There’s a saying
“The painters house never gets painted”
Not trying to toot my own horn, but I’ve installed ArcGIS server dozens of times over the past 5 years and a few times even before that. Most recently, those have been distributed installations over several servers. Since version 10.4 I have strongly recommended that users use at least 2 servers for this operation. We always follow Esri best practices for Enterprise, for our clients.
Our server? Well that’s another story.
We’ve been hobbling along on one Amazon EC2 Server for 5 years for our ArcGIS Enterprise installation. It’s a file server, license server, ArcGIS Desktop, cache server, IIS, and portal server. Everything. It is the junk drawer. Not recommended setup. at all. Here’s a little secret: One of the reasons I have not upgraded (aside from time) is because I don’t know how to network to EC two instances without a domain controller. Or at least I didn’t.
There are only a few things you need do to make sure your EC2 instances can see each other for FQDN (Fully Qualified Domain Name) requirements of ArcGIS Enterprise deployments.
- EC2 Instances MUST be in the same VPC & Subnet
- Set permissions for the Security Group
- Modify Hostfile to translate IP addresses
VPC & Subnet
VPC stands for virtual private cloud. It’s Amazon’s cloud-based networking structure. AWS allows you to create a domain and subnet. There’s a lot I don’t understand here (egress only internet gateways, peering connections, NAT gates, ¯\_(ツ)_/¯ ) but one thing is for sure; this is a requirement for your server to even know each other exist. Our original EC to instance was old enough that I had to convert it and assign it to a VPC and subnet. I just made sure that when I created my second EC2 instance I chose the same VPC and Subnet (and thereby, same Availability Zone)
Your Amazon security group is kind of like an additional firewall on your server. These security groups can be separate on each instance however for ease and one less variable, I use the same security group for both. Nonetheless, you have to enable ‘All ICMP-ipv4’ traffic for this security group.
Edit The Rules and allow this protocol. **Note: At this point you should be able to use command line and ping the IP address of each instance from the other. Verifying that communication works. But since we are intending to use FQDN for installation of a web adapter, you need to edit the host file.
This is a poor man’s Domain controller. Modifying this file will tell the server how to translate the IP address into the actual server name. It’s here: C:\Windows\System32\drivers\etc\hosts Edit that file and add your Private ip address. Open up in Notepad, add your IP address, and just hit safe.
Now you should be able to look up and connect to these machines via UNC path (with a share) or the server name. Lemon-Squeezy.