Multi-server installation Zimbra Collaboration Suite

    There is an unspoken rule that it is not recommended to create more than 5-6 thousand mailboxes on the same server with the Zimbra Collaboration Suite. Exceeding this range is fraught with a significant deterioration in the quality of the server and reducing its availability to users. But what to do if you have a large enterprise or a SaaS provider that sells access to the Zimbra Collaboration Suite as a service, and you need to provide 10, 20, 30 or more thousand people with e-mail? Especially for such cases, Zimbra has support for a multi-server installation, in which the mailboxes are located on different servers and allow you to maintain high availability of e-mail even under heavy loads.

    image

    Of course, the multi-server installation of Zimbra Collaboration Suite is significantly different from the usual installation on a single server, the process of which is described in detail in a previous article. First of all, it is recommended to determine the architecture of the server infrastructure on which the Zimbra Collaboration Suite will be installed. The most optimal in the work will be such a configuration of the server infrastructure. Note that the number of servers for storing mailboxes can be any, and their number, as already noted, is calculated on the basis of 5-6 thousand active mailboxes per server, if they will be accessed exclusively through the web client, and 3-4 thousand mailboxes to the server if users will work with desktop clients and synchronize mail with mobile devices.


    One example of building a multi-server infrastructure for the Zimbra Collaboration Suite

    Zimbra LDAP


    Before starting the installation, make sure that all the servers have the same system time. First of all, for a multi-server Zimbra installation, we need to install and configure a server with Zimbra LDAP. If desired, Zimbra LDAP can be installed on multiple servers, one of which will act as the primary LDAP server, and the rest will be secondary LDAP servers that take up some of the workload and thereby increase the speed of the primary server. Having an auxiliary LDAP server also improves the security and resiliency of the infrastructure with Zimbra.

    During the installation of Zimbra on the main LDAP server, the installer will prompt you to select the components to be installed. In this case, we only need zimbra-ldap :

    Select the packages to install
    Install zimbra-ldap [Y] Y
    Install zimbra-logger [Y] N
    Install zimbra-mta [Y] N
    Install zimbra-dnscache [Y] N
    Install zimbra-snmp [Y] N
    Install zimbra-store [Y] N
    Install zimbra-apache [Y] N
    Install zimbra-spell [Y] N
    Install zimbra-convertd [Y] N
    Install zimbra-memcached [Y] N
    Install zimbra-proxy [Y] N
    Install zimbra-archiving [N] N
    Install zimbra-chat [Y] N
    Install zimbra-drive [Y] N
    Install zimbra-imapd [Y] N
    Checking required space for zimbra-core
    Installing:
        zimbra-core
        zimbra-ldap
    The system will be modified.  Continue? [N]

    Press Y and after completion of the system modification, a text menu will open, in which we are interested in the Common configuration item . Turning to it, we see a list of basic settings:

    Common Configuration:
     1) Hostname:                                            ldap-1.zimbra.com
     2) Ldap master host:                                 zimbra.com
     3) Ldap port:                                             389
     4) Ldap Admin password:                           set
     5) Secure interprocess communications:      Yes
     6) TimeZone:                                            (GMT-08.00) Pacific Time (US & Canada)
     7) IP Mode:                                               ipv4
     8) Default SSL digest:                               sha256

    By selecting item 4, you can see the randomly generated Zimbra LDAP access password generated during installation and change it if you wish. You should also change the time zone to the one in which you are currently located. We recommend that you remember or write somewhere the LDAP administrator password, as well as the access port and the domain name of the LDAP server. You will need this information when setting up mailbox servers and MTAs.

    After this, we return to the main menu and select the second item called zimbra-ldap. Here we are interested in randomly generated passwords for LDAP root, LDAP replication, LDAP Postfix, LDAP Amavis and LDAP Nginx, which can be changed to self-invented ones. We recommend that you remember or write down passwords from LDAP replication, LDAP Postfix, LDAP Amavis, and LDAP Nginx, as they will be useful in further configuring servers with MTA and auxiliary LDAP servers. After that, it remains only to apply the changes and agree to record all the settings in the file. LDAP server setup is complete.

    LDAP Replica


    In case you want to configure LDAP secondary servers, you should activate their support on the primary LDAP server using the / opt / zimbra / libexec / zmldapenablereplica command . Further, when configuring secondary LDAP servers, the primary server must be enabled.

    Installing and configuring an auxiliary LDAP server repeats in many ways the installation and configuration of a primary server. The main differences are in the setup process after installation. So, you will need to:

    1. Specify the address of the primary LDAP server as the LDAP Master host name,
    2. In the field for entering a port, specify the port number that is open in the main LDAP server.
    3. Randomly generated LDAP Admin password replaced with the one installed on the main LDAP server
    4. In the LDAP configuration submenu, set the No parameter in the Create Domain field
    5. Enter the LDAP replication password that was set when configuring the primary server.

    After that, apply all changes and save the settings to a file.

    Zimbra MTA


    In addition to LDAP and mail storages, the Mail Transfer Agent is often placed on a separate server. When installing Zimbra on it, you should select only the zimbra-mta and zimbra-dnscache packages . After this, we again agree to change the system and proceed to setting up the server.

