SharePoint publishing solution guide



Forefront Unified Access Gateway 2010SharePoint Publishing Solution Guide?Microsoft? CorporationVersion One: January, 2010Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.? 2009 Microsoft Corporation. All rights reserved.Microsoft, and MS-DOS, Windows, Windows Server, and Active Directory are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.Contents TOC \o "1-5" \h SharePoint publishing solution guide PAGEREF _Toc251546627 \h 5About this guide PAGEREF _Toc251546628 \h 5Overview of SharePoint publishing PAGEREF _Toc251546629 \h 5Why enable SharePoint extranet access with Forefront UAG? PAGEREF _Toc251546630 \h 7SharePoint publishing topologies PAGEREF _Toc251546631 \h 9Before you publish SharePoint applications PAGEREF _Toc251546632 \h 10Alternate access mappings PAGEREF _Toc251546633 \h 11Public host names PAGEREF _Toc251546634 \h 11Server certificates PAGEREF _Toc251546635 \h 12Publishing a SharePoint application PAGEREF _Toc251546636 \h 13Publishing multiple SharePoint applications on unique ports PAGEREF _Toc251546637 \h 13Configuring Forefront UAG settings PAGEREF _Toc251546638 \h 14Configuring the server running SharePoint Products and Technologies PAGEREF _Toc251546639 \h 16Publishing a SharePoint application with identical internal and public host addresses PAGEREF _Toc251546640 \h 17Configuring Forefront UAG settings PAGEREF _Toc251546641 \h 18Configuring the server running SharePoint Products and Technologies PAGEREF _Toc251546642 \h 19Publishing multiple SharePoint applications on a single port PAGEREF _Toc251546643 \h 21Configuring Forefront UAG settings PAGEREF _Toc251546644 \h 22Configuring the server running SharePoint Products and Technologies PAGEREF _Toc251546645 \h 23Configuring error reporting PAGEREF _Toc251546646 \h 24Verifying SharePoint publishing PAGEREF _Toc251546647 \h 24SharePoint publishing solution guideMicrosoft SharePoint Products and Technologies is a rich server application for the enterprise, that facilitates collaboration, provides full content management features, implements business processes, and provides access to information that is essential to the organization’s goals and processes. It provides an integrated platform to plan, deploy, and manage intranet, extranet, and Internet applications, across and beyond the enterprise.About this guideThis guide is intended for the system administrator who is responsible for publishing SharePoint Products and Technologies for use by remote extranet users.The system administrator should be familiar with Forefront Unified Access Gateway (UAG) and with publishing applications and trunks on Forefront UAG. The system administrator should also have a good working knowledge of SharePoint Products and Technologies, and the possible deployment scenarios.This guide contains the following topics:?Overview of SharePoint publishing—Provides an introduction to SharePoint Products and Technologies, and describes how you can publish SharePoint sites using Forefront UAG.?Why enable SharePoint extranet access with Forefront UAG?—Describes some of the benefits of using Forefront UAG to provide access to your SharePoint sites.?SharePoint publishing topologies—Describes the main topologies you can employ to publish SharePoint sites through Forefront UAG, including the steps you must do on both the Forefront UAG server and the server running SharePoint Products and Technologies, in order to publish Sharepoint applications in your network. ?Verifying SharePoint publishing—Describes how to verify that you have successfully published your SharePoint sites through Forefront UAG.Overview of SharePoint publishingMicrosoft SharePoint Products and Technologies provide a host of features and functionalities for Collaboration, Portal, Search, Enterprise Content Management, Forms Driven Business Process, and Business Intelligence.All SharePoint servers inherit a set of shared platform and management capabilities from Microsoft Windows SharePoint Services 3.0, as follows:?Collaboration—Help to keep teams connected and productive by providing easy access to the people, documents, and information, that users need to make well-informed decisions within their jobs. SharePoint Products and Technologies include collaboration and community, document life cycle capabilities, task notifications, Really Simple Syndication (RSS), the basic Web-based user interface and navigation.?Portal—The portal components of Office SharePoint Server 2007 include features that are useful for designing, deploying, and managing enterprise intranet portals, corporate Internet presence Web sites, and divisional portal sites.?Search—The search component provides a consistent and familiar search experience, increased relevance of search results, and new functionalities, along with improved scalability, manageability, and extensibility.?Enterprise Content Management—Windows SharePoint Services provide core document management functionality: major and minor versioning, check-in/check-out document locking, rich descriptive metadata, workflow, content type–based policies, auditing, and role-based-access controls at the document library, folder, and individual document levels. Office SharePoint Server 2007 builds on these capabilities to deliver enhanced authoring, business document processing, Web content management and publishing, records management, policy management, and support for multilingual