Create a Cloud-Based Enterprise Geodatabase

Using the Amazon service mentioned above, Esri makes it possible to set up cloud-based installations of ArcGIS Enterprise, software required for implementing an enterprise geodatabase. While our focus in this course will be on the enterprise geodatabase that we'll implement on the instance with ArcGIS Enterprise, a side benefit is that you'll also be able to experiment with ArcGIS Enterprise functionality if you like.

A. Prepare to work in the Amazon cloud environment

Go to Amazon Web Services and click on "Create account."

If prompted to create a Business or Personal account, choose Personal. Please make careful note of the password you select when setting up your account, you will be needing it. It is characteristic of Amazon Web Services that things work the way they are supposed to, but you don't get a lot of hand-holding. So, if you lose your password, I'm not sure it would be easy to recover it, and you will need to fill out a form with personal information.

Second, you will need to provide payment information, including a credit card number. If you are careful and follow the course instructions about explicitly stopping your instance (virtual machine) when you are not using it, you should be able to complete the coursework while incurring charges of $20-$40. The current step of signing up is free, but you should be aware that you will start being charged immediately upon starting to use AWS services. As part of this step, you'll be asked to select a support plan. You'll need to select the Paid plan, not Free, for what we're doing in this class.

Third, there is an identity confirmation step during which you will receive text message and enter a code.

You can monitor your billing status by clicking your user name at the top-right of the AWS screen and choosing "Billing and Cost Management." 

If any of these directions are confusing or inaccurate, please post a question or comment to the Lesson 6 discussion forum.

B. Learn about VPCs and key pairs

In a few moments, we'll see that two of the settings involved in launching a new instance in EC2 are the VPC and key pair.  A VPC (Virtual Private Cloud) is sort of your own special space carved out of Amazon's cloud. Instances in a VPC can see each other and your own network fairly easily, but they're not immediately accessible from elsewhere without some extra work on your part. That's a good thing for security.

A key pair is another security measure that will come into play when you log in to your instance for the first time. You will be logging in to your instance as a user named Administrator. The password for the Administrator user will be encrypted by AWS. The procedure for getting that password so that you can log in to your instance involves 1) creating a key pair (one key held by Amazon and another key given to you) in the AWS Management Console, and 2) using the key pair after the instance has been created to decrypt the password.

Amazon gives new users a default VPC, so there should be no need for you to create one.  You will need to create a key pair though.  You could do that before you initiate the launching of your instance, but it's also possible to do so as part of the instance configuration process.  That is what we'll do in the next section. 

C. Create your own cloud-based instance of ArcGIS Enterprise

Esri makes it possible to deploy ArcGIS Enterprise in AWS through Amazon's CloudFormation service and Esri's own Cloud Builder application.  The CloudFormation service launches instances based on templates written in JavaScript Object Notation (JSON).  Esri makes many templates available for deploying various AWS-based architectures.  For example, this page from their help system walks through the use of their "Enterprise on one machine" template.

Launching an instance via this route can be a bit tricky and with the focus of this class being on enterprise geodatabase topics, we've tried to simplify the instance setup process by creating an Amazon Machine Image (AMI) for the class.  The basic idea behind what we're about to do is that Amazon has made it possible for third parties to create machine images (configurations of operating system, software, data, etc.) that can serve as blueprints for the making of child instances.  The AMI for this class is based on Windows and has ArcGIS Enterprise and ArcGIS Pro installed.  Earlier you were asked to send your Amazon account ID to the instructor so that the AMI could be shared with you.

  1. Go to the EC2 Console > Instances > Launch Instance.
  2. On the subsequent Launch an instance page, give a Name to your instance, like geog868.
  3. In the Application and OS Images section, click the Browse more AMIs button.  
  4. Click My AMIs, then under the Owner heading, select Shared with me.  You should see a geog868_arcgisenterprise AMI listed.

