Wednesday, July 3, 2013

SharePoint Alternate Access Mapping (AAM) for Dummies

I've never really understood Alternate Access Mapping called AAM. But when I started to use UAG and the SharePlus App it was necessary to understand the concept of AAM better.

I will not talk about how to configure AAM or the bindings in the IIS. There are lots of stuff out there. I want you to undestand the concept.

So I want to tell you how I made me understand AAM. There are three features of  AAM
  1. Internal URL
  2. Public URL
  3. Zone
  • The internal URL is the URL that the SharePoint Server understands & accepts
  • The public URL is the URL that the clients outside in the world knows
  • A Zone is a logical container for a public URL with a name like "Interner" or "Extranet". It does nothing really special. You have 5 zones in SharePoint, means a max. of 5 public urls.

Explain AAM with some analogies


My name is Ihsan Baris. So when someone calls me "Baris" or "Ihsan" I'll respond to him. Some friends and my brother are calling me also "Biggy". Don't know why but I already accepted the nickname. These are my internal names.




So when a Japanese tries so pronounce my name, he would say "Balusu". If someone calls me "Balusu" I would not respond to him, although he wants to contact me. This is a public name for a Japanese.



So what I need is a mapping between the public and the internal name. Here comes AAM. A translator tells me that "Balusu" means "Baris" in Japanese, so I make the connection in my mind. In the AAM configuration it would look like:
Adding balusu as internal url to the default zone
Mostly it is not important in which zone a public url lies.

Now I recognize the name "Balusu" but I'll respond to this name always with: Yes I'm Baris and not with Yes I'm Balusu.


In an real example the client is typing http://balusu, the server gets the request but renders all links within the content with http://baris.

This can be confusing. I this case I've to accept that I need to respond to a Japanes with "Yes I'm Balusu" to make him happy . This means I've to make the name public to whole Japan.

Making balusu public

Real World Example 1

  • Assume we have a SharePoint WebApplication with http://sharepoint for internal users. 
  • Now we want also external users to connect to our SharePoint with https://gate.sp.company.com.
  • We don't want to deal with certificates and terminate the ssl on a proxy server like UAG. The UAG then rewrites the request to http://gate.sp.company.com and points to SharePoint Server.
  • The SharePoint server returns all links with https.


The AAM configuration for this example would look like


Now we have 2 Urls which our clients know (Public URLs)
  • http://sharepoint
  • https://gate.sp.company.com
But we have 3 Url which SharePoint has to know because the UAG rewrites the url.

  • http://sharepoint
  • http://gate.sp.company.com
  • https://gate.sp.company.com
And we know that we have to respond with https://gate.sp.company when we get a request with http://gate.so.company.com.

Real World Example 2

An other example is when you extend your web application. You can extend a web application if you want to have two diffent types of authetication e.g.:
  • Windows Authentication for internal users
  • Form Authetication for external users.
SharePoint makes then 2 web applications referencing the same content.


This example is easy. We have 2 public urls and SharePoint has to know both. This means we need 2 internal urls and 2 public urls.


When do you have to pay attention

  1. Web Service Calls: When a webservice call is made, there can be URLs as parameter within the web service call. Web Service calls are used by Mobile Apps like SharePlus or Colligo to get the lists and sites.

    So when you enter the URL https://gate.sp.company.com into an app it will send a webservice call to https://gate.sp.company.com/xxx. As SharePoint does not know the https URL (no internal url) you will get an error here.
  2. Search: I think there is a problem with contextual search and non-default zone url. You can only do contextual search within the URL of the default zone. Contextual search means e.g. a search within a list or site. Take care to put the main public url into the default zone.
  3. IIS Binding: If you add an internal URL into AAM it is not automatically binded within IIS. You have to do that manually. SharePoint AAM does not any changes within IIS.
  4. Aliases: If you have an alias like http://sharepoint for http://sharepoint.company.com you have to configure both URL in the AAM.








1 comment:

Matthew Yarlett said...

Great post. Love your analogies - very funny!