Caution
This repository is a WORK-IN-PROGRESS and is not yet fully complete.
Azure Landing Zone Accelerators are architectural guidance, reference architecture, reference implementations, and automation packaged to deploy workload platforms on Azure at scale and aligned with industry proven practices. This accelerator represents the strategic design path and automated deployment options to deploy Esri’s ArcGIS Enterprise with ArcGIS Pro GPU enabled virtual desktops.
This solution provides an architectural approach and reference implementation to prepare Azure subscriptions for a scalable ArcGIS implementation on Azure, utilizing a combination of Azure cloud native services and traditional infrastructure virtual machines. Once the deployment is completed, users of this accelerator will have a base deployment which enables a rapid deployment of an Enterprise GIS.
For overall architectural guidance on deploying ArcGIS in Azure, check out the Azure Architecture Center documentation -> Deploy Esri ArcGIS Pro in Azure Virtual Desktop. Also, see Esri's ArcGIS Architecture Center.
Below is a diagram of the components of this solution.
The ArcGIS on Azure Landing Zone Accelerator is modular and designed to be usable for organizations that have no Azure infrastructure, as well as those who already have assets in Azure. The path is comprised of four steps, each may be done sequentially, or not at all depending upon the requierments of your project. However, let's first discuss landing zones.
A landing zone is networking & infrastructure configured to provide a secure environment for hosting workloads.
An Azure landing zone consists of platform landing zones and application landing zones.
Platform landing zone: A platform landing zone is a subscription that provides shared services (identity, connectivity, management) to applications in application landing zones. Consolidating these shared services often improves operational efficiency. One or more central teams manage the platform landing zones.
Application landing zone: An application landing zone is a subscription for hosting an application. You pre-provision application landing zones through code and use management groups to assign policy controls to them. In the conceptual architecture above, the ArcGIS Enterprise Single Machine or Multiple-Machine deployments represent two different application landing zones.
Reference: ArcGIS Enterprise Single Machine or Multiple-Machine
Mission Landing Zone is a highly opinionated Infrastructure-as-Code (IaC) template which IT oversight organizations can use to create a cloud management system to deploy Azure environments for their workloads and teams. Mission Landing Zone provides a Secure Cloud Computing Architecture (SCCA) compliant hub and spoke network infrastructure.
If you already have an Azure Landing Zone, you can skip this step. For more on what an Azure Landing Zone is, see here -> Azure Landing Zone.
Warning
Failure to complete the prerequisites will result in an unsuccessful deployment.
This template represents the strategic design path and target technical state for Azure Virtual Desktop deployment. Many of the common features used with AVD have been automated in this solution for your convenience.
Be sure to complete the necessary prerequisites and to review the parameter descriptions to the understand the consequences of your selections. Also, please review Esri's guidance on VDI and ArcGIS Pro.
This Azure Virtual Desktop Accelerator only deploys the specific Azure Virtual Desktop resources, shown in the architectural diagram above. It is assumed that an appropriate landing zone foundation is already setup. This means that policies and governance should already be in place.
Warning
Failure to complete the prerequisites will result in an unsuccessful deployment.
There are two primary components to this component in this geospatial accelerator: ArcGIS Pro & ArcGIS Enterprise.
-
ArcGIS Pro is a 64-bit professional desktop GIS application. GIS analysts can use it to perform spatial analysis and edit spatial data. GIS administrators can use it to create and publish geospatial services. This app will be deployed on the Windows client virtual machines used as the Azure Virtual Desktop (AVD) hosts. Geospatial analysis in Azure is typically done on GPU optimized virtual desktops.
-
ArcGIS Enterprise is a software system for GIS that powers mapping and visualization, analytics, and data management. It is the backbone for running the Esri suite of applications. ArcGIS Enterprise includes ArcGIS Server, which is the core web services component for making maps and performing analysis, and Portal for ArcGIS. ArcGIS Enterprise will be deployed and configured within your landing zone.
Note
Presently this accelerator performs a base deployment of ArcGIS Enterprise. It does not deploy additonal ArcGIS Enterprise server roles. Once the accelerator is deployed, additional server roles can be deployed on virtual machines in the landing zone.
