10.9 and copy the software authorization files for 10.9 ArcGIS Server and Portal for ArcGIS to that directory.

Create directory /tomcat_arcgis and copy the SSL certificate to that directory.

Step 5. Configure the Base ArcGIS Enterprise Primary Machine #

The primary machine of the base ArcGIS Enterprise deployment contains the following software:

  • Portal for ArcGIS.
  • ArcGIS Server, licensed as ArcGIS GIS Server Standard or ArcGIS GIS Server Advanced and configured as the hosting server for the portal.
  • ArcGIS Data Store, configured as a relational and tile cache data store.
  • Two installations of ArcGIS Web Adaptor, one installation for traffic to the ArcGIS Enterprise portal and another for traffic to the hosting server.

On Windows #

Copy file C:\cinc\templates\arcgis-enterprise-base\10.9\windows\arcgis-enterprise-primary.json to C:\cinc.

Edit the C:\cinc\arcgis-enterprise-primary.json file in a text editor. Values in the JSON files must be JSON-escaped.

  • arcgis.run_as_password - Change to the password of the ‘arcgis’ Windows user account.
  • arcgis.server.private_url - Change to the ArcGIS Server URL that will be used as the hosting server’s admin URL. It is recommended to use a Load Balanced URL.
  • arcgis.server.web_context_url - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. It is recommended to use a Load Balanced URL.
  • arcgis.server.admin_username - Change to the primary site administrator account user name.
  • arcgis.server.admin_password - Change to the primary site administrator account password.
  • arcgis.server.authorization_file - Change to the path to the ArcGIS Server software authorization file.
  • arcgis.server.directories_root - Change to \\\\<File Server Machine hostname>\\arcgisserver. Replace <File Server Machine hostname> with the hostname of the File Server machine.
  • arcgis.server.config_store_connection_string - Change to \\\\<File Server Machine hostname>\\arcgisserver\\config-store. Replace <File Server Machine hostname> with the hostname of the File Server machine.
  • arcgis.server.system_properties.WebContextURL - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. It is recommended to use a Load Balanced URL.
  • arcgis.portal.admin_username - Change to the Portal for ArcGIS administrator account user name.
  • arcgis.portal.admin_password - Change to the Portal for ArcGIS administrator account password.
  • arcgis.portal.admin_email - Change to the Portal for ArcGIS administrator account’s e-mail address.
  • arcgis.portal.admin_full_name - Change to the full name associated with the Portal for ArcGIS administrator account.
  • arcgis.portal.security_question - Change to the Portal for ArcGIS administrator account security question (See Create Site - ArcGIS REST API for the list of allowed security questions.)
  • arcgis.portal.security_question_answer - Change to the answer to the Portal for ArcGIS administrator account security question.
  • arcgis.portal.content_store_connection_string - Change to \\\\<File Server Machine hostname>\\arcgisportal\\content. Replace <File Server Machine hostname> with the hostname of the File Server machine.
  • arcgis.portal.authorization_file - Change to the path to the Portal for ArcGIS software authorization file.
  • arcgis.portal.user_license_type_id - Specify the user type to assign to the Portal for ArcGIS administrator account. If left blank, a temporary user type will be assigned to the administrator and will have to be changed on the first log in. The allowed user type IDs are: creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.
  • arcgis.portal.system_properties.privatePortalURL - Change to the Portal for ArcGIS URL that ArcGIS Server should use to communicate with the Enterprise portal. It is recommended to use a Load Balanced URL.
  • arcgis.portal.system_properties.WebContextURL - Change to the Portal for ArcGIS web context URL. It is recommended to use a Load Balanced URL.
  • arcgis.iis.keystore_file - Change to the path to the SSL certificate file that will be used to configure the HTTPS listener in the IIS web server.
  • arcgis.iis.keystore_password - Change to the password for the SSL certificate file.

Start a command prompt window as administrator and change directories to C:\cinc, then run:

> cinc-client -z -j arcgis-enterprise-primary.json

On Linux #

Copy the file /opt/cinc/templates/arcgis-enterprise-base/10.9/linux/arcgis-enterprise-primary.json to /opt/cinc.

Edit the /opt/cinc/arcgis-enterprise-primary.json file in a text editor.

  • arcgis.server.private_url - Change to the ArcGIS Server URL that will be used as the hosting server’s admin URL. It is recommended to use a Load Balanced URL.
  • arcgis.server.web_context_url - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. It is recommended to use a Load Balanced URL.
  • arcgis.server.admin_username - Change to the primary site administrator account user name.
  • arcgis.server.admin_password - Change to the primary site administrator account password.
  • arcgis.server.authorization_file - Change to the path to the ArcGIS Server role software authorization file.
  • arcgis.server.directories_root - Change to /net/<File Server Machine hostname>/gisdata/arcgisserver. Replace <File Server Machine hostname> with the hostname of the File Server machine.
  • arcgis.server.config_store_connection_string - Change to /net/<File Server Machine hostname>/gisdata/arcgisserver/config-store. Replace <File Server Machine hostname> with the hostname of the File Server machine.
  • arcgis.server.system_properties.WebContextURL - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. It is recommended to use a Load Balanced URL.
  • arcgis.portal.admin_username - Change to the Portal for ArcGIS administrator account user name.
  • arcgis.portal.admin_password - Change to the Portal for ArcGIS administrator account password.
  • arcgis.portal.admin_email - Change to the Portal for ArcGIS administrator account e-mail address.
  • arcgis.portal.admin_full_name - Change to the full name associated with the Portal for ArcGIS administrator account.
  • arcgis.portal.security_question - Change to the Portal for ArcGIS administrator account security question. (See Create Site - ArcGIS REST API for the list of allowed security questions.)
  • arcgis.portal.security_question_answer - Change to the answer to the Portal for ArcGIS administrator account security question.
  • arcgis.portal.content_store_connection_string - Change to /net/<File Server Machine hostname>/gisdata/arcgisportal/content. Replace <File Server Machine hostname> with the hostname of the File Server machine.
  • arcgis.portal.authorization_file - Change to the path to the Portal for ArcGIS software authorization file.
  • arcgis.portal.user_license_type_id - Specify the user type to assign to the Portal for ArcGIS administrator account. If left blank, a temporary user type will be assigned to the administrator and will have to be changed on the first log in. The allowed user type IDs are: creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.
  • arcgis.portal.system_properties.privatePortalURL - Change to the Portal for ArcGIS URL that ArcGIS Server should use to communicate with the Enterprise portal. It is recommended to use a Load Balanced URL.
  • arcgis.portal.system_properties.WebContextURL - Change to the Portal for ArcGIS web context URL. It is recommended to use a Load Balanced URL.
  • tomcat.keystore_file - Change to the path to the SSL certificate file in PKCS12 format that will be used to configure the HTTPS listener in Apache Tomcat.
  • tomcat.keystore_password - Change to the password of the SSL certificate file.

