I’m looking for advice of setup guidelines for a new SharePoint 2013 install. I’ve read various guides regarding individual features but I’m having trouble combing them into a working whole.
Our requirements are for an on premise install to support both internal and external access from a variety of devices and browsers. I want it to all be ssl and to have search, mysites, apps and Office Web Apps working. Our external DNS name is different to the internal one. There will be multiple site collections. Currently all users will be from active directory.
Given the requirement for ssl I have set it up as a single web application with host named site collections for the root site, search and mysite host with other sites to follow. I have assumed that since the certificate will need to be verified that all sites will have public fully qualified domain names (such as .com rather than .local). Local DNS has been set up to resolve the external names correctly within the network. Once live our external DNS will route to the internal server. A separate DNS zone has been setup to support SharePoint Apps and both currently use self signed wildcard certificates for testing. So far this works.
Issues
Lots of login prompts when accessing mysites, search, apps and other sites. I am aware that adjusting Internet Explorer local zones can get around this but there also needs to be a single sign on process for non-windows devices. Most of our external users are students so any fix involving them having to change anything on their client devices is unworkable.
Three questions
- Is the idea of placing everything on the default zone with fully qualified domain names the best approach to enable ssl?
- How exactly should the mysites be set up as I’ve read confusing information regarding them and host names site collections? It is suggested that they don’t work, or that they do work but there is no control over where they are stored.
- What is the suggested authentication setup to achieve this? TMG reverse proxying was proposed as an option until it was retired with a similar story for UAG. I don’t really mind if all users have to log on to a form but it will need to be single sign on between mysites, search, apps and different sites on the same server as well as Office web apps. Essentially a sign in process similar to the Office 365 login portal would do. I suspect ADFS plays a part in this but I’m not sure how.