Open topic with navigation
A Geocortex Analytics deployment can monitor multiple kinds of resources in many combinations of ArcGIS Servers, ArcGIS Online or Portal for ArcGIS, Geocortex Applications, websites, Web Applications or servers that may, or may not, be part of your GIS infrastructure.
The recommended deployment is to install Analytics on its own dedicated Hub server. You can have only one Hub server.
If you are unable to use the recommended deployment and need to deploy both Analytics and Essentials on the Hub server, it cannot have sustained CPU usage above 20%, when monitored in Windows Task Manager. In addition, the server must have free resources available that exceed the minimum identified for each application. See Geocortex Analytics System Requirements.
If you plan to deploy multiple servers with Analytics and Essentials, you must install Analytics as an Agent on the Essentials machine.
When you install on multiple servers, you specify a shared cluster name and secret on the Hub server during installation, which you use later when you connect Agent installations to the Hub. If you are upgrading from a version of Core 2.x, your cluster name may previously have been set to the machine's computer name.
Analytics is able to monitor up to a maximum number of combined resources within optimal performance. The numbers listed below are based on an Analytics instance running on a server with the recommended specifications. These numbers are flexible, for example, if you monitor less of one resource, you can monitor more of another.
Analytics supports monitoring the following combined resources:
You must have a Hub server and it must be installed first.
All the Hub and Agent installations of Analytics must belong to the same cluster.
Once a cluster is set up and a name allocated to it, you cannot change the name of the cluster without losing data.
For a group of servers to function like a single system, they must use the same cluster name. You specify the cluster name when you install Analytics on the Hub server.
Several factors determine the type of Analytics you install:
Every installation of Geocortex Analytics has a designated Hub server, even if there is only a single server. If you want to monitor other servers of your GIS infrastructure, you can do so either by monitoring them remotely, or by installing Analytics on those servers as an Agent.
If you wish to collect data from the Geocortex Viewer for HTML5 or Geocortex Viewer for Silverlight, you must enable the Analytics Integration Module in the viewer in Geocortex Essentials and then set the URL to the REST endpoint of the Client Relay.
The ideal deployment is to install Geocortex Analytics and Geocortex Essentials on two separate servers with Analytics on the Hub server and an Agent installation of Analytics on any Essentials servers.
Geocortex Analytics can monitor resources remotely or by installing Analytics as an Agent (satellite) machine. Both options have benefits and drawbacks.
Remote Monitoring: You add and configure resources in Configuration.
Benefit: You can manage all the configurations from a single location.
Drawback: You must have the ability to deal with permissions, security, and firewalls so that you can enable Analytics to access the resources using secure credentials.
Ideal if: You have a large GIS environment.
Agent Installation You install a trimmed-down version of Analytics software on each server that you want to monitor and adjust the settings in Configuration.
Benefit: You can set up and monitor a server by installing an Agent on each server you want to monitor. Most of the configuration is done automatically by Analytics. Firewalls are still a restraint but an Agent installation bypasses having to deal with permissions and security.
Drawback: You must upgrade every instance of an Agent individually whenever there is a new version of the Analytics software.
Ideal if: You have a smaller GIS environment that can easily be upgraded.
You can monitor most resources either remotely or by using an Agent. Geocortex Essentials is the exception. If Essentials is on a different machine from Analytics (preferred) Essentials can only be monitored using an Agent. It cannot be monitored remotely.
You need an ArcGIS Identity to sign in to Analytics. You can use any of the following ArcGIS options as an identity provider:
ArcGIS Online: To use this option, you must have and use, an organizational account with ArcGIS Online.
Portal for ArcGIS: To use this option, you must first create an App for Analytics in your organization's Portal for ArcGIS, as you need it to obtain an App ID and App Secret to use to log in. The application must be registered in order to get an App ID and Secret. In some organizations, this can only be done by Administrators.
Customers with valid ArcGIS software licenses will likely have entitlements to acquire ArcGIS identities. ArcGIS for Desktop customers may be entitled to either an ArcGIS Online or Portal for ArcGIS identity. ArcGIS for Server customers may be entitled to a number of Portal for ArcGIS identities. For more information, contact your local Esri representative.
You can set up an ArcGIS Identity to log in to Analytics during installation or after the installation by running ArcGIS Identity Setup from the desktop. Either option opens the ArcGIS Identity Setup window where you can enter the credentials Analytics needs to use your identity.
If you use Internet Explorer as your browser and you switch identity providers between ArcGIS Online and Portal for ArcGIS, or from one Portal for ArcGIS instance to another, you need to clear the browser cache. If you do not clear the cache, you will receive a Core Security service error and not be able to open Analytics.
To open the ArcGIS Identity Setup window (post installer):
On a machine with Analytics installed, do one of the following:
Select the Run ArcGIS Identity Setup option during installation.
