Best Practice for Host Named Site Collections and Web Apps

Similar Messages

• Host Header Site Collection and Web App Setup - Thoughts

  I am trying to understand relation between AAM and web app extension .Please share your expert opinion. I have not seen any TechNet article talking about it clearly.
  Here it goes: in 2010 it was recommended Not to use AAM with IIS bindings without extending the web application. This was mentioned in several TechNet articles also its  a known “Mistake #4” on TechNet articles.
  So question is, is that still the same case in 2013?
  Most of the times it is recommended to remove web app host header from IIS if you are using this web app for HHSC, otherwise sites will not be accessible. I have find no issues by leaving web app host header and adding more bindings for host header site
  collections any thoughts on this ?
  Thanks. 

  Hi,
  I found some articles for helping understand Extend web application and
  Alternate access mappings.
  “If you want to expose the same content in a Web application to different types of users by using additional URLs or authentication methods, you can extend an existing Web application into a new zone. When you extend the Web application into a new zone,
  you create a separate Internet Information Services (IIS) Web site to serve the same content, but with a unique URL and authentication type. An extended Web application can use up to five network zones (Default, Intranet, Internet, Custom, and Extranet). For
  example, if you want to extend a Web application so that customers can access content from the Internet, you select the Internet zone and choose to allow anonymous access and grant anonymous users read-only permissions. Customers can then access the same Web
  application as internal users, but through different URLs and authentication settings..”
  After you extend web application, there is a new site created in IIS but the content are the same. We extend it to a new zone for different authentication methods, so that we could support different security between Internet site, Intranet site and Extranet
  site.
  “Alternate access mappings direct users to the correct URLs during their interaction with SharePoint 2013. Alternate access mappings enable SharePoint 2013 to map web requests to the correct web applications and sites, and they enable SharePoint 2013 to
  serve the correct content back to the user.”
  AAM is to offer different urls to users to access one site. Sometimes the url of a site is not easy to remember , we could use AAM to create simple url.
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Managed path for host named site collection is farm level or web application level?

  Hi,
  I would like to get advice.
  I created a webapplication for host named site collections.
  these are my host named site collections (except http://sp2013) under my webapplication
  Root Site Collection: http://sp2013
  Site Collection: portal1.sg
  Site Collection: portal1.sg/research
  Site Collection: portal1.sg/intranet
  research and intranet managed paths are farm level
  all my host named site collection will be accessed by http and https except "intranet" site collection will be only accessed by https
  so I changed the Intranet zone for site collection using Set-SPSiteUrl
  Set-SPSiteUrl (Get-SPSite "http://portal1.sg") -Url "https://portal1.sg" -Zone Intranet
  Set-SPSiteUrl (Get-SPSite "http://portal1.sg/research") -Url "https://portal1.sg" -Zone Intranet
  Set-SPSiteUrl (Get-SPSite "http://portal1.sg/intranet") -Url "https://portal1.sg/intranet" -Zone Intranet
  Now I need to create "search" site collection for "Enterprice Search Center"
  My question is that for the "search" managed path ... should i use farm level or web application level?
  "search" site collection will be will be accessed with both http and https also.
  Thanks a lot!

  managed path for HNSC is farm level and u can have 20 managed path
  while managed path for path based is 20 per web application in your case if you are going to have a a separate web application for search then u will use web app
  Kind Regards,
  John Naguib
  Technical Consultant/Architect
  MCITP, MCPD, MCTS, MCT, TOGAF 9 Foundation
  Please remember to mark your question as answered if this solves your problem

• AAM for Host named site collection

  I have non-host header web application at port 80:http://wwwserver 
  It is AAM to https://wwwserver in same zone.
  Now when i create host named site collection using http it works fine
  New-SPSite http://hostheader.site.com/ -OwnerAlias domain\username -HostHeaderWebApplication http://wwwserver -Template "STS#0"
  But when i do 
  New-SPSite https://hostheader.site.com/ -OwnerAlias domain\username -HostHeaderWebApplication https ://wwwserver -Template "STS#0" i get error Warning: The port specified for the new host header site does not match any known bindings in the specified
  web appplication . The new site will not be accessible if the web application is not extended to an IIS web site serving this port.
  Now when i try to extend web application on port 443 it says it is already used by sharepoint. I do not want to screw aam since all my app store urls are configured through https://wwwserver. Any way to achieve https in host named site collection?
  sachin
  sachin

