We want to use the ArcGIS PowerShell DSC Module to deploy our ArcGIS environment. The deployment consists of a Base Deployment (Portal, ArcGIS Server and Data Store), two federated servers and the Web Adaptors (portal, hosting, fed1, fed1) deployed on a web server in a DMZ. All servers except the web server in the DMZ are domain joined.
Is there a configuration of the DSC that would be able to deploy the entire environment (including the WAs in the DMZ)?
We tried to use a DSC configuration to install the WAs in the DMZ but because it is not domain joined we got errors. We are now looking at an option to install and configure the WAs using a separate .ps1 script while using the DSC for the rest of the installations. We are looking at two options for this but not sure if they are valid.
Option 1:
Option 2:
Any ideas @CameronKroeker - thanks for any assistance with this.
Hi @julian_svcs,
Yes, it is possible to deploy a base enterprise with the web server in the DMZ, however, it does require some additional environment configuration.
- Trusted Hosts will need to be configured properly for all target nodes to establish trust (either the ip of each node and/or hostname.)
- A common Administrator account will need to be used for the Invoke-ArcGISConfiguration -Credential flag. Since the web server node isn't on the domain, a domain administrator account cannot be used. It will need to be a local administrator account. This local administrator account will need exist on all target nodes and have the same username and password. Note: If you get an access denied error check that the LocalAccountTokenFilterPolicy is configured.
Here are some helpful resources:
Here are a couple commands that can be used to test the connection between the dmz node and domain joined nodes:
WinRM HTTPS:
Test-WSMan -ComputerName TargetNodeMachineNameOrIP -Authentication default -Port 5986 -UseSSL -Credential LocalAdministratorUsername
WinRM HTTP:
New-CimSession -Port 5985 -ComputerNameTargetNodeMachineNameOrIP -Authentication default -Credential LocalAdministratorUsername
Test-WSMan -ComputerName TargetNodeMachineNameOrIP -Authentication default -Port 5985 -Credential LocalAdministratorUsername
Thanks,
Cameron K.
Awesome, thanks @CameronKroeker . I'll check it out and get back to you.