Results 1 to 2 of 2

Thread: High Performance, Security, Redundancy

  1. #1
    gjhorne Guest

    Default High Performance, Security, Redundancy

    I am new to Zimbra, but not new to linux, security, largescale systems or identity. On my site I run, PostgreSQL, FedoraLDAP, Tomcat, jBoss, Postfix etc already. I have looked at how Zimbra package their product I must admit with some smiles. (Yes I know I could restructure with symbolic links BUT... )

    Can another LDAP directory be used for the repository. I know it wont work with the supplied install tools (thank goodness). My general comment would be I can snaffle the schema and port them to another LDAP directory where I can provide some proper access control over attributes etc (and that is not active directory). I am building what most would call a site with "military grade security" even though I hate the words. I dont believe your current implementation can meet my requirements for security but I am willing to put in some yards.

    Do you use JAAS for (J2EE)tomcat security or have you implemented your own model (havent looked at the code yet)? (I am thinking in the terms of single-sign-on products where I can force authentication in the DMZ using HTTPS access at a gateway, SSL terminate their, run it through application firewalls (to make sure they are not being naughty), and then sent it through another firewall to tomcat knowing already who it is, that the request is clean and that tomcat will not cough up more than it should with the request.)

    I have a deployment model in mind that some may have tried and I would like comments if possible. I would put the MTA, Virus and SPAM apps on its own hardware with multiple instances for scalability and security (I think the install suggests tha anyway). Store all mailstore stuff (files, index's and DB's) on a central filestore (SAN/iSCSI) and have virtual machines running on multiple severs with each virtual server instance running tomcat and mounting its own mailstore filesytem from the central filestore. This way you can shift instances of the mailserver around for scale and redundancy as required and it would aid backup/restore

    A security comment. Storing the mix of applications, configs, files, databases, indexes and logs on one place by the installer is a very bad model for either security or management. Just my comment!

  2. #2
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    As a VERY general comment,
    Some certain unnamed government entities have tested the security of zimbra.
    Zimbra was compliant with all of this particular entities requirements.

    If it passed that, trust me. . .it will meet your requirements

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. DelegateAuth in audit.log
    By Krishopper in forum Administrators
    Replies: 2
    Last Post: 05-17-2007, 05:08 AM
  2. Replies: 11
    Last Post: 12-03-2006, 01:29 PM
  3. Zimbra Hardware performance and upgradation
    By mansuper in forum Administrators
    Replies: 8
    Last Post: 10-25-2006, 07:51 PM
  4. Performance, spam and lot more
    By montievv in forum Administrators
    Replies: 1
    Last Post: 07-24-2006, 11:24 AM
  5. 3.1 on FC4 problems
    By cohnhead in forum Installation
    Replies: 8
    Last Post: 05-26-2006, 11:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •