ZCS Multi-Server Installation Guide, Network Edition 5.0 (Rev 5.0.19 September 2009)
Table of Contents Previous Next Index


Planning for the Installation

Planning for the Installation
This chapter describes the components that are installed and reviews the configuration options that can be made when you install the Zimbra Collaboration Suite.
Zimbra Packages
Zimbra architecture includes open-source integrations using industry standard protocols. The third-party software has been tested and configured to work with the Zimbra software.
The following describes the Zimbra packages that are installed.
Zimbra Core. This package includes the libraries, utilities, monitoring tools, and basic configuration files. Zimbra Core is automatically installed on each server.
Zimbra LDAP. User authentication is provided through OpenLDAP® software. Each account on the Zimbra server has a unique mailbox ID that is the primary point of reference to identify the account. The OpenLDAP schema has been customized for the Zimbra Collaboration Suite. The Zimbra LDAP server must be configured before the other servers. You can set up LDAP replication, configuring a master LDAP server and replica LDAP servers.
Zimbra MTA. Postfix is the open source mail transfer agent (MTA) that receives email via SMTP and routes each message to the appropriate Zimbra mailbox server using Local Mail Transfer Protocol (LMTP). The Zimbra MTA also includes the anti-virus and anti-spam components.
Zimbra Store. The Zimbra store includes the components for the mailbox server, including Jetty, which is the servlet container the Zimbra software runs within. The Zimbra mailbox server includes the following components:
Data store. The data store is a MySQL® database.
Message store. The message store is where all email messages and file attachments reside.
Index store. Index and search technology is provided through Lucene. Index files are maintained for each mailbox.
Zimbra SNMP. Installing the Zimbra SNMP package is optional. If you choose to install zimbra-SNMP for monitoring, this package should be installed on every Zimbra server.
Zimbra Logger. Installing the Zimbra Logger package is optional. If you install the Logger package, it must be installed on the first mailbox server. The Zimbra logger installs tools for syslog aggregation, reporting, and message tracing. If you do not install Logger, you cannot use the message trace feature. In addition, the server statistics are not captured, and the server statistics section of the administration console will not display.
Note: The Logger package must be installed at the same time as the mailbox server.
Zimbra Spell. Installing the Zimbra Spell package is optional. Aspell is the open source spell checker used on the Zimbra Web Client.
Zimbra Apache. This package is installed automatically when Zimbra Spell or Zimbra Convertd (See Note) is installed.
Note: The zimbra-convertd package is a beta package for Network Edition customers that implements the ZCS 6.0 method of using convertd. For more information, contact Zimbra support.
Zimbra Proxy. Zimbra proxy can be configured as a POP and IMAP proxy server and for reverse proxy HTTP requests. This package is normally installed on the MTA server or on its own independent server. Zimbra proxy can be installed on more than one server. When the zimbra-proxy package is installed, the proxy feature is enabled. Installing the Zimbra Proxy is optional.
Zimbra Archiving. The Zimbra Archiving and Discovery feature is an optional feature for ZCS Network Edition. Archiving and Discovery offers the ability to store and search all messages that were delivered to or sent by ZCS. This package includes the cross mailbox search function which can be used for both live and archive mailbox searches. Note: Using Archiving and Discovery can trigger additional mailbox license usage. To find out more about Zimbra Archiving and Discovery, contact Zimbra sales.
The Zimbra server configuration is menu driven. The installation menu displays the default configuration values. The menu displays the logical host name and email domain name [example.com] as configured for the computer.
Configuration Examples
Zimbra Collaboration Suite can be easily scaled for any size of email environment, from very small businesses with fewer than 25 email accounts to large businesses with thousands of email accounts. The following table shows examples of different configuration options.
 
