Zimbra

gzimbmail · #1 (**permalink**) 06-25-2011, 04:01 PM

Hi everyone,

thanks for the attention and sorry if I created a new thread, if there is a solution already posted, pls give me the link.

I'm a newbie on zimbra and I should planning a migration from a pop3 server with Proxy to a Zimbra Open source Edition.

I should planning the installation for 2000 users... and i'm a bit scared, of how to balance it, the solution.
Because there isn't write how many users, the installation's of a medium or a large install is.

I'd like to install it on Vmware ESX, Ubuntu 10.04 (64bit)
1 ) How many Virtual machine should i create?
Tell me if i'm right please; i planned this :

1 - Proxy Imap VM,
1 - Ldap Server VM ( even if i'll use Active Directory to authenticate the users?) or it isn't necessary in the case of AD auth?
2 - Store, i thought 1000 user each...is it too much? How many users can manage each store?
1 - MTA server VM for sending. Is it too poor for 2000 user? How many mails, it can manage each MTA?

Another question is the size of Virtual Machine.

2 ) How big should be the Hard disk size of the Virtual machine?
for Proxy, and MTA 10gb with S.O is enought? i have no idea how much it can grow.

For the Store and Ldap?any advice?

3 ) If everything goes well and in the future i would migrate it, to Network edition is it possible to do it? I saw couple of links that i can do it in 2 ways... is there anybody that did it with the first solution? an easy backup and just install.sh of the NE....?!Is it so "easy"?
Should i backup just the Store and Ldap VM or every server?

i would keep, at the beginning, the old mail server to get a test of zimbra for some users, how can i use zimbra?

I thought this plan:

keep the old proxy, create a VM with ldap, mta, store, all in one, then set in the zimbra's admin, as relay server, the old mail server. Is it right?

How can i tell to the old mail server to check the user in zimbra server?
I mean, if i create users in zimbra and lock, the same users in the old mail server, to start getting email in zimbra, should i change something in the old proxy? or it's better if i create a VM with the Zimbra proxy, then use it instead of the old Proxy? In this case, how can i tell to Zimbra, how to send email to the accounts in the old mail server?

Thank you for the help.

LMStone · #2 (**permalink**) 06-26-2011, 08:31 AM

With modern hardware and fast disks, 1,000 users per mailbox server is OK, if the servers are mailbox-only servers.

One design question you will need to address is whether you are comfortable placing all servers in the same firewall zone, or if you want, for example, to keep the mailbox servers and the LDAP Master in a separate, non-public zone. It depends on how paranoid you want to be!

If you relied on just a gateway firewall and secure inter-server communication, with all servers in one zone, you could do:

Server 1 = Proxy/LDAP Master and BIND Slave
Server 2 = MTA Server/LDAP Slave and BIND Master
Server 3 = Mailbox Server A
Server 4 = Mailbox Server B

If you are a little more paranoid and you want to have separate DMZ and a Private firewall zones, then you could do something like this:

Server 1 = DMZ Zone = MTA Server/LDAP Slave/BIND Slave
Server 2 = DMZ Zone = Proxy Server
Server 3 = Private Zone = LDAP Master/BIND Master
Server 4 = Private Zone = Mailbox Server A
Server 5 = Private Zone = Mailbox Server B

If the load was low enough in the second scenario above, you could put the LDAP master on one of the mailbox servers and the BIND master on the second mailbox server.

Another thing to consider: New Zimbra installs configure secure (encrypted) inter-process communication. Some very large installations turn this off to conserve resources, but then you need to take into account from a security standpoint that LDAP and other potentially sensitive information will be moving around unencrypted.

The good news is that there are lots of ways to organize this, and others will have opinions different from the above I am sure! :-)

But, hopefully the above two examples will get you started thinking about security and resource requirements.

BTW, for the mailbox servers, 4 cores, 12GB - 16GB of RAM (just don't cross NUMA boundaries) and very fast disks for at least the Zimbra store and indexes.

For the MTA server, 4 cores is nice but two cores may be enough; we like RAM disks for Amavis's temporary files.

Hope that helps,
Mark

Krishopper · #3 (**permalink**) 06-26-2011, 11:13 AM

Also, for the record, if you find out that a single MTA can't handle the load, or you need to add another mailbox server, it's easy enough to do all that online.