publishing.?Forms Driven Business Process—Streamline forms-driven business processes with easy-to-use, intelligent, XML-based electronic forms that integrate smoothly with existing systems. This security-enhanced, client/server platform provides rapid-solution creation and deployment, centralizes form management and maintenance, and helps to extend business processes to customers, partners, and suppliers.?Business Intelligence—Provide business intelligence (BI) capabilities to every employee, so they can share, control, and reuse business information, in order to make better business decisions. The BI features of Office SharePoint Server 2007 provide Web and programmatic access to published Microsoft Office Excel spreadsheets, programmatic reuse of critical line-of-business data, and easy development of Web-based BI dashboards that can incorporate rich, data-bound key performance indicators (KPIs), Web Parts, and published spreadsheets.Important: Forefront Unified Access Gateway (UAG) provides full compatibility with the Alternate Access Mappings feature of SharePoint Products and Technologies.Forefront UAG provides three application templates that you can publish to provide access to your internal SharePoint Products and Technologies:1.Microsoft SharePoint Server 2010—Provides access to your SharePoint Server 2010 using alternate access mappings to allow the SharePoint server to perform URL changes on its own. This ensures that reverse proxies, such as Forefront UAG, do not have to change the content of the pages they serve to external sources.2.Microsoft Office SharePoint Server 2007—Provides access to your SharePoint Server 2007 using alternate access mappings to allow the SharePoint server to perform URL changes on its own. This ensures that reverse proxies, such as Forefront UAG, do not have to change the content of the pages they serve to external sources.3.Office SharePoint Portal Server 2003—Provides access to your SharePoint portal server using host address translation (HAT).Why enable SharePoint extranet access with Forefront UAG?Publishing SharePoint Products and Technologies through Forefront Unified Access Gateway (UAG) can provide the following advantages to both the organization and end users:?Anywhere access—Users can access SharePoint sites and edit their documents from virtually anywhere: managed laptops, home computers, kiosks, and mobile devices.?Information leakage prevention—When users open or edit a document from a SharePoint library via Forefront UAG, no information is left on the client computer; Forefront UAG deletes all cached files, temporary files, and cookies.?Endpoint health-based authorization—Forefront UAG allows administrators to define an access policy that is based not only on the identity of the user and the information that is exposed, but also on the condition of the client computer; for example, basing the policy on the computer's operating system, on the browser that is used to access the site, or on whether or not an up-to-date antivirus is running on the computer. Typical implementations of this type of authorization prevent users that don’t run an antivirus from uploading files to the SharePoint site, and they also prevent access to sensitive information from public computers.?Web farm load balancing (WFLB)—In a large organization with many SharePoint servers, using load balancing can ensure that traffic is distributed evenly between the servers.Forefront UAG uses a round-robin mechanism to ensure that user requests to a Web application serviced by a Web farm are distributed fairly among farm members that are online, by spreading requests from different IP addresses evenly among the Web farm members. This even spread is preserved during failover. When failover occurs, servers that are not responding are detected, and the load is distributed among the available servers.Forefront UAG uses affinity to ensure that, after a user has been routed once to a particular SharePoint server, the user continues to be routed to that server. To keep this persistency, Forefront UAG supports session affinity and IP affinity.?Advanced authentication schemes—Forefront UAG implements many authentication schemes, ranging from simple username and password forms to smartcard-only authentication, one-time passwords, and partner integration via Active Directory Federation Services (AD?FS).?Enabling access to SharePoint sites from Microsoft Office Outlook Web Access—When Outlook Web Access is also published via the Forefront UAG portal, Forefront UAG makes sure that if an e-mail message contains a link to a published SharePoint site (for example, ), the link works properly even if it contains Intranet domain names (for example, ).?Single sign on—Users need to sign on only once during a session. After they do, Forefront UAG saves their credentials, and they are automatically signed on to any system they want to access during the session. This is very useful when publishing several SharePoint sites or additional applications.?Unified portal—After a user logs on, Forefront UAG presents the user with a list of SharePoint sites and other applications that are available and for which the user is authorized. The list is dynamic and reflects the current client health and Forefront UAG server configuration.?Automatic timeout—Forefront UAG detects whether or not users are active, and automatically logs off users that are not active for a predefined amount