    Note: If you do not see the AMI, there's a good chance that your AWS Console is showing your resources from a different region.  An AWS region is an area in which Amazon has located a cluster of physical data centers.  The US-based AWS regions are Northern Virginia, Ohio, Oregon, and Northern California.  The class AMI is available only in the N. Virginia region, so you'll need to be viewing resources for that region to see it.  Your region is controlled by clicking the dropdown in the upper right of the Console.  In a real-world implementation of a public-facing server, you would want to consider locating your instance in a region close to its end users or implementing a multi-region architecture (read more here), but a single instance in N. Virginia will be fine for our purposes.
     
  5. Click the Select button.
  6. Next, scroll down to Instance Type and select m5.xlarge. This is a lower-cost option for running ArcGIS Enterprise at a reasonable speed for this course. At the time of this writing, it costs about 37 cents per hour to run an m5.xlarge instance of Windows in most regions.

    In a real-world implementation, you would probably want to use a higher performing instance. Amazon provides pricing info on the various instance types available through EC2. Pricing info for current generation instance types such as m5 can be found here.
  7. Under Key Pair, click the Create new key pair link.
  8. Give it a Name (e.g., geog868_keypair) and confirm the file format is set to .pem. Then click Create.
  9. Save the .pem file produced by AWS to a folder on your machine where you'll be able to find it later. (It will likely be automatically saved to your Downloads folder. You may want to move it to a location where you're less likely to delete it mistakenly.)
  10. Under Network Settings, you should see the automatically created default VPC set for the Network option. 

    Note: It's not important that you have much understanding of VPCs and subnets for the purpose of this course.  However, if you are interested in implementing a real-world cloud solution, it would be smart to read into them further. This overview from Amazon might be a good starting point.
     
  11. Confirm that the Auto-assign Public IP option is set to Enabled.  (We'll want a public IP when it comes time to connect to the instance.)
  12. Under Firewall, choose the Create security group option.  With this option, AWS will create a security group called launch-wizard-1 that has a single rule to Allow RDP traffic from Anywhere.  (RDP stands for Remote Desktop Protocol.  Having this rule in place will allow us to connect to the instance using the Windows Remote Desktop Connection app.)  Given that your instance will be password protected and will not be hosting super-critical data, leaving it open to traffic from anywhere should be perfectly fine.  But in a real-world implementation, you might consider making the instance more secure by limiting access to your current IP address or a range of IP addresses.

    Note also the two other rules, not enabled by default, for allowing http and https traffic from the internet.  We're not going to use our instances to host public GIS services, so we'll leave these rules disabled.  They could easily be enabled later, if desired.
     
  13. Leaving the storage options unchanged, click the Launch instance button in the lower right.
  14. On the page that follows, there will hopefully be a green box indicating Success.  You should see a link containing a randomly-generated instance ID.  Click that link to open the EC2 Console up to a summary of your newly created instance. 

    Your instance is now running, but it will take a few minutes before it is ready to use.  This is easier to see if you click the Instances link in the left-hand pane, opening up a table listing all of your instances.  You should see an entry for the instance you just launched. The instance is running (shown under Instance state), but still initializing (shown under Status check).

    It should take anywhere from 5-30 minutes for your instance to be ready for use. You'll know it's ready when you see the Status change from Initializing to 2/2 checks. The Status sometimes fails to refresh itself, so you can click the Refresh button (built into the console, not your browser's) every few minutes if you don't see the 2/2 checks status.

    Note: If the status check reports a failure (i.e., 0 or 1 passed checks), troubleshooting is often as simple as turning the instance off and on again. Do this by right-clicking on the instance, selecting Stop Instance, waiting until its state changes to Stopped, then right-clicking and selecting Start Instance.

    Your instance should appear with the name you assigned as part of the launch configuration.  If you'd ever like to change that, you can hover your mouse over the instance's Name field, and click on the pencil icon that appears. 

    Every instance you create has a public-facing address, or Public DNS that can be used to reference the instance from anywhere on the Internet. The challenge is that this address changes every time you stop and then start your instance. To give your machine a more permanent address, you'll set up an Amazon Elastic IP. This is an unchanging address that Amazon allocates to you for your use. You can then associate it with any instance you choose. Every time you stop and start the instance, you'll associate it with this IP address.  Let's get one of these elastic IPs while we wait for the instance to finish initializing.
  15. In the left-side navigation pane of the Console, under Network & Security, click Elastic IPs.
  16. Click Allocate Elastic IP Address, accept all of the default settings in the resulting panel, and click Allocate.