If you're running Network Edition, you can also move mailboxes between mailbox servers if you add another one.

LMStone · #4 (**permalink**) 06-27-2011, 05:14 AM

FWIW, with a RAM disk configured for Amavis'd temporary files, we find an 8GB MTA-only server running four cores on modern hardware can process up to ~40K emails per hour. Throughput can slow to as little as half of that if the mail stream comprises primarily emails with zipped attachments.

The ability in NE to move mailboxes between servers is very nice, but it breaks that hard linking in the mail store that saves disk space, so we try to avoid it.

Say Bob sends a 20MB PowerPoint file to fourteen others whose mailboxes are on the same Zimbra mailbox server. In Zimbra, the mail blobs and their attachments are hard linked (on a per-mailbox-server basis only!), so total storage used for that email is only a little over 20MB. If you then move all fifteen mailboxes to a new mailbox server using zmmailboxmove, the storage usage becomes 300MB on the new server.

Best therefore to add new mailbox servers before you really need to, and try to avoid moving mailboxes between servers if you can.

Hope that helps,
Mark

*dave_kempe* · #5 (**permalink**) 06-27-2011, 05:45 AM

We also limit the mailbox servers not to how many users, but how much diskspace we want to manage. If you are migrating from pop3, odds on, people don't have any mail at all in their mailboxes, so you don't need much diskspace. However, expect to trend towards our average, of 1.2Gb/person, so you need to plan this out carefully. Or at least, plan to grow. We limit mailbox server sizes to what we can manage in discreet chunks for backups as well. A massive mailbox server with 1000 users gets unmanagable quickly if they have 1.2gb/mailbox. Especially for backups!

LMStone · #6 (**permalink**) 06-27-2011, 08:28 AM

Quote:

Originally Posted by dave_kempe

We also limit the mailbox servers not to how many users, but how much diskspace we want to manage. If you are migrating from pop3, odds on, people don't have any mail at all in their mailboxes, so you don't need much diskspace. However, expect to trend towards our average, of 1.2Gb/person, so you need to plan this out carefully. Or at least, plan to grow. We limit mailbox server sizes to what we can manage in discreet chunks for backups as well. A massive mailbox server with 1000 users gets unmanagable quickly if they have 1.2gb/mailbox. Especially for backups!

Very true. We put /opt/zimbra/backup and /opt/zimbra/hsm on separate mount points to make it easier to migrate to larger storage if/when needed. And a SAN definitely helps!

All the best,
Mark

gzimbmail · #7 (**permalink**) 06-28-2011, 12:11 PM

First of all,
thank you very much for the help, sorry if i'm late but i had lot to do in these days!

I'll probably opt for the first solution that you suggested me Mr LMStone. But i've a doubt about what is it, the Bind Slave and Bind Master... may you explain me?

for dave_kempe, you are right, i'm getting out of my mind, about the disk space.
Because for sure i'm gonna use IMAP service, so, i think i should design even the Network load.
Is it possible to let all 2000 users to use IMAP, or should I think something different?
I think 100MB / user should be the maximum disk space that can I reserve.

The HSM it's included in the 100MB or is it another user space? I mean HSM is apart from the mailbox space?

The backup isn't included in the Open source edition right? While in NE I saw that it is included. Any idea about the sizing of a backup? Is it better to create group backup?is it automated the group backup?

I tought 100MB / user, for 100 users = 10GB , that are about 10 backups for mailstore

should be less then 200GB for a full backup. How long time it can takes?
The HD for backup or even better for HSM, could be connect with NFS?
For the backup, mr LMStone you are right, better SAN.

About the proxy, may i keep using the old one that i have or should i install the Zimbra proxy and using it instead of the old one?
Well, probably i'm gonna choose the new Zimbra proxy. I'm a bit scared for this migration...

Thank you for the help!

gzimbmail · #8 (**permalink**) 07-05-2011, 02:25 AM

if i would use an AD to authenticate the users, do i need to create user on LDAP server?
May I create LDAP users and then in the future use an AD ? How does it works? what happen doing so, to my account mailbox ?

Thanks for the answer