On the desktop, click Start and then type "Arc".
The Geocortex Analytics ArcGIS Identity Setup option displays.
Click the option to open the ArcGIS Identity Setup window.
To use an ArcGIS Online account to log in to Analytics:
In the ArcGIS Identity Setup window, select ArcGIS Online account.
In the Subdomain Name box, type in the subdomain of your ArcGIS Online.
If you are signing in using a secured HTTPS URL, for example,
https://analyticshub.domain.com/AnalyticsReports, then select Include SSL-Secured Redirects.
If you are signing in using HTTP, then do not select this option.
If you selected the Enable SSL option during installation, the Include SSL-Secured Redirects option is already selected and so this option is not available.
If you do not want to use one of the default redirect URLs, select Use Alternate Redirect, and then paste in the redirect URL you want to use.
If you selected the Enable SSL option during installation, only alternate redirect URLs using HTTPS are accepted. If you use HTTP, you will see an error message. If you have the Enable SSL option enabled, when you continue with the Identity Setup, you must also ensure that the identity provider used by the specified Portal for ArcGIS instance sends all requests via HTTPS.
The Sign in page opens where you sign in and register Analytics with ArcGIS Online.
Sign in using your Username and Password.
When the confirmation screen indicates you have registered Geocortex Analytics with ArcGIS Online, click Close.
To use a Portal for ArcGIS account to log in to Analytics:
In the ArcGIS Identity Setup window, select Portal for ArcGIS.
In the URL box, type in the URL to your portal.
In the App ID and App Secret boxes, paste in the App ID and App Secret from the Analytics App you created.
For information on how to add an application in Portal for ArcGIS,
If you do not want to use one of the Default redirect URLs, select Use Alternate Redirect, and then paste in the redirect URL you want to use.
If you selected the Enable SSL option during installation, only alternate redirect URLs using HTTPS are accepted, otherwise you will see an error message. Because the Enable SSL option is enabled, when you continue with the Identity Setup, you must also ensure that the identity provider used by the specified Portal for ArcGIS instance sends all requests via HTTPS.
The Sign-in page opens where you sign in and register Analytics with Portal for ArcGIS.
Sign in using your Username and Password.
When the confirmation screen indicates you have registered Geocortex Analytics with Portal for ArcGIS, click Close.
To disable sign-in:
If you want anyone to be able to use Analytics, click the Skip ArcGIS Identity Setup link.
When the confirmation dialog appears, click Yes.
When the final dialog of the utility opens, click Close.
You set up Analytics to use your forward proxy server by configuring a Windows account with the information required, and then the Geocortex Core process is run under that user account.
Ideally, you should set up the Windows user account before you install or upgrade Analytics to 1.3, however, if you forget, or if the password of the user account changes, you can change the settings manually, even if you have already upgraded.
The process for setting up proxies differs depending on whether you are installing or upgrading an Agent or a Hub server.
If you want to set up a proxy during an upgrade, it is easier to select and set up the proxy while upgrading to Analytics 1.3, as the Run Service By Account window does not appear during an upgrade in later versions.
Scenario 1: Hub Server Proxy Setup Process
If you are installing Analytics for the first time, or upgrading to 1.3, on the Hub server, you can set up a proxy using the following steps:
On the Hub server, set up an existing or a new Windows user account that has administrator privileges.
Add the server forward proxy settings to this user account using the instructions in Configure Analytics to Run Under a Windows User Account.
Install or upgrade Analytics to version 1.3. During the installation or upgrade, in the Run Service By Account window, enter the credentials for the Windows user account you set up previously, that contains the forward proxy server settings.
Scenario 2: Agent Server Proxy Setup Process
If you are installing Analytics for the first time, or upgrading to 1.3, on an Agent server, set up a proxy using the following steps:
On the Agent server, set up an existing or a new Windows user account that has administrator privileges.
Add the forward proxy server settings to this Windows user account using the instructions in Configure Proxy Settings for a Windows User Account.
Install or upgrade Analytics following the instructions in Install Analytics on an Agent Server.
Manually configure Analytics to run under the Windows user account using the instructions in Configure Analytics to Run Under a Windows User Account.
Scenario 3: Password Changes, User Account Deleted etc.
You can change the user account manually using the instructions in Configure Analytics to Run Under a Windows User Account if any of the following scenarios occur:
The administrator installed Analytics on a Hub and forgot to configure the forward proxy settings during installation.
The Windows User account containing the forward proxy server information is deleted and a new user account needs to be set up.
The password of the existing user account is changed.
If your Analytics Hub server has to go through a forward proxy server to access the Internet or other external resources, or your Agent has to go through a forward proxy to access the Hub server, then you can configure a Windows administrator account with the required forward proxy settings.
You can set up the Windows user account before you install or upgrade Analytics.
