Geocortex Analytics Deployment

A Geocortex Analytics deployment can monitor multiple kinds of resources in many combinations of ArcGIS Servers, ArcGIS Online or Portal for ArcGIS, Geocortex Applications, websites, Web Applications or servers that may, or may not, be part of your GIS infrastructure.

Recommended Deployment

The recommended deployment is to install Analytics on its own dedicated Hub server. You can have only one Hub server.

If you are unable to use the recommended deployment and need to deploy both Analytics and Essentials on the Hub server, it cannot have sustained CPU usage above 20%, when monitored in Windows Task Manager. In addition, the server must have free resources available that exceed the minimum identified for each application. See Geocortex Analytics System Requirements.

If you plan to deploy multiple servers with Analytics and Essentials, you must install Analytics as an Agent on the Essentials machine.

When you install on multiple servers, you specify a shared cluster name and secret on the Hub server during installation, which you use later when you connect Agent installations to the Hub. If you are upgrading from a version of Core 2.x, your cluster name may previously have been set to the machine's computer name.

Recommended Maximum Number of Resources

Analytics is able to monitor up to a maximum number of combined resources within optimal performance. The numbers listed below are based on an Analytics instance running on a server with the recommended specifications. These numbers are flexible, for example, if you monitor less of one resource, you can monitor more of another.

All the monitored resources must be within the same network

Analytics supports monitoring the following combined resources:

System Rules

Factors that Affect Deployment

Several factors determine the type of Analytics you install:

Remote Monitoring and Agent Installation

Geocortex Analytics can monitor resources remotely or by installing Analytics as an Agent (satellite) machine. Both options have benefits and drawbacks.

See also...

Important Prerequisites

Set up an ArcGIS Identity or Portal for ArcGIS Login

You need an ArcGIS Identity to sign in to Analytics. You can use any of the following ArcGIS options as an identity provider:  

Customers with valid ArcGIS software licenses will likely have entitlements to acquire ArcGIS identities. ArcGIS for Desktop customers may be entitled to either an ArcGIS Online or Portal for ArcGIS identity. ArcGIS for Server customers may be entitled to a number of Portal for ArcGIS identities. For more information, contact your local Esri representative.

You can set up an ArcGIS Identity to log in to Analytics during installation or after the installation by running ArcGIS Identity Setup from the desktop. Either option opens the ArcGIS Identity Setup window where you can enter the credentials Analytics needs to use your identity.

If you use Internet Explorer as your browser and you switch identity providers between ArcGIS Online and Portal for ArcGIS, or from one Portal for ArcGIS instance to another, you need to clear the browser cache. If you do not clear the cache, you will receive a Core Security service error and not be able to open Analytics.

Open the ArcGIS Identity Setup Window

To open the ArcGIS Identity Setup window (post installer):

  1. On a machine with Analytics installed, do one of the following:

Use an ArcGIS Online Account to Log in to Analytics

To use an ArcGIS Online account to log in to Analytics:

  1. In the ArcGIS Identity Setup window, select ArcGIS Online account.

  2. In the Subdomain Name box, type in the subdomain of your ArcGIS Online.

  3. If you are signing in using a secured HTTPS URL, for example, https://analyticshub.domain.com/AnalyticsReports, then select Include SSL-Secured Redirects.

    If you are signing in using HTTP, then do not select this option.

    If you selected the Enable SSL option during installation, the Include SSL-Secured Redirects option is already selected and so this option is not available.

  4. If you do not want to use one of the default redirect URLs, select Use Alternate Redirect, and then paste in the redirect URL you want to use.

    If you selected the Enable SSL option during installation, only alternate redirect URLs using HTTPS are accepted. If you use HTTP, you will see an error message. If you have the Enable SSL option enabled, when you continue with the Identity Setup, you must also ensure that the identity provider used by the specified Portal for ArcGIS instance sends all requests via HTTPS.

  5. Click Authenticate.

    The Sign in page opens where you sign in and register Analytics with ArcGIS Online.

  6. Sign in using your Username and Password.

  7. When the confirmation screen indicates you have registered Geocortex Analytics with ArcGIS Online, click Close.

Use a Portal for ArcGIS Account to Log in to Analytics

When you configure the ArcGIS Web Adaptor, which is used with Portal for ArcGIS, you must enable both Windows Authentication and Anonymous Authentication.

If Anonymous Authentication is disabled, Analytics is unable to log in because, for security reasons, 3rd-party applications like Analytics cannot access content on a user's behalf even if they have the user's access token. With Anonymous Access enabled, the Analytics login process is successful.

