To create an ArcGIS Enterprise backup using the Web GIS Disaster Recovery (WebGISDR) tool, open a copy of the properties file and edit it to include information specific to your site. For more information, see Create an ArcGIS Enterprise backup.
Portal properties
Provide information for the following portal properties in your copy of the WebGISDR tool properties file:
Property | Description |
---|---|
PORTAL_ADMIN_URL = <portal administrative URL> | Specify the URL of the portal. Use the format https://portalhostname.domain.com:7443/arcgis, where portalhostname.domain.com is the fully qualified name of the machine where Portal for ArcGIS is installed. |
PORTAL_ADMIN_USERNAME = <portal administrator username> | Specify the username of a member assigned to the Administrator role. |
PORTAL_ADMIN_PASSWORD = <portal administrator password> | Specify the password of the administrator account. |
PORTAL_ADMIN_PASSWORD_ENCRYPTED = <true|false> | Set this option to false the first time you populate the file with your administrator password. When you save the file, your password is encrypted and the value for this property is set to true to indicate the password has been encrypted. If you need to change the password in the future, set this property to false, provide your new administrator password, and save the file. |
Backup properties
Provide information for the following backup properties, and review the additional properties needed for your backup store provider:
Property | Description |
---|---|
BACKUP_RESTORE_MODE = <backup|full|incremental> | Specify the type of backup you want to create. The default mode is backup. See Backup modes for more information. To schedule both full and incremental backups, you must create separate properties files for each backup mode. |
SHARED_LOCATION = <location for backup files> | Designate a shared location in which to create a temporary copy of the backup files for ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store. The domain account that runs the services for these components and the account running the WebGISDR tool must have write access to this location. Be sure the location is large enough to hold the backup files for each component. Though the files are compressed, they can be quite large, depending on the amount and type of data you have. If you have hosted scene layers and caches and set INCLUDE_SCENE_TILE_CACHES to true, the ArcGIS Data Store backup file can be especially large. Ensure any backslashes in the path are escaped. For example, C:\backups would be entered as C:\\backups and \\fileserver\backups would be entered as \\\\fileserver\\backups. |
INCLUDE_SCENE_TILE_CACHES = <true|false> | If hosted scene layers published to your portal have not yet been migrated to the object store and you want to include the hosting site's tile cache data store in the backup, set this property to true. Be aware that, if set to true, all scene cache data is included in the backup, not just the new cache data created since your last backup. If you know that no new scene caches have been created since your last backup or if you do not publish scene or 3D tile layers to your portal, leave this property set to false. |
INCLUDE_OBJECT_STORE_CACHES = <true|false> | If you publish hosted scene or 3D tile layers to your portal and want to include the hosting store's object store data in the backup, set this property to true. Be aware that, if set to true, all cache data is included in the backup, not just the new cache data created since your last backup. If you know that no new scene or 3D tile layer caches have been created since your last backup, or if you do not publish those types of services to your portal, you can set this property to false. Note:Object store backups only support full backups at 11.4. If you set this property to true and create an incremental backup of your deployment, a full backup of the object store will be created. |
BACKUP_STORE_PROVIDER = <Filesystem|AmazonS3|AzureBlob> | Define whether you want to save the webgissite backup file on the file system or in cloud storage. To store your ArcGIS Enterprise backup in a file share location on-premises, specify FileSystem, and the WebGISDR tool will store your backup files in the file share you specify for BACKUP_LOCATION. To store your ArcGIS Enterprise backups in an Amazon S3 bucket storage location, create one specifically for storing backup files generated by the WebGISDR tool, and update the S3 properties with the information needed to access your bucket. To store your ArcGIS Enterprise backups in Microsoft Azure Blob storage, create an Azure Blob storage container specifically for storing backup files generated by the WebGISDR tool, and update the Azure properties with the information needed to access your container. |
