On-prem deployment has https://gis.domain.com being passed through our firewall to our webadaptor vm, port 443 only. *.domain.com CA signed cert is installed on webadaptor VM, IIS. 2 webadaptors are installed on this same machine, /portal(443) and /server(443)
We just finished a base configuration deployment in Azure: portal, server, datastore and webadaptor VMs. We deployed Azure application gateway in front of the webadaptor VM. Our *.domain.com cert has to be installed on both the azure app. gateway and the backend webadaptor VM.
The application gateway supports TLS termination, which offloads it from the webadaptor VM. This got me thinking, is it beneficial, (CPU wise) to configure ArcGIS Enterprise communication solely over :80 ?
Is this possible?
Azure application gateway terminates *.domain.com TLS session, then passes requests:
:443/portal --> http://webadaptorvm.internal.com/portal
:443/server -->http://webadaptorvm.internal.com/portal
I would install new webadaptors with the same names, listening on port80. Would this also require me to configure the portal and server VMs to listen on http also?
Portal doc: https://enterprise.arcgis.com/en/portal/latest/administer/windows/configure-https.htm
Server doc: https://enterprise.arcgis.com/en/server/latest/administer/windows/secure-arcgis-server-communication...