Forum Discussion
NimbostratusFew newb SharePoint 2013 questions
Hi,
I am deploying Sharepoint 2013 with F5. I am looking at the guides, but I am new to F5, so a few questions. :)
1) I have a domain name which central admin will be renamed to (ie sharepointca.companyname.com). This is what users should be redirected to and see in their browser, so I assume this is the public URL? The central admin will also be SSL.
Some articles state the internal and public URLs are the same but then how do I make Sharepoint aware of my different URL? Requests must get mapped to these.
2) Am I right in thinking that any web server which is hosting central admin will be internal URLs (ie spca1.global.companyname.com), for example?
3) How does Kerberos change with F5 in use?
Thanks
5 Replies
Hi Blade,
1) If you have that domain name set correctly in Alternate Access Mappings, users can hit it directly and won't need to be redirected.
2) Not sure what you mean here. You'll need to configure AAMs correcly as mentioned above for users to access Central Administration.
3) Are you using APM? If so, you should set SharePoint CA auth to NTLM. This will allow the iApp to do forms authentication on the front end. If you aren't using APM, then you're fine.
thanks
Mike
Gurdip_Sira_160Hi Mike,
To expand a bit further, central admin is simply an fqdn of the servr name in AD (ie SPAC1 etc etc). It will have a readable URL in the end, so I am looking to do:
Set-SPAlternateURL -Identity "https://sps" -Url "https://spca.corp.contoso.com"
As from http://www.harbar.net/archive/2013/02/13/Using-SSL-for-Central-Administration-with-SharePoint-2013.aspx
Looking at the guide, it states:
For each public URL to be deployed behind LTM, you must first modify the URL protocol of the internal URL associated with that URL and zone from http:// to https://: and then recreate the http:// URL. If you try to just add a new URL for HTTPS, it will not function properly
I have played about with AAMs pre F5 configuration. So I assume I need http first in the list of internal urls, and then https.
Is an F5 VIP specific to one web app or several web apps? Ie just central admin or could it go to multiple http(s) sites?
So to conclude, my understanding is the following:
Create VIP in F5 with pool of servers to load balance, and then in DNS, an IP to go to the VIP with a hostname of the site - in my case, a rewritten central admin url.
In central admin, I may not need to rewrite anything but I need to setup http and https internal urls, as mentioned from the F5 guide.
Thanks
If you are doing SSL bridging, I don't think the http:// internal URLs are necessary. They are only needed if you are terminating SSL at the BIG-IP.
Are you deploying manually, or are you using the SharePoint iApp? We recommend the iApp named f5.microsoft.sharepoint_2010_2013.v1.0.0. It's available on downloads.f5.com.
- Gurdip_Sira_160
Hi Mike,
It will be SSL offloading in this case. I haven't looked at the iApp but will take a look. Thanks!
If I have to do AAMs, internal URLs have to be correctly configured. And from the guidance/literature, AAMs seems necessary.
Correct, when SSL offloading, you need the public URL set to https:// and at least one other zone's URL set to http://.
