Multiple-machine deployment with third party load balancer—ArcGIS Enterprise | Documentation for ArcGIS Enterprise
Skip To Content

Multiple-machine deployment with third party load balancer

ArcGIS Server supports the configuration of multiple-machine sites. In a multiple-machine site, two or more servers can be administered and used as a single logical unit, providing ArcGIS Server administrators with great flexibility to easily adjust the computing power of the site by adding or removing machines. Multiple-machine sites also simplify the process of publishing and updating services across multiple ArcGIS Server machines.

In a multiple-machine deployment, each ArcGIS Server machine must be at the same version number for the site to function correctly. Additionally, the exact same license must be applied to each machine that participates in the site.

A common multiple-machine configuration involves a third-party reverse proxy server or network load balancer sitting in front of a pool of ArcGIS Server machines.

A key aspect of multiple-machine configurations is that all ArcGIS Server machines share the same configuration store and server directories. In this manner, an administrator can log in to any machine using ArcGIS Server Manager and apply changes that will affect all machines within the site.

A single ArcGIS Server site provides the means to easily administer ArcGIS Server and its services across a number of machines. However, the use of ArcGIS Server directories and data in shared network locations can negatively affect performance of services under heavy load.

Configuring a third-party load balancer or reverse proxy server grants flexibility to your organization, with greater control over how requests are handled. You cannot configure web-tier authentication with this configuration; to do so, you must configure a multiple-machine deployment with ArcGIS Web Adaptor.

ArcGIS Server machines, server directories, and configuration store

Because all ArcGIS Server machines in multiple-machine configurations share the same configuration store and server directories, you must select a network location for your server directories and configuration store.

Typically, a domain account is chosen for the ArcGIS Server account because this simplifies the management of data access permissions to network resources. However, depending on your own security policies, you may choose to use local accounts. The ArcGIS Server account (local or domain) needs to have write access to the network share where the configuration store and server directories are located. For more information, see Accounts used by ArcGIS Server.

Data

As described in other deployment scenarios, when using file-based data, it is highly recommended to use local resources to the ArcGIS Server machine. This has the disadvantage of forcing you to duplicate your data across all machines, but reduces network traffic and results in higher performance for your services. You should consider this option and use it when it is applicable. The size of your data and the frequency of updates often dictate if keeping your data local across all machines is a practical approach.

When using databases in this deployment pattern, it is important that you always use dedicated hardware. Keep the database tier independent from the ArcGIS Server tier.

Third-party reverse proxy server or network load-balancer

In this configuration, ArcGIS Server clients never connect directly to your ArcGIS Server machines. Instead, they connect through a middle tier that provides security features and makes your overall site more resilient to failures.

From a security perspective, it is not a recommended practice to access the same channel to use and administer your site. Typically, administrative tasks are only enabled through sections of your network or specific machines that can access your ArcGIS Server machines directly over port 6443. You can overcome this by specifying that only certain IP addresses can access the server in the Administrator Directory. This is controlled by the allowedAdminAccessIPs property in the server's security configuration. To learn how to configure this property to limit access to the server, see the example in Update security configuration.

Requests from client applications are always funneled through the reverse proxy, which prevents the use of any administrative end points. Most third-party proxies allow you to filter incoming requests that include a particular URL pattern. Blocking incoming requests using resources under the ArcGIS Server Administrator Directory (https://gisserver.domain.com:6443/arcgis/admin) or ArcGIS Server Manager (https://gisserver.domain.com:6443/arcgis/manager) effectively block any administrative tasks through your reverse proxy.

Your reverse proxy also serves as a load balancer for the site. A simple load-balancing algorithm such as round-robin is adequate for this configuration.

Note:

If you do not use ArcGIS Web Adaptor, be sure that the load balancer context name only goes one level deep. For example, you can have a load balancer URL such as https://lb.domain.com/enterprise, but you cannot have a load balancer URL such as https://lb.domain.com/myorg/enterprise.

If your network load balancer supports a health check function, you can use the ArcGIS Server site's Health Check endpoint in the REST API to determine if the site is available to receive requests. This is useful to quickly determine if there's a software or hardware failure in the site.

To learn how to integrate a reverse proxy server with ArcGIS Server, see Configure a reverse proxy server with ArcGIS Server.