Presentation is loading. Please wait.

Presentation is loading. Please wait.

Some experiences Migration of UNIX mail + MS-Exchange  Zimbra groupware system Dirk Jahnke-Zumbusch HEPiX spring 2015 Oxford University United Kingdom.

Published byVerity Wade Modified over 10 years ago

Similar presentations

Presentation on theme: "Some experiences Migration of UNIX mail + MS-Exchange  Zimbra groupware system Dirk Jahnke-Zumbusch HEPiX spring 2015 Oxford University United Kingdom."— Presentation transcript:

1 Some experiences Migration of UNIX mail + MS-Exchange  Zimbra groupware system Dirk Jahnke-Zumbusch HEPiX spring 2015 Oxford University United Kingdom March 2015

2 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 2 e-mail at DESY – building blocks > DMZ: “incoming” e-mail  restrictive filtering (reject) > intranet “incoming” e-mail  anything will be ok > virus scan & quarantine > SPAM-filtering & -tagging > mail hub  central mailbox server  mailing list server  other mail server

3 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 3 motivation to replace the existing mail services > Exchange 2003  OS: 32bit, 3.5GB RAM  slow  once hit maximum number of transaction logs  WebUI not attractive  no support any longer (but really recommendable)  Hardware aged  raw iron > Dovecot 2.0  is an IMAP service “only”  no WebUI  good support  continuous development  merger of Dovecot and Open-Xchange  chance for consolidation of two services  consolidation means a third instance in the first place

4 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 4 Zimbra as successor of Exchange 2003 & Dovecot > Zimbra’s feature list may be found somewhere else … > functional replacement of Exchange  details are implemented differently, but functionality exists in principal  public folder  shared mailbox, but this is true for Exchange 2013, too  support of Microsoft Outlook  support of ActiveSync (and meanwhile Exchange web services) > open standards and open protocols > automation and integration interfaces are existent && well documented > attractive web interface > standard OS clients may be used > server platform is Linux > support of virtualized installations  VMware virtualization w/ SAN storage  two locations for business continuity

5 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 5 VMware – considerations > VMware vSphere was already in production for telecommunications SW (WebEx, Cisco Call Manager) > good experiences with VMware  also with Xen Sever (some 700+ VMs) but VMware was the “natural” solution > foreseeing increasing numbers of VMs and stable number of staff  automation for provisioning, operation and monitoring is vital > also other business critical software is installed with VMware > integrates nicely with NetApp and Cisco (Storage, VLAN/SW-switch) > co-location  on campus and even across sites is possible  storage solution is needed for this > VMs  6 mailbox server: 64GB RAM, 8 vCPU, store 1 TB, index 128GB, db 128 GB  others: 16 GB RAM, 4 vCPU

6 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 6 Zimbra – architecture overview

7 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 7 stable hostnames – realization with F5 UNIX IMAP XCHG IMAPSMTP AUTH OUTLOOK WEB ACCESS XCHG ACTIVE SYNC ZIMBRA WEB,AS, ZCO BigIP F5 IPv4 & IPv6 UNIX IMAP REVERSE PROXY XCHG IMAP REVERSE PROXY UNIX MAIL CLUSTER XCHG FRONTEND CLUSTER ZIMBRA PROXY CLUSTER XCHG FRONTEND CLUSTER NB: With our version 10.2.4 of F5 there is no possibility to proxy SMTP with STARTTLS ZCO updates are blocked, so NetInstall will be used

8 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 8 migrating to Zimbra – preparations > set up of a team for installation and first support questions > single server test installation > first users are using the test installation for their daily work > information of committees which might be or are involved > invitation of non-IT and “friendly” power users for tests > first migrations from Exchange to Zimbra > extensive test phase planned > it took even longer, as  Zimbra was sold from VMware to Telligent and support teams changed and some of the development group  in course our problems with esp. the Zimbra Migration Tool were addressed slowly  access to ZMTs source code for our solution partner gave us a working solution

9 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 9 migrating to Zimbra – preparations > development of automation programs ( 1+1  1 )  database to hold status of each mailbox  provisioning of Zimbra using Oracle-DB directly via SOAP-API  procedures for Exchange to Zimbra migration  procedures for UNIX mail to Zimbra migration  considerations of other mail infrastructure being involved (MTAs) > setup of necessary other components  Web-Interfaces for the user, the group admins and helpdesk people (Oracle-APEX)  IMAP reverse proxies and provisioning of proxies and MTAs with routing tables  machines for synchronization software: Zimbra Migration Tool (ZMT), imapsync  software for analysis of synchronization reports  feedback into database > compose not-too-terse and not-to-phony e-mails for end-users and admins with most import information > setup FAQs and manuals