    Select the packages to install
    Install zimbra-ldap [Y] n
    Install zimbra-logger [Y] n
    Install zimbra-mta [Y] y
    Install zimbra-dnscache [Y] y
    Install zimbra-snmp [Y] n
    Install zimbra-store [Y] n
    Install zimbra-apache [Y] n
    Install zimbra-spell [Y] n
    Install zimbra-memcached [Y] n
    Install zimbra-proxy [Y] n
    Checking required space for zimbra-core
    Installing:
        zimbra-core
        zimbra-mta
        zimbra-dnscache
    The system will be modified.  Continue? [N] y
    Installing packages

    First of all, we need to specify the address of the LDAP server in the Common Configuration, enter the LDAP access password, and also set the correct time zone. After that, go to the MTA settings, where you should enter the address of the authentication server, which usually coincides with the address of the mail storage. After this, it remains only to enter the passwords for postfix and amavis, which we created when setting up the main LDAP server. After that, you can apply the changes and save the settings in a separate file.

    Zimbra proxy


    You will need this node to distribute the load between different mail storages and the MTA. It will be on it that the user will be authenticated so that Zimbra could later use it on the mail storage where the user's mailbox is stored. When installing the Zimbra Proxy, you should select only the zimbra-memcached and zimbra-proxy packages . After this, we again agree to change the system and proceed to setting up the server.

    Select the packages to install
    Install zimbra-ldap [Y] N
    Install zimbra-logger [Y] N
    Install zimbra-mta [Y] N
    Install zimbra-dnscache [N] N
    Install zimbra-snmp [Y] N
    Install zimbra-store [Y] N
    Install zimbra-apache [Y] N
    Install zimbra-spell [Y] N
    Install zimbra-convertd [N] N
    Install zimbra-memcached [N] Y
    Install zimbra-proxy [N] Y
    Install zimbra-archiving [N] N
    Installing:
        zimbra-memcached
        zimbra-proxy
    Configuration section
    The system will be modified. Continue [N] Y

    First of all, we need to specify the address of the LDAP server in the Common Configuration, enter the LDAP access password, and also set the correct time zone. After that, go to the MTA settings, where you should enter the address of the authentication server, which usually coincides with the address of the mail storage. After this, it remains only to enter the passwords for postfix and amavis, which we created when setting up the main LDAP server. After that, you can apply the changes and save the settings in a separate file.

    Zimbra mailbox


    The process of installing Zimbra on the servers where the mailboxes are located repeats the installation process on the LDAP server. The main difference lies in the set of flags when choosing which components to install. We will need the following set:

    Install zimbra-ldap [Y] N
    Install zimbra-logger [Y] Y
    Install zimbra-mta [Y] N
    Install zimbra-dnscache [Y] N
    Install zimbra-snmp [Y] Y
    Install zimbra-store [Y] Y
    Install zimbra-apache [Y] Y
    Install zimbra-spell [Y] Y
    Install zimbra-convertd [Y] Y
    Install zimbra-memcached [Y] N
    Install zimbra-proxy [Y] N
    Install zimbra-archiving [N] Y
    Install zimbra-chat [Y] Y
    Install zimbra-drive [Y] Y
    Install zimbra-imapd [Y] N
    Installing:
        zimbra-core
        zimbra-logger
        zimbra-snmp
        zimbra-store
        zimbra-apache
        zimbra-spell
        zimbra-convertd
        zimbra-archiving
        zimbra-chat
        zimbra-drive
    The system will be modified.  Continue? [N]

    After expressing our consent to the installation, we allow the modification of the system, wait for the end of the installation process and begin the server setup process. First of all, we need to go to the Common Configuration item and specify the LDAP server address and LDAP access password, besides it is recommended to check that the correct time zone is set on the server. Also, if you have forgotten your LDAP access password, you can get it by entering the zmlocalconfig -s zimbra_ldap_password command on the LDAP server.

    After that you can proceed to Store Configuration. Here we will need to set a server administrator password, as well as set the domain name of the repository with the appropriate number so that there is no confusion in the future. In addition, select the type of connection. For example, you can always use HTTP or HTTPS, enable HTTPS enforcement, or use HTTPS only during authentication. Also during the Zimbra Mailbox setup, you will need to specify the address of the corresponding MTA server in the SMTP Host line. After that, you can make a number of settings at your discretion. After completing the settings, you must apply the changes and save all settings to a file.

    After the installation, it is a great idea to set passwords for access via SSH in order to be able to remotely manage Postfix servers and sequence. Also, if you use LDAP helper servers, after the configuration is completed, you will need to change the ldap_url value on the MTA and Mailbox servers so that they work with them correctly. To do this, you need to stop Zimbra using the zmcontrol stop command , and then enter a command like z mlocalconfig -e ldap_url = "ldap: //ldap-2.zimbra.com ldap: //ldap-1.zimbra.com" where specify the addresses of all secondary servers first and at the end of the main LDAP server. On the MTA server, after the configuration is completed, you will need to restart Zimbra and run / opt / zimbra / libexe / zmmtainitto overwrite Postfix settings.

    Also popular now: