3.18.2009

Publishing Sharepoint 3.0 with Active Directory through ISA 2006

Microsoft technology can be quite complex but pretty much straight forward. Here I would like to explain how to publish Microsoft Office Sharepoint Server 2007 (Sharepoint 3.0) on an active directory (joined domain) with Microsoft Internet Security and Acceleration Server 2006. Before we get going let me explain a little bit about it:


Microsoft Office Sharepoint Server 2007 (Sharepoint 3.0) is something of a content management solution (think joomla, phpnuke, etc where you need not develop a website from scratch but simply customize whats available and focusing on content you wish to deliver. The concept of sharepoint is quite different from joomla and other CMS as this is meant for enterprise solution, it is usually for intranet because it handles file sharing, forms and lots of features which requires huge bandwidth but of course you would want to publish some content you feel fit to be broadcast. Sharepoint main components are farms (think land/area in which many sites are placed in), site collections (think houses which are placed on the land/area, which can also be considered as website) and of course sites (think rooms inside the house, which is also considered as webpages).


Active directory is something like a domain consist many users inside it which holds user profiles, preferences as well as many other things. The benefit of using active directory is once registered, a user can use any computer (including server) joined in that domain using their username, profile and password stored in the active directory. Users of course are grouped accordingly to their roles such as administrator, approver, etc. and are cotained in a domain controller server.


Microsoft Internet Security and Acceleration Server 2006 is the main gateway for the internet to an internal network. Its hardware consist of 2 Network Interface Cards holding 2 ip adresses (1 for internal and the other for internet). ISA combines many features and roles, mainly firewall and NAT. Think of it as the main gate of a village which is well-guarded and secured.


So, to continue, you must already set all three components in your network as each will play a role in this article.


To start, lets say you have configured Windows Server 2003 R2 on all servers and all are joined in a domain set up in your domain controller server using a single administrator from that domain. On a server lets say you have installed Microsoft Office Sharepoint Server 2003 successfully including the site collection (which holds the main website for example access to the server can be reached by entering: sps.samplesite:80 in the address) and working locally within your network. On another server, lets say you have installed ISA server and configured it and is currently working properly (meaning the firewall rules are working and users in your network can browse the internet).


Now it would be unlikely to tell your network users to access your site by entering sps.samplesite:8011 because it would seem odd and difficult to remember. Go to the Sharepoint 3.0 Administrator, head for Operations>Global Configuration and find alternate access mappings. This holds the information of the url which is allowed to be used to access your website. Set a new public url and enter a good name, in this case sps.samplesite.com and set it as default. Once completed, your website can be accessed locally by entering sps.samplesite.com. However not on other computers. Please note that you should keep the default sps.samplesite:80 11 as if you change it, the whole site will change to the new name which in some cases could cause some problem.


Now head for the Domain Controller Server and go to Administrative Tools>DNS and inside Forward Lookup Zones, you will find your domain name, for example samplesite.com and you will see a list of names of computers registered in your domain. Now, right click on samplesite.com and select Add New Host (A) and enter sps so the FQDN (Fully Qualified Domain Name) would appear as sps.samplesite.com. Enter your Sharepoint server ip address and hit Add. Now you can browse to your website from any computer within the network by entering sps.samplesite.com.


Ok, your website is up and running locally and users can access and share information within the network. So lets take this website to another level so it can be accessed from anywhere in the world with internet access.


Head for ISA server, open ISA Server Management and inside Arrays, you will find the name of your ISA Server and inside it find Firewall Policy (Server_Name). You will find a set of rules created earlier which allows internet access, block specific sites, etc. Now right click on the Firewall Policy and enter new>Sharepoint Publishing Rule. You will be introduced with a wizard, follow it.


First you must set the name, lets say Publish sps.samplesite.com and hit next.


Now you are asked for your publishing type. If you wish to only publish a single web site, well, select it. But I would recommend you to select Publish a server farm of load balanced web servers which allows you to publish other sites within your sharepoint farm without having to configure it again.


Once you click next, you are asked whether you are using SSL or non-secured connections. Since SSL are quite slow and you already have ISA configured, I would suggest you to select Use non-secured connection because you are trying to publish a high-bandwidth website and you dont want to make it slower.


Next you are asked to enter Internal Site Name, enter sps.samplesite.com which you have just set in your DC-server.


Next you are to enter your sever farm name, click on new to add your farm. A New wizard will appear, enter your server farm name and click next, now inside it, add your server by clicking Add, enter your computer name or ip address. Once done, hit next. Now you must enter a method of the ISA to monitor the connectivity of your sharepoint server, I would suggest Send a ping request as it would be the fastest and easiest solution to check. Hit next and your done.


Click next again would allow you to enter the public name details. Enter your public name which is sps.samplesite.com (assuming you have registered the name sps.samplesite.com in your ISP). Hit next to continue.


Now you are asked to select a web listener. This means ISA would redirect users from this listener to your sharepoint website. Hit new, and enter your web listener name. You are once again then asked whether you want to use SSL or not, but if you selected non-secure connection previously, select Do not require SSL secured connection and hit next. Now you are presented with a list of sources which would access your website. Since you want to publish your site, you must assign 1 free public ip address provided by your isp. Click on External and click on Select IP Addresses. A popup will appear, select the third one since you don’t want all traffic heading to your website. Add a new ip and enter your free public ip address provided by your ISP and click add. Then on the web listener click next, which then would allow you to choose how your users are able to login, as starters, I se HTML Form Authentication which then allow users to login using a login page provided by ISA. On the bottom, you are asked how ISA will validate the credential, select Windows (Active Directory) since you have DC-server configured and all users are logged in using joined domain. Hit next and uncheck the Enable SSO since you dont need it and your done.


Next you will be asked for Authentication Delegation, select NTLM Authentication if you have set it in the sharepoint administrator 3.0 or leaved it as default.


Next you will be asked for Alternate Access Mapping Configuration, select Sharepoint AAM is already configured as you have set it in the beginning from sps.samplesite:80 to sps.samplesite.com and hit next.


You will be presented with user sets, if All Users is already in the list hit next, if not then add All Users. Hit next and your done!


You can check your sharepoint website and make sure its working, if not, see if you missed something or if you’re still stuck feel free to leave comments here. Have fun!

0 comments: