SharePoint

Contents

1 Introduction

Microsoft SharePoint is a web platform that provides many capabilities such as:

  • Document management
  • Version control
  • File sharing
  • Collaboration
  • Social networking
  • Enterprise search
  • Business intelligence
  • Workflow automation
  • Website creation

Deployment_Guide-SharePoint_1_1.png

A SharePoint Server Farm can include application servers and Web Front End (WFE) servers. The WFE server is used to handle requests from clients. If the WFE server is receiving a lot of requests it may be necessary to build multiple WFE servers and distribute the load amongst them. To provide resiliency and high performance, these WFEs should be load balanced.

The Office Web Apps (OWA) servers can also be managed and/or load balanced by using the LoadMaster. The SharePoint template and steps in this document provide options for both.

1.1 Intended Audience

This document is intended for use by anyone who is interested in learning about deploying a Kemp LoadMaster with SharePoint.

1.2 Document Purpose

This deployment guide provides instructions on how to configure the Kemp LoadMaster to load balance SharePoint using Kemp LoadMaster application templates. This guide should only be used as a reference for the load balancing configuration of SharePoint services because each environment is unique and may have different requirements. This guide outlines the load balancing configuration using the default SharePoint ports using Kemp LoadMaster application templates, but unique ports can also be leveraged based on the environment. 

This guide also outlines the configuration of Virtual Services using Layer 7. Some environments may have the ability to leverage Layer 4, which can improve performance. Contact Kemp Support for any questions regarding configuration options.

1.3 Prerequisites

It is assumed that if you are offloading SSL, an SSL certificate and key has already been obtained and installed on the LoadMaster. For help with SSL certificates, refer to the SSL Accelerated Services, Feature Description. It is also assumed that a working SharePoint environment has been installed.

2 Template

Kemp has developed a template containing our recommended settings for this workload. You can install this template to help create Virtual Services (VSs) because it automatically populates the settings. You can use the template to easily create the required VSs with the recommended settings. You can remove templates after use and this will not affect deployed services. If needed, you can make changes to any of the VS settings after using the template.

Download released templates from the Templates section on the Kemp Documentation Page.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description on the Kemp Documentation Page.

3 LoadMaster Global Settings

Before setting up the Virtual Services, the following global settings should be configured to support the workload.

3.1 Layer 4 Considerations before Deployment

For this application, if you are using an L4 service, it is automatically transparent. When using transparency, the following steps must be followed:

If clients are on the same subnet as the Real Server, returning traffic to the LoadMaster is instead sent to the client. This is asymmetric routing and causes the client to drop the connection because it is expecting it from the LoadMaster, not the Real Server. The diagram below shows the flow of traffic when this rule is not followed.

image.png

If the Real Servers' default gateway is not set to be the LoadMaster’s interface (the shared IP if the LoadMasters are in HA), traffic returning to the LoadMaster is instead sent to the gateway. This is asymmetric routing and causes the connection to drop because the connection should be sent from the LoadMaster, not the Real Server. The diagram below shows the flow of traffic when this rule is not followed.

image5.png

3.2 Enable Subnet Originating Requests Globally

It is best practice to enable the Subnet Originating Requests option globally.

In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.

In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B, Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.

Because this application can run at Layer 4, transparency is enforced. Transparency takes a higher priority than Subnet Originating Requests. Therefore, if transparency is enabled on the Virtual Service and Subnet Originating Requests is enabled globally, the Virtual Service still uses transparency. The Real Server sees traffic from this virtual service originating with the client’s source IP address (transparency). See the Transparency document on the Kemp documentation page for more details.

081.png

 

In the diagram above, you can see the following details:

  • Client: 10.0.0.100/24
  • Virtual Service on eth0: 10.0.0.15/24
  • Real Server on eth1: 10.20.20.25/24

With Subnet Originating Requests enabled, the Real Server sees traffic originating from 10.20.20.21 (LoadMaster eth1 address) and responds correctly.

With Subnet Originating Requests disabled, the Real Server sees traffic originating from 10.0.0.15 (LoadMaster Virtual Service address on eth0) and responds to eth0 causing asymmetric routing

When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether or not to enable Subnet Originating Requests on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to System Configuration > Miscellaneous Options > Network Options.

2. Select the Subnet Originating Requests check box.

3.3 Enable Check Persist Globally

It is recommended that you change the Always Check Persist option to Yes – Accept Changes. Use the following steps:

1. Go to System Configuration > Miscellaneous Options > L7 Configuration.

275.png

2. Click the Always Check Persist drop-down arrow and select Yes – Accept Changes.

4 Configure the LoadMaster for SharePoint

To configure the LoadMaster for SharePoint, you must set up Virtual Services:

  • Some are for the Central Administration site, which is used to administer the SharePoint configuration overall. When you deploy the first SharePoint server, the management site is created. Further production sites can be created as needed.
  • The other Virtual Services are for the User Portal Site. This is for access to MySites and the rest of the SharePoint infrastructure.

