Publishing a SharePoint application with identical internal and public host addresses
Updated: February 15, 2013
Applies To: Unified Access Gateway
This topic describes how to deploy a SharePoint web application with Forefront Unified Access Gateway (UAG) in a topology in which each server running SharePoint Products and Technologies publishes a single web application, and the application's internal and public addresses are identical.
The following topology is commonly used in hosted services environments:
A server running SharePoint Products and Technologies publishes a single web application.
The SharePoint web application is published via only one Forefront UAG trunk.
The public address of the SharePoint site is identical to the internal address of the site.
External users access the SharePoint site over HTTPS; internal users access the same site over HTTP.
SharePoint web application published via a single trunk; SharePoint site's public host address is identical to the site's internal host address
Note
You must perform the following procedures on the server running SharePoint Products and Technologies, and on the Forefront UAG server. You can repeat these procedures to publish as many SharePoint web applications as required, via Forefront UAG; however, you cannot publish the same SharePoint web application more than once on each Forefront UAG trunk.
Configuring Forefront UAG settings—Configure the Forefront UAG server to add a SharePoint web application to the trunk.
Configuring the server running SharePoint Products and Technologies—Configure the server running SharePoint Products and Technologies.
Configuring Forefront UAG settings
This procedure describes the steps you must do on the Forefront UAG server to add SharePoint web applications to the trunk.
To add a SharePoint web application to the trunk
In the Forefront UAG Management console, click the trunk to which you want to add the application, and then in the Applications area, click Add.
In the Add Application Wizard, on the Select Application page, click Web, and then in the list, click Microsoft Office SharePoint Server 2013, Microsoft SharePoint Server 2010, or Microsoft Office SharePoint Server 2007.
Important
Do not publish the same SharePoint web application twice on the same trunk.
On the Select Endpoint Policies page, select the relevant SharePoint download and upload policies. These policies have been designed specifically for use with published SharePoint applications.
On the Web Servers page, do the following:
In the Addresses box, enter the internal host name of the server running SharePoint Products and Technologies. If your SharePoint server is load balanced, use the load-balanced URL instead of a server name. Make sure that you enter a fully qualified domain name.
In the Paths box, you can optionally define one or more paths on which the application resides, by double-clicking an empty line and entering a path. Note that the path must start with a slash.
In either the HTTP Port box or the HTTPS Port box, enter the port on which the SharePoint server is configured to listen.
In the Public host name box, enter a public host name of your choice for the SharePoint web application. For more information, see About public host names.
Select the Replace host header with the following check box, and in the Farm host name box, enter a URL of your choice that will be used to differentiate the internal host name of the application from its public host name. Make sure that the URL includes the domain in which the trunk resides (the domain of the trunk appears on the Web Servers tab, to the right of the Public host name box). For example, if the public host name of the application is HRPortal and the trunk resides in the domain woodgrovebank.com, enter the following replacement host header: HRPortalExternal.woodgrovebank.com.
On the Authentication page, do the following:
To allow rich client applications, such as Microsoft Word or Microsoft Excel, to authenticate directly to the SharePoint application without authenticating to the portal, select the Allow rich clients to bypass trunk authentication check box.
To use Office Forms Based Authentication (MSOFBA), select the Use Office Forms Based Authentication for Office client applications check box.
Important
Make sure that you read About rich clients and MSOFBA before you select this check box.
On the Portal Link page of the wizard, if required, configure the portal link for the application.
If you are publishing Microsoft SharePoint Server 2010, make sure that the Open in a new window check box is selected.
When you have completed the wizard, click Finish.
The Add Application Wizard closes, and the application that you defined appears in the Applications list.
On the toolbar of the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate.
After the configuration is activated, the message "Forefront UAG configuration activated successfully" appears.
Configuring the server running SharePoint Products and Technologies
This procedure describes the steps to configure the AAM settings on the server running SharePoint Products and Technologies.
For SharePoint Server 2013 it is recommended to configure host-named site collections instead of AAM. See Create a site collection in SharePoint 2013.
To configure the server running SharePoint Products and Technologies
On the server running SharePoint Products and Technologies, open the SharePoint Central Administration tool.
In the SharePoint 2013 Central Administration tool or in the SharePoint 2010 Central Administration tool, under System Settings, click Configure alternate access mappings.
Note
When using SharePoint Server 2007, in the SharePoint 3.0 Central Administration tool, click the Operations tab, and then under Global Configuration, click Alternate access mappings.
On the Alternate Access Mappings page, in the Alternate Access Mapping Collection list, click Change Alternate Access Mapping Collection, and then on the Select an Alternate Access Mapping Collection dialog box, select the application that you want to publish.
On the Alternate Access Mappings page, click Edit Public URLs.
On the Edit Public Zone URLs page, in a zone box that is not yet defined, such as the Internet zone, enter the URL of the same public host name that you entered in the Public host name box when you added the SharePoint web application to the Forefront UAG trunk (described in Configuring Forefront UAG settings). Make sure that the URL includes the protocol, according to the trunk type.
For example, if you are publishing an application via an HTTPS trunk that resides in the domain woodgrovebank.com, and the application's public host name that you entered in Forefront UAG is HRPortal, enter the following URL: https://HRPortal.woodgrovebank.com.
When you have finished, click Save.
On the Alternate Access Mappings page, click Add Internal URLs, and then on the Add Internal URLs page, do the following:
In the URL protocol, host and port box, enter the URL that you assigned in the Farm host name box when you added the SharePoint web application to the Forefront UAG trunk (described in Configuring Forefront UAG settings). For example: https://HRPortalExternal.woodgrovebank.com.
In the Zone list, click the same zone in which you defined the public host name (in step 5 of this procedure), and then click Save.