    You should see a message in a banner along the top of the page indicating that your request was successful along with the address that was allocated to you, such as 107.20.220.152. You might write down your IP address, but you should be able to easily locate it in the AWS Console when you need to.
  17. As you did with the instance, you may want to assign a name to your new Elastic IP address. Hover your mouse over the Name field and click the pencil icon to assign a name like geog868_elasticip.
  18. You'll now want to associate the new Elastic IP address with your instance. Performing this step can be initiated by clicking the Associate this Elastic IP address button on the message banner, or by selecting Actions > Associate Elastic IP address.
  19. Either way, you'll be shown a page with a box for specifying the instance ID. Click in this Instance box, and you should see a list of the instances you've launched. Choose the correct instance and then click the Associate button. You'll now be able to access your instance through a consistent IP address, even after stopping/re-starting it.

There were a lot of steps involved in launching this instance and some of it may have seemed confusing, but the good news is you should not need to go through these steps again. Stopping and re-starting your instance now that it's been created is a much simpler process.

D. Starting and Stopping your Instance via the AWS Management Console

Whether starting or stopping your instance, you'll want to be viewing the Instances page in the AWS Management Console.

When you've finished your coursework for the day, you can Stop your instance as follows:

  • Right-click on the instance, and select Stop instance.

When you want to Start your instance:

  • Right-click on the instance, and select Start instance.

Note: The biggest benefit to having a consistent IP address associated with an ArcGIS Enterprise/Server instance comes when you're using it to develop map/feature/geoprocessing services to be consumed by an app or a third party. A constantly changing IP address would render such services practically unusable. We won't be authoring such services in this course, though you can check out our Cloud & Server GIS course if you're interested in learning how to do that. In this course, the benefit to the Elastic IP will be avoiding the need to locate the instance's new Public DNS address each time you want to re-start it and connect to it through remote desktop. If you'd rather not bother with associating an Elastic IP with your instance, then you're welcome to skip that step and instead look up the instance's new Public DNS and connect through that address.

If you just completed section B above, then your Enterprise Geodatabase instance is currently running, and we're going to work with it in the next section. If you are going to continue on, you don't need to stop your instance now. But be sure to stop it when you're ready to quit working.

E. Logging in to your Enterprise Geodatabase Instance

Now that your site has been created, you can get ready to log in to the instance and start working with your software.

Your instance needs to be running, so if you did Stop it at the end of the previous section, open the AWS Management Console and Start it again.

Recall that when launching the instance, you created a new Security Group that had a security rule allowing remote desktop connections.  With that done, there are two bits of information we'll need to make a connection: the instance's IP address and the password of the Administrator account.

  1. Open the Windows Remote Desktop Connection app on your machine. (If you're working on a Mac, which you're welcome to do for Lessons 6-8, the Microsoft Remote Desktop app should operate much the same as what's described here.)
     
  2. In the Remote Desktop Connection dialog, expand the Show Options list > Local Resources tab > More button and ensure that the box for Drives is checked, then click OK. This will permit you to copy data from your machine on to the remote machine (in this case, your Amazon EC2 instance).
     
  3. Under the General tab, type or paste the Elastic IP of your instance into the Computer input box.  Before attempting to connect, let's get the password assigned to the Administrator account by AWS.
  4. In your web browser, return to your list of EC2 Instances in the AWS Management Console, right-click your instance name, select Security > Get Windows Password, then follow the Upload private key file button to browse to the key pair file you downloaded to your local machine when launching the instance. (It's the .pem file.)

    The text box will fill with the key pair information.
  5. Click on Decrypt Password. The Password can be seen at the bottom of the window.

    Click the Copy button next to the password. 

    Hit the OK button to dismiss the password dialog.
     