  Hi Sachin,
  Powershell New-SPSite is specifically looking for a web application that responds to
  http://www, not http://www. I don't think AAM applies for web applications, only for the URLs that the web application responds too.
  Information on configuring HNSC and SSL in this blog as well:
  http://blogs.msdn.com/b/russmax/archive/2013/10/31/guide-to-sharepoint-2013-host-name-site-collections.aspx
  Regards,
  Gavin McKay

• Best Practice for External Libraries Shared Libraries and Web Dynrpo

  Two blogs have been written on sharing libraries with Web Dynpro DC, but I would
  like to know the best practice for doing this.
  External libraries seem to work great at compile time, but when deploying there is often an error related to the external library not being a deployed component. 
  Is there a workaround for this besides creating a shared J2EE library which I have been able to get working?  I am not interested in something that works, but really
  what are the best practice for this. What is the best way to  limit the number of jars that need to be kept in a shared library/ext library.  When is sharing ref service/etc a valid approach vs. hunting down the jars in the portal libraries etc and storing in an external library.

  Security is mainly about mitigation rather than 100% secure, "We have unknown unknowns". The component needs to talk to SQL Server. You could continue to use http to talk to SQL Server, perhaps even get SOAP Transactions working but personally
  I'd have more worries about using such a 'less trodden' path since that is exactly the areas where more security problems are discovered. I don't know about your specific design issues so there might be even more ways to mitigate the risk but in general you're
  using a DMZ as a decent way to mitigate risk. I would recommend asking your security team what they'd deem acceptable.
  http://pauliom.wordpress.com

• Host Named Site Collections and www

  I currently have a hostnamed webapp that uses Windows Auth(Claims) in the default zone and it is extended for anonymous
  access(Internet Zone)
  I have siteinternal.com and www.sitexternal.com
  The users also want to use siteexternal.com without the www.
  There is no way to add the site again to the Internet Zone.
  Adding it to another zone results in it using windows auth and prompts, as per the default zone.
  Is there a way to handle this? is the www handled as a different site in SP eyes?
  themush

  This adds a AAM to the HNSC teams.contoso.com of teamsites.contoso.com.
  So if you have siteexternal.com and want to add www.siteexternal.com, run:
  Set-SPSiteUrl (Get-SPSite ‘http://siteexternal.com') –Url ‘http://www.siteexternal.com' –Zone Internet
  Make sure DNS is properly configured with the "www" A record in the siteexternal.com zone.
  Trevor Seward, MCC
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Help needed on Host Named Site Collection creation --- please help

  Hi Friends,
  Question 1
  Can we create Host Named Site Collection following the pattern below?
  We will have three Department head Host Named Site Collections, names –
  HRHead.ourdomain.com
  MarkettingHead.ourdomain.com
  AdminHead.ourdomain.com
  Under each of these department head sites, there will be 3 or 4 Host Named Site Collections. The site structure will be like:
  HRHead.ourdomain.com
  n 
  HR1.ourdomain.com
  n 
  HR2.ourdomain.com
  n 
  HR3.ourdomain.com
  MarkettingHead.ourdomain.com
  n 
  MarkettingProduct1.ourdomain.com
  n 
  MarkettingProduct2.ourdomain.com
  AdminHead.ourdomain.com
  n 
  AdminCountry1.ourdomain.com
  n 
  AdminCountry2.ourdomain.com
  n 
  AdminCountry3.ourdomain.com
  Question 2
  If we want to use common template (like header, footer, company icons) for inner sites (e.g. AdminCountry1.ourdomain.com, AdminCountry2.ourdomain.com, AdminCountry3.ourdomain.com) how to create that template for Host Named Site Collection? If these were
  sub sites, we can take help of site templates. But these are Host Named Site Collections, how to use common design for Host Named Site Collection?
  Any hint from you will be really helpful. Thanks for your comments.

  Yes you should be able to create a site collection using a custom template.  Here's a BLOG on how to create a site collection with a custom template in 2010.  It should still work the same way.
  http://www.toddklindt.com/blog/Lists/Posts/Post.aspx?ID=218
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Content Search Web Part over HTTPS for a Host Named Site Collection

