AAM and SSL Termination

Post

AAM and SSL Termination

By Matthew McDermott on

/ SharePoint 2007

Scenario

A few days ago I knew nothing about SSL Termination, the Cisco ACE load balancer or Alternate Access Mapping. (OK, I lied, I knew enough about AAM to hate it. Mostly because I just don’t get it.) I was struggling with the following scenario. Spencer Harbar and Shane Young lead me down the right path.

SSL Termination and Load Balancing

We use alternate access mapping to handle the routing of requests to the two web applications Intranet and MySite. This configuration is a result of the Cisco Ace Load Balancer that is handling the SSL termination and request forwarding. The end user types in https://intranet.company.com and the load balancer handles the SSL part and forwards the plain old http request to SharePoint. This diagram shows the set up.

Network topology

The load balancer handles the SSL encryption and address translation. The web front ends only need to handle the HTTP traffic. Once the web applications are built you must configure Alternate Access Mapping to enable SharePoint to respond to the correct addresses. I knew all this, but found the AAM user interface a challenge to really understand. In this case we need the configuration to use a Public URL of https://intranet.company.com and an Internal URL of http://intranet.company.com.

AAM Configuration

The alternate access zone for Intranet should contain only one address: https://intranet.company.com.

AAM Public Zones

A new Internal URL is required to handle the http traffic. Select Add Internal URL and ensure that you have selected the right AAM Collection. Enter the address http://intranet.company.com and add it to the Default zone.

AAM Internal URLs

Perform these same steps for http://mysite.company.com.

Your Alternate Access Mapping settings should now look like this. Note that the different Internal URLs map to the same Zone and the same Public URLs for Zone.

AAM Results

Search Settings

Depending on how you created your web applications you may need to change the start addresses of your Content Sources. In our case we changed them all to crawl on https.

Search Settings

References

AAM on TechNet

http://technet.microsoft.com/en-us/library/cc261814.aspx

Cisco ACE Information

There is nothing in here for SharePoint but it has some handy info for your network folks. http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a0080908161.pdf

|| Administration || MVP || My Sites || People Who Rock
comments powered by Disqus

Let's Get In Touch!

Ready to start your next project with us? That’s great! Give us a call or send us an email and we will get back to you as soon as possible!

+1.512.539.0322

[email protected]