Few newb SharePoint 2013 questions

Question

Hi,&nbsp;
I am deploying Sharepoint 2013 with F5. I am looking at the guides, but I am new to F5, so a few questions. :)&nbsp;
1) I have a domain name which central admin will be renamed to (ie sharepointca.companyname.com). This is what users should be redirected to and see in their browser, so I assume this is the public URL? The central admin will also be SSL.&nbsp;
Some articles state the internal and public URLs are the same but then how do I make Sharepoint aware of my different URL? Requests must get mapped to these.&nbsp;
2) Am I right in thinking that any web server which is hosting central admin will be internal URLs (ie spca1.global.companyname.com), for example?&nbsp;
3) How does Kerberos change with F5 in use?&nbsp;
Thanks&nbsp;

mikeshimkus_111 · Answer

Hi Blade,  &nbsp;
1)  If you have that domain name set correctly in Alternate Access Mappings, users can hit it directly and won't need to be redirected.&nbsp;
2)  Not sure what you mean here.  You'll need to configure AAMs correcly as mentioned above for users to access Central Administration.&nbsp;
3)  Are you using APM?  If so, you should set SharePoint CA auth to NTLM.  This will allow the iApp to do forms authentication on the front end.  If you aren't using APM, then you're fine.&nbsp;
thanks&nbsp;
Mike&nbsp;

gurdip_sira_160 · Answer

Hi Mike,&nbsp;
To expand a bit further, central admin is simply an fqdn of the servr name in AD (ie SPAC1 etc etc). It will have a readable URL in the end, so I am looking to do:&nbsp;
Set-SPAlternateURL -Identity "https://sps" -Url "https://spca.corp.contoso.com"&nbsp;
As from http://www.harbar.net/archive/2013/02/13/Using-SSL-for-Central-Administration-with-SharePoint-2013.aspx&nbsp;
Looking at the guide, it states:&nbsp;
For each public URL to be deployed behind LTM, you must first modify the 
URL protocol of the internal URL associated with that URL and zone from 
http:// to https://: and then recreate the http:// URL. If you try to just add a 
new URL for HTTPS, it will not function properly&nbsp;
I have played about with AAMs pre F5 configuration. So I assume I need http first in the list of internal urls, and then https.&nbsp;
Is an F5 VIP specific to one web app or several web apps? Ie just central admin or could it go to multiple http(s) sites?&nbsp;
So to conclude, my understanding is the following:&nbsp;
Create VIP in F5 with pool of servers to load balance, and then in DNS, an IP to go to the VIP with a hostname of the site  - in my case, a rewritten central admin url.&nbsp;
In central admin, I may not need to rewrite anything but I need to setup http and https internal urls, as mentioned from the F5 guide.&nbsp;
Thanks&nbsp;

mikeshimkus_111 · Answer

If you are doing SSL bridging, I don't think the http:// internal URLs are necessary.  They are only needed if you are terminating SSL at the BIG-IP.&nbsp;
Are you deploying manually, or are you using the SharePoint iApp?  We recommend the iApp named f5.microsoft.sharepoint_2010_2013.v1.0.0.  It's available on downloads.f5.com.&nbsp;

gurdip_sira_160 · Answer

Hi Mike,&nbsp;
It will be SSL offloading in this case. I haven't looked at the iApp but will take a look. Thanks!&nbsp;
If I have to do AAMs, internal URLs have to be correctly configured. And from the guidance/literature, AAMs seems necessary.&nbsp;

mikeshimkus_111 · Answer

Correct, when SSL offloading, you need the public URL set to https:// and at least one other zone's URL set to http://.&nbsp;

Forum Discussion

Few newb SharePoint 2013 questions

5 Replies

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

APM Sharepoint authentication

Health monitor question

APM Sharepoint authentication v2

F5 Connection Mirroring question

iRule for migrating to Sharepoint Online