Solved

Extend Site or New AAM In SharePoint 2010

Posted on 2014-04-01
4
685 Views
Last Modified: 2014-04-03
We resent had a MS Sharepoint Risk Assesment done and one of thre many items that was pointed out was the fact all of our sites are in the "Default" zone which is how sharepoint was setup when i started.

Both internal and external users access our small sharepoint site using the same URL. I have been asked to break us our sites into two seperate zone but still use the same name. Also all sites use SSL

1) Should I create a new AAM or extend or existing site? I have read that some users have extended their sites to do something similar.

2) Any problems DNS / routing wise having the name URL name for internal and external users?

3) Also our sharepoint environment has three sites one main site and two other which are referenced with in the main site. How would changing the AAM affect accessing these sites?

Any other suggestions on what i should look out for since I have not done this before and looking for some advise from those who are more skilled than I in sharepoint
0
Comment
Question by:compdigit44
  • 3
4 Comments
 
LVL 19

Author Comment

by:compdigit44
ID: 39972666
Actually I am a bit confused since all of our sites are in one zone and are accessed by the same name internally and externally do I not need a new AAM mapping but just different zone or are these really one in the same?
0
 
LVL 16

Accepted Solution

by:
Walter Curtis earned 500 total points
ID: 39973172
Quick explanation about extended web applications (zones)

A default SharePoint site, or web application has a URL that is an IIS web site. Bindings are configured to listen to a particular URL (host header) on a particular port. On the SharePoint site, that web application is configured to use the incoming URL (via AAM) but more importantly to use a particular authentication provider, such as Active Integrated which in IIS is Window Integrated authentication.

A SharePoint web application (site) extension is when a second IIS site is created, meaning a separate URL will be used and different bindings are possible. This extension is created via SharePoint Central Administration. Being created in CA means that you can have a different authentication provider for this extended web app. Most importantly, remember the extension connects to the exact same content database as the IIS web site in the default zone.

That all means that you can have people coming in via different methods but hitting the same content. As an example, intranet people can use an internal URL and their active directory to log in and access the SharePoint site and external people can use a separate or externally available URL (if you have external public access) and a different authentication provider, (for example a SQL based user management system) and access the same content as the internal people.

So having said all that, unless you have an appliance such as an F5 or some other type of routing load balancer, it will be difficult to use the same URL for external and internal. You could be creative with DNS maybe to pull it off, but without more detail not sure. The issue is that in IIS you can't listen for the same host name on separate web sites.  If by external  you mean people access via company VPN then you will be okay.

To your question specifically - at this stage modifying AAM will not do anything for you. Simply adding an AAM has nothing to do with how IIS will work. As far as DNS, yes you will have problems having the same URL (host name) going to different IP's. (Unless you multi-home your server, but that is totally different.) Checking AAM or extending the Web app will not effect the sub sites. (they should be relative to the Web App URL.)

Hope that helps
0
 
LVL 19

Author Comment

by:compdigit44
ID: 39973684
Wow, great response!!!
 One thing I failed to mention is the fact we are already using the same URL internally and externally and our sharepoint WFE's are load balanced via a Citrix Netscaler

Sorry for the millions of questions but I was asked to fix the issues point out in our MS Sharepoint Risk Assessment and the part about AAM's and having hostname directly listed is what I need to correct.

for examaple
central admin site
http://server1   -> public http://server1
http://server2   -> public http://server1

etc..

Also for the Zone everything is listed under the default zone is this good or bad. I know the person who setup sharepoint orginally setup claim but our site is really using NTLM since SPN nor delegrate was never setup. Could this or poor AAM/Zone mappings cause poor performance?
0
 
LVL 19

Author Comment

by:compdigit44
ID: 39975805
thank you again for all of your help. Since I had so may questions and want to do things correctly I ended up opening  a support case with MS.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you create your solutions on SharePoint sooner or later you will come upon a request to set  permissions of the item depending on some of the item's meta-data - the author, people assigned as approvers, divisions, categories etc. The most natu…
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question