File system storage
If you set Filesystem as the backup store provider, provide information for the following properties:
Property | Description |
---|---|
BACKUP_LOCATION = <location of on-premises backup file> | If you set FileSystem as your backup store provider, designate the location for the webgissite backup file. Ensure any backslashes in the path are escaped. For example, C:\backupswould be entered as C:\\backups and \\fileserver\backups would be entered as \\\\fileserver\\backups. Backup files are initially stored in the shared location but are copied to the backup location. Be sure the location is large enough to hold the backup file. Although the file is compressed, it can be quite large depending on the amount and type of data you have. The account that runs the WebGISDR tool must have write access to the backup location. If you set BACKUP_LOCATION to a folder, the WebGISDR tool imports the latest backup file available in that folder. If you set BACKUP_LOCATION to a specific backup file in the folder, that file is imported by the WebGISDR tool. Note:During an export, if it is taking a long time to package the backup, consider setting the BACKUP_LOCATION to a local path. You can then copy the finished package to its intended location. Ensure there is enough space on the local drive to store the backup temporarily. |
COMPRESSION_METHOD = <copy|fastest|fast|normal|maximum|ultra> | Determine the compression method for the webgissite backup. The default value, if it's not commented out, is copy. In most cases, this can be left commented out. As an administrator, you can choose to compress backups further at the expense of increased time to complete the backup. |
Amazon S3 storage
If you set Amazon S3 as the backup store provider, provide information for the following properties:
Property | Description |
---|---|
S3_ACCESSKEY = <access key for your Amazon Web Services (AWS) account> | If you will access the S3 bucket using an access key, set this property to the access key for your AWS account. The IAM user represented by this access key must have read and write access to the S3 bucket you specify with the S3_BUCKET property. |
S3_SECRETKEY = <secret key for your AWS account> | If you will access the S3 bucket using an access key, set this property to the secret key associated with the access key for your AWS account. |
S3_ENCRYPTED = false | Leave this set to false. If you have S3_CREDENTIALTYPE set to accessKey when you run the WebGISDR tool, the tool will encrypt the access key and secret key and set S3_ENCRYPTED to true. |
S3_BUCKET = <name of the S3 bucket> | This is the name of the Amazon S3 bucket in which you want to store your ArcGIS Enterprise backup file. |
S3_CREDENTIALTYPE = <IAMRole|accessKey> | Set this property to IAMRole if you will access the S3 bucket using an AWS IAM role. Set it to accessKey if you will access the S3 bucket using an AWS IAM user with an access key. The IAM role or user must have read and write access to the S3 bucket you specify with the S3_BUCKET property. |
S3_REGION = <AWS region in which you created the S3 bucket> | Specify the AWS region in which you created the S3 bucket. |
S3_BACKUP_NAME = <backup file name> | This property is only used when you restore an ArcGIS Enterprise organization. Specify the name of the backup file you want to restore. If you do not specify a backup file name, the latest backup file is restored. |
Azure Blob storage
If you set AzureBlob as the backup store provider, provide information for the following properties:
Property | Description |
---|---|
AZURE_BLOB_ACCOUNT_NAME = <Azure storage account> | Specify the Azure Blob storage account name. Tip:You specified this storage account name when you chose the Use Azure Cloud Storage for the configuration and content store option in the Deployment Options panel of Cloud Builder. |
AZURE_BLOB_CONTAINER_NAME = <name of your Azure Blob storage container> | Specify the Blob container name. |
AZURE_BLOB_CREDENTIALTYPE = <accessKey|servicePrincipal|userAssignedIdentity|sasToken> | Set the Azure Blob credential type to one of the following:
The specified key, token, or identity must have read, write, and filter access to the Azure Blob container resource you specify with the AZURE_BLOB_CONTAINER_NAME property. |
AZURE_BLOB_ACCOUNT_KEY = <account key> | If you have AZURE_BLOB_CREDENTIALTYPE set to accessKey, set this property to the account key associated with your Azure Blob storage account. |
