Publishing SharePoint with IAG 2007 – Part 2: Common Questions

  • Article

Hi,

SharePoint publishing with IAG is a very popular scenario. Here is a list of common SharePoint publishing questions and issues I was frequently asked about during the last months:

 

· I can’t edit SharePoint datasheets / explorer view / other SharePoint functionality when it is published by IAG.

You have to install IAG 2007 SP1 update 2 or above on your IAG server. This update will also be incorporated into IAG 2007 SP2.

 

· I installed IAG 2007 update 2 and it still has the old limitations

Just installing the update is not enough. By default, after the update installation, existing SharePoint applications use the “backward compatibility” template to ensure that we don’t break anything until AAM is configured. After configuring the SharePoint server’s AAM settings, updating the trunk’s SSL certificate, and registering the new entry in DNS, you should remove from your portal trunk the old SharePoint application and publish it again by using the new template.

· Does such an update exist for the e-Gap v3.6 appliance?

Yes, e-Gap 3.6 update 2 has almost the same functionality as IAG 2007 SP1 update 2. Look here for more details.

 

· I see no difference between the “old” and the “new” templates

The two templates look almost the same. The main difference is two new fields in the Web Servers tab (highlighted in the screenshot):

· Public host name – Defines the external domain name that would be used for publishing this SharePoint application. See here which domains could be selected.

· Replace host header – Used for advanced scenarios as will be explained in part 3 of this blog post.

Web servers configuration screen

 

 

· Do I need a new SSL certificate?

An IAG trunk with a SharePoint application that is published using AAM has new external domains. These domains should be covered by the trunk’s SSL certificate. See this TechNet article about which type of SSL certificates should be used.

· Can I publish SharePoint without AAM?

Yes. If there are problems with getting certificates or DNS registration for the new domain names you can still use the “Backward Compatibility” template, though you should expect some SharePoint functionality will not work.

 

· Can I access the new SharePoint domains directly without going through the portal?

Yes! When publishing SharePoint by using the new application template and leveraging AAM, the SharePoint domains (e.g. HRPortal.contoso.com) can be accessed directly without going first via the portal. In this case IAG will prompt the user for login and then, after successful authentication, return the user to the requested page. IAG will present the trunk’s customized version of the login pages, so no special customization is required.

· If I start a session with one of the SharePoint domains, can I continue to other applications without logging in again?

Yes! You can start a session by accessing directly one of the SharePoint servers (e.g. “https://HRPortal.contoso.com/site1”) and then follow a link to another application that is published via the same IAG trunk without logging in again. The IAG single sign-on (SSO) experience still works.

 

· What additional functionality is provided by the IAG SharePoint application template?

As with the other application templates, the IAG SharePoint application template allows the administrator to enable or disable the following SharePoint functionality based on the health of client endpoints:

· Uploading, checking in files, and saving files from Microsoft Office applications

· Downloading files, exporting to a spreadsheet, or editing datasheets

· Access to sensitive areas of the application

· Access from the SharePoint Web application to third-party applications