Guidelines for configuring ArcGIS Server components
An ArcGIS Server system can be composed of many parts, such as the server object manager (SOM) and server object container (SOC); the Web Application Developer Frameworks (ADFs); a Web server; and an administration interface, such as Manager. For the system to work, each component must be able to communicate with the other components in the correct way. You'll also want to wisely distribute the components so as to make the most efficient use of your hardware. This topic provides information on how the ArcGIS Server system components interact with each other and the relative amount of resources they consume. You'll also find options for high-availability configurations so that a hardware failure does not disable your applications.
License:When reviewing this information, be aware that ArcGIS Server Workgroup licensing allows the deployment of ArcGIS Server components on just one machine. To deploy ArcGIS Server components on multiple machines, you must have the Enterprise level license.
Suggestions for SOM machines
The SOM is a component of ArcGIS Server that manages the services distributed across one or more SOC machines. The SOM runs as a background process (in Windows, it's the ArcSOM.exe service. On Linux/Solaris, it's arcsom.exe) and handles the load distribution of incoming requests. It also keeps track of which services are running on which SOCs. Using this information, the SOM delivers a request to the appropriate service.
Choosing a machine for the SOM
The ArcSOM.exe process uses relatively little memory and does not need to run on a dedicated machine; it can coexist with the Web server or reside on a SOC machine. For information on installing the SOM, consult the ArcGIS Server Install Guide by opening install.htm on your installation CDs or by navigating to the <ArcGIS install directory>/Documentation/install_guides folder on your computer.
Using a failover or round-robin configuration
In deployments with multiple Web servers and SOC machines, the SOM can be a single point of failure, meaning that if there is only one SOM, it could stop the whole system by going offline. For this reason, you may want to set up multiple SOMs for use in a failover or round-robin configuration. In a failover configuration, all requests for services are sent to one SOM. If that SOM fails, a designated backup SOM continues fielding the requests. In a round-robin configuration, by contrast, requests are distributed evenly among all available SOMs in the configuration. If a SOM in a round-robin configuration goes offline, the remaining servers continue fielding requests.
ArcGIS Server allows failover or round-robin configurations when you add services to a Web application, either at design time or programmatically.
The SOM account
When you run the GIS Server Post Install, you are prompted to enter a name and password for the SOM account. This account runs the Server Object Manager service. You will rarely work with this account after you install ArcGIS Server.
Adding users to the agsadmin and agsusers groups
The agsadmin and agsusers user groups specify the privileges that a user will have when making a local connection to the GIS server. These groups are automatically created on the SOM machine when you install ArcGIS Server, but it is your responsibility to populate them. You should add yourself to the agsadmin group, as well as anyone else who will need to administer the server. Then you can add anyone else who will use the GIS server into the agsusers group.
Suggestions for SOC machines
SOC machines host services and the processes that do things with those services. In this way, the SOC is the work center of the GIS server. SOC processes are started and stopped by the SOM.
SOC machines and ArcGIS Server licensing
All SOC machines associated with a SOM must have the same edition (Basic, Standard, or Advanced) of ArcGIS Server installed. For example, if a SOM has three SOC machines associated with it, all three of those SOCs must have the same edition of ArcGIS Server.
Adding and removing SOC machines
Adding or enhancing SOC machines is the most direct way to boost the performance of your ArcGIS Server system. You can add SOC machines or additional CPUs to SOC machines already on the system. It's important to note that the SOM assumes that all SOC machines have the same configuration (speed of CPUs and amount of RAM) when it balances the load across the system. The SOM also assumes the same licensing exists across all SOCs, meaning if your system makes use of functionality provided by one of the ArcGIS Server extensions, then it's assumed that all SOC machines are licensed for that functionality.
Occasionally, you may need to remove a SOC machine. When you remove an SOC machine from your system, the GIS server will more heavily utilize the resources of the remaining SOC machines in your system, which may affect performance of the GIS server as a whole. The services that had been running on the machine you remove will be reallocated to other machines.
Granting permissions to the SOC account
On Windows, when you run the GIS Server Post Install, you are prompted to enter a name and password for the SOC account. When the server object manager starts a container process, the container process runs as this account. Since you do not know the SOC machine on which any given process will be started, it's important that you specify the same name and password for the SOC account for each machine on which you run the GIS Server Post Install.
On Linux/Solaris, the installation owner, SOM account, and SOC account are the same user account. If you install different components on different machines (distributed setup), it is strongly recommended that you use the same user name/UID/password on all the machines. If, however, it is not possible, all installation users on all the SOM and SOC machines must be added to the ArcGIS Server Users list on every SOM machine.