To use a Portal for ArcGIS account to log in to Analytics:

  1. In the ArcGIS Identity Setup window, select Portal for ArcGIS.

  2. In the URL box, type in the URL to your portal.

  3. In the App ID and App Secret boxes, paste in the App ID and App Secret from the Analytics App you created.

    For information on how to add an application in Portal for ArcGIS, see Add and Register an Application in Portal for ArcGIS in the Administrator Help.

  4. If you do not want to use one of the Default redirect URLs, select Use Alternate Redirect, and then paste in the redirect URL you want to use.

    If you selected the Enable SSL option during installation, only alternate redirect URLs using HTTPS are accepted, otherwise you will see an error message. Because the Enable SSL option is enabled, when you continue with the Identity Setup, you must also ensure that the identity provider used by the specified Portal for ArcGIS instance sends all requests via HTTPS.

  5. Click Authenticate.

    The Sign-in page opens where you sign in and register Analytics with Portal for ArcGIS.

  6. Sign in using your Username and Password.

  7. When the confirmation screen indicates you have registered Geocortex Analytics with Portal for ArcGIS, click Close.

Disable Sign-in

To disable sign-in:

  1. If you want anyone to be able to use Analytics, click the Skip ArcGIS Identity Setup link.

  2. When the confirmation dialog appears, click Yes.

  3. When the final dialog of the utility opens, click Close.

Use a Forward Proxy Server with Analytics

You set up Analytics to use your forward proxy server by configuring a Windows account with the information required, and then the Geocortex Core process is run under that user account.

Ideally, you should set up the Windows user account before you install or upgrade Analytics to 1.3, however, if you forget, or if the password of the user account changes, you can change the settings manually, even if you have already upgraded to Analytics 1.4.

The process for setting up proxies differs depending on whether you are installing or upgrading an Agent or a Hub server.

If you want to set up a proxy during an upgrade, it is easier to select and set up the proxy while upgrading to Analytics 1.3, as the Run Service By Account window does not appear during the 1.4.x Upgrade.

Scenario 1: Hub Server Proxy Setup Process

If you are installing Analytics for the first time, or upgrading to 1.3, on the Hub server, you can set up a proxy using the following steps:

  1. On the Hub server, set up an existing or a new Windows user account that has administrator privileges.

  2. Add the server forward proxy settings to this user account using the instructions in Configure Analytics to Run Under a Windows User Account.

  3. Install or upgrade Analytics to version 1.3. During the installation or upgrade, in the Run Service By Account window, enter the credentials for the Windows user account you set up previously, that contains the forward proxy server settings.

Scenario 2: Agent Server Proxy Setup Process

If you are installing Analytics for the first time, or upgrading to 1.3, on an Agent server, set up a proxy using the following steps:

  1. On the Agent server, set up an existing or a new Windows user account that has administrator privileges.

  2. Add the forward proxy server settings to this Windows user account using the instructions in Configure Proxy Settings for a Windows User Account.

  3. Install or upgrade Analytics following the instructions in Install Analytics on an Agent Server.

  4. Manually configure Analytics to run under the Windows user account using the instructions in Configure Analytics to Run Under a Windows User Account.

Scenario 3: Password Changes, User Account Deleted etc.

You can change the user account manually using the instructions in Configure Analytics to Run Under a Windows User Account if any of the following scenarios occur:

Configure Proxy Settings for a Windows User Account

If your Analytics Hub server has to go through a forward proxy server to access the Internet or other external resources, or your Agent has to go through a forward proxy to access the Hub server, then you can configure a Windows administrator account with the required forward proxy settings.

You can set up the Windows user account before you install or upgrade Analytics.

To configure forward proxy settings for a Windows user account:

  1. Log into the Analytics Hub server using an existing Window's User Account.

  2. From the Windows Start menu, choose Control Panel | Internet Options.

  3. In the Internet Properties dialog, select the Connections dialog, and then click LAN Settings.

  4. Select Use a proxy server for your LAN.

  5. Copy the URL of your Proxy server into the Address box.

    In the Port field, type the port number you use for your forward proxy server.

  6. If you want computers on the same network to communicate without going through the Proxy server, select Bypass proxy server for local addresses.

  7. Click OK to close the Local Area Network Settings dialog and save the settings.

  8. Click OK to close the Internet Properties dialog.

  9. From the Windows Start menu, choose Control Panel | Credential Manager.

  10. Select Windows Credentials.

  11. Click Add a generic credential, and enter the credentials to use for your forward proxy server.

  12. Click OK.

  13. You can test the connection to your forward proxy server by opening a browser and navigating to a website that is only accessible through the proxy server. If the connection is set up correctly, you'll be able to access the website; if not, you'll be prompted to provide credentials before the website opens.