of time. This is very important in remote-access scenarios, where users might leave their computer unattended in a public location.?Internet-ready appliances—Forefront UAG was developed and designed as an Internet and perimeter network appliance, and it is hardened and secured according to industry standards.?Secure Sockets Layer (SSL) termination—Forefront UAG can terminate SSL connections and mitigate the load off Office SharePoint Server, while providing a single point of management for certificates.?Application protection—Not only does Forefront UAG act as an HTTP proxy and buffer the internal servers from the Internet, it also incorporates several application-level technologies to protect computers running Office SharePoint Server from malicious attacks.?Policy-based access—Forefront UAG provides integrated security by ensuring compliance with predefined rules and policies.Note: In some circumstances, when Office clients access Office files published via Forefront UAG with a browser using the WebDav user agent, client authentication might not work as expected. In Office 2007, clients might be continuously prompted for credentials. In Office 2010, clients may be prompted three times for credentials before the requested file is opened.SharePoint Server 2010 and SharePoint Server 2007 provide flexible options for configuring extranet access to sites. You can provide Internet-facing access to a subset of sites on a server farm, or make all content on a server farm accessible from the Internet. You can host extranet content inside your corporate network and make it available through an edge firewall, or you can isolate the server farm inside a perimeter network.The following table describes potential deployment scenarios for Forefront UAG and SharePoint Products and Technologies:Remote employeesRemote employees can access corporate information and electronic resources anywhere, anytime, and any place, without requiring a virtual private network (VPN). Remote employees may be:?Traveling sales employees.?Employees working from home offices or customer sites.?Geographically dispersed virtual teams.External partnersExternal partners can participate in business processes and collaborate with employees of your organization using Active Directory Federation Services (AD?FS). See Configuring SharePoint AAM applications with AD FS. You can use an extranet to help enhance the security of data in the following ways:?Apply appropriate security and user-interface components to isolate partners and segregate internal data.?Authorize partners to use only sites and data that are necessary for their contributions.?Restrict partners from viewing other partners’ data.You can optimize processes and sites for partner collaboration by:?Enabling employees of your organization and partner employees to view, change, add, and delete content to promote successful results for both companies.?Configuring alerts to notify users when content changes, or to start a workflow.CustomersPublish branded, targeted content to partners and customers by:?Targeting content based on product line or by customer profile.?Segmenting content by implementing separate site collections within a farm.?Limiting content access and search results based on audience.SharePoint publishing topologiesThe topics in this section describe some of the commonly used topologies for deploying servers running SharePoint Products and Technologies through Forefront Unified Access Gateway (UAG). For each topology, the following relationships are explained:?Relationships between the servers running SharePoint Products and Technologies and Forefront UAG.?Relationship between the SharePoint site's internal address, which is used to access the site from within the organization, and public address, which is the public-facing address that is used to access the site remotely.For further information about designing SharePoint extranet farm topologies, see Design extranet farm topology (Office SharePoint Server).Note: In each of the topologies, it is assumed that external users will access the SharePoint site using a secure HTTPS connection. Although it is possible for external users to access the SharePoint site using HTTP, the connection to the site will not be secure.The following topics describe some considerations you should be aware of before publishing SharePoint applications, and the main topologies and steps for publishing SharePoint applications in your network using Forefront UAG:?Before you publish SharePoint applications?Publishing a SharePoint application?Publishing multiple SharePoint applications on unique ports?Publishing a SharePoint application with identical internal and public host addresses?Publishing multiple SharePoint applications on a single portBefore you publish SharePoint applicationsBefore publishing SharePoint applications through Forefront Unified Access Gateway (UAG), make sure you are familiar with the following:?Alternate access mappings—How you can use alternate access mappings when publishing SharePoint applications through Forefront UAG.?Public host names—How to set up your host names to ensure that your alternate access mappings work correctly.?Server certificates—The server certificates requirements for your deployment.Note: To provide clientless access to SharePoint sites, the domain of the SharePoint site must be in the Trusted Sites list of Internet Explorer, and Internet Explorer must be configured so that the Trusted sites zone does not run in protected mode. In this configuration, the end user can log in to the site using single sign-on (SSO). If the SharePoint site is not in the Trusted Sites list, end users cannot log in using SSO.Note: The Forefront UAG Endpoint Session Cleanup component should be running on client endpoints.Alternate access mappingsAlternate access mappings (AAM) enable SharePoint Server 2010 and SharePoint Server 2007 to map Web requests to the correct Web applications and sites, and they enable the SharePoint Server to serve the correct content back to the user. For example, in a setup where internal users access a SharePoint site at and remote users access the same SharePoint site at through Forefront UAG, the SharePoint Server replies to both internal and remote users with identical content. The Forefront UAG server responds with identical content, even though external users submit a different protocol (HTTPS) and a different host header (HRportal.) to the protocol and host header submitted by internal users. For additional information about alternate access mappings, see Plan alternate access mappings (Office SharePoint Server) ().Note: Forefront UAG supports alternate access mappings in SharePoint Server 2007 and SharePoint Server 2010. Alternate access mappings are not relevant for earlier versions, such as SharePoint Portal Server (Office 2003 version). If you need to publish earlier versions, you must use the Office SharePoint Portal Server 2003 application.Note: Users can also access SharePoint sites directly, without having to pass through the Forefront UAG portal, by using the public host name that you assign when you add the application to the portal.Public host namesWhen you publish SharePoint Products and Technologies via Forefront UAG, each SharePoint Web application is associated with a unique public-facing host name, which is used to access the application remotely.A SharePoint Web application that is published through the Forefront UAG trunk shares the trunk's definitions in addition to some of the trunk's functionality, such as the logon and logoff pages. This means that the application's public host name must reside under the same parent domain as the trunk's public host name; that is, the application and the trunk are subdomains of the same parent domain.The following table shows sample public host names of Forefront UAG trunks, and the valid and non valid public host names for the SharePoint Web applications that you publish through each sample trunk.Forefront UAG trunk’s public host nameTrunk’s parent domainExamples of valid public host names for SharePoint Web applicationExamples of non valid public host names for SharePoint Web applicationuag.hrportal.hrportal.a.b.hrportal.uag.uag.ext.ext.hrportal.ext.hrportal.a.b.ext.hrportal.uag.ext.hrportal.When you select an application's public host name, you must also consider the limitations that are associated with the trunk's server certificate. For information about server certificates, see About server certificates.Server certificatesDuring the initial configuration of an HTTPS trunk in Forefront UAG, you select the trunk's server certificate. All the public host names that are used in the trunk should be covered by this certificate, including the trunk's public host name and the public host names of all the applications that are accessed via the trunk.The following types of certificates support multiple host names:?Wildcard certificate—Covers all host names that are in a given domain level; it does not cover names that are in any of the domain's superdomains or subdomains. For example, the certificate *. covers the host names uag. and HRportal. because they are both on the same domain level, but it doesn’t cover the host name HRportal.uag. which is a subdomain in the domain *..?Subject Alternative Name certificate—Includes a primary domain and a list of other domains that are covered by the certificate. There is no difference between the primary and the secondary domains, and there is no limitation on the number of host names you can use. Note, however, that if host names are added to or removed from the trunk, you must issue and select a new certificate for the trunk.For information about how to import a certificate into Forefront UAG, see HOW TO: Install Imported Certificates on a Web Server in Windows Server 2003 (), and then follow these procedures:?Install the Certificates.?Import the Certificate into the Local Computer Store.Note: Do not follow the procedure "Assign the Imported Certificate to a Web Site"; you assign the certificate to the Forefront UAG Web site when you create or edit the Forefront UAG trunk through which you publish the SharePoint Web application.Publishing a SharePoint application The following is the basic topology for publishing a single SharePoint Web application using Forefront Unified Access Gateway (UAG):?A server running SharePoint Products and Technologies publishes a single Web application.?The SharePoint Web application is published via only one Forefront UAG trunk. ?The public address of the SharePoint site is different from the internal address of the site.?External users access the SharePoint site over HTTPS; internal users access the same site over HTTP.SharePoint Web application published via a single trunkPublishing multiple SharePoint applications on unique portsThis topic describes how to deploy SharePoint Web applications via Forefront Unified Access Gateway (UAG) in a topology where the server running SharePoint Products and Technologies publishes multiple Web applications, and each application is published via a unique port.This topology is as follows:?A server running SharePoint Products and Technologies publishes multiple Web applications; each application is published via a unique port.?Each SharePoint Web application is published via only one Forefront UAG trunk.?The public address of the SharePoint site is different from the internal address of the site.?External users access the SharePoint site over HTTPS; internal users access the same site over HTTP.Two SharePoint Web applications using different ports on a single server, published via a single trunkYou must perform the following procedures on the server running SharePoint Products and Technologies and on Forefront UAG. You can repeat these procedures to publish as many SharePoint Web applications as required, via Forefront UAG. Note that you cannot publish the same SharePoint Web application more than once on each Forefront UAG trunk.?Configuring Forefront UAG settings—Configure the Forefront UAG server for adding SharePoint Web applications to the trunk.?Configuring the server running SharePoint Products and Technologies—Configure the server running SharePoint Products and Technologies for adding SharePoint Web applications.Configuring Forefront UAG settingsThis procedure describes the steps you must do on the Forefront UAG server for adding SharePoint Web applications to the trunk.To add SharePoint Web applications to the trunk1.In the Forefront UAG Management console, click the trunk to which you want to add the application, and then in the Applications area, click Add.2.In the Add Application Wizard, on the Select Application page, select Web, and then in the list, click Microsoft Office SharePoint Server 2007 or Microsoft SharePoint Server 2010.Important: Do not publish the same SharePoint Web application twice on the same trunk. If the application was published via this trunk before alternate access mapping was supported, remove the existing Office SharePoint Server 2007 or 2010 application from the trunk, and then add a new Office SharePoint Server 2007 or 2010 application.3.On the Web Servers page, do the following:?In the Addresses box, enter the internal host name of the load-balanced SharePoint site or the server running SharePoint Products and Technologies. Make sure that you enter a fully qualified domain name. ?In the Paths box, you can optionally define one or more paths on which the application resides, by double-clicking an empty line and entering a path. Note that the path must start with a slash.?In either the HTTP port box or the HTTPS port box, enter the port via which the application is published.?In the Public host name box, enter the public URL of the SharePoint Web application, and then click Next. For more information, see About public host names. Note that the Replace host header with the following option is not relevant for this topology, and the box should be left empty.When you complete the wizard, click Finish.The Add Application Wizard closes, and the application that you defined appears in the Applications area of the Configuration section.4.Repeat steps 1 through 3 of this procedure to add all of the required SharePoint Web applications to the trunk.5.On the toolbar of the Forefront UAG Management console, click the Activate Configuration icon, and then on the Activate Configuration dialog box, click Activate. When the configuration is activated, the message "Forefront UAG configuration activated successfully" appears.Configuring the server running SharePoint Products and TechnologiesThe following procedure describes the steps you must do on the server running SharePoint Products and Technologies for adding SharePoint Web applications.To configure the server running SharePoint Products and Technologies1.On the server running SharePoint Products and Technologies, open the SharePoint Central Administration tool.2.In the SharePoint 2010 Central Administration tool, under System Settings, click Configure alternate access mappings. Note: When using SharePoint Server 2007, in the SharePoint 3.0 Central Administration tool, click the Operations tab, and then under Global Configuration, click Alternate access mappings.3.On the Alternate Access Mappings page, in the Alternate Access Mapping Collection list, click Change Alternate Access Mapping Collection, and then, on the Select an Alternate Access Mapping Collection dialog box, select the application that you want to publish.4.On the Alternate Access Mappings page, click Edit Public URLs.5.On the Edit Public Zone URLs page, in a zone box that is not yet defined, such as the Internet zone, enter the URL of the same public host name that you entered in the Public host name box when you added the SharePoint Web application to the Forefront UAG trunk (described in Configuring Forefront UAG settings). Make sure that the URL includes the protocol, according to the trunk type. For example, if you are publishing an application via an HTTPS trunk that resides in the domain , and the application's public host name that you entered in Forefront UAG is HRPortal, enter the following URL: you have finished, click Save.If the Forefront UAG trunk via which users access the application is an HTTPS trunk, and if communication between the trunk