Your multi-server setups?

[cayaraa]

Hello all,

I'm wondering how others have their multi-server installs setup and if they've run into any problems or wished they had done things differently from the start.

We've been testing with a single server for a few months without any issues. Now we're moving all of our test users over to a multi-server setup and then I'm going to start migrating everyone else over. We're using 4 total servers: two mailbox servers, one ldap, and one imap/pop proxy with an mta.

One thing in particular that I'm interested in is how others configured them to look like one server. What I'm trying right now is I have two A records of zimbra.domain.com pointing back to the two IP addresses of the hosts. There are also A records for the hostnames themselves. I've set the virtual host and zimbraPublicServiceHostnameup for our primary domain to zimbra.domain.com.

Thanks!

[bdial]

you may want to check out zimbra-proxy. you can deploy that as a frontend for multiple mailbox servers so users always access zimbra.domain.com and never see the individual mailbox server addresses.

[cayaraa]

Actually I did start out testing with the web proxy but we didn't stick with it for very long. I found that when doing backup/restores that use the rest url commands (either through the web interface or the command line) that we would get timeout errors.

postRestURL read timed out with zimbra proxy

[LMStone]

You can use other methods for moving mailboxes between mailbox servers; Zimbra Proxy is by far the easiest on your end users.

A separate LDAP Master server for just two mailbox servers seems like overkill, but I can see that you might have firewall architecture reasons for doing it that way.

Two suggestions:

First, configure A/MX records for your mailbox servers but block port 25 to them. Configure the mailbox servers to use the MTA box as their webmail host as well. In this way, the spammers won't be able to touch your mailbox servers but if your MTA gets overloaded or otherwise compromised, with one quick firewall change and two easy Admin Console changes your users will be able to continue to send and receive email.

Second, we typically deploy Zimbra Proxy on a separate server. In the early days, Zimbra Proxy would sometimes have issues, so isolating it on a separate server gave us flexibility. We still do the same thing, but to be fair I think more out of inertia than anything else at this point.

We saw one single-to-multi server install where the site deployed the second mailbox server, and then deployed Zimbra Proxy on the first mailbox server (the original single-server), so that the end users had to make no changes whatsoever in how they accessed the system.

Hope that helps,
Mark