  Hello
  I have a host named site collection http://media.contoso.com which is a media portal that stores videos and pictures. On my parent site collection http://site.contoso.com homepage I have a Content Search Web Part that displays videos from the media portal.
  Both sites work over https.
  When I edit the content search web part and enter the URL http://media.contoso.com in the 'Change Query' box, search returns the results as expected but when I enter the URL as
  https://media.contoso.com no results are returned.
  I have removed the binding in IIS to point to http://media.contoso.com.
  I need it to be https so that I don't see "HTTPS security is compromised by http://media.contoso.com" on my site collection homepage.
  Any idea why this is happening?
  Thanks
  Yoshi

  http://technet.microsoft.com/en-us/library/ee792873%28v=office.15%29.aspx
  In the Search SSL Settings dialog box, do one of the following:
  If you do not want the crawler to crawl a site when there is an SSL certificate warning, make sure that the
  Ignore SSL certificate name warnings check box is cleared. For security reasons, the check box is cleared by default.
  If you want the crawler to crawl a site even if there is an SSL certificate warning, make sure that the
  Ignore SSL certificate name warnings check box is selected.
  If this helped you resolve your issue, please mark it Answered. You can reach me through http://freeit-support.com/

• Robots.txt and Host Named Site Collections (SEO)

  When attempting to exclude ALL SharePoint Sites from external indexing, when you have multiple web apps and multiple Host Named Site Collections, should I add the robots.txt file to the root of each web app, as well as each hnsc? I assume so, but, thought
  I would check with the gurus...
  - Rick

  I think, one for each site collection as each site collection has different name and treated as web site.
  "he location of robots.txt is very important  It must be in the main directory because otherwise user agents (search engines) will not be able to find it.  Search engines look first in the main directory (i.e.http://www.sitename.com/robots.txt)
  and if they don’t find it there, they simply assume that this site does not have a robots.txt file"
  http://www.slideshare.net/ahmedmadany/block-searchenginesfromindexingyourshare-pointsite
  Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

• Load balancing host named site collection

  I am jumping into the realm of host named site collection. While the learning experience has been good, still there are some questions unanswered. Please bare patience since my questions are long.
  - I have a non host header site on port 80 that has https certificate added to IIS for supporting app store in https mode.
  - I tried to created the host name site collection using https in this default port 80 non host header web application and was greeted with error. Then i extended the web app to different  zone with port 443 . Then created the host header site collection
  with https with web application name for extended 443 one. Creation went in fine.
  - I tired to use IPs on now extended IIS site and bind certificates on that one. The site does not load. I do the same again in the default zone iss site, bind ips on that one and site loads. Now question is even though host header site collection was created
  using extended web application url , why binding had to be done on default zone IIS site?
  - Second test, i changed the authentication mode for extended, no effect on host named site collection but as soon as i changed it in default zone it reflected in host named site collection. I am confused why it needs extended zone url to create the https
  site but every change done in default zone is getting reflected on this host named site collection.
  Now for load balancing , it works fine with IP? But how to load balance these host named site collection using url. I talked with f5 team and they said i need to send some reply query string from each site. Where do i do that? Or is it even needed? 
  Accoring to this link : https://devcentral.f5.com/articles/name-based-virtual-hosting-with-ltm
  . If the site hosts an application, though, the monitor should request a dynamic page on each webserver which forces a transaction with the application to verify its health and returns a specific phrase upon success.
  For application monitoring, the recommended best practice is to create such a script specific to your application, configure the monitor Send string to call that script, and set the Receive string to match that phrase. 
  Has any one done this before? I tired to search for resource regarding this for iis or sharepoint but was not able to get anything.
  Thank you for your patience for reading such a long question. 
  Adit

  first part of question:
  Default Web Appliction in port 80: Creating https host named site collection fails.
  Extend default web application on port 443 : Https hostnamed site collection created when web application name is passed for extended web application on port 443. This means this site collection is associated with this extended web application correct? But
  all the changes made in IIS only reflect if it is made to port 80 web application. Also changing authentication scheme from Central Admin, only changes on default zone reflects on site collection not the one in extended web application? Why  if the site
  was only created on extended web application paremeter, changes on default are reflecting on it but not from extended.
  Second part of question:
  Each Hostnamed site collection when load balanced thorough f5 using IP for 3 WFE uses 3 IPs for each. This way we will run out of IPs pretty soon. I want to know if there is way to load balance these sites using Hostname or anyother paramenter through f5
  and if any body has done it? 
  https://devcentral.f5.com/articles/name-based-virtual-hosting-with-ltm link talks about sending reply string
  from application but i do not know where to set it up or how to do it? No resources in the net. Just asking if any one else has done it. 
  Adit

• Error Accessing Host Named Site Collections In SharePoint Foundation 2013

  We have a new SharePoint Foundation 2013 server that has one web application two host named site collections. We get the "This page can't be displayed" message when we try to navigate to either of the site collections. Adding the server's IP to
  the host file on the machine we are testing from doesn't help. We can ping the new sites from that machine. The web application does not have a host header.
  Web application URL = http://servername
  Site collection #1 URL = http://customer.company.com
  Site collection #2 URL = http://vendor.company.com

  Hi,
  I recommend to verify the things below:
  Check if site can be accessed with site collection administrator.
  Add the SharePoint sites to a trusted zone to see if the issue still occurs.
  As this issue can be caused by many reasons, you may check the ULS log for more detailed errors.
  For SharePoint 2013, by default, ULS log is at C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS.
  Best regards.
  Thanks
  Victoria Xia
  TechNet Community Support

• Best practice for running multiple sites on 1 CF install?

