This topic describes how to deploy SharePoint Web applications via Forefront Unified Access Gateway (UAG) in a topology in which the server running SharePoint Products and Technologies publishes multiple Web applications, and each application is published via a unique port.
This topology is as follows:
- A server running SharePoint Products and
Technologies publishes multiple Web applications; each application
is published via a unique port.
- Each SharePoint Web application is published
via only one Forefront UAG trunk.
- The public address of the SharePoint site is
different from the internal address of the site.
- External users access the SharePoint site
over HTTPS; internal users access the same site over HTTP.
Two SharePoint Web applications using different ports on a single server, published via a single trunk
You must perform the following procedures on the server running SharePoint Products and Technologies and on Forefront UAG. You can repeat these procedures to publish as many SharePoint Web applications as required, via Forefront UAG; however, you cannot publish the same SharePoint Web application more than once on each Forefront UAG trunk.
- Configuring
Forefront UAG settings—Configure the Forefront UAG server for
adding SharePoint Web applications to the trunk.
- Configuring the server
running SharePoint Products and Technologies—Configure the
server running SharePoint Products and Technologies for adding
SharePoint Web applications.
Configuring Forefront UAG settings
This procedure describes the steps you must do on the Forefront UAG server to add SharePoint Web applications to the trunk.
To add SharePoint Web applications to the trunk
-
In the Forefront UAG Management console, click the trunk to which you want to add the application, and then in the Applications area, click Add.
-
In the Add Application Wizard, on the Select Application page, click Web, and then in the list, click Microsoft Office SharePoint Server 2007 or Microsoft SharePoint Server 2010.
Important: Do not publish the same SharePoint Web application twice on the same trunk. If the application was published via this trunk before alternate access mapping was supported, remove the existing Office SharePoint Server 2007 application from the trunk, and then add a new Office SharePoint Server 2007 or 2010 application. -
On the Select Endpoint Policies page, select the relevant SharePoint download and upload policies. These policies have been designed specifically for use with published SharePoint applications.
-
On the Web Servers page, do the following:
- In the Addresses box, enter the
internal host name of the load-balanced SharePoint site or the
server running SharePoint Products and Technologies. Make sure that
you enter a fully qualified domain name.
- In the Paths box, you can optionally
define one or more paths on which the application resides, by
double-clicking an empty line and entering a path. Note that the
path must start with a slash.
- In either the HTTP port box or the
HTTPS port box, enter the port via which the application is
published.
- In the Public host name box, enter the
public URL of the SharePoint Web application, and then click
Next. For more information, see About
public host names. Note that the Replace host header with
the following option is not relevant for this topology, and the
box should be left empty.
- In the Addresses box, enter the
internal host name of the load-balanced SharePoint site or the
server running SharePoint Products and Technologies. Make sure that
you enter a fully qualified domain name.
-
On the Authentication page, do the following:
- To allow rich client applications, such as
Microsoft Word or Microsoft Excel, to authenticate directly to the
SharePoint application without authenticating to the portal, select
the Allow rich clients to bypass trunk authentication check
box.
- To use Office Forms Based Authentication
(MSOFBA), select the Use Office Forms Based Authentication for
Office client applications check box.
Important: Make sure that you read About rich clients and MSOFBA before you select this check box.
- To allow rich client applications, such as
Microsoft Word or Microsoft Excel, to authenticate directly to the
SharePoint application without authenticating to the portal, select
the Allow rich clients to bypass trunk authentication check
box.
-
On the Portal Link page of the wizard, configure the portal link for the application.
If you are publishing Microsoft SharePoint Server 2010, make sure that the Open in a new window check box is selected.
-
When you complete the wizard, click Finish.
The Add Application Wizard closes, and the application that you defined appears in the Applications area of the Configuration section.
-
Repeat steps 1 through 5 of this procedure to add all of the required SharePoint Web applications to the trunk.
-
On the toolbar of the Forefront UAG Management console, click the Activate Configuration icon, and then on the Activate Configuration dialog box, click Activate.
After the configuration is activated, the message "Forefront UAG configuration activated successfully" appears.
Configuring the server running SharePoint Products and Technologies
This procedure describes the steps you must do to configure the server running SharePoint Products and Technologies to add a SharePoint Web application.
To configure the server running SharePoint Products and Technologies
-
This procedure describes the steps you must do to configure the server running SharePoint Products and Technologies to add a SharePoint Web application.
-
In the SharePoint 2010 Central Administration tool, under System Settings, click Configure alternate access mappings.
Note: When using SharePoint Server 2007, in the SharePoint 3.0 Central Administration tool, click the Operations tab, and then under Global Configuration, click Alternate access mappings. -
On the Alternate Access Mappings page, in the Alternate Access Mapping Collection list, click Change Alternate Access Mapping Collection, and then, on the Select an Alternate Access Mapping Collection dialog box, select the application that you want to publish.
-
On the Alternate Access Mappings page, click Edit Public URLs.
-
On the Edit Public Zone URLs page, in a zone box that is not yet defined, such as the Internet zone, enter the URL of the same public host name that you entered in the Public host name box when you added the SharePoint Web application to the Forefront UAG trunk (described in Configuring Forefront UAG settings). Make sure that the URL includes the protocol, according to the trunk type.
For example, if you are publishing an application via an HTTPS trunk that resides in the domain woodgrovebank.com, and the application's public host name that you entered in Forefront UAG is HRPortal, enter the following URL: https://HRPortal.woodgrovebank.com.
-
When you have finished, click Save.
If the Forefront UAG trunk via which users access the application is an HTTPS trunk, and if communication between the trunk and the server running SharePoint Products and Technologies is over HTTP (default Forefront UAG settings), continue to the next step.
If you are using any other configuration, repeat steps 3 through 5 of this procedure to configure all the SharePoint Web applications that you added to the Forefront UAG trunk (described in Configuring Forefront UAG settings). After you have configured all the required SharePoint Web applications, this procedure is complete.
-
If the Forefront UAG trunk via which users access the application is an HTTPS trunk, and if communication between the trunk and the server running SharePoint Products and Technologies is over HTTP (default Forefront UAG settings), on the Alternate Access Mappings page, click Add Internal URLs, and then on the Add Internal URLs page, do the following:
- In the URL protocol, host and port
box, enter the internal URL of the SharePoint Web application that
you assigned in the Public host name box when you added the
SharePoint Web application to the Forefront UAG trunk (described in
Configuring Forefront UAG
settings), and then append the port number to the end of the
URL using the following format:
URL : port
Make sure that the URL includes the protocol, according to the protocol that the application uses internally. For example, if you are publishing an application that uses the HTTP protocol internally and the public host name that you entered in Forefront UAG is HRPortal, enter the following URL: http://HRPortal.woodgrovebank.com:80.
- In the Zone list, click the same zone
in which you defined the public host name (in step 5 of this
procedure), and then click Save.
- In the URL protocol, host and port
box, enter the internal URL of the SharePoint Web application that
you assigned in the Public host name box when you added the
SharePoint Web application to the Forefront UAG trunk (described in
Configuring Forefront UAG
settings), and then append the port number to the end of the
URL using the following format:
-
Repeat steps 3 through 7 of this procedure to configure all of the SharePoint Web applications that you added to the Forefront UAG trunk (described in Configuring Forefront UAG settings).