  6. Back in the Remote Desktop app, in the User name input box, type Administrator, then click the Connect button.
     
  7. In the Windows Security dialog, log in with the following credentials:

    User name: Administrator
    Password: the password you decrypted in the AWS Management Console

    Click OK.
  8. You'll probably receive a warning that "the identity of the remote computer cannot be verified." Go ahead and answer Yes, that you want to connect anyway.

    You should see the desktop of your remote instance open up.

F. Disabling IE ESC

As a security precaution, it's usually not a good idea to go around browsing the web from your production server machine. To do so is to invite malware intrusions onto one of your most sensitive computers. The operating system on your instance, Windows Server, enforces this by blocking Internet Explorer from accessing most sites. This is called IE Enhanced Security Configuration (ESC). IE ESC gets burdensome when you're using the server solely for development or testing purposes, like we are. To smooth out the workflows in this course, you'll disable IE ESC right now and leave it off for the duration of the course.

  1. In your remote instance, go to Start > Server Manager.
  2. Click Local Server.
  3. Scroll over to the right and find IE Enhanced Security Configuration. Click the On link to access the options for turning it off.
  4. Select Off for both Users and Administrators and click OK. (Heads-up – the IE Enhanced Security Configuration will still show “On” until you close the Server Manager. 🤷‍♂️)
  5. Close the Server Manager.

G. Resetting your instance password

Amazon gave you a pretty strong password for this instance, but it's not one you're liable to remember. You should change the administrator password to something you'll remember.

  1. On the remote instance, click Start and search for Sign-in options.
  2. Click on Password, then Change.
  3. Type and confirm a new password that you can remember. In the future, you can use this password when logging in to your instance.

    Close the Settings windows

    Do NOT close your Remote Connection desktop.

H. Licensing ArcGIS Server on the Instance

As with the resetting of the instance password, these licensing steps need only be performed once after launching your instance.

  1. In preparation for completing the software authorization, go into the Lesson 6 module in Canvas and click on the Authorization file for ArcGIS Server link. This file has a .prvc file extension. You can download this authorization file on the instance or on your local machine.
  2. Run the Software Authorization for ArcGIS Server Authorization app on your instance (found under Start > All > ArcGIS).
  3. Select the I have received an authorization file... option, and click Browse. You should see drives from both your instance and your local machine.
  4. Locate where you stored the .prvc file you downloaded from Canvas, select it, then click Next.
  5. Select Authorize with Esri now using the Internet, and click Next.
  6. Accept the filled-in information (for one of the course authors/instructors), and click Next.
  7. The Authorization Number should be filled in. Click Next.
  8. Authorization numbers may/may not also be filled in for several extensions. We won't need extensions for what we're doing in this class, so just click Next regardless.
  9. Leave the boxes for other extensions unchecked, and click Next.
  10. Click Finish.

I. Installing SQL Server Express on the instance

Esri supports the implementation of enterprise geodatabases using a number of relational database management packages (e.g., Oracle, SQL Server, Postgres). To expose you to another RDBMS that's commonly used in the industry, I'm going to ask you to install SQL Server Express. (This is a free, lite version of Microsoft's SQL Server package. For everything we'll do in this class, the two SQL Server packages operate the same.)

  1. In Canvas, download the SQL Server Express 2022 executable and copy it to your instance.
  2. Run the executable, choosing the Basic installation type.

    After a few minutes, you should see that installation completed successfully. We'll also want to install SQL Server Management Studio, an app that's analogous to pgAdmin from earlier in the course.
  3. Click the Install SSMS button at the bottom of the SQL Server Express installation dialog, which should open a page in Microsoft Edge.  Step around Microsoft's attempts to get you to use Edge by clicking Start without my personal data, unchecking the boxes opting you into dumb things, and clicking Confirm.   
  4. Locate and click on the Download SQL Server Management Studio 22 Installer link.
  5. Run the SSMS installation executable, clicking Install on the resulting dialog with no changes to the default settings.

With that, we're ready to begin playing with our enterprise geodatabases. First, you'll read a bit about ArcSDE, a technology that enables the ArcGIS products to work with data stored in an RDBMS.

Credit for all screenshots: © Penn State is licensed under CC BY-NC-SA 4.0