Multi-server installation Zimbra Collaboration Suite
There is an unspoken rule according to which it is not recommended to create more than 5-6 thousand mailboxes on the same server with the Zimbra Collaboration Suite. Exceeding this range is fraught with a significant deterioration in the quality of server operation and a decrease in its availability to users. But what to do if you run a large enterprise or a SaaS provider that sells access to the Zimbra Collaboration Suite as a service, and you need to provide 10, 20, 30 or more thousand people with e-mail? Especially for such cases, Zimbra has support for a multi-server installation, in which the mailboxes are located on different servers and allow you to maintain high availability of e-mail even under heavy loads.
Of course, the multi-server installation of Zimbra Collaboration Suite is significantly different from the usual installation on a single server, the process of which is described in detail in a previous article. First of all, it is recommended to determine the architecture of the server infrastructure on which the Zimbra Collaboration Suite will be installed. The most optimal in the work will be such a configuration of the server infrastructure. Note that the number of servers for storing mailboxes can be any, and the number of them, as already noted, is calculated on the basis of 5-6 thousand active mailboxes per server if they will be accessed exclusively through the web client, and 3-4 thousand mailboxes to the server, if users work with desktop clients and synchronize mail with mobile devices.
One example of building a multi-server infrastructure for the Zimbra Collaboration Suite
')
Before starting the installation, make sure that all the servers have the same system time. First of all, for a Zimbra multiserver installation, we need to install and configure a Zimbra LDAP server. If desired, Zimbra LDAP can be installed on multiple servers, one of which will act as the primary LDAP server, and the rest will be secondary LDAP servers that take up some of the workload and thereby increase the speed of the primary server. Having an auxiliary LDAP server also increases the security and resiliency of the infrastructure with Zimbra.
During the installation of Zimbra on the main LDAP server, the installer will prompt you to select the components to be installed. In this case, we only need zimbra-ldap :
Press Y and after the system has been modified, a text menu will open in which we are interested in the Common configuration item. Turning to it, we see a list of basic settings:
By selecting item 4, you can see the randomly generated Zimbra LDAP access password generated during installation and change it if you wish. You should also change the time zone to the one in which you are currently located. We recommend that you remember or write somewhere the LDAP administrator password, as well as the access port and the domain name of the LDAP server. You will need this information when setting up mailbox servers and MTAs.
After this, we return to the main menu and select the second item called zimbra-ldap . Here we are interested in randomly generated passwords for accessing LDAP root, LDAP replication, LDAP Postfix, LDAP Amavis and LDAP Nginx, which can be changed to self-made ones. We recommend that you remember or write down passwords from LDAP replication, LDAP Postfix, LDAP Amavis, and LDAP Nginx, as they will be useful in further configuring servers with MTA and auxiliary LDAP servers. After that, it remains only to apply the changes and agree to record all the settings in the file. LDAP server setup is complete.
In case you want to set up LDAP secondary servers, you should activate their support on the primary LDAP server using the / opt / zimbra / libexec / zmldapenablereplica command . Further, when configuring auxiliary LDAP servers, the primary server must be enabled.
Installing and configuring an auxiliary LDAP server repeats in many ways the installation and configuration of a primary server. The main differences are in the setup process after installation. So, you will need to:
After that, apply all changes and save the settings to a file.
The installation process of Zimbra on the servers where the mailboxes are located repeats the installation process on the LDAP server. The main difference lies in the set of flags when choosing which components to install. We will need the following set:
After expressing our consent to the installation, we allow the modification of the system, wait for the end of the installation process and begin the server setup process. First of all, we need to go to the Common Configuration item and specify the LDAP server address and LDAP access password, besides it is recommended to check that the correct time zone is set on the server. Also, if you have forgotten your LDAP access password, you can get it by entering the zmlocalconfig -s zimbra_ldap_password command on the LDAP server.
After that you can proceed to the Store Configuration item. Here we will need to set a server administrator password, as well as set the domain name of the repository with the appropriate number so that there is no confusion in the future. In addition, select the type of connection. For example, you can always use HTTP or HTTPS, enable HTTPS enforcement, or use HTTPS only during authentication. After that, you can make a number of settings at your discretion. After finishing the settings, you need to apply the changes and save all settings to a file.
In addition to LDAP and mail storages, the Mail Transfer Agent is often placed on a separate server. When installing Zimbra on it, you should select only the zimbra-mta and zimbra-dnscache packages. After this, we again agree to change the system and proceed to setting up the server.
First of all, we need to specify the address of the LDAP server in the Common Configuration, enter the LDAP access password, and set the correct time zone. After that, go to the MTA settings, where you should enter the address of the authentication server, which usually coincides with the address of the mail storage. After that, it remains only to enter the passwords for postfix and amavis, which we created when setting up the main LDAP server. After that, you can apply the changes and save the settings in a separate file.
After the installation, it is a great idea to set passwords for access via SSH in order to be able to remotely manage Postfix servers and sequence. Also, if you are using auxiliary LDAP servers, after the configuration is completed, you will need to change the ldap_url value on the MTA and Mailbox servers so that they work correctly with them. To do this, you need to stop Zimbra using the zmcontrol stop command, and then enter a command like z mlocalconfig -e ldap_url = "ldap: //ldap-2.zimbra.com ldap: //ldap-1.zimbra.com" where specify the addresses of all secondary servers first and at the end of the main LDAP server. On the MTA server, after completing the configuration, you need to run Zimbra again and run / opt / zimbra / libexe / zmmtainit to overwrite the Postfix settings.
Of course, the multi-server installation of Zimbra Collaboration Suite is significantly different from the usual installation on a single server, the process of which is described in detail in a previous article. First of all, it is recommended to determine the architecture of the server infrastructure on which the Zimbra Collaboration Suite will be installed. The most optimal in the work will be such a configuration of the server infrastructure. Note that the number of servers for storing mailboxes can be any, and the number of them, as already noted, is calculated on the basis of 5-6 thousand active mailboxes per server if they will be accessed exclusively through the web client, and 3-4 thousand mailboxes to the server, if users work with desktop clients and synchronize mail with mobile devices.
One example of building a multi-server infrastructure for the Zimbra Collaboration Suite
')
Zimbra LDAP
Before starting the installation, make sure that all the servers have the same system time. First of all, for a Zimbra multiserver installation, we need to install and configure a Zimbra LDAP server. If desired, Zimbra LDAP can be installed on multiple servers, one of which will act as the primary LDAP server, and the rest will be secondary LDAP servers that take up some of the workload and thereby increase the speed of the primary server. Having an auxiliary LDAP server also increases the security and resiliency of the infrastructure with Zimbra.
During the installation of Zimbra on the main LDAP server, the installer will prompt you to select the components to be installed. In this case, we only need zimbra-ldap :
Select the packages to install Install zimbra-ldap [Y] y Install zimbra-logger [Y] n Install zimbra-mta [Y] n Install zimbra-dnscache [Y] n Install zimbra-snmp [Y] n Install zimbra-store [Y] n Install zimbra-apache [Y] n Install zimbra-spell [Y] n Checking required space for zimbra-core Installing: zimbra-core zimbra-ldap The system will be modified. Continue? [N] y Press Y and after the system has been modified, a text menu will open in which we are interested in the Common configuration item. Turning to it, we see a list of basic settings:
Common Configuration: 1) Hostname: ldap-1.zimbra.com 2) Ldap master host: zimbra.com 3) Ldap port: 389 4) Ldap Admin password: set 5) Secure interprocess communications: Yes 6) TimeZone: (GMT-08.00) Pacific Time (US & Canada) 7) IP Mode: ipv4 8) Default SSL digest: sha256 By selecting item 4, you can see the randomly generated Zimbra LDAP access password generated during installation and change it if you wish. You should also change the time zone to the one in which you are currently located. We recommend that you remember or write somewhere the LDAP administrator password, as well as the access port and the domain name of the LDAP server. You will need this information when setting up mailbox servers and MTAs.
After this, we return to the main menu and select the second item called zimbra-ldap . Here we are interested in randomly generated passwords for accessing LDAP root, LDAP replication, LDAP Postfix, LDAP Amavis and LDAP Nginx, which can be changed to self-made ones. We recommend that you remember or write down passwords from LDAP replication, LDAP Postfix, LDAP Amavis, and LDAP Nginx, as they will be useful in further configuring servers with MTA and auxiliary LDAP servers. After that, it remains only to apply the changes and agree to record all the settings in the file. LDAP server setup is complete.
