Before installing ArcGIS Enterprise, identify the URL that will be used to represent your ArcGIS Enterprise organization and enable client access to it. This single URL provides access to multiple resources such as apps, administrative tools, and APIs and defines how responses are formed to client requests.
The ArcGIS Enterprise organization is accessed by a single URL that is composed of a scheme, host, and context, as shown below.
The terms in the example above are defined as follows:
- Scheme—communicates to the requester or browser to access the organization's URL over HTTPS.
- Host—describes the fully qualified domain name (FQDN) or Domain Name System (DNS) alias for the organization.
- Context—refers to the name an administrator provides when installing the ArcGIS Web Adaptor component.
Caution:
The configuration described in this topic must be performed before federating any ArcGIS Server site with your ArcGIS Enterprise organization. Adding a DNS alias or reverse proxy after an ArcGIS Server site has been federated with your portal is not supported. If you need to change the hostname in your organization URL, contact Esri Professional Services or another trusted consulting partner for guidance.
Unfederating an ArcGIS Server site has significant consequences and is not easily undone. To learn more, see Administer a federated server.
Configuration scenarios
Depending on how the organization has been configured, the organization URL will use one of the following.
Note:
When your organization URL represents a production environment or is available outside of the local network, it is recommended to use a DNS alias to allow for greater flexibility in future upgrade and migration scenarios.
FQDN of the machine hosting the web adaptor
For this architecture, the registration of the web adaptor using the configuration wizard accessed via the FQDN is adequate to define the organization URL properly. This pattern is typical of deployments that are not intended to be internet-facing or are for nonproduction use.
In this example, both the portal and web adaptor machines are on an internal domain, behind the organization's firewall. The web adaptor name is enterprise.
- Organization URL: https://organization.internal.com/enterprise
DNS alias assigned to the machine hosting the web adaptor
For this architecture, it is recommended that the administrator set the WebContextURL prior to registration of the web adaptor. While the organization URL can be defined properly by accessing the configuration wizard page over the DNS alias during registration, setting the WebContextURL removes any ambiguity during future upgrades or web-tier architecture changes.
In this example, both the portal and web adaptor machines are on an internal domain, behind the organization's firewall.
- Organization URL: https://organization.internaldomain.com/enterprise
- DNS Record: organization.internaldomain.com > webadaptor.internaldomain.com
In the next scenario, both the portal machine and web adaptor machines are also on an internal domain, behind the organization's firewall.
- Organization URL: https://organization.domain.com/enterprise
- DNS Record: organization.domain.com > webadaptor.domain.com or public IP WebAdaptor
DNS alias assigned to a reverse proxy or load balancer (with or without web adaptor in the network path)
For this architecture, you must follow the guidance for integrating your portal with a reverse proxy or load balancer including setting the WebContextURL prior to creating content or federating an ArcGIS Server site with the organization.
In this first scenario, both the portal and web adaptor machines are on an internal domain, behind the organization's firewall. The load balancer is accessed through the FQDN that resides outside the organization's firewall. The web adaptor name is enterprise.
- Organization URL: https://organization.external.com/enterprise
- DNS Record: organization.domain.com > loadbalancer.domain.com or public IP LoadBalancer
In the next scenario, the portal machine is on an internal domain behind the organization's firewall. The web adaptor is not used. The load balancer is accessed through a FQDN that resides outside the organization's URL.
- Organization URL: https://organization.external.com/enterprise
- DNS Record: organization.domain.com > loadbalancer.domain.com or public IP LoadBalancer