Summary
This article describes in detail how to deploy ArcGIS Server 9 series products (verified version 9.0/9.1) in a Windows Domain environment to implement som (Server Object Manager) and SOC (Server Object iner INER) distribution.
Value of this Article
ArcGIS Server 9 series products adopt a service-oriented enterprise-level application system architecture. To meet the high performance requirements of enterprise applications, ArcGIS Server provides a DCOM-based load balancing method. However, deployment is often difficult, so this article will describe the deployment process.
Scenario
Take Windows Server 2003 and ArcGIS Server 9.0 as examples to describe the deployment process. Assume that the two servers are a B respectively. A is configured as a Windows Domain Controller, and the SOM and SOC are deployed on the server a and server B respectively.
Deployment and deployment structure of ArcGIS Server
During the distributed deployment of ArcGIS Server products, the system security depends on the support of the Windows domain. Run ArcGIS Server SOM/SOC as authorized users in the Windows domain and run ArcGIS catalog as authorized users to manage ArcGIS Server.
The deployment structure of ArcGIS Server is as follows:
Deployment process
Create a Windows Domain
To create a Windows domain, you need a Windows 2000 or Windows Server 2003 server to provide the DNS domain name service and upgrade it to a domain controller.
N dns Server
Install DNS on server a: Start the "Add/delete Windows Components" program, select "Network Service> Domain Name System (DNS)", and install it.
After the installation is complete, configure the DNS and assign a suitable domain name for this DNS service, such as "apple.dcqtech.com". You can configure a superior forwarding DNS for the DNS, IP addresses that cannot be resolved by this DNS will be forwarded to the higher-level DNS for resolution.
Finally, point the IP address of the local DNS server to the local host. In the future, other computers that are added to the domain must set this DNS server as their primary DNS server.
N-Domain Controller
Start the "windows \ system32 \ dcpromo.exe" Domain Management Program on server a, which can be used to create and delete domain controllers.
When the domain controller is created, the administrator user on the current server is promoted to the domain administrator user, while other non-administrator users on the current server are also automatically promoted to the domain user, for the resources of the current computer, the user's permissions have not changed.
After the domain controller is successfully installed, add another server B to the Windows domain managed by server.
Install ArcGIS Server
According to the deployment requirements, ArcGIS Server will be installed on server a and server B. Server A as the main server will deploy the complete SOM/SOC components. Server B only needs to deploy the SOC components.
1. Installation Process
The method for installing ArcGIS Server is divided into two steps:
N Step 1: copy the file to the computer and use the default option;
N step 2: perform post installation. The program running interface is as follows:
The post installation wizard will install SOM and SOC on the current computer and perform authorization authentication. An authorized server can run the SOC.
The post installation wizard then prompts you to enter the user account and password used when the SOM and SOC are running on the local machine. The User Account set here can be an existing account or a new account (can be a local account or a domain account ), the wizard adds the SOM account to the local agsadmin group and the SOC account to the local agsusers group. You also need to manually add the desktop login user to the two groups. The two groups actually control the access restrictions of SOM and SOC. The permission configuration will be detailed in subsequent chapters.
It is worth noting that if you do not need to install som but only install SOC, you can use the command line "ArcGIS \ bin \ serverpostinstall.exe/containeronly" for installation. For detailed parameter descriptions, see its help documentation.
After post installation, you will also be prompted to perform authentication, and you can install it in sequence.
2. test and install
After post installation is installed, use ArcGIS catalog to test whether the local ArcGIS Server has been installed successfully.
Open ArcGIS catalog and click "GIS server → add ArcGIS Server". The following dialog box is displayed:
Enter the local name or "localhost" and click "OK" to connect. In this case, the possible error is that the connection fails, probably because of the user permission problem. You can check whether the current desktop login user is in the agsadmin group and agsusers group.
After the connection is successful, you can configure the server and activate the configuration interface through the server properties option, as shown in:
You can set the distributed SOC (host label) and URL to plot the virtual directory (directories label). For more information, see the subsequent sections and related documents.