10 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 10 WebUI – Oracle APEX for DB-driven WebUIs > delegated support  group administrator have only access to all members of their group(s)  helpdesk has access to all status information  only the migration team may schedule migrations > users have access to status of their mailbox(es)

11 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 11 migration procedure > migration by groups, so shared mailboxes may be shared within groups first > information of group administrators and users approx on week beforehand > only small changes necessary for users  Outlook requires Zimbra Connector for Outlook (ZCO)  mobile devices have to alter hostname for ActiveSync > pre-migration of e-mails keeps off-line phase relatively small (~2h) > calendars, contacts, tasks, rules, OOO  ZMT > e-mails synchronized via imapsync in several runs ready to start pre-migration imapsync mail flow on hold set transport & forward disableMAPI, ActiveSync, http access imapsync Exchange 2nd run … ZMT everything except e-mail set IMAP proxy e-mails on hold  released imapsync Exchange 3rd run disable Exchange IMAP access imapsync UNIX 1st run set IMAP proxy set UNIX forward imapsync UNIX 2nd run imapsync UNIX 3rd run end of migration

12 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 12 imapsync – migration of e-mails > ideal for implementing a two-phase migration of e- mails  needs to track on which server the first migration tool place, so imapsync cache information is present!  imapsync cache implies one file for each mail(!)  XFS with inode64 mount option > no “/” in mail folder names  those are invisible to IMAP  changing “/” to e.g. “_” before the last imapsync run helps  end even later… /srv/imapsync/bin/imapsync \ --noreleasecheck \ --tmpdir /XFSspool/$account@win \ --pidfile /XFSspool/$account@win.pid \ --pidfilelocking \ --usecache --useuid --buffersize 8192000 \ --nosyncacls --syncinternaldates \ --nofoldersizes --noauthmd5 --noexpunge \ --exclude "^Public\ Folders/" \... --regextrans2 's,[:],--,g' \ --regextrans2 's,\s+(?=/|$),,g' \ --regextrans2 's,\",'\'',g' \ --regextrans2 's,^(Attachments|Briefcase|Calendar|Chats|Con tacts|Emailed Contacts|Notebook|Notes|Tasks)(?=/|$),$1 (Renamed on Migration),ig' \... --regexflag 's/(.*)/$1 X2Zmig/' \...... no ––delete2...

13 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 13 Zimbra Migration Tool – experiences with appointments > we have a working configuration and stay with it > this was hard work, esp. from our solution partner > mostly problems with calendar entries  all day events were scheduled one day too early; DESY is UTC+0100 (UTC+0200)  originally start time 31-10-2014 23:00 UTC  01-11-2014 00:00 MET  “truncation” && all-day-event  31-10-2014 00:00 > two different access methods via MAPI within Exchange  Outlook object model gives correct date/time  fall back if OOM does not work (for whatever reason) gives sometimes incorrect date/time  “counter” measure  complete logging of all XML SOAP requests/responses  identify potential(!) candidates  inform user about possible mismatches

14 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 14 Zimbra Migration Tool – experiences with contacts etc. > sometimes no contacts were migrated  sometimes an unhandled exception terminates the loop which migrates e-mails, appointments, tasks, contacts as if the whole process ended w/o any error (verified in ZMT source code)  scanning the XML data could identify this problem  manual intervention needed and ad-hoc creativity also > Exchange has entries with UUIDS > 255 bytes > backup of mailboxes switches them into “maintenance” mode  ZMT looses connect and will not connect again > migration of e-mail (DESY does not use this)  all e-mails get an HTML part  S/MIME mails will be broken, (but all info is still there, just some LFs added…) > bugs and RFEs might have been corrected by now...

15 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 15 Outlook considerations > Zimbra Connector for Outlook is required  uses https/SOAP > data is stored on disk  ZDB is a PST  CIFS is a non option  plain text e-mails are enriched automatically by Outlook with an HTML- and RTF-part  bloated file consumes space > first synchronization takes a lot of time for huge mailboxes > header-only mode  may save some space  complex searches with action download lots of content > terminal server installation  problems with multi-node setups  synchronization on node-hop > long periods between outlook starts may lead to “too far out of date” (90d)  server tombstone retention time raised to 182d (domain trust for clients expire after 180 days)

16 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 16 Outlook considerations (ctd.) > huge mailboxes may render Outlook unusable (50GByte)  max. PST size may be adjusted > synchronization of signatures are disabled  two way-synch && HTML à la Outlook gives funny results  via NetInstall > encoding scheme set to UTF-8  mails sent in western encoding iso8859-1 via ZCO to Exchange 2003 are interpreted as UTF-8 > extra tab for Zimbra  rules & signatures > Global Address List  Zimbra’s GAL  AD-GAL  other LDAP source