This automation template will setup Esri's ArcGIS Enterprise in either a Single Machine or Multiple-Machine deployment as shown in the diagrams. Presently, this base deployment is nearly identical to the ArcGIS Enterprise Cloud Builder.
However, optimizations have been made in this highly opinionated architecture. For example, as part of the deployment, Azure NetApp Files has been deployed which allows for ArcGIS Pro and Enterprise to share a Network Attached Storage device. ArcGIS Pro users can place GIS datasets on the share.
Also, ArcGIS Enterprise has its server directories located there for fast access to these important components of ArcGIS Enterprise. Also, the Web Adaptor is not deployed. Instead, the Azure Application Gateway is used as the load balancing solution.
Once everything is deployed, users will need to consider how to migrate their data, applications, and configuration to this new environment. This includes ArcGIS Enterprise services, Enterprise geodatabase, Portal for ArcGIS configuration, etc.
See Esri's documentation here and here for advice on migrations.
See this video for a full discussion on migration options.
The below automation templates can be deployed in your Azure subscriptions by clicking the blue buttons.
Mission Landing Zone is a highly opinionated Infrastructure-as-Code (IaC) template which IT organizations can use to create a cloud management system in Azure for their workloads and teams. Mission Landing Zone provides a Secure Cloud Computing Architecture (SCCA) compliant hub and spoke infrastructure.
You must have Owner RBAC permissions on the subscription(s) you deploy Mission Landing Zone into. See prerequisites for additional guidance.
-
Deploy Mission Landing Zone into
AzureCloud
orAzureUsGovernment
from the Azure Portal:Azure Commercial Azure Government
This Azure Zero Trust Imaging solution creates images using a zero trust process and resources. While other options exist in Azure, its either a manual process or it doesn't adhere to zero trust.
-
Deploy Zero Trust Imaging into
AzureCloud
orAzureUsGovernment
from the Azure Portal:Azure Commercial Azure Government
The Azure Virtual Desktop (AVD) solution provides an architectural approach and reference implementation to prepare landing zone subscriptions for a scalable Azure Virtual Desktop deployment. Be sure to complete the necessary prerequisites
-
Deploy The Azure Virtual Desktop (AVD) solution into
AzureCloud
orAzureUsGovernment
from the Azure Portal:Azure Commercial Azure Government
In this ArcGIS on Azure accelerator, you have access to step by step guides covering various customer scenarios that can help accelerate the deployment of ArcGIS on Azure which conforms with best practices. This is a good starting point if you are new to Azure or Infrastructure-As-Code (IaC) . Each scenario represents common use cases, with the goal of accelerating the deployment process.
This option will deploy ArcGIS Enterprise on one virtual server, which is suitable for Prof-of-Concept implementations or demo environments.
This option will deploy ArcGIS Enterprise on one Virutal Server, which is suiteable for Prof-of-Concept implementations.
Deployment Type | Link |
---|---|
Azure portal UI |
This option will deploy ArcGIS Enterprise across multiple virtual machines, which is more suitable for production implementations which require high availability.
If deploying ArcGIS Enterprise please follow the below guidance and pre-req steps:
- Az.Accounts 2.13.1 PowerShell Module
- Az.Automation 1.9.0 PowerShell Module
- Az.Compute 5.7.0 PowerShell Module
- Az.Resources 6.6.0 PowerShell Module
- Az.KeyVault 4.12.0 PowerShell Module
- Az.Storage 5.1.0 PowerShell Module
- Az.MarketplaceOrdering 2.0.0 PowerShell Module
- PFX Certificate for ESRI Enterprise that is password protected
Deployment Type | Link |
---|---|
Azure portal UI |
If you would like step by step guidance on how to deploy ESRI’s ArcGIS Enterprise on Azure and access it with ArcGIS Pro GPU enabled Azure virtual desktops, check out the Azure Architecture Center documentation: Deploy Esri ArcGIS Pro in Azure Virtual Desktop.