AZURE_BLOB_ACCOUNT_KEY_ENCRYPTED = false | Leave this set to false. If you have AZURE_BLOB_CREDENTIALTYPE set to accessKey when you run the WebGISDR tool, the tool will encrypt the access key and set AZURE_BLOB_ACCOUNT_KEY_ENCRYPTED to true. |
AZURE_BLOB_SP_TENANT_ID = <Azure tenant ID> | If you have AZURE_BLOB_CREDENTIAL_TYPE set to servicePrincipal, set this property to the Azure tenant ID associated with the service principal. |
AZURE_BLOB_SP_CLIENT_ID = <Azure service principal client ID> | If you have AZURE_BLOB_CREDENTIAL_TYPE set to servicePrincipal, set this property to the Azure service principal client ID. |
AZURE_BLOB_SP_CLIENT_SECRET_KEY = <Azure service principal's secret key> | If you have AZURE_BLOB_CREDENTIAL_TYPE set to servicePrincipal, set this property to the Azure service principal's secret key. |
AZURE_BLOB_SP_CLIENT_SECRET_KEY_ENCRYPTED = false | Leave this set to false. If you have AZURE_BLOB_CREDENTIAL_TYPE set to servicePrincipal when you run the WebGISDR tool, the tool will encrypt the access key and secret key and set AZURE_BLOB_SP_CLIENT_SECRET_KEY_ENCRYPTED to the encrypted access key value. |
AZURE_BLOB_USER_MI_CLIENT_ID = <user-assigned managed identity client ID> | If you have AZURE_BLOB_CREDENTIAL_TYPE set to userAssignedIdentity, set this property to the user-assigned managed identity client ID. |
AZURE_BLOB_SAS_TOKEN = <shared access signature token> | If you have AZURE_BLOB_CREDENTIAL_TYPE set to sasToken, set this property to the shared access signature token generated from Azure. Since SAS tokens typically have a short-lived lifespan, this option may not be preferred for automated backup and restore workflows. |
AZURE_BLOB_SAS_TOKEN_ENCRYPTED = false | Leave this set to false. If you have AZURE_BLOB_CREDENTIALTYPE set to sasToken when you run the WebGISDR tool, the tool will encrypt the SAS token and set AZURE_BLOB_SAS_TOKEN_ENCRYPTED to true. |
AZURE_BLOB_ACCOUNT_ENDPOINT_SUFFIX = <Blob storage account endpoint> | Specify the storage account endpoint. |
(Optional) AZURE_BLOB_ENDPOINT_URL = <Blob service URL> | Specify the Blob service endpoint URL if you are using a custom Blob storage endpoint. If you aren't using a custom endpoint, don't uncomment this line. The default URL is in the format https://<BLOB_ACCOUNT_NAME>.blob.core.windows.net. |
AZURE_BLOB_BACKUP_NAME = <backup file name> | This property is only used when you restore an ArcGIS Enterprise organization. Specify the name of the backup file you want to restore. If you do not specify a backup file name, the latest backup file is restored. |
AZURE_BLOB_SP_AUTHORITY_HOST = <identity host> | If you have AZURE_BLOB_CREDENTIAL_TYPE set to servicePrincipal, and are operating in a tenant not using login.microsoftonline.com (the default), define the correct authority host used to authenticate service principal, for example, login.microsoftonline.us. |
PORTAL_BACKUP_BLOB_SP_AUTHORITY_HOST = <identity host> | If you have AZURE_BLOB_CREDENTIAL_TYPE set to servicePrincipal, and are operating in a tenant not using login.microsoftonline.com (the default), define the correct authority host used to authenticate the service principal, for example, login.microsoftonline.us. |
PKI properties
If you have configured a public key infrastructure (PKI)-based client certificate authentication to secure access to your portal, provide information for the following properties:
Property | Description |
---|---|
IS_PORTAL_PKI_AUTHENTICATED = <true|false> | If you have configured a PKI to secure access to your portal, set this value to true. Learn more about portal authentication options. |
PORTAL_CLIENT_CERTIFICATE_FILE_PATH = <full certificate file path> | Specify the full file path of the portal's PKI certificate in PKCS12 format. |
PORTAL_CLIENT_CERTIFICATE_PASSWORD = <password for certificate> | Specify the corresponding password for the PKI certificate. |
PORTAL_CLIENT_CERTIFICATE_PASSWORD_ENCRYPTED = false | When you first enter the value for the certificate password, leave this value as false. When you first run the tool after saving this value, the tool will encrypt the password and change this property to true. |
Portal content in cloud properties
If you are storing your portal content or hosting site's object stores in an Amazon S3 bucket or Azure Blob container, you must create a backup bucket or container for backing up those objects. This should not be the same that the portal content or object store themselves are in; otherwise, a duplication of content will occur each time you perform a backup.
