Improve company productivity with a Business Account.Sign Up

x
?
Solved

Extend Site or New AAM In SharePoint 2010

Posted on 2014-04-01
4
Medium Priority
?
768 Views
Last Modified: 2014-04-03
We resent had a MS Sharepoint Risk Assesment done and one of thre many items that was pointed out was the fact all of our sites are in the "Default" zone which is how sharepoint was setup when i started.

Both internal and external users access our small sharepoint site using the same URL. I have been asked to break us our sites into two seperate zone but still use the same name. Also all sites use SSL

1) Should I create a new AAM or extend or existing site? I have read that some users have extended their sites to do something similar.

2) Any problems DNS / routing wise having the name URL name for internal and external users?

3) Also our sharepoint environment has three sites one main site and two other which are referenced with in the main site. How would changing the AAM affect accessing these sites?

Any other suggestions on what i should look out for since I have not done this before and looking for some advise from those who are more skilled than I in sharepoint
0
Comment
Question by:compdigit44
  • 3
4 Comments
 
LVL 20

Author Comment

by:compdigit44
ID: 39972666
Actually I am a bit confused since all of our sites are in one zone and are accessed by the same name internally and externally do I not need a new AAM mapping but just different zone or are these really one in the same?
0
 
LVL 21

Accepted Solution

by:
Walter Curtis earned 2000 total points
ID: 39973172
Quick explanation about extended web applications (zones)

A default SharePoint site, or web application has a URL that is an IIS web site. Bindings are configured to listen to a particular URL (host header) on a particular port. On the SharePoint site, that web application is configured to use the incoming URL (via AAM) but more importantly to use a particular authentication provider, such as Active Integrated which in IIS is Window Integrated authentication.

A SharePoint web application (site) extension is when a second IIS site is created, meaning a separate URL will be used and different bindings are possible. This extension is created via SharePoint Central Administration. Being created in CA means that you can have a different authentication provider for this extended web app. Most importantly, remember the extension connects to the exact same content database as the IIS web site in the default zone.

That all means that you can have people coming in via different methods but hitting the same content. As an example, intranet people can use an internal URL and their active directory to log in and access the SharePoint site and external people can use a separate or externally available URL (if you have external public access) and a different authentication provider, (for example a SQL based user management system) and access the same content as the internal people.

So having said all that, unless you have an appliance such as an F5 or some other type of routing load balancer, it will be difficult to use the same URL for external and internal. You could be creative with DNS maybe to pull it off, but without more detail not sure. The issue is that in IIS you can't listen for the same host name on separate web sites.  If by external  you mean people access via company VPN then you will be okay.

To your question specifically - at this stage modifying AAM will not do anything for you. Simply adding an AAM has nothing to do with how IIS will work. As far as DNS, yes you will have problems having the same URL (host name) going to different IP's. (Unless you multi-home your server, but that is totally different.) Checking AAM or extending the Web app will not effect the sub sites. (they should be relative to the Web App URL.)

Hope that helps
0
 
LVL 20

Author Comment

by:compdigit44
ID: 39973684
Wow, great response!!!
 One thing I failed to mention is the fact we are already using the same URL internally and externally and our sharepoint WFE's are load balanced via a Citrix Netscaler

Sorry for the millions of questions but I was asked to fix the issues point out in our MS Sharepoint Risk Assessment and the part about AAM's and having hostname directly listed is what I need to correct.

for examaple
central admin site
http://server1   -> public http://server1
http://server2   -> public http://server1

etc..

Also for the Zone everything is listed under the default zone is this good or bad. I know the person who setup sharepoint orginally setup claim but our site is really using NTLM since SPN nor delegrate was never setup. Could this or poor AAM/Zone mappings cause poor performance?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 39975805
thank you again for all of your help. Since I had so may questions and want to do things correctly I ended up opening  a support case with MS.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Note:  There are two main ways to deploy InfoPath forms:  Server-side and directly through the SharePoint site.  Deploying a server-side InfoPath form means the form is approved by the Administrator, thus allowing greater functionality in the form. …
Summary In SharePoint 2010 it is easy to create custom color themes to jazz up a site. Theme colors can also be created in PowerPoint 2010 with a few clicks. But how do the chosen colors actually look in the SharePoint site? The attached PowerPoint…
Watch the video of Kernel Migrator for SharePoint, which demonstrate the process easily of migration from SharePoint to SharePoint, OneDrive for Business & Google Drive servers, Public Folder to SharePoint, File Server to SharePoint. The tool has va…
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question