Deploy Base ArcGIS Enterprise on Windows in Azure - Esri/arcgis-gitops GitHub Wiki

This walkthrough will guide you through the process of initial deployment of a highly available base ArcGIS Enterprise on Windows Server 2025 operating system in Microsoft Azure using GitHub Actions.

The walkthrough uses azure/arcgis-enterprise-base-windows template.

Duration: about 5 hours

Before you begin this walkthrough:

• A private GitHub repository "gitops-demo" for the site must be created and properly configured.
• The core resources for the ArcGIS Enterprise site must be provisioned in the Azure account.

Refer to the Getting Started in Azure walkthrough for detailed instructions.

You will need the following resources and accounts:

• GitHub.com user account
• Service principal in Microsoft Azure account with Owner role
• Software authorization files for ArcGIS Server and Portal for ArcGIS 12.0
• SSL/TLS certificate in PKCS12 (.pfx) format for the ArcGIS Enterprise site domain name

This step creates a codespace in the "gitops-demo" repository, installs Azure CLI, and logs into the Azure account.

Open the GitHub.com URL in a web browser, log in to your GitHub.com account, and select "gitops-demo" private repository from the "Your repositories" list.

In the "gitops-demo" repository, click the green <> Code button, switch to the "Codespaces" tab, and click the Create codespace on main button. The codespace will be created and opened in a new browser tab.

Instead of creating a codespace, you can also reuse the codespace created in Getting Started in Azure walkthrough if it is still available. In this case, you can skip this step and go to Step 1.4.

In the codespace, click on the "Terminal" tab in the bottom panel, and run the following commands:

curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

Run the following commands, replacing <client id>, <client secret>, and <tenant id> by the service principal's credentials:

az login --service-principal --username <client id> --password <client secret> --tenant <tenant id>

This step enables all the arcgis-enterprise-base-windows template workflows by copying them to .github/workflows directory.

Switch back to the codespace browser tab and run the following commands:

cd /workspaces/gitops-demo

cp -r azure/arcgis-enterprise-base-windows/workflows/* .github/workflows/

git add --all

git commit -m "Enable arcgis-enterprise-base-windows workflows"

git push origin main

This step sets the GitHub Actions secrets, updates the configuration files used by the template workflows, uploads the required software authorization files, pushes the changes to the main branch of the repository, and verifies the site configuration.

Open the new repository settings by clicking on the Settings tab in the repository, then click on "Secrets and Variables" menu item from "Security" section of the left sidebar, and select "Actions" from the dropdown menu.

• Click on "New repository secret" button, enter ENTERPRISE_ADMIN_USERNAME into the "Name" field, enter the ArcGIS Enterprise administrator user name into the "Value" field, and click "Add secret" button.

  The user name must be between 6 and 128 characters long and can consist only of uppercase and lowercase ASCII letters, numbers, and dots (.).

• Add ENTERPRISE_ADMIN_PASSWORD secret with the ArcGIS Enterprise administrator user password.

  The password must be between 8 and 128 characters long and can consist only of uppercase and lowercase ASCII letters, numbers, and dots (.).

• Add ENTERPRISE_ADMIN_EMAIL secret with the ArcGIS Enterprise administrator e-mail address.
• Add RUN_AS_PASSWORD secret with password of 'arcgis' windows user account.

  The password must be at least 8 characters long, include at least three of the four character types: uppercase letters, lowercase letters, numbers, and special characters. Additionally, passwords should not contain the account name ('arcgis').

• Add VM_ADMIN_USERNAME secret with the Windows VM administrator user name.
• Add VM_ADMIN_PASSWORD secret with the Windows VM administrator user password.

  The password must be between 12 and 123 characters long and must have lowercase characters, uppercase characters, a digit, and a special character.

Update config/azure/arcgis-enterprise-base-windows/image.vars.json config file to specify the ArcGIS Enterprise version and patches to be installed.

In EXPLORER sidebar of the codespace window, click on "config" folder, then on "azure" subfolder, and then on "arcgis-enterprise-base-windows" subfolder. Double-click on "image.vars.json" file to open it in the editor.

• Change "arcgis_version" value to "12.0".

Upload the SSL certificate file to the "/workspaces/gitops-demo/config/certificates" directory in the workspace if it's not there already.

In the EXPLORER sidebar of the codespace window, click on the "config" folder, then right-click on the "certificates" folder, and select "Upload..." from the context menu. In the file selector dialog window navigate to the SSL certificate files location, select the certificate and click the "Open" button to upload the file.

Upload the ArcGIS Server and Portal for ArcGIS 12.0 authorization files to the "config/authorization/12.0/" directory in the codespace.

In the EXPLORER sidebar of the codespace window, click on "config" folder, then right-click on "authorization" folder, select "New Folder..." from the context menu, and enter "12.0" as the folder name. Right-click on the new "12.0" folder, and select "Upload..." from the context menu. In the file selector dialog window navigate to the authorization files location, select the files, and click "Open" button to upload the files to the workspace.

Open "config/azure/arcgis-enterprise-base-windows/application.tfvars.json" file in the editor and update the following properties:

• Change "arcgis_version" value to "12.0".
• Replace the "keystore_file_path" property with the uploaded certificate file path "~/config/certificates/<keystore file name>.pfx" and "keystore_file_password" property to password of the keystore file.
• Replace "portal_authorization_file_path" property with the uploaded authorization file paths "~/config/authorization/12.0/<portal authorization file name>".
• Replace "server_authorization_file_path" property with the uploaded authorization file paths "~/config/authorization/12.0/<server authorization file name>".
• Replace "admin_full_name", "admin_description", "security_question_index", and "security_question_answer" with the initial ArcGIS Enterprise administrator account properties.

The workflows link '~/config/' paths to the repository's 'config/' directory.

Replace the "deployments" property value in "config/azure/site-index.json" file with ["arcgis-enterprise-base-windows"].

git add --all

git commit -m "Update arcgis-enterprise-base-windows config"

git push origin main

Run "verify-site-config-azure" workflow to verify the site configuration.

Click on "Actions" tab in the repository, select "verify-site-config-azure" workflow on the left sidebar, click "Run workflow" on the right, and click "Run workflow" button.

This step runs the workflows build base ArcGIS Enterprise Images, provision Azure resources for the deployment, configure base ArcGIS Enterprise, test and backup the deployment.

Run "enterprise-base-windows-azure-image" workflow that creates Azure VM image for the base ArcGIS Enterprise deployment.

Wait for the workflow run to complete.

Run "enterprise-base-windows-azure-infrastructure" workflow that creates Azure resources for the base ArcGIS Enterprise deployment.

Wait for the workflow run to complete.

Run "enterprise-base-windows-azure-application" workflow to configure the base ArcGIS Enterprise deployment.

After the workflow run is complete, the base ArcGIS Enterprise deployment will be accessible at https://<deployment FQDN>/portal.

Run "enterprise-base-windows-azure-test" workflow.

Run "enterprise-base-windows-azure-backup" workflow.

Sign in to the Azure Console, got to the "Dashboard hub" resource and "arcgis-enterprise-base-windows" dashboard.

The walkthrough demonstrates only the basic capabilities of ArcGIS Automation using GitHub Actions. Check instructions of the templates and workflows for more features and configuration options.

Follow Destroy Base ArcGIS Enterprise on Windows in Azure walkthrough to destroy the deployment and clean up the resources created during this walkthrough.