Publishing SharePoint with IAG 2007 – Part 3: SharePoint Topologies

In this post I will review several SharePoint topologies and discuss how they influence IAG and AAM settings. For each topology I’ll explain the considerations and provide sample configurations. For complete step-by-step configuration guide, please use this TechNet article.

These topologies are simplification of much more complexed SharePoint topologies that are detailed in this SharePoint article along with IAG network location related to the SharePoint machines.


Publishing a SharePoint Web application – HTTP internal

This is the baseline topology for SharePoint publishing and it is the most common one. In this topology several SharePoint applications may be published from a single IAG trunk, and each application has a unique server and port. It is assumed that HTTPS is used externally outside the corporate network, and HTTP is used within the corporate network.

In order to publish SharePoint in this topology, the applications should be defined on the IAG trunk with a proper public host name, and a new AAM zone should be defined on the SharePoint server to support the external address.

HRPortal Application Settings


Web Server Address: HRPortal

Web Server Port: 80 (HTTP)

Public Host Name:

Replace Host Header: Empty

Example for a configuration of such topology:


Semantics for all the drawings:

Grayed – Default configuration that should not be added or changed by the admin

Bold – Configuration that is unique to this topology or requires special attention


Publishing a SharePoint Web application – HTTPS internal

This topology is almost identical to the baseline. The only difference is that HTTPS is used both in the corporate network as well as over the Internet.


Publishing multiple SharePoint Web applications

This topology is also similar to the baseline. The only difference is that one of the applications is published on a non-default port. In this case the port number should be defined in the IAG application, and embedded in the URLs of the AAM zone.



Publishing multiple SharePoint Web applications on a single port

This topology assumes that there are several SharePoint Web applications published on the same port. In this case, the SharePoint server differentiates between the applications using the host header in the HTTP request.

In this topology, IAG is published in a similar manner to the baseline topology. But, there is one thing that is important to remember - when configuring the Web server address in IAG, it is important to put the SharePoint WebApp address (“HRPortal” and “Teams” in this example) rather than the actual SharePoint machine name or IP address so in every IAG application there is a unique Web server address.



Publishing a SharePoint Web application when using identical internal and public addresses

This topology refers to organizations that use the same URL for internal and external access to SharePoint (and usually with other applications), but use HTTP for internal traffic and HTTPS for external traffic. If HTTPS is used both internally and externally no additional configuration is required. In fact, in this case no AAM configuration should be made.

When publishing SharePoint in this topology, IAG has to “signal” to SharePoint that this request has to be replied to with HTTPS links rather than HTTP links. This “signal” is passed by replacing the host header with a bogus host header that is configured in one of the AAM zones.



Publishing a single SharePoint Web application via multiple IAG trunks

In this topology two IAG trunks are publishing the same SharePoint Web applications. Hence the same SharePoint Web application has two different external addresses.

In order to do this, two different AAM zones should be defined on the SharePoint server with two different external URLs.