All ZCS components installed on one server
See the Zimbra Installation Quick Start for installation instructions
Zimbra LDAP and Zimbra message store on one server
Zimbra MTA on a separate server.
Possibly include additional Zimbra MTA servers
Zimbra LDAP on one server
Multiple Zimbra mailbox servers
Multiple Zimbra MTA servers
Zimbra Master LDAP server
Multiple Zimbra mailbox servers
Multiple Zimbra MTA servers
Downloading the Zimbra Software
For the latest Zimbra software download, go to www.zimbra.com. Save the Zimbra Collaboration Suite download file to the computer from which you will install the software.
When the Zimbra Collaboration Suite is installed, the following Zimbra applications are saved to the Zimbra server:
Zimbra Collaboration Suite Connector for Outlook® .msi file. This is a MAPI service provider that is installed on users’ computers, and users can use Microsoft® Outlook® 2003 or 2007 to access the ZCS server and synchronize data to/from Outlook for offline use.
Zimbra Connector for Apple iSync plug-in. When this is installed on users Macs, they can use Apple Address Book, iCal, and Microsoft Entourage® to access ZCS.
Zimbra Collaboration Suite Migration Wizard for Exchange .exe file to migrate Microsoft® Exchange server email accounts to the Zimbra server.
Zimbra Collaboration Suite Migration Wizard for Domino .exe file to migrate Lotus Domino server email accounts to the Zimbra server.
Zimbra Collaboration Suite Import Wizard for Outlook .exe file to allow users to import their Outlook .pst files to the Zimbra server.
Supporting documentation can be found on the administration console Help Desk page or at www.zimbra.com.
Zimbra License
A Zimbra license is required in order to create accounts. See “Zimbra Collaboration Suite License” on page 5 for a description of the license types.
The regular license can only be installed on the ZCS system for which it is purchased. Only one Zimbra license is required for your Zimbra Collaboration Suite environment. This license is installed on the Zimbra mail server.
When you renew or change the Zimbra license, you must update the Zimbra mail server with the new license information. Use the Update License Wizard from the administration console’s Global Settings to upload and install an updated license, or you can update the license using the zmlicense CLI command. See the Administration Guide, Appendix A, CLI Commands.
Current license information, including the number of accounts purchased, the number of accounts used, and the expiration date, can be viewed from the Global Settings on the administration console.
Menu-Driven Configuration
The menu driven installation displays the components and their existing default values. During the installation process you can modify the default values. Only those menu options associated with the package being installed are displayed.
Common configuration options
The packages installed in common configuration include libraries, utilities, monitoring tools, and basic configuration files under Zimbra Core. These options are configured on all servers.
The table below describes the Main menu common configuration options.
Server Configured
The host name configured in the operating system installation
The LDAP master host name. This LDAP host name is configured on every server
Password for the Zimbra admin user and is configured on every server
Select the time zone to apply to the default COS. The time zone that should be entered is the time zone that the majority of users in the COS will be located. The default time zone is PST (Pacific Time)
Require secure interprocess communications
By default startTLS is YES. When startTLS is enabled there is a secure communication between amavis and postfix and the LDAP server
If this is disabled, ZCS disables the use of startTLS with the LDAP server
All servers, if installed
Installing SNMP is optional, but if installed it must be on all servers.
Enable SNMP notifications. The default is No. If you enter yes, you must enter the SNMP Trap hostname.
Enable SMTP notification — The default is No.
SMTP Source email address — If you enter yes for SMTP notification, you must enter the SMTP source email address and SMTP Destination email address — destination email address.
When the installation and configuration is complete, if this is set to Yes, the Zimbra server is automatically started.
At any time during the installation, you can save the configuration to a file.
Quit can be used at any time to quit the installation.
Zimbra LDAP server configuration options
These options are configured on the Zimbra LDAP server.
The table below describes the Main menu LDAP server configuration options
 
Zimbra LDAP Server
Status - Enabled. For replica LDAP servers the status is changed to Disabled.
Create Domain — Yes. You can create one domain during installation and additional domains can be created from the administration console.
Domain to create — The default domain is the fully qualified hostname of the server. If you created a valid mail domain on your DNS server, enter it here.
LDAP Root password. This password is automatically generated and is used for internal LDAP operations.
LDAP Replication password. This password is automatically generated and is the password used by the LDAP replication server and must be the same password on the LDAP master server and on the replica server.
Zimbra LDAP Server
LDAP Postfix password. This password is automatically generated and is the password used by the postfix user to identify itself to the LDAP server and must be the same password on the LDAP master server and on the MTA server.
LDAP Amavis password.This password is automatically generated and is the password used by the amavis user to identify itself to the LDAP server and must be the same password on the LDAP master server and on the MTA server.
LDAP Nginx password. This password is automatically generated and is used by the Nginx user to identify itself to the LDAP server and must be the same password on the LDAP master server and on the MTA server. This option is displayed only if the zimbra-proxy package is installed.
Zimbra Mailbox server configuration options
These options are configured on the Zimbra Mailbox server.
The table below describes the Zimbra Mailbox server menu options
Zimbra Mailbox Server
Create Admin User - The administrator account is created during installation. This account is the first account provisioned on the Zimbra server and allows you to log on to the administration console.
Admin user to create - The default is admin@[mailhost.example.com]. You may want to change this to your domain address.
Admin Password - You must set the admin account password. The password is case sensitive and must be a minimum of six characters. The administrator name, mail address, and password are required to log in to the administration console.
By default, the automated spam training filter is enabled and two mail accounts are created.
1 -Spam Training User to receive mail notification about mail that was not marked as junk, but should be.
2 -Non-spam (HAM) training user to receive mail notification about mail that was marked as junk, but should not have been.
These addresses are automatically configured to work with the spam training filter. The accounts created have a randomly selected name. To recognize what the account is used for you may want to change this name.
The spam training filter is automatically added to the cron table and runs daily.
Zimbra Mailbox Server
zimbra-store (continued)
Global Document Account — This account is automatically created when ZCS is installed. The account holds the templates and the default Documents Notebook. The Documents feature is enabled from the COS or in individual accounts.
Web server mode - Can be HTTP, HTTPS, Mixed, Both or Redirect.
Mixed mode uses HTTPS for logging in and HTTP for normal session traffic
Both mode means that an HTTP session stays HTTP, including during the login phase, and an HTTPS session remains HTTPS throughout, including the login phase.
Redirect mode redirects any users connecting via HTTP to a HTTPS connection.
All modes use SSL encryption for back-end administrative traffic.
Use spell checker server: yes (if installed)
Spell server URL: http://<example.com>:7780/aspell.php
License file name is unset. The license file must be saved to a director on the server. You enter the file name and location here and the license is installed as part of the ZCS installation. If you do not have the license, you cannot proceed.
Configure store for use with reverse mail proxy: FALSE
Configure store for use with reverse web proxy: FALSE
If either or both of these are changed to TRUE, the proxy setting on the mailbox store are enabled in preparation for setting up zimbra proxy.
Zimbra mailbox server
The Logger package is installed on the first mail server. If installed, it is automatically enabled. Logs from all the hosts are sent to the mailbox server where the logger package is installed. This data is used to generate the statistics graphs and is used for message tracing, and reporting.
Zimbra mailbox server
This menu lists major new features for the ZCS release and whether feature are enabled or not. When you change the feature setting during ZCS installation, you change the default COS settings.
Zimbra mailbox server
Default is Yes. Sets the schedule for Backup session to run as a full backup every Sunday at 1 a.m. and as incremental on the other days at 1 a.m.
Zimbra mailbox server
If installed, it is automatically enabled. When composing messages in the Zimbra Web Client, spell check can be run.
Zimbra mailbox server
When you install zimbra-spell, zimbra-apache gets installed automatically.
Zimbra MTA Server configuration options
Zimbra MTA server configuration involves installation of the Zimbra-MTA package. This also includes anti-virus and anti-spam components.
The table below describes the MTA server menu options
Zimbra MTA Server
MTA Auth host. This is configured automatically if the MTA authentication server host is on the same server, but must be configured if the authentication server is not on the MTA. The MTA Auth host must be one of the mailbox servers.
Enable Spamassassin. Default is enabled.
Enable ClamAV. Default is enabled.
Notification address for AV alerts. Sets the notification address for AV alerts. You can either accept the default or create a new address. If you create a new address, remember to provision this address from the admin console.
Note: If the virus notification address does not exist and your host name is the same as the domain name on the Zimbra server, the virus notifications queue in the Zimbra MTA server and cannot be delivered.
Bind password for postfix LDAP user. This password must be the same as the postfix password configured on the master LDAP server.
Bind password for amavis LDAP user. This password must be the same as the amavis password configured on the master LDAP server.
 
