How to Create Alternate Access Mappings

Scenarios › How to Create Alternate Access Mappings

How to Create Alternate Access Mappings

Alternate access mappings can direct users who request an external URL to a specific web application on your SharePoint servers. Create alternate access mappings between your external URLs and the web applications on your SharePoint servers.

The Agent for SharePoint uses proxy rules in a similar fashion. Users who authenticate through the Agent for SharePoint are redirected to the internal web application hosted in SharePoint.

Important! The proxy rules in the Agent for SharePoint must match the alternate access mappings for your SharePoint web application.

The following graphic describes how to create alternate access mappings:

This graphic describes how to create alternate access mappings for the Agent for SharePoint

Follow these steps:

(Optional) Review the following topics that are related to SharePoint administration:
- Alternate access mappings.
- Zones and alternate access mappings.
Obtain the public and internal URLs.
Specify a public URL for the web application
Specify an internal URL for the web application.

Alternate Access Mappings

SharePoint central administration servers let you create alternate access mappings between external and internal URLs.

External URLs are those URLs that your customers, partners, or people outside of your organization access. For example, your customers and partners could log in to your network using www.login.example.com.
Internal URLs correspond to the location of the web application in your SharePoint environment. For example, the login server that processes logins could be named login123.example.com.

An alternate access mapping creates an association in SharePoint between your external login URL and the login server in the back end. For example, the SharePoint server directs all the requests for www.login.example.com to the login123.example.com server as shown in the following graphic:

This graphic shows how an altternate access mapping in SharePoint directs traffic from an external URL to an internal URL hosted on a SharePoint server.

Zones and Alternate Access Mappings

Alternate access mappings also support zones. Zones let you configure different access paths to a single web application on your SharePoint server. Creating alternate access mappings across different zones can accomplish the following goals:

Create different URLs for the same web application. For example, you could have one URL for external users and a different URL for internal users that both point to the same web application.
Allow customers read-only access to documents that are hosted on your SharePoint server, while granting full access to your employees.
Require secure (HTTPS) connections to a web application for external visitors, while allowing employee access to the web application using HTTP.
Index the content of your web application using the SharePoint search index (which requires NTLM access), while requiring another authentication method for users.

The following graphic describes how different zones permit different levels of access to the same document for external customers and internal employees:

Venn Diagram Showing How Different SharePoint Zones Allow Different Acess Levels to the same document in one web application

The following graphic describes how multiple authentication methods apply to the same document by extending the associated web application to multiple zones:

Venn Diagram Showing How Extending Web Applications to Different Zones Allows Different Authentication Methods for Each Zone

To accommodate the SharePoint search index, the web application must be extended into one zone that uses NTLM authentication.

Obtain the Public and Internal URLs

The Agent for SharePoint runs on a proxy-server. The Agent for SharePoint forwards requests to the web applications in your SharePoint environment using proxy rules. These proxy rules direct traffic from the public URL (the server hosting Agent for SharePoint) to your SharePoint web applications (the internal URLs).

For example, customers who access support.example.com are authenticated by the Agent for SharePoint. Next the user is redirected to a SharePoint web application hosted on a server named support001.example.com. The web application serves the content from support001.example.com back to the user who requested the support.example.com page.

The following graphic describes the relationship between proxy rules and alternate access mappings from the previous example:

This diagram shows the relationship between Agent for SharePoint Proxy Rules and Alternate Aceess Mappings on your SharePoint server

Follow these steps:

Obtain the external URLs that are hosted on your Agent for SharePoint server from your network administrator. In this scenario, the URL www.support.example.com is hosted on the Agent for SharePoint server.
Log in to the server hosting the Agent for SharePoint.

Create a copy of the following file:

Agent-for-SharePoint_home\proxy-engine\conf\proxyrules.xml

Open the copy that you created in Step 3 with a text editor.
Locate the line containing the nete:forward tags, as shown in the following example:
```
<nete:forward>http://server2.company.com$1</nete:forward>
```
Note: In a typical environment, the URL in the Step 5 matches the Internal URL for your SharePoint web application.
Record the public and internal URLs for future reference. You need these public and internal URLs to create your alternate access mappings.
Repeat Steps 4 through 6 for to obtain any additional Internal URLs for other web applications.

Specify a Public URL for the Web Application

The public URL is an external URL through which your customers or external users connect to your organization. The public URL appears in the web browsers of your users.

When you use the Agent for SharePoint in front of your SharePoint server farm, use the URL of the server hosting your Agent for SharePoint as the public URL.

Important! The proxy rule settings of the Agent for SharePoint must match your alternate access mappings.

This procedure describes creating alternate access mappings for the default zone. Adding another type of authentication to a single internal URL with an alternate access mapping is described in a separate scenario.

Follow these steps:

Click Start, Programs, Microsoft SharePoint 2010 Products, SharePoint 2010 Central Administration.
The Central Administration home page appears.
Click Application Management.
The Application Management page appears.
Click Configure alternate access mappings.
The Alternate Access Mappings page appears with a list of available web applications.

Note: If the web application that you want is not listed, click the Alternate Access Mapping Collection drop-down list. Pick the web application that you want.
Click Edit Public URLs.
The Edit Public URLs page appears.
Locate the field for the zone that contains the internal URL for your web application. For example, if you created a web application named http://support001:27975 in the default zone, then locate the Default (zone) field with that URL.
Replace the internal URL in Step 5 with the public URL that you want. For example, if you are mapping from the internal URL http://supportp001:2975 to support.example.com, then replace the internal URL in the field with support.example.com.
Click Save.