Amazon S3 storage
If your ArcGIS Enterprise organization is running on AWS and your portal content directory is stored in Amazon S3, provide information for the following properties:
Note:
If your organization's machines access Amazon S3 using a VPC endpoint, cross-region copying is not allowed. When implementing geographic redundancy, create a bucket in the same region as the standby and ensure the exported portal content backup bucket is synchronized using the AWS CLI (or an automated process) prior to running the WebGISDR import operation. This replicated bucket would need to be specified in the webgisdr.properties restore file as BACKUP_S3_BUCKET with the appropriate region.
Property | Description |
---|---|
BACKUP_S3_BUCKET = <name of the bucket> | Specify the name of the S3 bucket in which you want to store your portal content directory. |
BACKUP_S3_REGION = <AWS region where the bucket was created> | Specify the AWS region where the bucket was created. |
To learn more about this type of implementation, see Configure a highly available portal with Amazon S3.
Azure Blob storage
If you are storing your portal content directory in an Azure Blob storage container, provide information for the following properties:
Note:
The values for these properties should match those set in the Azure Blob storage properties section above; the definitions for that section apply here as well.
Property | Description |
---|---|
BACKUP_BLOB_ACCOUNT_NAME = <Azure storage account> | Specify the Azure Blob storage account name. |
BACKUP_BLOB_CONTAINER_NAME = <name of your Azure Blob storage container> | Specify the Blob container name. |
BACKUP_BLOB_CREDENTIAL_TYPE = <accessKey|servicePrincipal|userAssignedIdentity|sasToken> | Set the Azure Blob credential type. |
BACKUP_BLOB_ACCOUNT_KEY = <account key> | If you have BACKUP_BLOB_CREDENTIAL_TYPE set to accessKey, set this property to the account key associated with your Azure Blob storage account. |
BACKUP_ACCOUNT_KEY_ENCRYPTED = false | Specify false when you first add the account key values to the file. |
BACKUP_BLOB_SP_TENANT_ID = <Azure tenant ID> | If you have BACKUP_BLOB_CREDENTIAL_TYPE set to servicePrincipal, set this property to the Azure tenant ID associated with the service principal. |
BACKUP_BLOB_SP_CLIENT_ID = <Azure service principal client ID> | If you have BACKUP_BLOB_CREDENTIAL_TYPE set to servicePrincipal, set this property to the Azure service principal client ID. |
BACKUP_BLOB_SP_CLIENT_SECRET_KEY = <Azure service principal's secret key> | If you have BACKUP_BLOB_CREDENTIAL_TYPE set to servicePrincipal, set this property to the Azure service principal's secret key. |
BACKUP_BLOB_SP_CLIENT_SECRET_KEY_ENCRYPTED = false | Specify false when you first add the service principal values to the file. |
BACKUP_BLOB_SP_AUTHORITY_HOST = <authority host> | If you have BACKUP_BLOB_CREDENTIAL_TYPE set to servicePrincipal and are operating in a tenant not using login.microsoftonline.com (the default), define the correct authority host used to authenticate the service principal, for example, login.microsoftonline.us. |
BACKUP_BLOB_USER_MI_CLIENT_ID = <client id> | If you have BACKUP_BLOB_CREDENTIAL_TYPE set to userAssignedIdentity, set this property to the user-assigned managed identity client ID. |
BACKUP_BLOB_SAS_TOKEN = <SAS token> | If you have BACKUP_BLOB_CREDENTIAL_TYPE set to sasToken, set this property to the shared access signature token generated from Azure. Since SAS tokens typically have a short-lived lifespan, this option may not be preferred for automated backup and restore workflows. |
BACKUP_BLOB_SAS_TOKEN_ENCRYPTED = false | Specify false when you first add the SAS token values to the file. |
BACKUP_BLOB_ACCOUNT_ENDPOINT_SUFFIX = <Blob storage account endpoint> | Specify the storage account endpoint. |
(Optional) BACKUP_BLOB_ENDPOINT_URL = <custom Blob service URL> | Specify the Blob service endpoint URL if you are using a custom Blob storage endpoint. If you aren't using a custom endpoint, don't uncomment this line. The default URL is in the format https://<BLOB_ACCOUNT_NAME>.blob.core.windows.net |
Examples
The following example properties files contain scenarios for each backup store provider option.
