Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Installation
Reload this Page High Performance, Security, Redundancy

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-30-2007, 04:28 AM
Junior Member
  
Posts: 9
Default High Performance, Security, Redundancy
I am new to Zimbra, but not new to linux, security, largescale systems or identity. On my site I run, PostgreSQL, FedoraLDAP, Tomcat, jBoss, Postfix etc already. I have looked at how Zimbra package their product I must admit with some smiles. (Yes I know I could restructure with symbolic links BUT... )

Can another LDAP directory be used for the repository. I know it wont work with the supplied install tools (thank goodness). My general comment would be I can snaffle the schema and port them to another LDAP directory where I can provide some proper access control over attributes etc (and that is not active directory). I am building what most would call a site with "military grade security" even though I hate the words. I dont believe your current implementation can meet my requirements for security but I am willing to put in some yards.

Do you use JAAS for (J2EE)tomcat security or have you implemented your own model (havent looked at the code yet)? (I am thinking in the terms of single-sign-on products where I can force authentication in the DMZ using HTTPS access at a gateway, SSL terminate their, run it through application firewalls (to make sure they are not being naughty), and then sent it through another firewall to tomcat knowing already who it is, that the request is clean and that tomcat will not cough up more than it should with the request.)

I have a deployment model in mind that some may have tried and I would like comments if possible. I would put the MTA, Virus and SPAM apps on its own hardware with multiple instances for scalability and security (I think the install suggests tha anyway). Store all mailstore stuff (files, index's and DB's) on a central filestore (SAN/iSCSI) and have virtual machines running on multiple severs with each virtual server instance running tomcat and mounting its own mailstore filesytem from the central filestore. This way you can shift instances of the mailserver around for scale and redundancy as required and it would aid backup/restore

A security comment. Storing the mix of applications, configs, files, databases, indexes and logs on one place by the installer is a very bad model for either security or management. Just my comment!
__________________
Graham Horne
Technical Architect
Edentity Labs Ltd
http://www.edentitylabs.com
Reply With Quote
  #2 (permalink)  
Old 03-31-2007, 12:29 AM
Former Zimbran
  
Posts: 5,606
Default
As a VERY general comment,
Some certain unnamed government entities have tested the security of zimbra.
Zimbra was compliant with all of this particular entities requirements.

If it passed that, trust me. . .it will meet your requirements
Reply With Quote
Reply

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.