Configure Analytics to Run Under a Windows User Account

If you have an Analytics Agent server that needs to access the Hub server or a Hub server that needs to access external resources via a forward proxy server, then you need to set up the Geocortex Core service on the Agent server with a Windows user account that has been configured with the forward proxy server settings. To do this, you need to stop the Geocortex Core service on the Agent server, modify the account used to run the service, and then restart the Geocortex Core service.

To configure Analytics to run under a Windows user account:

  1. In Windows, open Control Panel | Administrative Tools and double-click Services.

  2. In the list of services, find Geocortex Core, right-click the service, and then select Stop.

  3. Right-click the Geocortex Core Service and select Properties.

  4. In the Geocortex Core Properties dialog, select the Log On tab.

  5. Select the This Account radio button and enter the name, password, and confirm the password of the Windows user account that you configured with forward proxy settings.

  6. Click Apply, and then OK.

  7. In the Services window, right-click the Geocortex Core service and select Start.

    If the password of the proxy account changes, follow the same procedure to change the Windows user account password settings.

Deploy Analytics with a DMZ

A Demilitarized Zone (DMZ) is a part of a network that is not behind the firewall so that it can be accessed by the public.

Analytics supports the collection of information from within or through a demilitarized zone. There are different deployment scenarios that work to gather information about a DMZ server from behind a firewall.

Currently Analytics does not support remote collection of Windows Events, Performance or System Info within a DMZ or across a DMZ environment. If you want or need to collect this information, you can gather the Windows data by installing an Analytics Agent on the target server.

See also...

DMZ Settings for Core Firewall Rules

Deployment Scenario 1

Essentials with an Analytics Agent is installed on the DMZ server with the Analytics Hub behind the firewall.

To deploy this scenario, you must ensure that the following ports are open on the DMZ server:
80, 443, 19201, 19300, 3702.

Installation sequence:

  1. Install Analytics on the Hub server behind the firewall, outside the DMZ.

  2. From the Start menu, open Windows Firewall | Advanced Settings | Inbound Rules.

    For more information, see DMZ Settings for Core Firewall Rules.

  3. Enable the Geocortex Core Discovery, Geocortex Core Document Store, and Geocortex Core Web Service Proxy rules to use Public Profiles.

  4. On the DMZ server, install Analytics as an agent.

  5. On the Join a Cluster page of the installation wizard, select Advanced and in the Host field, type in the IP address of the DMZ machine. Leave the Port as 19201 and type in the Shared Secret of the cluster that the Essentials machine in the DMZ is on.

Add an Agent Server to the Hub Whitelist

Depending on your network configuration, you may need to manually add the IP addresses of Agent servers to the Hub’s whitelist. You configure the Hub's whitelist in the Document Store’s role.config file.

To manually add the IP Address of an Agent to the Hub's whitelist:

  1. On the Hub server, in Windows Explorer, navigate to the root folder of the Document Store.

    The default installed location of the Hub Document Store is:

    C:\Program Files\Latitude Geographics\GeocortexCore\NSRoot\Geocortex\Core\Roles\DocumentStore\[version number]

  2. Select the most recent Analytics version number and open that folder.

  3. In a text editor, open the role.config file.

  4. Scroll down to the StartupSetting element for the WhiteList key.

    <StartupSetting Key="WhiteList" Value="" />

  5. Within the Value="" quotes, add the IP addresses of any Agent servers in the DMZ, separated by semicolons, for example:

    <StartupSetting Key="WhiteList" Value="10.0.0.1;10.0.0.2" />

  6. Save and close the Hub role.config in the text editor.

Deployment Scenario 2

The ArcGIS Server and the Log folder are installed on a server in the DMZ. The Analytics HUB is installed on a server behind the firewall and set up to probe the ArcGIS Server remotely.

Before you deploy Scenarios 2, ensure that the following ports are open on the DMZ server:
80, 443.

In addition, to enable the log folders and make it possible for Analytics to access them remotely, ensure that the following ports are open for file sharing on the ArcGIS Server in the DMZ: 137, 138, 139, 445.

Installation Sequence:

  1. Within the DMZ, install and configure an ArcGIS Server that is supported by Analytics.

  2. On a server behind the firewall, install an Analytics Hub.

  3. On the Analytics Hub server, in Configuration, add an ArcGIS Server and enter the information required to collect information from the ArcGIS Server remotely.

    For more information, see Configure Secured ArcGIS Servers/Services in the Administrator Help.

© 2018 Latitude Geographics Group Ltd. All Rights Reserved.

Documentation Version 1.4