In this example, a backup of the portal at URL https://portalhostname.domain.com:7443/arcgis, plus the services and settings of its hosting and federated servers, and the hosted feature layer data stored in the ArcGIS Data Store relational data store will be initially output to files in \\\\myserver\\tempbackups. The separate files will be compressed into a single backup file (entbackup) and copied to \\mybuserver\\wgbackups. Scene layer caches from the ArcGIS Data Store tile cache data store will not be included because INCLUDE_SCENE_TILE_CACHES is set to false.
PORTAL_ADMIN_URL = https://portalhostname.domain.com:7443/arcgis PORTAL_ADMIN_USERNAME = admin PORTAL_ADMIN_PASSWORD = Th3.Ad.Pass PORTAL_ADMIN_PASSWORD_ENCRYPTED = false BACKUP_RESTORE_MODE = backup SHARED_LOCATION = \\\\myserver\\tempbackups INCLUDE_SCENE_TILE_CACHES = false BACKUP_STORE_PROVIDER = FileSystem BACKUP_LOCATION = \\\\mybuserver\\wgbackups\\entbackup
In this example, a backup of the portal at URL https://portalonaws.mydomain.com:7443/gis, its content directory (stored in S3 bucket portalcontent), the services and settings of the portal's hosting and federated servers, and the data stored in the relational and tile cache data stores will be output to the S3 bucket entbackups in the AWS region eu-west-1. The backup file name is fullbackup06June. An IAM role is used to access the AWS account.
PORTAL_ADMIN_URL = https://portalonaws.mydomain.com:7443/arcgis PORTAL_ADMIN_USERNAME = entadmin PORTAL_ADMIN_PASSWORD = p0rtl.a.p PORTAL_ADMIN_PASSWORD_ENCRYPTED = false BACKUP_RESTORE_MODE = backup SHARED_LOCATION = \\fileserver\backups INCLUDE_SCENE_TILE_CACHES = true BACKUP_STORE_PROVIDER = AmazonS3 S3_BUCKET = entbackups S3_CREDENTIAL_TYPE = IAMRole S3_REGION = eu-west-1 S3_BACKUP_NAME = fullbackup06June BACKUP_S3_BUCKET = contentbackups BACKUP_S3_REGION =eu-west-1
This example is for Microsoft Azure Blob storage. A backup of the portal at URL https://portalonazure.domain.com:7443/arcgis, its content directory, the services and settings of the portal's hosting and federated servers, and the data stored in the relational and tile cache data stores will be output to the Azure Blob drbackups.
PORTAL_ADMIN_URL = https://portalonazure.domain.com:7443/arcgis PORTAL_ADMIN_USERNAME = entadmin PORTAL_ADMIN_PASSWORD = p0rtl.a.p BACKUP_RESTORE_MODE = backup SHARED_LOCATION = \\fileserver\backups BACKUP_STORE_PROVIDER = AzureBlob AZURE_BLOB_ACCOUNT_NAME = entbackups AZURE_BLOB_ACCOUNT_KEY = <key> AZURE_BLOB_ACCOUNT_KEY_ENCRYPTED =false AZURE_BLOB_ACCOUNT_ENDPOINT_SUFFIX = core.windows.net AZURE_BLOB_CONTAINER_NAME = drbackups BACKUP_BLOB_ACCOUNT_NAME = entbackups BACKUP_BLOB_ACCOUNT_KEY = <key> BACKUP_BLOB_ACCOUNT_KEY_ENCRYPTED = false BACKUP_BLOB_ACCOUNT_ENDPOINT_SUFFIX = core.windows.net BACKUP_BLOB_CONTAINER_NAME = contentbackups