On Windows, the GIS Server Post Install gives you the choice of specifying an existing account or letting the software create the account for you. If you choose to let the postinstallation create the SOC account for you, it is only granted privileges to launch container processes and write to the system temp directory. This means that you have to manually grant permissions for the SOC account to access any data and directories used by your services. Failure to grant adequate permissions to the SOC account is a common cause of services not displaying as expected.
On Linux/Solaris, the setup gives you a choice of specifying an existing account, or letting the installation create the account for you. For a complete installation, where the SOM and SOC are on one machine, the installation already granted permission to this account to access <ArcGIS server Installation directory>/logs/server/SOM_logs folder and arcgisoutput, arcgiscache, and arcgisjobs directories under <ArcGIS Server Installation Directory>/server/serverdir folder. For distributed setup, if you install ArcGIS Server as the same user name/UID/password, this installation account should be able to access those directories as well. Otherwise, it is important to grant such users on the SOC machine permission to read the SOM log folder and permission to write to the arcgisoutput, arcgiscache, and arcgisjobs directories on each of the SOM machines.
The SOC account must have at least read access to any GIS resources (maps, locators, data) that your services require to do their work. This includes all the data referenced in the resource. For example, to publish a map document as a service, the map document and all the data for its layers must be in locations to which the SOC account has permissions. To ensure that all SOC machines reference the data in the same way, you can either use ArcSDE connections, use UNC paths, or store a local copy of the data at an identical path on each SOC machine. The latter option may be impractical for large or frequently changing datasets.
If a service makes use of a server output directory, ensure that the container account has read/write permissions to the directory. If your application will query the server log files using the ArcObjects Server API, make sure the container account has permissions to the log directory.
Entering the SOC name
When adding a SOC machine to your server, be sure to type the exact name of the machine; do not use localhost.
Suggestions for Web servers
The Web server hosts the Web services and applications that you create with the ADF. It receives requests from clients and relays appropriate tasks to the GIS server. Because there are different flavors of Web servers, you should consult your own Web server's documentation for specific details on its setup and troubleshooting.
For optimum performance, it's recommended that you deploy the Web applications and the REST and Web Services Handlers to a production quality Web server. The Web servers used internally by ArcGIS Server are not intended to be used in a production environment. Please refer to the System Requirements for a full list of supported servers. Among the popular ones are IBM WebSphere, BEA Weblogic, and so on.
It's also recommended that you configure an appropriate heap size for your Web server's JVM using the -Xms and -Xmx JVM flags. This will greatly enhance the scalability of your Web applications. For example, starting with an initial heap size of 256 MB and going up to a maximum of 1 GB by using the JVM options -Xms256m–-Xmx1024m is usually sufficient. Please check your Web server's documentation for details on how to configure the heap size.
Each Web server in your configuration must have the ADF Runtime installed and must have access to the Web application or Web service that you want to run. The SOM and SOC components of the GIS server can also reside on the same machine as the Web server. This is especially useful in small developer configurations or where hardware is limited.
Your ArcGIS Server system can include more than one Web server. Reasons for using multiple Web servers include increased computing power for handling traffic to your site and the ability to keep your site online in case one of the Web servers goes down. Network load balancing techniques can help you distribute requests evenly between the Web servers. Some sites that require constant availability maintain Web servers in more than one geographic location so that a natural disaster or power failure does not take all their Web servers offline.
Accounts and permissions
The diagram below displays —for the Windows platform—which postinstallations, accounts, and permissions are required for each machine in your ArcGIS Server configuration. Each machine in the diagram contains some green text denoting which postinstallation you must run on that machine. Items in blue are accomplished by the postinstallation. Items in red are things that you must do. Note especially that you must manually add the ArcGIS Web services account on each dedicated SOC machine.
 |
If you're installing ArcGIS Server across multiple machines, the SOM, SOC, and ArcGIS Web Services accounts must use the same names and passwords on each machine. For example, if you run the postinstallation on a machine and you accept the default name of ArcGISSOC for the SOC account, you must use the name ArcGISSOC for the SOC account on any other machine on which you run the postinstallation. The passwords must similarly match.
The diagram below displays the user list for the Linux/Solaris platform. This is the list for a machine installing the SOM component. For an SOC machine, only the superuser and installation owner are needed at the OS level.
 |
Further reading
ESRI maintains a System Design Strategies white paper that contains recommendations for system configuration and sizing. This document contains sections relevant to ArcGIS Server as well as other ESRI products.