Matthew McDermott, MVP

General ramblings from a SharePoint MVP about SharePoint and Microsoft technologies related to collaboration, web content management and productivity.

Recent Posts

Archives

Links

MVP Blogs

Notable Blogs

Administration,   Books,   Community Kit for SharePoint,   CSS,   Development,   Governance,   Just Wondering,   MVP,   My Sites,   Office 2007,   People who Rock,   Search,   SharePoint 2007,   Social Networking,   Speaking Engagements,   Tools,   Training,   Upgrade,   User Group,   Virtual PC,   Web Publishing,   XHTML  

AAM and SSL Termination

Scenario

A few days ago I knew nothing about SSL Termination, the Cisco ACE load balancer or Alternate Access Mapping. (OK, I lied, I knew enough about AAM to hate it. Mostly because I just don't get it.) I was struggling with the following scenario. Spencer Harbar and Shane Young lead me down the right path.

SSL Termination and Load Balancing

We use alternate access mapping to handle the routing of requests to the two web applications Intranet and MySite. This configuration is a result of the Cisco Ace Load Balancer that is handling the SSL termination and request forwarding. The end user types in https://intranet.company.com and the load balancer handles the SSL part and forwards the plain old http request to SharePoint. This diagram shows the set up.

 

The load balancer handles the SSL encryption and address translation. The web front ends only need to handle the HTTP traffic. Once the web applications are built you must configure Alternate Access Mapping to enable SharePoint to respond to the correct addresses. I knew all this, but found the AAM user interface a challenge to really understand. In this case we need the configuration to use a Public URL of https://intranet.company.com and an Internal URL of http://intranet.company.com.

AAM Configuration

The alternate access zone for Intranet should contain only one address: https://intranet.company.com.

A new Internal URL is required to handle the http traffic. Select Add Internal URL and ensure that you have selected the right AAM Collection. Enter the address http://intranet.company.com and add it to the Default zone.

Perform these same steps for http://mysite.company.com.

Your Alternate Access Mapping settings should now look like this. Note that the different Internal URLs map to the same Zone and the same Public URLs for Zone.

 

Search Settings

Depending on how you created your web applications you may need to change the start addresses of your Content Sources. In our case we changed them all to crawl on https.

 

References

AAM on TechNet

http://technet.microsoft.com/en-us/library/cc261814.aspx

Cisco ACE Information

There is nothing in here for SharePoint but it has some handy info for your network folks.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a0080908161.pdf

Posted by Matthew McDermott on Tuesday, 5 Aug 2008 02:58
1 Comment | Filed under: Administration, MVP, My Sites, People who Rock
Bookmark this post with:        

Comments

On 30 Sep 2008 01:11, Benjamin Athawes said:

Thank you SO much for this!!! Saved me after hours of frustration with AAM :-)

Leave a comment

Name (required)

Url

Email

Comments

Complete this section to post your comment

 
Powered by Community Kit for SharePoint: Enhanced Blog Edition.