Solved

Extend Site or New AAM In SharePoint 2010

Posted on 2014-04-01
4
677 Views
Last Modified: 2014-04-03
We resent had a MS Sharepoint Risk Assesment done and one of thre many items that was pointed out was the fact all of our sites are in the "Default" zone which is how sharepoint was setup when i started.

Both internal and external users access our small sharepoint site using the same URL. I have been asked to break us our sites into two seperate zone but still use the same name. Also all sites use SSL

1) Should I create a new AAM or extend or existing site? I have read that some users have extended their sites to do something similar.

2) Any problems DNS / routing wise having the name URL name for internal and external users?

3) Also our sharepoint environment has three sites one main site and two other which are referenced with in the main site. How would changing the AAM affect accessing these sites?

Any other suggestions on what i should look out for since I have not done this before and looking for some advise from those who are more skilled than I in sharepoint
0
Comment
Question by:compdigit44
  • 3
4 Comments
 
LVL 19

Author Comment

by:compdigit44
ID: 39972666
Actually I am a bit confused since all of our sites are in one zone and are accessed by the same name internally and externally do I not need a new AAM mapping but just different zone or are these really one in the same?
0
 
LVL 15

Accepted Solution

by:
Walter Curtis earned 500 total points
ID: 39973172
Quick explanation about extended web applications (zones)

A default SharePoint site, or web application has a URL that is an IIS web site. Bindings are configured to listen to a particular URL (host header) on a particular port. On the SharePoint site, that web application is configured to use the incoming URL (via AAM) but more importantly to use a particular authentication provider, such as Active Integrated which in IIS is Window Integrated authentication.

A SharePoint web application (site) extension is when a second IIS site is created, meaning a separate URL will be used and different bindings are possible. This extension is created via SharePoint Central Administration. Being created in CA means that you can have a different authentication provider for this extended web app. Most importantly, remember the extension connects to the exact same content database as the IIS web site in the default zone.

That all means that you can have people coming in via different methods but hitting the same content. As an example, intranet people can use an internal URL and their active directory to log in and access the SharePoint site and external people can use a separate or externally available URL (if you have external public access) and a different authentication provider, (for example a SQL based user management system) and access the same content as the internal people.

So having said all that, unless you have an appliance such as an F5 or some other type of routing load balancer, it will be difficult to use the same URL for external and internal. You could be creative with DNS maybe to pull it off, but without more detail not sure. The issue is that in IIS you can't listen for the same host name on separate web sites.  If by external  you mean people access via company VPN then you will be okay.

To your question specifically - at this stage modifying AAM will not do anything for you. Simply adding an AAM has nothing to do with how IIS will work. As far as DNS, yes you will have problems having the same URL (host name) going to different IP's. (Unless you multi-home your server, but that is totally different.) Checking AAM or extending the Web app will not effect the sub sites. (they should be relative to the Web App URL.)

Hope that helps
0
 
LVL 19

Author Comment

by:compdigit44
ID: 39973684
Wow, great response!!!
 One thing I failed to mention is the fact we are already using the same URL internally and externally and our sharepoint WFE's are load balanced via a Citrix Netscaler

Sorry for the millions of questions but I was asked to fix the issues point out in our MS Sharepoint Risk Assessment and the part about AAM's and having hostname directly listed is what I need to correct.

for examaple
central admin site
http://server1   -> public http://server1
http://server2   -> public http://server1

etc..

Also for the Zone everything is listed under the default zone is this good or bad. I know the person who setup sharepoint orginally setup claim but our site is really using NTLM since SPN nor delegrate was never setup. Could this or poor AAM/Zone mappings cause poor performance?
0
 
LVL 19

Author Comment

by:compdigit44
ID: 39975805
thank you again for all of your help. Since I had so may questions and want to do things correctly I ended up opening  a support case with MS.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is one common problem that all we SharePoint developers share: custom solution deployment. This topic can't be covered fully in this short article, so all I want to do in this one is to review it from a development-to-operations perspectiv…
The vision: A MegaMenu for a SharePoint portal home page The mission: Make it easy to maintain. Allow rich content and sub headers as well as standard links. Factor in frequent changes without involving developers or a lengthy Dev/Test/Prod rel…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now