Run the following command as a superuser:

$ cinc-client -z -j arcgis-enterprise-primary.json

Step 6. Configure the Base ArcGIS Enterprise Standby Machine #

The standby machine of the base ArcGIS Enterprise deployment duplicates the software as the primary machine. ArcGIS Server and Portal for ArcGIS on the standby machine are joined to ArcGIS Server and Portal for ArcGIS sites created during the primary machine configuration. The ArcGIS Data Store instance on the standby machine is registered as standby with the hosting ArcGIS Server site.

On Windows #

Copy file C:\cinc\templates\arcgis-enterprise-base\10.9\windows\arcgis-enterprise-standby.json to C:\cinc.

Edit the C:\cinc\arcgis-enterprise-standby.json file in a text editor. Values in the JSON files must be JSON-escaped.

  • arcgis.run_as_password - Change to the password of the ‘arcgis’ Windows user account.
  • arcgis.server.admin_username - Specify primary site administrator account user name.
  • arcgis.server.admin_password - Specify primary site administrator account password.
  • arcgis.server.authorization_file - Specify path to the ArcGIS Server role software authorization file.
  • arcgis.server.primary_server_url - Specify ArcGIS Server URL of the primary machine.
  • arcgis.portal.primary_machine_url - Specify Portal for ArcGIS URL of the primary machine.
  • arcgis.portal.admin_username - Specify Portal for ArcGIS administrator account user name.
  • arcgis.portal.admin_password - Specify Portal for ArcGIS administrator account password.
  • arcgis.portal.authorization_file - Specify path to the Portal for ArcGIS software authorization file.
  • arcgis.iis.keystore_file - Specify path to the SSL certificate file in PKCS12 format that will be used to configure HTTPS listener in IIS web server.
  • arcgis.iis.keystore_password - Specify password of the SSL certificate file.

After the ArcGIS Enterprise Primary Machine cinc-client run has completed, start a command prompt window as administrator, change directories to C:\cinc, and run:

> cinc-client -z -j arcgis-enterprise-standby.json

On Linux #

Copy the file /opt/cinc/templates/arcgis-enterprise-base/10.9/linux/arcgis-enterprise-standby.json to /opt/cinc.

Edit the arcgis-enterprise-standby.json file in a text editor.

  • arcgis.server.admin_username - Specify primary site administrator account user name.
  • arcgis.server.admin_password - Specify primary site administrator account password.
  • arcgis.server.authorization_file - Specify path to the ArcGIS Server role software authorization file.
  • arcgis.server.primary_server_url - Specify ArcGIS Server URL of the primary machine.
  • arcgis.portal.primary_machine_url - Specify Portal for ArcGIS URL of the primary machine.
  • arcgis.portal.admin_username - Specify Portal for ArcGIS administrator account user name.
  • arcgis.portal.admin_password - Specify Portal for ArcGIS administrator account password.
  • arcgis.portal.authorization_file - Specify path to the Portal for ArcGIS software authorization file.
  • tomcat.keystore_file - Change to the path to the SSL certificate file in PKCS12 format that will be used to configure the HTTPS listener in Apache Tomcat.
  • tomcat.keystore_password - Change to the password of the SSL certificate file.

Run the following command as a superuser:

$ cinc-client -z -j arcgis-enterprise-standby.json

Step 7. Clean Up #

Once the Chef runs successfully complete, save the JSON files in a safe and secure place to use in the future for upgrades or disaster recovery.

The cinc-client reads attributes from the JSON files and caches the attributes inside a ‘nodes’ folder that resides in the Chef workspace directory. Because some of the attributes in the JSON file may contain sensitive information, such as passwords, it is recommended that you delete the ‘nodes’ folder in the Chef workspace directory after you complete the last Chef run on the machine.

Chef Cookbooks for ArcGIS extract the setup archives into local directory specified by arcgis.repository.setups attribute. To save disk space, the archives and setups can be deleted after the machine configuration is completed.


After the ArcGIS Enterprise Standby Machine cinc-client run completes, Portal for ArcGIS and ArcGIS Server will be available at https://<domain name>/portal and https://<domain name>/server URLs respectively.

Note: See ArcGIS Enterprise Chef Deployment Templates for more information about deployment templates.