LDAP Replica
In case you want to set up LDAP secondary servers, you should activate their support on the primary LDAP server using the / opt / zimbra / libexec / zmldapenablereplica command . Further, when configuring auxiliary LDAP servers, the primary server must be enabled.
Installing and configuring an auxiliary LDAP server repeats in many ways the installation and configuration of a primary server. The main differences are in the setup process after installation. So, you will need to:
- Specify the address of the primary LDAP server as the LDAP Master host name,
- In the field for entering a port, specify the port number that is open in the main LDAP server.
- Randomly generated LDAP Admin password replaced with the one installed on the main LDAP server
- In the LDAP configuration submenu, set the No parameter in the Create Domain field
- Enter the LDAP replication password that was set when configuring the primary server.
After that, apply all changes and save the settings to a file.
Zimbra mailbox
The installation process of Zimbra on the servers where the mailboxes are located repeats the installation process on the LDAP server. The main difference lies in the set of flags when choosing which components to install. We will need the following set:
Select the packages to install Install zimbra-ldap [Y] N Install zimbra-logger [Y] Y Install zimbra-mta [Y] N Install zimbra-dnscache [Y] N Install zimbra-snmp [Y] Y Install zimbra-store [Y] Y Install zimbra-apache [Y] Y Install zimbra-spell [Y] Y Checking required space for zimbra-core Installing: zimbra-core zimbra-logger zimbra-snmp zimbra-store zimbra-apache zimbra-spell zimbra-convertd The system will be modified. Continue [N] Y After expressing our consent to the installation, we allow the modification of the system, wait for the end of the installation process and begin the server setup process. First of all, we need to go to the Common Configuration item and specify the LDAP server address and LDAP access password, besides it is recommended to check that the correct time zone is set on the server. Also, if you have forgotten your LDAP access password, you can get it by entering the zmlocalconfig -s zimbra_ldap_password command on the LDAP server.
After that you can proceed to the Store Configuration item. Here we will need to set a server administrator password, as well as set the domain name of the repository with the appropriate number so that there is no confusion in the future. In addition, select the type of connection. For example, you can always use HTTP or HTTPS, enable HTTPS enforcement, or use HTTPS only during authentication. After that, you can make a number of settings at your discretion. After finishing the settings, you need to apply the changes and save all settings to a file.
Zimbra MTA
In addition to LDAP and mail storages, the Mail Transfer Agent is often placed on a separate server. When installing Zimbra on it, you should select only the zimbra-mta and zimbra-dnscache packages. After this, we again agree to change the system and proceed to setting up the server.
Select the packages to install Install zimbra-ldap [Y] N Install zimbra-logger [Y] N Install zimbra-mta [Y] Y Install zimbra-dnscache [Y] Y Install zimbra-snmp [Y] N Install zimbra-store [Y] N Install zimbra-apache [Y] N Install zimbra-spell [Y] N Checking required space for zimbra-core Installing: zimbra-mta zimbra-dnscache The system will be modified. Continue [N] Y First of all, we need to specify the address of the LDAP server in the Common Configuration, enter the LDAP access password, and set the correct time zone. After that, go to the MTA settings, where you should enter the address of the authentication server, which usually coincides with the address of the mail storage. After that, it remains only to enter the passwords for postfix and amavis, which we created when setting up the main LDAP server. After that, you can apply the changes and save the settings in a separate file.
After the installation, it is a great idea to set passwords for access via SSH in order to be able to remotely manage Postfix servers and sequence. Also, if you are using auxiliary LDAP servers, after the configuration is completed, you will need to change the ldap_url value on the MTA and Mailbox servers so that they work correctly with them. To do this, you need to stop Zimbra using the zmcontrol stop command, and then enter a command like z mlocalconfig -e ldap_url = "ldap: //ldap-2.zimbra.com ldap: //ldap-1.zimbra.com" where specify the addresses of all secondary servers first and at the end of the main LDAP server. On the MTA server, after completing the configuration, you need to run Zimbra again and run / opt / zimbra / libexe / zmmtainit to overwrite the Postfix settings.
Source: https://habr.com/ru/post/432782/
All Articles