This guide contains a section on creating a Virtual Service in the WUI using a template. To configure the Virtual Services using the Application Programming Interface (API), refer to the RESTful API on the Kemp documentation page.

The table in each section outlines the API settings and values. You can use this information when using the Kemp LoadMaster API and automation tools.

Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template. For more information on the SharePoint templates, refer to the Template section.

It may be possible to have a single Virtual Service for both that has extra ports, but you might want different settings on the different Virtual Services, or you might want one Virtual Service to be only accessible internally, for example.

The sections below give instructions on how to set up Virtual Services in both SharePoint 2010 and SharePoint 2013. Refer to the relevant sections for step-by-step instructions on configuring the Virtual Services, depending on your environment. The settings contained in this document are recommended by Kemp. However, your specific configuration may require different settings.

For more information on each of the fields, refer to the Web User Interface (WUI), Configuration Guide .

4.1 Two-Armed Configurations

If you have a two-armed configuration with SSL offloading, you may need to enable subnet originating requests. This can either be done on a per-Virtual Service basis (Subnet Originating Requests field in Standard Options in the Virtual Service modify screen), or on a global basis (System Configuration > Miscellaneous Options > Network Options > Subnet Originating Requests).

It is recommended that the Subnet Originating Requests option is enabled on a per-Virtual Service basis.

While a one-armed configuration is not common, it is supported. For security best practice, you should separate the network that clients will connect to from the network that the Real Servers are on.

4.2 Configure SharePoint 2010 Virtual Services

Refer to the sections below for API parameters and values for the Virtual Services for SharePoint 2010. These Virtual Services are not all required – configure the relevant Virtual Services, based on your environment.

4.2.1 Create a Virtual Service using a Template

To configure a Virtual Service using the application template, perform the following steps:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

2. Type a valid Virtual Address.

3. Select the appropriate template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the Real Servers section.

6. Click Add New.

7. Type the Real Server Address.

8. Confirm that the correct port is entered.

9. Click Add This Real Server.

4.2.2 Configuring the User Portal Site Virtual Services for SharePoint 2010

The sections below outline the API parameters and values for the User Portal Site Virtual Services for SharePoint 2010. Refer to the relevant sections below depending on your environment.

4.2.2.1 SharePoint 2010 HTTP Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 80
prot tcp
Transparent 0
Persist src
PersistTimeout 3600
Idletime 900
CheckUrl /

Add any Real Servers as needed.

4.2.2.2 SharePoint 2010 HTTPS Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
Transparent 0
Persist src
PersistTimeout 3600
Idletime 900
CheckUrl /

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.2.2.3 SharePoint 2010 HTTPS Offloaded Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
SSLAcceleration 1
CipherSet BestPractices
Transparent 0
Persist src
PersistTimeout 3600
Idletime 900
CheckUrl /

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description on the Kemp Documentation Page.

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.2.2.4 SharePoint 2010 HTTPS Re-encrypt Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
SSLAcceleration 1
SSLReencrypt 1
CipherSet BestPractices
Persistent src
PersistTimeout 3600
Idletime 900
CheckUrl /

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.2.3 Configuring the Central Administration Site Virtual Services for SharePoint 2010

The sections below outline the API parameters and values for the Central Administration Site Virtual Services for SharePoint 2010. Refer to the relevant sections below depending on your environment.

4.2.3.1 SharePoint 2010 HTTP Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

 

API Parameter

API Value

port 8000
prot tcp
VStype http
Transparent 0
Persist src
PersistTimeout 3600
Idletime 900
CheckType http
CheckUrl /

Add any Real Servers as needed.

4.2.3.2 SharePoint 2010 HTTPS Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
Transparent 0
Persist src
PersistTimeout 3600
Idletime 900
CheckType https
CheckUrl /

Add any Real Servers as needed.

4.2.3.3 SharePoint 2010 HTTPS Offloaded Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
SSLAcceleration 1
CipherSet BestPractices
Transparent 0
Persistent src
PersistTimeout 3600
Idletime 900
CheckType http
CheckUrl /

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

Add any Real Servers as needed.

4.2.3.4 SharePoint 2010 HTTPS Re-encrypted Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
SSLAcceleration 1
SSLReencrypt 1
CipherSet BestPractices
Persist src
PersistTimeout 3600
Idletime 900
CheckType https
CheckUrl /

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page

Add any Real Servers as needed.