and the server running SharePoint Products and Technologies is over HTTP (default Forefront UAG settings), continue to the next step. If you are using any other configuration, repeat steps 3 through 5 of this procedure to configure all the SharePoint Web applications that you added to the Forefront UAG trunk (described in Configuring Forefront UAG settings). After you have configured all the required SharePoint Web applications, this procedure is complete.7.If the Forefront UAG trunk via which users access the application is an HTTPS trunk, and if communication between the trunk and the server running SharePoint Products and Technologies is over HTTP (default Forefront UAG settings), on the Alternate Access Mappings page, click Add Internal URLs, and then on the Add Internal URLs page, do the following:?In the URL protocol, host and port box, enter the internal URL of the SharePoint Web application that you assigned in the Public host name box when you added the SharePoint Web application to the Forefront UAG trunk (described in Configuring Forefront UAG settings), and then append the port number to the end of the URL using the following format:URL:portMake sure that the URL includes the protocol, according to the protocol that the application uses internally. For example, if you are publishing an application that uses the HTTP protocol internally and the public host name that you entered in Forefront UAG is HRPortal, enter the following URL: the Zone list, click the same zone in which you defined the public host name in step 5 of this procedure, and then click Save.8.Repeat steps 3 through 7 of this procedure to configure all of the SharePoint Web applications that you added to the Forefront UAG trunk (described in Configuring Forefront UAG settings).Publishing a SharePoint application with identical internal and public host addressesThis topic describes how to deploy a SharePoint Web application with Forefront Unified Access Gateway (UAG) in a topology in which each server running SharePoint Products and Technologies publishes a single Web application, and the application's internal and public addresses are identical.The following topology is commonly used in hosted services environments:?A server running SharePoint Products and Technologies publishes a single Web application.?The SharePoint Web application is published via only one Forefront UAG trunk. ?The public address of the SharePoint site is identical to the internal address of the site.?External users access the SharePoint site over HTTPS; internal users access the same site over HTTP.SharePoint Web application published via a single trunk; SharePoint site's public host address is identical to the site's internal host addressNote: You must perform the following procedures on the server running SharePoint Products and Technologies, and on the Forefront UAG server. You can repeat these procedures to publish as many SharePoint Web applications as required, via Forefront UAG. Note, however, that you cannot publish the same SharePoint Web application more than once on each Forefront UAG trunk.?Configuring Forefront UAG settings—Configure the Forefront UAG server to add a SharePoint Web application to the trunk.?Configuring the server running SharePoint Products and Technologies—Configure the server running SharePoint Products and Technologies.Configuring Forefront UAG settingsThis procedure describes the steps you must do on the server.To add a SharePoint Web application to the trunk1.In the Forefront UAG Management console, click the trunk to which you want to add the application, and then in the Applications area, click Add.2.In the Add Application Wizard, on the Select Application page, select Web, and then in the list, click Microsoft Office SharePoint Server 2007 or Microsoft SharePoint Server 2010.Important: Do not publish the same SharePoint Web application twice on the same trunk. If the application was published via this trunk before alternate access mapping was supported, remove the existing SharePoint Server 2007 or 2010 application from the trunk, and then add a new SharePoint Server 2007 or 2010 application.3.On the Web Servers page, do the following:?In the Addresses box, enter the internal host name of the load-balanced SharePoint site, or of the server running SharePoint Products and Technologies. Make sure that you enter a fully qualified domain name. ?In the Paths box, you can optionally define one or more paths on which the application resides, by double-clicking an empty line and entering a path. Note that the path must start with a slash.?In either the HTTP Port box or the HTTPS Port box, enter the port on which the application is published.?In the Public host name box, enter the public host name of the SharePoint Web application. For more information, see About public host names.?If you are publishing a farm of load-balanced Web servers, select the Replace host header with the following check box, and in the Farm host name box, enter a URL that will be used to differentiate the internal host name of the application from its public host name. Make sure that the URL includes the domain in which the trunk resides (the domain of the trunk appears on the Web Servers tab, to the right of the Public host name box). For example, if the public host name of the application is HRPortal and the trunk resides in the domain , enter the following replacement host header: HRPortalExternal..4.When