17 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 17 Zimbra’s briefcase and Zimlets > up- and download files > share them internally  DESY: distribution lists for group handling, provided by DESY-registry > share them externally  during migration a no-option: first external share, then (after migration) internal would confuse users > feature disabled, as there is only one quota possible  we do not use quotas for mail  same storage backend as mail > Zimlets are client apps for the WebUI  they are provided by the server > used for  search highlighting  contact handling  S/MIME on request > S/MIME Zimlet  Java applet – not fashionable  Chrome vs. Firefox vs. IE

18 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 18 mobile devices – a different class of experiences > shared calendars are not available with CalDAV > CardDAV only allows one address book >... > nightly builds of Cyanogen > ancient Android versions > iOS behaviour differs between versions > device encryption  ActiveSync on iOS requires encryption  iOS devices are always encrypted  “allow encryption” on Zimbra  “allow encryption” on Zimbra is misinterpreted by older Android versions as “require encryption”  this is not accepted by some users  use IMAP, CalDAV, CardDAV

19 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 19 check Microsoft interoperability pages for ActiveSync > many problems are not related with Zimbra, esp. ActiveSync check Microsoft’s URLs!  http://support.microsoft.com/kb/3015401/en-us "Known calendaring issues with iOS 8.x and iOS 7.x devices””  http://support.microsoft.com/kb/2563324/en-us "Current issues with Microsoft Exchange ActiveSync and third-party devices"  https://support.apple.com/en-us/HT203209 "iOS: Troubleshooting Exchange ActiveSync 'Push' issues"

20 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 20 operations – monitoring – operating system > stable operations, no surprises so far > mostly self-contained software stack > integration into IT’s standard monitoring environment  Nagios for OS & services  icinga underway  internal reporting capabilities > patching causes 15-30min downtimes > authentication proxied by OpenDJ-LDAP to Kerberos > vmWare is operated by separate team > operating system is Red Hat Enterprise Linux 6  expertise through Scientific Linux in HEP > 1 st -level support by user help desk > separate migration queue in Request Tracker

21 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 21 résumé > Zimbra server operates stable with good performance > open standards and open protocols very much facilitates integration into DESY’s environment > continuous development  that means: new functionality as well as correction of many little and some very annoying bugs  you can subscribe to Zimbra’s bugzilla to stay informed; this is a plus! > migration hurts ; this is a one-off effort, but it’s worth it  delay mostly caused by Zimbra Migration Tool deficiencies and adopting it and writing workarounds/extended analysis tools  the change of Zimbra from VMware to Telligent was an extra obstacle

22 D. Jahnke-Zumbusch | spring HEPiX 2015 | March 2015 | page 22 questions & answers > thank you for your attention

Download ppt "Some experiences Migration of UNIX mail + MS-Exchange  Zimbra groupware system Dirk Jahnke-Zumbusch HEPiX spring 2015 Oxford University United Kingdom."

Similar presentations

CRM 3.0 Whats New in Microsoft CRM 3.0 – Technical.

CRM 3.0 Whats New in Microsoft CRM 3.0 – Technical.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.

Module 12 Upgrading from Exchange Server 2003 or Exchange Server 2007 to Exchange Server 2010.
IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
Communication Technology Peer Group BLACKBERRY 10: ASKED AND ANSWERED.

Communication Technology Peer Group BLACKBERRY 10: ASKED AND ANSWERED.
Calendar Browser is a groupware used for booking all kinds of resources within an organization. Calendar Browser is installed on a file server and in a.

Calendar Browser is a groupware used for booking all kinds of resources within an organization. Calendar Browser is installed on a file server and in a.
Installing Exchange 2010 IT:Network:Applications.

Installing Exchange 2010 IT:Network:Applications.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Introduction to UTORexchange For IT support providers.

Introduction to UTORexchange For IT support providers.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Patch Management Module 13. Module 2-421 You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
TechEd 2013 4/20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

TechEd /20/2017 2:02 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Allows Microsoft Outlook® to integrate with the rest of the World CalDAV/CardDAV Connector.

Allows Microsoft Outlook® to integrate with the rest of the World CalDAV/CardDAV Connector.
Exchange 2010 Recipient and Mailbox Management IT:Network:Applications.

Exchange 2010 Recipient and Mailbox Management IT:Network:Applications.
Managing Client Access

Managing Client Access
IT:Network:Applications Fall 2009.  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

IT:Network:Applications Fall  Running one “machine” inside another “machine”  OS in Virtual machines sees ◦ CPU(s) ◦ Memory ◦ Disk ◦ USB ◦ etc.

Similar presentations

Ads by Google