Forefront Edge Security TechCenter >
Forefront Edge Security Forums
>
Forefront Edge Security – IAG/UAG
>
Publishing Corporate Website
Publishing Corporate Website
Hello.
I recently had an inquiry regarding using IAG to publish their corporate website for example http://contoso.com
My clients concerns is that if they publish their website with IAG, the IAG URL Rewriting Hash will cause issues with internet search engines, web crawling, User Bookmarks and so forth…
Is there any way I can get rid of the hash for just this type of publishing that my client requires?
--Somewhat related for others FYI--
If it contained a sub-domain name such as http://test.contoso.com and we were publishing SharePoint 2007, I would be fine. Why? Because I will just advertise my SharePoint AAM –URL as my public URL instead of my trunk-URL. The SharePoint AAM-URL can be accessed directly and doesn’t provide hashing.
Thank you!
Dennis
Answers
- Hi Dennis,
a) as you mentioned yourself in your first post that started this thread, if the website in question is a SharePoint site, then IAG can leverage the AAM functionality built into SharePoint and therefore IAG wil not perform its own Host Address Translation (HAT)
b) if the backend site is the only resource that you want to publish, or if you are OK with having a separate trunk for it, then you have the option to use a Basic trunk (through which all incoming HTTP requests are forwarded by IAG to only one single backend destination), and on such a trunk there is no HAT
c) if you need to publish multiple backend resources, either web or non-web, and you want to allow access to all of them through one single IAG trunk, then you have to use an IAG Portal trunk, and, if the backend application we're talking about is not SharePoint, then HAT will take place and you cannot turn that off
d) however, the HAT "hash" (or HAT signature, as we usually refer to it) does not change. It remains the same (one HAT signature for each different IAG application published through a Portal trunk), as long as you do not change the HAT Unique Identifier or the HAT Encryption Key (see IAG Configuration -> Admin menu -> Advanced Configuration)
HTH,
-Ran- Marked As Answer byBen AriMSFT, OwnerThursday, July 09, 2009 12:37 AM
All Replies
- could you explain the required scenario in bit more detail to understand the concerns ?
thanks,
Faisal :> - Basically-
I want to use IAG to secure the public website such as:
http://www.contoso.com
IAG is requiring a sub-domain like http://www.iag.contoso.com
and... if I can get the above working: I'd like the hash to either be removed or atleast stay static.
Thanks!
Dennis - Hi Dennis,
a) as you mentioned yourself in your first post that started this thread, if the website in question is a SharePoint site, then IAG can leverage the AAM functionality built into SharePoint and therefore IAG wil not perform its own Host Address Translation (HAT)
b) if the backend site is the only resource that you want to publish, or if you are OK with having a separate trunk for it, then you have the option to use a Basic trunk (through which all incoming HTTP requests are forwarded by IAG to only one single backend destination), and on such a trunk there is no HAT
c) if you need to publish multiple backend resources, either web or non-web, and you want to allow access to all of them through one single IAG trunk, then you have to use an IAG Portal trunk, and, if the backend application we're talking about is not SharePoint, then HAT will take place and you cannot turn that off
d) however, the HAT "hash" (or HAT signature, as we usually refer to it) does not change. It remains the same (one HAT signature for each different IAG application published through a Portal trunk), as long as you do not change the HAT Unique Identifier or the HAT Encryption Key (see IAG Configuration -> Admin menu -> Advanced Configuration)
HTH,
-Ran- Marked As Answer byBen AriMSFT, OwnerThursday, July 09, 2009 12:37 AM
- Ran-
I am going to try option b and hope that is acceptable for our client.
Thanks!
Dennis - Ran, Are you saying in point a) that if I follow this process:
http://technet.microsoft.com/en-us/library/dd278112.aspx
then the IAG will not perform HAT and thus the URL will not contain any hashing?
Thanks That's correct. Option A would also be a valid solution to my original question.
Thanks