you have completed the wizard, click Finish.The Add Application Wizard closes, and the application that you defined appears in the Applications list.5.On the toolbar of the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate. 6.When the configuration is activated, the message "Forefront UAG configuration activated successfully" appears.Configuring the server running SharePoint Products and TechnologiesThis procedure describes the steps you must do on the server running SharePoint Products and Technologies.To configure the server running SharePoint Products and Technologies1.On the server running SharePoint Products and Technologies, open the SharePoint Central Administration tool.2.In the SharePoint 2010 Central Administration tool, under System Settings, click Configure alternate access mappings.Note: When using SharePoint Server 2007, in the SharePoint 3.0 Central Administration tool, click the Operations tab, and then under Global Configuration, click Alternate access mappings.3.On the Alternate Access Mappings page, in the Alternate Access Mapping Collection list, click Change Alternate Access Mapping Collection, and then on the Select an Alternate Access Mapping Collection dialog box, select the application that you want to publish.4.On the Alternate Access Mappings page, click Edit Public URLs.5.On the Edit Public Zone URLs page, in a zone box that is not yet defined, such as the Internet zone, enter the URL of the same public host name that you entered in the Public host name box when you added the SharePoint Web application to the Forefront UAG trunk (described in Configuring Forefront UAG Settings). Make sure that the URL includes the protocol, according to the trunk type. For example, if you are publishing an application via an HTTPS trunk that resides in the domain , and the application's public host name that you entered in Forefront UAG is HRPortal, enter the following URL: you have finished, click Save.7.On the Alternate Access Mappings page, click Add Internal URLs, and then on the Add Internal URLs page, do the following:?In the URL protocol, host and port box, enter the URL that you assigned in the Replace host header with the following box when you added the SharePoint Web application to the Forefront UAG trunk (described in Configuring Forefront UAG Settings). For example: : If the Web application is not published using a farm of load-balanced Web servers, in the URL protocol, host and port box, enter the URL that you assigned in the Public host name box. For example: the Zone list, click the same zone in which you defined the public host name, in step 5 of this procedure, and then click Save.Publishing multiple SharePoint applications on a single portThis topic describes how to deploy SharePoint Web applications via Forefront Unified Access Gateway (UAG) in a topology where the server running SharePoint Products and Technologies publishes multiple Web applications on a single port.The topology is as follows:?A server running SharePoint Products and Technologies publishes multiple Web applications on a single port, each with a unique host header.?Each SharePoint Web application is published via only one Forefront UAG trunk. ?The public address of the SharePoint site is different from the internal address of the site.?External users access the SharePoint site over HTTPS; internal users access the same site over HTTP.Two SharePoint Web applications on a single server and using the same port, published via a single trunkYou must perform the following procedures on the server running SharePoint Products and Technologies, and on Forefront UAG. You can repeat these procedures to publish as many SharePoint Web applications as required, via Forefront UAG. Note, however, that you cannot publish the same SharePoint Web application more than once on each Forefront UAG trunk.?Configuring Forefront UAG settings—Configure the Forefront UAG server to add a SharePoint Web application to the trunk.?Configuring the server running SharePoint Products and Technologies—Configure the server running SharePoint Products and Technologies to add a SharePoint Web application.Configuring Forefront UAG settingsThis procedure describes the steps you must do on the Forefront UAG server.To add a SharePoint Web application to the trunk1.In the Forefront UAG Management console, click the trunk to which you want to add the application, and then in the Applications area, click Add.2.In the Add Application Wizard, on the Select Application page, select Web, and then in the list, click Microsoft Office SharePoint Server 2007 or Microsoft SharePoint Server 2010.Important: Do not publish the same SharePoint Web application twice on the same trunk. If the application was published via this trunk before alternate access mapping was supported, remove the existing SharePoint Server 2007 or 2010 application from the trunk, and then add a new SharePoint Server 2007 or 2010 application.3.On the Web Servers page, do the following:?In the Addresses box, enter the public host name of the SharePoint Web application (for example, HRPortal). Note: Do not enter the internal host name of the load-balanced SharePoint site or of the server running SharePoint Products and Technologies.?In the Paths box, you can optionally define one or more paths on which the application resides, by double-clicking an empty line and entering a path. Note that the path must start with a slash.?In either the HTTP