Publishing SharePoint with IAG 2007 – Part 3: SharePoint Topologies

In this post I will review several SharePoint topologies and discuss how they influence IAG and AAM settings. For each topology I’ll explain the considerations and provide sample configurations.  For complete step-by-step configuration guide, please use this TechNet article.

These topologies are simplification of much more complexed SharePoint topologies that are detailed in this SharePoint article along with IAG network location related to the SharePoint machines.


Publishing a SharePoint Web application – HTTP internal

This is the baseline topology for SharePoint publishing and it is the most common one. In this topology several SharePoint applications may be published from a single IAG trunk, and each application has a unique server and port. It is assumed that HTTPS is used externally outside the corporate network, and HTTP is used within the corporate network.

In order to publish SharePoint in this topology, the applications should be defined on the IAG trunk with a proper public host name, and a new AAM zone should be defined on the SharePoint server to support the external address.

HRPortal Application Settings


Web Server Address:   HRPortal

Web Server Port:           80 (HTTP)

Public Host Name:

Replace Host Header: Empty

Example for a configuration of such topology:




Semantics for all the drawings:

Grayed – Default configuration that should not be added or changed by the admin

Bold – Configuration that is unique to this topology or requires special attention


Publishing a SharePoint Web application – HTTPS internal

This topology is almost identical to the baseline. The only difference is that HTTPS is used both in the corporate network as well as over the Internet. 


Publishing multiple SharePoint Web applications

This topology is also similar to the baseline. The only difference is that one of the applications is published on a non-default port. In this case the port number should be defined in the IAG application, and embedded in the URLs of the AAM zone. 



Publishing multiple SharePoint Web applications on a single port

This topology assumes that there are several SharePoint Web applications published on the same port. In this case, the SharePoint server differentiates between the applications using the host header in the HTTP request.

In this topology, IAG is published in a similar manner to the baseline topology. But, there is one thing that is important to remember - when configuring the Web server address in IAG, it is important to put the SharePoint WebApp address (“HRPortal” and “Teams” in this example) rather than the actual SharePoint machine name or IP address so in every IAG application there is a unique Web server address. 



Publishing a SharePoint Web application when using identical internal and public addresses

This topology refers to organizations that use the same URL for internal and external access to SharePoint (and usually with other applications), but use HTTP for internal traffic and HTTPS for external traffic. If HTTPS is used both internally and externally no additional configuration is required. In fact, in this case no AAM configuration should be made.

When publishing SharePoint in this topology, IAG has to “signal” to SharePoint that this request has to be replied to with HTTPS links rather than HTTP links. This “signal” is passed by replacing the host header with a bogus host header that is configured in one of the AAM zones. 



Publishing a single SharePoint Web application via multiple IAG trunks

In this topology two IAG trunks are publishing the same SharePoint Web applications. Hence the same SharePoint Web application has two different external addresses.

In order to do this, two different AAM zones should be defined on the SharePoint server with two different external URLs. 



Comments (7)
  1. MeirM [MSFT] says:


    The users will be able to reach the xyz server only if you publish both Sharepoint servers.


  2. Anonymous says:

    196 Microsoft Team blogs searched, 100 blogs have new articles in the past 7 days. 243 new articles found

  3. Anonymous says:


    Very informative article. Thanks for taking the time.

    I was wondering if you can point me to an article that covers using IAG 2007 to publish anonymous Sharepoint content.

    I am getting ready to deploy an Internet-facing MOSS web application and I’d like to use the filtering available on IAG to increase security. I do not, however, want to delay incoming requests or prompt for authentication. This is a customer-facing portal.


    Radu Gavrila


  4. dinesh says:


    In Publishing multiple SharePoint Web applications if the site
    http://teams:81 has some other sharepoint website as a reference in it. i.e.
    http://xyz:1000 will it work or do we need to publish this as another application in IAG.



  5. Jonathan says:

    I have the same question as Radu and I’d like to disable the hashing.

  6. Lidvar Kornberg says:


    Just had a wired problem saving saving word documents from Word 2010 to SharePoint 2010 through UAG in the scenario "Publishing a SharePoint Web application when using identical internal and public addresses". The AAM config explained in the above article
    does not work. The following line is required:

    “Internet | |

    Without this line, the documents opens only in read only and you are anable to check out and save the documents back to SharePoint.

  7. Lidvar Kornberg says:

    Just to add another comment to my previous post. You also need to add a binding on the SharePint site in IIS to port 80 with FQDN "HRPortal-Extranet"

Comments are closed.

Skip to main content