Ever wanted to published SharePoint 2010 externally and found it difficult to understand and even harder to find good documentation?
Publishing SharePoint 2010 with either ISA 2006 or Forefront TMG.
Before you begin:
Commonly your internal SharePoint farm will be accessed over HTTP whilst external access is via HTTPS.
In this example I will use the following configuration:
SharePoint URL: http://sharepoint.domain.local
MySites URL: http://mysites.domain.local
Wildcard digital certificate: *.internetdomain.com
Two external DNS records pointing to the same external IP address on the ISA server:
• SharePoint.internetdomain.com
• Mysites.internetdomain.com
SharePoint Steps:
1. Extend the SharePoint and MySites web applications (in Central Admin)
2. Install your digital certificate (and root certificate) on the Web Front End Server
3. Using PowerShell add two Alternative Access Mappings (AAM’s):
5. Make sure the new sites have started an IISReset may be required.
Forefront TMG or ISA Server Steps:
1. Create a web listener
Access rules can be used to block access to specific sub-URL’s.
Publishing SharePoint 2010 with either ISA 2006 or Forefront TMG.
Before you begin:
Commonly your internal SharePoint farm will be accessed over HTTP whilst external access is via HTTPS.
In this example I will use the following configuration:
SharePoint URL: http://sharepoint.domain.local
MySites URL: http://mysites.domain.local
Wildcard digital certificate: *.internetdomain.com
Two external DNS records pointing to the same external IP address on the ISA server:
• SharePoint.internetdomain.com
• Mysites.internetdomain.com
SharePoint Steps:
1. Extend the SharePoint and MySites web applications (in Central Admin)
2. Install your digital certificate (and root certificate) on the Web Front End Server
3. Using PowerShell add two Alternative Access Mappings (AAM’s):
- New-SPAlternateURL https://sharepoint.domain.local -zone “Internet” – internal
- New-SPAlternateURL https://sharepoint.internetdomain.com -zone “Internet”
- Get-SPAlternateURL can be used to list the AAM’s
5. Make sure the new sites have started an IISReset may be required.
Forefront TMG or ISA Server Steps:
1. Create a web listener
- HTTPS
- Redirect HTTP to HTTPS
- Use the same certificate installed on SharePoint above
- Configure SSO = .internetdomain.com (this ensures only one login to TMG or ISA is required for all sites on that listener with matching domains)
- Use the same web listener for both
- Forward the original host headers
- Bridge the connection using HTTPS (keep the protocols the same between the external URL and the internal URL)
Access rules can be used to block access to specific sub-URL’s.
No comments:
Post a Comment