Configure domain user security policies
Security policies for domain users can be summarized (each server in the figure is logically divided ):
N promote ArcGIS Web Services account to domain ArcGIS Web Services account domain users.
N. Promote the SOM account to the domain som account domain user.
N promote the SOC account to the domain SOC account domain user
N on the server where a webserver is deployed, add the domain ArcGIS Web Services account domain users and domain admin users group domain management user groups to the local Administrators Group.
N on the server where somserver is deployed, add domain ArcGIS Web Services account domain users, domain som account domain users, and domain admin users group domain management user groups to the local agsadmin group.
Add domain ArcGIS Web Services account domain users, domain SOC account domain users, and Domain Users group domain management user groups to the local agsusers group.
Configure the corresponding directory access permissions and DCOM access permissions. For more information about DCOM access permissions, see the subsequent sections.
N on the server where socserver is deployed, add domain ArcGIS Web Services account domain users, domain som account domain users, and domain admin users group domain management user groups to the local agsadmin group.
Add domain ArcGIS Web Services account domain users, domain SOC account domain users, and Domain Users group domain management user groups to the local agsusers group.
Configure the corresponding directory access permissions and DCOM access permissions. For more information about DCOM access permissions, see the subsequent sections.
On server A, as a domain controller, you can use "Active Directory user and Computer Tools" in "Administrative Tools" to configure domain user security policies. As shown in:
In Windows, users with domain administrator permissions can set the permissions of users and computers in the domain on any computer that installs windows or a later version of the operating system and the management toolkit. For more information about domain configuration, see MCSE.
To directly modify the local user permissions of a computer in the domain on the domain controller, for example, directly modifying the local user permissions of server B on server, add the domain som account to the agsadmin group in blocal. The method is as follows:
Configure DCOM Security Policies
As shown in the security policy diagram of domain users, the access permissions of corresponding DCOM components must be granted to legal users and groups in somserver and socserver.
The whole ArcGIS Server is based on the DCOM architecture. In terms of performance, the establishment of a Windows Domain aims to manage the access security of DCOM through domain integration permissions.
On somserver and socserver, the DCOM component named arcsom and arcsoc exists respectively. Use the "component service" tool in "Administrative Tools" to Configure permissions (or enter "dcomcnfg" in "run" to activate the tool ). Shows the tool interface:
By setting access permissions for the DCOM component, you can assign a valid identity to the domain user. In a distributed environment based on DCOM, the core security problem is how to set access permissions for the DCOM component. configuring reasonable domain users and groups is the prerequisite for this setting process. After successfully deploying ArcGIS Server, you may also encounter DCOM permission issues during the application process. For details, refer to this article.
Connect to ArcGIS Server
After the domain user and DCOM Security Policy are configured successfully, you can connect to ArcGIS Server through ArcGIS catalog. After the connection is successful, you can add a remote SOC by setting the ArcGIS Server som attribute. Note that one SOM can manage multiple Soc at the same time, but one SOC can only be managed by one SOM at the same time. For example, if SOM and SOC are installed on server a B, if a som wants to manage B soc, the default B soc managed by B som must be deleted first. Shows the configuration interface:
Click "OK". If the system prompts a message similar to "restricted access", check whether the DCOM access permission of the target server has been granted to the account that runs som locally and the account that runs arc catalog.
Conclusion
You can deploy ArcGIS Server in a distributed environment through installation and permission configuration. Running SoC on multiple servers can effectively share the load and improve system performance.
Thoughts
Implemented the distributed deployment of SOM and SOC in the Windows domain, and the DCOM-based program can run smoothly. However, there are still many specific problems that need to be designed and handled in distributed deployment. For example, how to ensure the consistency of all SOC access data, access to ArcSDE or access to local files should have their own processing methods. These problems have not yet been solved in practice, and will be further summarized in the subsequent development process.