Port box or the HTTPS Port box, enter the port via which the application is published.?In the Public host name box, enter the public host name of the SharePoint Web application, and then click Next. For more information, see About public host names. Note that the Replace host header with the following option is not relevant for this topology, and the box should be left empty.4.When you have completed the wizard, click Finish.The Add Application Wizard closes, and the application that you defined appears in the Applications list.5.On the toolbar of the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate. When the configuration is activated, the message "Forefront UAG configuration activated successfully" appears.Configuring the server running SharePoint Products and TechnologiesThis procedure describes the steps you must do on the server running SharePoint Products and Technologies.To configure the server running SharePoint Products and Technologies1.On the server running SharePoint Products and Technologies, open the SharePoint Central Administration tool.2.In the SharePoint 2010 Central Administration tool, under System Settings, click Configure alternate access mappings.Note: When using SharePoint Server 2007, in the SharePoint 3.0 Central Administration tool, click the Operations tab, and then under Global Configuration, click Alternate access mappings.3.On the Alternate Access Mappings page, in the Alternate Access Mapping Collection list, click Change Alternate Access Mapping Collection, and then, on the Select an Alternate Access Mapping Collection dialog box, select the application that you want to publish.4.On the Alternate Access Mappings page, click Edit Public URLs.5.On the Edit Public Zone URLs page, in a zone box that is not yet defined, such as the Internet zone, enter the URL of the same public host name that you entered in the Public host name box when you added the SharePoint Web application to the Forefront UAG trunk (as described in Configuring Forefront UAG Settings). Make sure that the URL includes the protocol, according to the trunk type. For example, if you are publishing an application via an HTTPS trunk that resides in the domain and the application's public host name that you entered in Forefront UAG is HRPortal, enter the following URL: you have finished, click Save.Continue to the next step only if the Forefront UAG trunk via which users access the application is an HTTPS trunk, and if communication between the trunk and the server running SharePoint Products and Technologies is over HTTP (default Forefront UAG settings). If not, this procedure is now complete.7.If the Forefront UAG trunk via which users access the application is an HTTPS trunk, and if communication between the trunk and the server running SharePoint Products and Technologies is over HTTP (default Forefront UAG settings), on the Alternate Access Mappings page, click Add Internal URLs, and then on the Add Internal URLs page, do the following:?In the URL protocol, host and port box, enter the internal URL of the SharePoint Web application that you assigned in the Public host name box when you added the SharePoint Web application to the Forefront UAG trunk (described in Configuring Forefront UAG Settings). Make sure that the URL includes the protocol, according to the protocol that the application uses internally. For example, if you are publishing an application that uses the HTTP protocol internally and the public host name that you entered in Forefront UAG is HRPortal, enter the following URL: the Zone list, click the same zone in which you defined the public host name, in step 5 of this procedure, and then click Save.Configuring error reportingTo preserve the content-type when the SharePoint server reports HTTP errors to Forefront Unified Access Gateway (UAG), you must configure the IIS server on Forefront UAG to return detailed errors, as described in the following procedure.To configure error reporting1.On the Forefront UAG server, click Start, and then in the Start Search box, type inetmgr and press ENTER.2.In the Internet Information Services (IIS) Manager, in the navigation tree, under Sites, click the site name corresponding to your portal.3.In the center pane, in the IIS section, double-click Error Pages.4.In the Actions pane, click Edit Feature Settings.5.On the Edit Error Pages Settings dialog box, in the Error Responses area, click Detailed errors, and then click OK.Verifying SharePoint publishingThis topic describes how to verify that you have correctly published your SharePoint application. It describes how to verify access to the Sharepoint site through the AAM address, and how to verify Office integration on the Sharepoint site.To verify access to the SharePoint site through the AAM address1.On the client computer, open a web browser.2.Enter the SharePoint AAM address that you set when publishing the SharePoint application.3.Log in to the SharePoint site.The SharePoint site should appear as though it was accessed from the internal network.To verify Office integration on the SharePoint site1.After logging in to the SharePoint site, browse to a document located on the site.2.Click the document link.The document opens in a Microsoft Office application.3.Make some changes to the document and save the document to the SharePoint site.The updated document will be saved on the SharePoint site. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download