4.3 Configure SharePoint 2013 Virtual Services

Refer to the sections below for API parameters and values for the Virtual Services for SharePoint 2013. These Virtual Services are not all required – configure the relevant Virtual Services, based on your environment.

4.3.1 Create a Virtual Service using a Template

To configure a Virtual Service using the application template, perform the following steps:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

2. Type a valid Virtual Address.

3. Select the appropriate template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the Real Servers section.

6. Click Add New.

7. Type the Real Server Address.

8. Confirm that the correct port is entered.

9. Click Add This Real Server.

4.3.2 Configure the User Portal Site Virtual Services for SharePoint 2013

The sections below outline the API parameters and values for the User Portal Site Virtual Services for SharePoint 2013. Refer to the relevant sections below depending on your environment.

4.3.2.1 SharePoint 2013 HTTP Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 80
prot tcp
Transparent 0
Idletime 900
CheckUrl /

Add any Real Servers as needed.

4.3.2.2 SharePoint 2013 HTTPS Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
Transparent 0
Idletime 900
CheckUrl /

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.3.2.3 SharePoint 2013 HTTPS Offloaded Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
SSLAcceleration 1
CipherSet BestPractices
Transparent 0
Idletime 900
CheckUrl /

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.3.2.4 SharePoint 2013 HTTPS Re-encrypt Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.3.3 Configure the Central Administration Site Virtual Services for SharePoint 2013

The sections below outline the API parameters and values for the Central Administration Site Virtual Services for SharePoint 2013. Refer to the relevant sections below depending on your environment.

4.3.3.1 SharePoint 2013 HTTP Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8000
prot tcp
VStype http
Transparent 0
Idletime 900
CheckType http
CheckUrl /

Add any Real Servers as needed.

4.3.3.2 SharePoint 2013 HTTPS Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
Transparent 0
Idletime 900
CheckType https
CheckUrl /

Add any Real Servers as needed.

4.3.3.3 SharePoint 2013 HTTPS Offloaded Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
SSLAcceleration 1
CipherSet BestPractices
Transparent 0
Idletime 900
CheckType http
CheckUrl /

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

Add any Real Servers as needed.

4.3.3.4 SharePoint 2013 HTTPS Re-encrypted Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
SSLAcceleration 1
SSLReencrypt 1
CipherSet BestPractices
Idletime 900
CheckType https
CheckUrl /

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

Add any Real Servers as needed.

4.3.4 SharePoint 2013 HTTP and WAF Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

 

API Parameter

API Value

port 80
prot tcp
Transparent 0
Idletime 900
Intercept 1
rule (use the command to add a WAF rule)

G/ip_reputation%20G/known_vulns%20G/malware_detection%20G/botnet_attacks%20A/sharepoint_attacks%20A/iis_attacks

CheckUrl /

All rules should be selected for each ruleset. Additional OWASP Core Rule Sets can be downloaded from the ModSecurity website to further secure the SharePoint environment.

Add any Real Servers as needed.

4.3.5 SharePoint 2013 HTTPS Re-encrypted and WAF Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
Transparent 0
Idletime 900
SSLAcceleration 1
SSLReencrypt 1
CipherSet BestPractices
Intercept 1
rule (use the command to add a WAF rule)

G/ip_reputation%20G/known_vulns%20G/malware_detection%20G/botnet_attacks%20A/sharepoint_attacks%20A/iis_attacks

CheckUrl /

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

All rules should be selected for each ruleset. Additional OWASP Core Rule Sets can be downloaded from the ModSecurity website to further secure the SharePoint environment.

Add any Real Servers as needed.

4.4 Configure SharePoint 2016 Virtual Services

Refer to the sections below for API parameters and values for the Virtual Services for SharePoint 2016. Not all these Virtual Services are required – configure the relevant Virtual Services based on your environment.

4.4.1 Create a Virtual Service using a Template

To configure a Virtual Service using the application template, perform the following steps:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

2. Type a valid Virtual Address.

3. Select the appropriate template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the Real Servers section.

6. Click Add New.

7. Type the Real Server Address.

8. Confirm that the correct port is entered.

9. Click Add This Real Server.

4.4.2 Configure the User Portal Site Virtual Services for SharePoint 2016

The sections below outline the API parameters and values for the User Portal Site Virtual Services for SharePoint 2016. Refer to the relevant sections below depending on your environment.

4.4.2.1 SharePoint 2016 HTTP Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 80
prot tcp
Transparent 0
Schedule lc
Idletime 900
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

Add any Real Servers as needed.

4.4.2.2 SharePoint 2016 HTTPS Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
Transparent 0
Schedule lc
Idletime 900
CheckUrl /

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.4.2.3 SharePoint 2016 HTTPS Offloaded Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
SSLAcceleration 1
CipherSet BestPractices
Transparent 0
Schedule lc
Idletime 900
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

Add any Real Servers as needed.