Configuring IMAP and POP Proxy Server
Use of an IMAP/POP proxy server allows routing users of these services to the Zimbra mailbox server on which their mailbox resides. For example, proxying allows users to enter imap.example.com as their IMAP server. The proxy running on imap.example.com inspects their IMAP traffic, does a lookup to determine which backend mailbox server a user’s mailbox lives on (mbs1.example.com, for example), and transparently proxies the connection from user’s IMAP client to the correct mailbox server.
As of ZCS 5.0, the open source NGNIX proxy is bundled as part of the zimbra-proxy package. This package can be installed on mailbox servers, MTA servers, or on their own independent proxy servers. When the zimbra-proxy package is installed, the proxy feature is enabled.
Zimbra Proxy Components
Zimbra Proxy includes the following:
Nginx. A high performance IMAP/POP3 proxy server which handles all incoming POP/IMAP requests.
Memcached. A high performance, distributed memory object caching system. Route information is cached for further use in order to increase performance.
Zimbra Proxy Route Lookup Handler. This is a servlet located on the ZCS mailbox server. This servlet handles queries for the user account route information (the server and port number where the user account resides).
When the proxy server is configured, the service ports on backend Zimbra mailbox server are changed to alternate ports. The proxy now services the standard ports for these protocols. This change is applied even if the proxy services are run on their own independent hosts, in order to distinguish and avoid confusion between the services.
If you have any other services running on these ports, turn them off.
 
When an IMAP or POP3 client logs in through the proxy, the following takes place:
Does a HTTP lookup on a mailbox server to find out which server the mailbox of the user attempting to login lives on
This lookup service runs on mailbox servers on port 7072, and this port on mailbox servers should be available from all proxy servers.
Which mailbox servers participate in this lookup is determined by the zimbraReverseProxyLookupTarget server attribute on servers running the mailbox service. By default all mailbox servers participate in this lookup. Lookup is performed round-robin across configured mailbox servers. The result of the login name to mailbox server lookup are cached in memcached (an open source distributed in-memory hashtable). The memcached process is run alongside all IMAP/POP proxy services.
Note: Memcached will be split into its own service in the future.
Configuring ZCS HTTP Proxy (Beta 5.0.6)
In addition to IMAP/POP3 proxying, the Zimra proxy package based on nginx is also able to reverse proxy HTTP requests to the right backend server.
Using an nginx-based reverse proxy for HTTP helps to hide names of backend mailbox servers from end users.
For example, users can always use their web browser to visit the proxy server at http://mail.example.com. The connection from users whose mailbox lives on mbs1. example.com is proxied to mbs1.example.com by the proxy running on the mail.example.com server. In addition to the ZCS web interface, clients such as REST and CalDAV clients, Zimbra Connector for Outlook and Zimbra Mobile Sync devices are also supported by the proxy.
HTTP reverse proxy routes requests as follows:
If the request has an auth token cookie (ZM_AUTH_TOKEN), the request is routed to the backend mailbox server of the authenticated user.
If the requesting URL can be examined to determine the user name, then the request is routed to the backend mailbox server of the user in the URL. REST, Ca lDAV, and Zimbra Mobile Sync are supported through this mechanism.
If the above methods do not work, the IP hash method is used to load balance the requests across the backend mailbox servers which are able to handle the request or do any necessary internal proxying.
For more information see the Administration Guide, Zimbra Proxy chapter.
Configuring for Virtual Hosting
You can configure multiple virtual hostnames to host more than one domain name on a server. When you create a virtual host, users can log in without have to specify the domain name as part of their user name.
Virtual hosts are configured from the administration console Domains>Virtual Hosts tab. The virtual host requires a valid DNS configuration with an A record.
When users log in, they enter the virtual host name in the browser. For example, https://mail.example.com. When the Zimbra logon screen displays, users enter only their user name and password. The authentication request searches for a domain with that virtual host name. When the virtual host is found, the authentication is completed against that domain.
 

Planning for the Installation

Table of Contents Previous Next Index
ZCS Multi-Server Installation Guide, Network Edition 5.0 (Rev 5.0.19 September 2009)
Copyright © 2009 Yahoo! Inc., Zimbra a Yahoo! company