Solved

Extend Site or New AAM In SharePoint 2010

Posted on 2014-04-01
4
711 Views
Last Modified: 2014-04-03
We resent had a MS Sharepoint Risk Assesment done and one of thre many items that was pointed out was the fact all of our sites are in the "Default" zone which is how sharepoint was setup when i started.

Both internal and external users access our small sharepoint site using the same URL. I have been asked to break us our sites into two seperate zone but still use the same name. Also all sites use SSL

1) Should I create a new AAM or extend or existing site? I have read that some users have extended their sites to do something similar.

2) Any problems DNS / routing wise having the name URL name for internal and external users?

3) Also our sharepoint environment has three sites one main site and two other which are referenced with in the main site. How would changing the AAM affect accessing these sites?

Any other suggestions on what i should look out for since I have not done this before and looking for some advise from those who are more skilled than I in sharepoint
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 20

Author Comment

by:compdigit44
ID: 39972666
Actually I am a bit confused since all of our sites are in one zone and are accessed by the same name internally and externally do I not need a new AAM mapping but just different zone or are these really one in the same?
0
 
LVL 17

Accepted Solution

by:
Walter Curtis earned 500 total points
ID: 39973172
Quick explanation about extended web applications (zones)

A default SharePoint site, or web application has a URL that is an IIS web site. Bindings are configured to listen to a particular URL (host header) on a particular port. On the SharePoint site, that web application is configured to use the incoming URL (via AAM) but more importantly to use a particular authentication provider, such as Active Integrated which in IIS is Window Integrated authentication.

A SharePoint web application (site) extension is when a second IIS site is created, meaning a separate URL will be used and different bindings are possible. This extension is created via SharePoint Central Administration. Being created in CA means that you can have a different authentication provider for this extended web app. Most importantly, remember the extension connects to the exact same content database as the IIS web site in the default zone.

That all means that you can have people coming in via different methods but hitting the same content. As an example, intranet people can use an internal URL and their active directory to log in and access the SharePoint site and external people can use a separate or externally available URL (if you have external public access) and a different authentication provider, (for example a SQL based user management system) and access the same content as the internal people.

So having said all that, unless you have an appliance such as an F5 or some other type of routing load balancer, it will be difficult to use the same URL for external and internal. You could be creative with DNS maybe to pull it off, but without more detail not sure. The issue is that in IIS you can't listen for the same host name on separate web sites.  If by external  you mean people access via company VPN then you will be okay.

To your question specifically - at this stage modifying AAM will not do anything for you. Simply adding an AAM has nothing to do with how IIS will work. As far as DNS, yes you will have problems having the same URL (host name) going to different IP's. (Unless you multi-home your server, but that is totally different.) Checking AAM or extending the Web app will not effect the sub sites. (they should be relative to the Web App URL.)

Hope that helps
0
 
LVL 20

Author Comment

by:compdigit44
ID: 39973684
Wow, great response!!!
 One thing I failed to mention is the fact we are already using the same URL internally and externally and our sharepoint WFE's are load balanced via a Citrix Netscaler

Sorry for the millions of questions but I was asked to fix the issues point out in our MS Sharepoint Risk Assessment and the part about AAM's and having hostname directly listed is what I need to correct.

for examaple
central admin site
http://server1   -> public http://server1
http://server2   -> public http://server1

etc..

Also for the Zone everything is listed under the default zone is this good or bad. I know the person who setup sharepoint orginally setup claim but our site is really using NTLM since SPN nor delegrate was never setup. Could this or poor AAM/Zone mappings cause poor performance?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 39975805
thank you again for all of your help. Since I had so may questions and want to do things correctly I ended up opening  a support case with MS.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft SharePoint Foundation 2010 and Microsoft SharePoint Server 2010 do not offer the option to configure the location of the SharePoint diagnostic trace log files during installation.  This can, however, be configured through Central Administr…
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question