ACE of Cisco, SharePoint 2010 and the Alternate Access Mapping



If you are talking Microsoft SharePoint 2010, then chances are you have discussed load balancing at some point. Well, let’s just start with the basics. If we have more than one WFE (Web Front End) server, we are going to need a way to balance requests.

In its most simplistic form, load balancing is a methodology to distribute workload across multiple compute, network or storage resources. We recently published a SharePoint 2010 on FlexPod for VMware Cisco Validated Design which includes a hardware load balancer, the Application Control Engine ACE 30.

There are a few different ways to achieve load balancing with SharePoint depending on deployment scale and application requirements. Hardware load balancing is the most effective for SSL offloading and large scale environments. Cisco has introduced Application Network Manager (ANM) to help us implement, monitor and manage application load balancing using ACE.

A VIP (Virtual IP Address) is used to represent the Server Farm comprising of the WFE server (They are often referred to as Real Servers). The topology map below was taken from ANM to help illustrate the logical configuration.

SharePoint 2010 has a mechanism for mapping the correct web site to web application requests. It’s called (AAM) Alternate Access Mappings.

There are two websites that have great information on this feature.

What Every SharePoint Administrator  needs to know about AAM and A SharePoint Site by any other name.

Reading this information will help you to avoid the many pitfalls when implementing load balancing with SharePoint 2010. We are using AAM for default, internet and SSL (HTTPS) mapping.

A few basic definitions to help start the configuration discussion:

  • Zone – There are 5 zones available, with all providing the exact same functionality. (Exception is the default zone will carrys additional messaging traffic for site collection owners.
  • Publc URL for ZONE – Address Users Browse (DNS resolves to VIP for load balancing)
  • Internal URL – Maybe the same as the Public URL or maybe different.


So, for a basic HTTP user request, the process is fairly simple. Create a new site and add an AAM for you desired zone. In our case we used Internet Zone for the address.

But how are the clients going to get to that address?  A DNS entry will be needed to map the address to the VIP on the load balancer. Initially you could have a DNS entry for every Public URL, but that wouldn’t scale very well and would be tied to a single WFE instance.

For SSL, things get a little more complex. First, we need to edit the AAM to accommodate the HTTPS requests. 

Take note that this HTTPS internal URL must be created and map to itself first. Only then can HTTP request be redirected by AAM. At first this may seem intuitive, but if you follow standard implementation and test HTTP first, you will need to remove that Intranet Zone mapping to create the internal mapping for HTTPS.

So, how does this all relate to you the SharePoint and ACE administrator?

Well, you will need to understand how these components fit together to achieve your goal of a harmonious SharePoint deployment, that provides a positive user experience.  Hopefully this post will help highlight some of the integration points of Cisco ACE and SharePoint 2010. We welcome your feedback. Please feel free to post any comments or questions.

I’ll be at TechEd next week. Please stop by the Cisco booth #1614 and we’ll be glad to talk about our joint solutions with Microsoft that can more efficiently solve your business challenges.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.