4.4.2.4 SharePoint 2016 HTTPS Re-encrypt Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
SSLAcceleration 1
SSLReencrypt 1
CipherSet BestPractices
Schedule lc
Idletime 900
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

4.4.3 Configure the Central Administration Site Virtual Services for SharePoint 2016

The sections below outline the API parameters and values for the Central Administration Site Virtual Services for SharePoint 2016. Refer to the relevant sections below depending on your environment.

4.4.3.1 SharePoint 2016 HTTP Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

 

API Parameter

API Value

port 8000
prot tcp
VStype http
Transparent 0
Schedule lc
Idletime 900
CheckType http
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

Add any Real Servers as needed.

4.4.3.2 SharePoint 2016 HTTPS Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
Transparent 0
Schedule lc
Idletime 900
CheckType https
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

Add any Real Servers as needed.

4.4.3.3 SharePoint 2016 HTTPS Offloaded Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
SSLAcceleration 1
CipherSet BestPractices
Transparent 0
Schedule lc
Idletime 900
CheckType http
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page

Add any Real Servers as needed.

4.4.3.4 SharePoint 2016 HTTPS Re-encrypted Central Administration Site Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 8444
prot tcp
VStype http
SSLAcceleration 1
SSLReencrypt 1
CipherSet BestPractices
Schedule lc
Idletime 900
CheckType https
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

Ensure you add your SSL certificate to the Virtual Service. For more information, refer to the SSL Accelerated Services Feature Description SSL Services on the Kemp Documentation Page.

Add any Real Servers as needed.

4.4.4 SharePoint 2016 HTTP and WAF Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 80
prot tcp
Transparent 0
Idletime 900
Intercept 1
rule (use the command to add a WAF rule)

G/ip_reputation%20G/known_vulns%20G/malware_detection%20G/botnet_attacks%20A/sharepoint_attacks%20A/iis_attacks

CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

All rules should be selected for each ruleset. Additional OWASP Core Rule Sets can be downloaded from the ModSecurity website to further secure the SharePoint environment.

Add any Real Servers as needed.

4.4.5 SharePoint 2016 HTTPS Re-encrypted and WAF Virtual Service Recommended API Settings (optional)

This table outlines the API parameters and values set using the Kemp application template. These settings can be used with scripts and automation tools.

API Parameter

API Value

port 443
prot tcp
Transparent 0
Idletime 900
SSLAcceleration 1
SSLReencrypt

 

1

CipherSet BestPractices
Intercept 1
rule (use the command to add a WAF rule) G/ip_reputation%20G/known_vulns%20G/malware_detection%20G/botnet_attacks%20A/sharepoint_attacks%20A/iis_attacks
CheckType https
CheckUrl /
CheckHeaders Enter the HOST and URL of the Web Application configured in Alternate Access Mappings in the format HOST:URL.

It is optional to add a HTTP redirector Virtual Service. Whether you require one or not depends on your environment.

All rules should be selected for each ruleset. Additional OWASP Core Rule Sets can be downloaded from the ModSecurity website to further secure the SharePoint environment.

Add any Real Servers as needed.

4.5 Enabling the Edge Security Pack (ESP) with SharePoint

If desired, you can use ESP with SharePoint. To do this, follow the steps in the ESP, Feature Description but ensure to select either Permanent Cookies Always or Permanent Cookies only on Private Computers for the Use Session or Permanent Cookies option.

Selecting a permanent cookie option ensures that Office documents can be opened correctly from SharePoint.

References

Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.

ESP, Feature Description

Web User Interface (WUI), Configuration Guide

IPsec Tunneling, Feature Description

Virtual Services and Templates, Feature Description

SSL Accelerated Services, Feature Description

Last Updated Date

This document was last updated on 28 February 2019.

Was this article helpful?

0 out of 0 found this helpful

Comments

Avatar
Dmitry Ignatev

I want to ask about Configure a SharePoint 2016 HTTPS Re-encrypted and WAF Virtual Service. Any attempt to enter HOST to the Field under "Show Headers" ends with an error. I'll try enter (example) sps.e-lab.domain.ru to the Host field, as in Alternate Access Mappings.
Is it possible to give an example of filling these fields?

Avatar
Matt Martinez

The way this reads is really wierd, "Enter the HOST and URL of the Web Application configured in Alternate Access Mappings." It should be Enter HOST:URL. For example, HOST:mysharepointsite.contoso.com. You literally input HOST as the header.

Avatar
Naseer Husein

Thank you for bringing that to our attention. We will review and have the documentation team make any necessary changes.

Edited by Naseer Husein