  Hi-
  I'm setting up a new hosting environment (Windows Server 2008 Standard 64 bit VPS  configuration, MySQL, IIS 7, CF 9)
  Has anyone seen any docs or can anyone suggest best practices for configuring multiple sites in this environment? At this point I'm thinking simple is best, one new site in IIS for each client (domain) and point it to CF.
  Given this environment, is anyone aware of any gotchas within the setup of CF 9 on IIS 7?
  Thank you in advance,
  Rich

  There's nothing wrong with that approach. You can run as many IIS sites as you like against a single CF install.
  As for installing CF on IIS 7, I recommend that you do the following: install CF 9 without connecting it to IIS, then installing the 9.0.1 upgrade and any hotfixes, then connecting CF to IIS using the web server configuration utility. This will keep you from having to install the IIS 6 compatibility layer that's needed with CF 9 but not with CF 9.0.1.
  Dave Watts, CTO, Fig Leaf Software
  http://www.figleaf.com/
  http://training.figleaf.com/

• Having thousands of Host-Named Site Collections - which authentication type?

  So Microsoft seems to state the claims + Host-Named Site Collection (HNSC) approach is the way to go forward.
  Assuming we have thousands of site collections, and we don't want to go with good ol' NTLM authentication as our claim authentication type, then how should we authenticate?
  Both Kerberos and SAML would be a nightmare to manage, since for Kerberos we need to register a Service Principal Name (SPN) per HNSC. For SAML we would end up in a similar situation, since this would require us to configure a relying party
  + realm for every HNSC.

  Please see the documentation on using managed paths with host named site collections.
  http://technet.microsoft.com/en-us/library/cc288637(v=office.14).aspx#section5
  You would be very unlikely to have thousands of individual host names, I would never recommend such an architecture to a customer.  Instead, you are much more likely to use managed paths (/sites/, /personal/, etc) in combination with host names, significantly
  reducing the number of individual host names while still allowing you to easily scale to thousands of site collections.
  In Office 365, each tenant is provisioned with 3 top-level host names (<tenant>.sharepoint.com, <tenant>-public.sharepoint.com, and <tenant>-my.sharepoint.com), all subsequent site collections are provisioned using managed paths.
  Note that this is not really a question particular to HNSC.  If you decide to not use host-named site collections but want to use individual host names using web applications, you get far less.  According to our Software Boundaries and
  Limits document, you get maximum 20 web applications per farm with a maximum 5 AAMs per web application, yielding a maximum 100 individual host names. 
  http://technet.microsoft.com/en-us/library/cc262787.aspx
  While you can achieve more host names using HNSC, I would strongly discourage this design and instead seek to leverage managed paths. 
  Kirk Evans
  Architect, Azure Modern Apps Center of Excellence
  Microsoft Corporation
  Microsoft Certified Master, SharePoint 2010
  http://blogs.msdn.com/kaevans

• Migrating SP2010 host-named Site Collections

  Hi all, 
  I'm currently having an issue when upgrading Host-Named site collections from SP2010 to SP2013. Once upgraded into SP2013 (Database attach), It keeps on prompting me for credentials, even after adding my user as a Web Application user. 
  Is there any resources or considerations when upgrading Host-Named sites?
  Cheers

  Loopback check is the most common cause of this behaviour:
  http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx
  To confirm, add a hosts file entry on a non SharePoint machine and then connect from there. It'll probably work.

• Migrating a Path Based Site Collection to a Host Named Site Collection where the content database is greater than 135 GB

  Hi
  I have a 136 GB content database which will not back up via Backup-SPSite ( Microsoft say you cannot backup more than 100GB).
  So with out Backup / Restore how can I convert a Path Based Site Collection to a Host Named Site Collection  with my 136 GB content database which incidentally uses Remote Blob Storage ?
  Thanks
  Nigel 
  Nigel Price NJPEnterprises

  I see two options:
  Make the Backup-SPSite work despite being over 100GB (that's going to be a supported limit rather than a hard boundary)
  Externalise some of the content and then re-insert it after the move.