To configure forward proxy settings for a Windows user account:
Log into the Analytics Hub server using an existing Window's User Account.
From the Windows Start menu, choose Control Panel | Internet Options.
In the Internet Properties dialog, select the Connections dialog, and then click LAN Settings.
Select Use a proxy server for your LAN.
Copy the URL of your Proxy server into the Address box.
In the Port field, type the port number you use for your forward proxy server.
If you want computers on the same network to communicate without going through the Proxy server, select Bypass proxy server for local addresses.
Click OK to close the Local Area Network Settings dialog and save the settings.
Click OK to close the Internet Properties dialog.
From the Windows Start menu, choose Control Panel | Credential Manager.
Select Windows Credentials.
Click Add a generic credential, and enter the credentials to use for your forward proxy server.
You can test the connection to your forward proxy server by opening a browser and navigating to a website that is only accessible through the proxy server. If the connection is set up correctly, you'll be able to access the website; if not, you'll be prompted to provide credentials before the website opens.
If you have an Analytics Agent server that needs to access the Hub server or a Hub server that needs to access external resources via a forward proxy server, then you need to set up the Geocortex Core service on the Agent server with a Windows user account that has been configured with the forward proxy server settings. To do this, you need to stop the Geocortex Core service on the Agent server, modify the account used to run the service, and then restart the Geocortex Core service.
To configure Analytics to run under a Windows user account:
In Windows, open Control Panel | Administrative Tools and double-click Services.
In the list of services, find Geocortex Core, right-click the service, and then select Stop.
Right-click the Geocortex Core Service and select Properties.
In the Geocortex Core Properties dialog, select the Log On tab.
Select the This Account radio button and enter the name, password, and confirm the password of the Windows user account that you configured with forward proxy settings.
Click Apply, and then OK.
In the Services window, right-click the Geocortex Core service and select Start.
If the password of the proxy account changes, follow the same procedure to change the Windows user account password settings.
A Demilitarized Zone (DMZ) is a part of a network that is not behind the firewall so that it can be accessed by the public.
Analytics supports the collection of information from within or through a demilitarized zone. There are different deployment scenarios that work to gather information about a DMZ server from behind a firewall.
Currently Analytics does not support remote collection of Windows Events, Performance or System Info within a DMZ or across a DMZ environment. If you want or need to collect this information, you can gather the Windows data by installing an Analytics Agent on the target server.
DMZ Settings for Core Firewall Rules
Essentials with an Analytics Agent is installed on the DMZ server with the Analytics Hub behind the firewall.
To deploy this scenario, you must ensure that the following ports are open on the DMZ server:
80, 443, 19201, 19300, 3702.
Install Analytics on the Hub server behind the firewall, outside the DMZ.
From the Start menu, open Windows Firewall | Advanced Settings | Inbound Rules.
For more information, see DMZ Settings for Core Firewall Rules.
Enable the Geocortex Core Discovery, Geocortex Core Document Store, and Geocortex Core Web Service Proxy rules to use Public Profiles.
On the DMZ server, install Analytics as an agent.
On the Join a Cluster page of the installation wizard, select Advanced and in the Host field, type in the IP address of the DMZ machine. Leave the Port as 19201 and type in the Shared Secret of the cluster that the Essentials machine in the DMZ is on.
Depending on your network configuration, you may need to manually add the IP addresses of Agent servers to the Hub’s whitelist. You configure the Hub's whitelist in the Document Store’s
To manually add the IP Address of an Agent to the Hub's whitelist:
On the Hub server, in Windows Explorer, navigate to the root folder of the Document Store.
The default installed location of the Hub Document Store is:
C:\Program Files\Latitude Geographics\GeocortexCore\NSRoot\Geocortex\Core\Roles\DocumentStore\[version number]
Select the most recent Analytics version number and open that folder.
In a text editor, open the
Scroll down to the
StartupSetting element for the
<StartupSetting Key="WhiteList" Value="" />
Within the Value="" quotes, add the IP addresses of any Agent servers in the DMZ, separated by semicolons, for example:
<StartupSetting Key="WhiteList" Value="10.0.0.1;10.0.0.2" />
role.configin the text editor.
The ArcGIS Server and the Log folder are installed on a server in the DMZ. The Analytics HUB is installed on a server behind the firewall and set up to probe the ArcGIS Server remotely.
Before you deploy Scenarios 2, ensure that the following ports are open on the DMZ server:
In addition, to enable the log folders and make it possible for Analytics to access them remotely, ensure that the following ports are open for file sharing on the ArcGIS Server in the DMZ: 137, 138, 139, 445.
Within the DMZ, install and configure an ArcGIS Server that is supported by Analytics.
On a server behind the firewall, install an Analytics Hub.
On the Analytics Hub server, in Configuration, add an ArcGIS Server and enter the information required to collect information from the ArcGIS Server remotely.
For more information,