SSL Implementation on Sharepoint 2013

Experts,
 We have 2013 sharepoint farm. We are planning to implement SSL (http to https) to our web application. We have 4 front end servers , 6 Application servers. We would like to know what is the advantage and  dis advantage to implement SSL on back end server or Load balance? Also we are planning to migrate our Sharepoint 2013 to Office 365 so what is the common practice to implement (server or load balance)?
sharepoint0520Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daryl SirotaDirector of Technical ServicesCommented:
I assume you already have some type of load balancer on the front-ends, unless you are just using DNS round-robin.  Since SharePoint implements its own 'load balancing' on the middle tier, nothing more is needed there.

Absolutely recommend SSL on the front-ends unless you have an SSL offloader device or are using Ipsec from clients to farm. A single cert will suffice for all servers.

Now, for the back-end servers, I would put the same SSL cert on the client-facing web applications.  Moving the other supporting apps is more questionable, especially since you probably aren't encrypting the data to SQL and Active Directory, are you?  I mean, you could have ipsec deployed to encrypt all server-side traffic, in which case SSL is just more overhead.   Adding SSL for the intra-farm traffic buys you little unless you are also encrypting SQL and AD,  

Not to mention SharePoint is so @%@#$ picky about those apps :)  I've done it before, but with such a large farm, you'll have job security for life (if you don't already!)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Pros + Cons.

If you implement SSL on...

1) Sharepoint side, then if Sharepoint hardware dies you have a good bit of SSL plumbing to add to your backend servers.

2) If you implement SSL plumbing to add to your backend servers + Sharepoint hardware dies, a simple IP change + you're pointing to your backend servers + you're back in business.

If your SSL config is well conceived + all assets served have correct expires headers set for correct browser caching, there's very little SSL overhead involved for handling requests.
sharepoint0520Author Commented:
Hi,

 Hi, Thanks for your input. What is the advantage if we implement on Load balance vs Server? We do have lots of customize css and webpart too. And we are planning to upgrade to Office 365 too.

Please advice
Daryl SirotaDirector of Technical ServicesCommented:
SSL on a load-balancer, as noted by David, takes the work of SSL onto non-Sharepoint equipment.  If you can do that, I'd recommend it too!

However, if you are planning to move to Office 365, then stop the on-premise load balancer and SSL 'spinning' and spend your efforts on 365.  That's one of the huge 365 benefits in that you don't need to worry about servers, disk space, ssl, load-balancers, sharepoint timer services stopping, AD import jobs, broken services - all of which CAN plague an on-premise deployment.

Now, if you are planning to be in a hybrid environment - where both on-premise and 365 live side-by-side, then you'd need to shore up your on-premise as best you can, and we're back to the above concerns.
sharepoint0520Author Commented:
Hi,
 Thanks for the information. We are planning for Hybrid environment. Can you please explain me in detail your last paragraph?
 
""Now, if you are planning to be in a hybrid environment - where both on-premise and 365 live side-by-side, then you'd need to shore up your on-premise as best you can, and we're back to the above concerns.
Is this your solution? ""

Thank you.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SharePoint

From novice to tech pro — start learning today.