Manage ITaaS in the Cloud Era

Designed for virtualization, Zimbra delivers faster provisioning and easier administration with built-in support for high availability, disaster recovery, backup and lifecycle management using VMware vSphere. Zimbra simplifies all of those critical functions through an easy-to-use, web-based administration console, that enables administrators to easily access the applications anywhere, anytime and manage access and policies for a diverse set of users.

Secure Email and Anti-Spam

Zimbra enables IT administrators to securely deliver an enterprise personal cloud service for messaging and collaboration to end users on any device or platform. Zimbra protects end users with built-in anti-malware tools and physically secures the overall architecture and deployment framework with network privacy, server authentication and end-to-end data encryption.

Integrated Anti-virus (AV)

Zimbra Collaboration Server comes embedded with ClamAV, the award-winning open source AV system. It is deployed as an extension of our Postfix MTA. Threat definitions (anti-virus, anti-worm, anti-phishing) are updated multiple times each day to maximize protection. ClamAV is enabled during ZCS installation, so all 'end points' running against the Zimbra server have AV protection (Outlook, ZCS web client) out-of-the-box.

Zimbra also includes a plug-in framework to to run any third-party alternative AV solution.

When Zimbra is deployed on a Linux-based server, attachments can be viewed as html rather than being downloaded, adding an additional layer of protection. Keeping the attachment server side is more secure and also more convenient for end users.

Integrated Anti-Spam (AS)

Zimbra also comes with built in anti-spam filtering on the server using open source tools SpamAssassin and DSPAM. These tools support ongoing training allowing organizations to optimize performance in their own environment. Each package is enabled during ZCS installation and receives regular updates. Spam training is automatically enabled to let users train spam filters as they move messages in and out of their Junk folders.

Zimbra Security Framework Overview

To support highly secure deployments ZCS is designed with a classic network security model where server-side systems must be trusted, but the client-side need not be. With the server physically protected, businesses and organizations can deliver secure messaging and collaboration to their end users anywhere, even on their home computers, and public Internet kiosks without being forced to deploy costly Virtual Private Networks.

Key security framework methodologies:

  • Network privacy and server authentication - ZCS is able to use SSL/TLS encryption of all network communications (signified by "https:" URLS)
  • Client authentication token required - "auth" tokens contain a cryptographically secure representation of the user's individual and machine/network identity, as well as an expiration time. This auth-token prevents classic data-injection attacks on the server.
  • End-to-end data encryption - ZCS has multiple implementation options for encryption between the client and server. ZCS is compatible with encryption technologies such Secure Multipurpose Internet Mail Extensions (S-MIME) or Pretty Good Privacy (PGP).

Other Web Client Security Benefits

The ZCS web client is an Ajax-based application. While it does rely on standard web platform technologies, Ajax has many inherit advantages over traditional products:

  • Web client is downloaded - Ajax client code is downloaded on demand from the trusted ZCS server after a particular user logs-in. No software is left on the client for a malicious person to tamper with.
  • No persistent caching of user data - A substantial exposure with traditional web mail clients is that they cache HTML data including message contents, addresses, etc. This is a significant security vulnerability Ajax applications like the ZCS client avoid because no user data is cached on disk.
  • Server-side control of Zimlet mash-ups - Zimlets and other mash-ups are precluded from accessing arbitrary services on the Internet. This means the ZCS server can act as a secure, proxy gateway for accessing intranet applications, and can govern which web services are accessible for mash-up within the Zimbra Ajax web client.