AAM and SSL Termination
A few days ago I knew nothing about SSL Termination, the Cisco ACE load balancer or Alternate Access Mapping. (OK, I lied, I knew enough about AAM to hate it. Mostly because I just don’t get it.) I was struggling with the following scenario. Spencer Harbar and Shane Young lead me down the right path.
We use alternate access mapping to handle the routing of requests to the two web applications Intranet and MySite. This configuration is a result of the Cisco Ace Load Balancer that is handling the SSL termination and request forwarding. The end user types in https://intranet.company.com and the load balancer handles the SSL part and forwards the plain old http request to SharePoint. This diagram shows the set up.
The load balancer handles the SSL encryption and address translation. The web front ends only need to handle the HTTP traffic. Once the web applications are built you must configure Alternate Access Mapping to enable SharePoint to respond to the correct addresses. I knew all this, but found the AAM user interface a challenge to really understand. In this case we need the configuration to use a Public URL of https://intranet.company.com and an Internal URL of http://intranet.company.com.
The alternate access zone for Intranet should contain only one address: https://intranet.company.com.
A new Internal URL is required to handle the http traffic. Select Add Internal URL and ensure that you have selected the right AAM Collection. Enter the address http://intranet.company.com and add it to the Default zone.
Perform these same steps for http://mysite.company.com.
Your Alternate Access Mapping settings should now look like this. Note that the different Internal URLs map to the same Zone and the same Public URLs for Zone.
Depending on how you created your web applications you may need to change the start addresses of your Content Sources. In our case we changed them all to crawl on https.
http://technet.microsoft.com/en-us/library/cc261814.aspx
There is nothing in here for SharePoint but it has some handy info for your network folks. http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a0080908161.pdf
Ready to start your next project with us? That’s great! Give us a call or send us an email and we will get back to you as soon as possible!
+1.512.539.0322