It just so happened that system administrators are always suspicious of everything new. Literally everything, from new server platforms to software updates, is perceived with caution, exactly as long as there is no first practical experience of use and positive feedback from colleagues from other enterprises. It is understandable, because when you are literally responsible for the operation of the enterprise and the safety of important information with your head, over time you stop trusting even yourself, not to mention counterparties, subordinates or ordinary users.
The distrust of software updates stems from numerous unpleasant incidents where installing new patches resulted in performance drops, user interface changes, system crashes, or, most distressingly, data loss. However, completely avoiding updates is also unavoidable; doing so could expose your enterprise's infrastructure to cybercriminal attacks. Consider the infamous WannaCry virus, which destroyed data stored on millions of computers that weren't updated to the latest version. Windows Computers were encrypted. This incident not only cost hundreds of system administrators their jobs, but also clearly demonstrated the need for a new software update policy at the enterprise that would balance security and installation speed. Ahead of the Zimbra 8.8.15 LTS release, let's look at how to update Zimbra Collaboration Suite Open-Source Edition to ensure the safety of all critical data.
One of the main features of the Zimbra Collaboration Suite is that almost all of its links can be duplicated. In particular, in addition to the main LDAP-Master server, you can add duplicate LDAP replicas, to which, if necessary, you can transfer the functions of the main LDAP server. You can also duplicate Proxy servers and servers with MTA. Such duplication allows, if necessary, to remove individual infrastructure links from the infrastructure during the upgrade and, thanks to this, reliably protect yourself not only from long downtime, but also from data loss in the event of an unsuccessful upgrade.
Unlike other infrastructure components, duplicate mailbox storage is not supported in Zimbra Collaboration Suite. Even if your infrastructure includes multiple mailbox storages, the data for each mailbox can reside on a single mailbox. serverThat's why one of the most important rules for data safety during an upgrade is to back up your mail storage information in a timely manner. The more recent your backup, the more data will be preserved in the event of an emergency. However, there's a caveat: the free edition of Zimbra Collaboration Suite doesn't have a built-in backup mechanism, so you'll have to use built-in GNU/Linux tools to create backups.LinuxHowever, if your Zimbra infrastructure includes multiple mail storage systems and the mail archive is quite large, each backup can take a very long time and place a significant load on the local network and the servers themselves. Furthermore, during long backups, the risk of various force majeure events increases dramatically. Also, performing such a backup without stopping the service increases the risk that some files may be copied incorrectly, resulting in data loss.
That is why, if you need to back up large amounts of information from mail storages, it is better to use incremental backup, which allows you to avoid a complete copy of all information, and back up only those files that appeared or changed after the previous full backup. This greatly speeds up the process of removing backups, and also allows you to quickly start installing updates. You can achieve incremental backups in Zimbra Open-Source Edition using the Zextras Backup modular extension, which is part of the Zextras Suite.
Another powerful tool, Zextras PowerStore, allows the system administrator to dedupe data on the mail store. This means that all identical attachments and duplicate emails on the mail server will be replaced with the same original file, and all duplicates will turn into transparent symlinks. This not only saves a lot of hard disk space, but also greatly reduces the size of the backup, which makes it possible to achieve a reduction in the time of a full backup and, consequently, to perform it much more often.
But the main feature that Zextras PowerStore is able to provide for a secure update is the transfer of mailboxes between mail servers in Zimbra multi-server infrastructures. Thanks to this feature, the system administrator gets the opportunity to do exactly the same with mail storages that we did with MTA and LDAP servers to update them securely. For example, if there are four mail stores in the Zimbra infrastructure, you can try to distribute mailboxes from one of them to the other three, and when the first mail store is empty, you can update it without any fear for the safety of data. If the system administrator has a spare mail store in the infrastructure, he can use it as a temporary storage for mailboxes migrated from the mail stores being upgraded.
The console command allows you to perform such a transfer. DoMoveMailbox. In order to use it to transfer all accounts from the mail storage, you must first obtain their complete list. In order to achieve this, on the mail server we will execute the command zmprov sa zimbraMailHost=mailbox.example.com > accounts.txt. After executing it, we will get the file accounts.txt with a list of all mailboxes in our mail storage. After that, you can immediately use it to transfer accounts to another mail storage. It will look like this, for example:
zxsuite powerstore doMailboxMove reserve_mailbox.example.com input_file accounts.txt stages data
zxsuite powerstore doMailboxMove reserve_mailbox.example.com input_file accounts.txt stages data,account notifications admin@example.com
The command is executed twice in order to copy all the data the first time without transferring the account itself, and the second time, since the data is transferred incrementally, copy all the data that appeared after the first transfer, and then transfer the accounts themselves. Please note that account transfers are accompanied by a short period of inaccessibility of the mailbox, and it would be wise to warn users about this. In addition, after the completion of the execution of the second command, a corresponding notification is sent to the administrator's mail. Thanks to it, the administrator can start updating the mail storage as quickly as possible.
If the software on the mail storage is updated by a SaaS provider, it would be much more reasonable to transfer data not by accounts, but by domains located on it. For these purposes, it is enough to slightly modify the input command:
zxsuite powerstore doMailboxMove reserve_mailbox.saas.com domains client1.ru, client2.ru, client3.ru stages data
zxsuite powerstore doMailboxMove secureserver.saas.com domains client1.ru, client2.ru, client3.ru stages data,account notifications admin@saas.com
After the transfer of accounts and their data from the mail storage is completed, the data on the source server ceases to represent at least some significance, and you can start updating the mail server without any fear for their safety.
For those who seek to minimize downtime when migrating mailboxes, a fundamentally different scenario for using the command is ideal zxsuite powerstore doMailboxMove, the essence of which is that the transfer of mailboxes is carried out directly to the updated servers, without the need for intermediate serversIn other words, we add a new mail storage server to the Zimbra infrastructure, which is already updated to the latest version, and then simply migrate accounts from the unupdated server to it using the familiar scenario and repeat the procedure until all servers in the infrastructure are updated.
This method allows you to transfer accounts once and thereby reduce the time during which mailboxes will remain inaccessible. In addition, only one additional mail server is required for its implementation. However, its use should be treated with caution by those administrators who deploy mail storages on servers of different configurations. The fact is that the transfer of a large number of accounts to a weaker server can negatively affect the availability and responsiveness of the service, which can be quite critical for large enterprises and SaaS providers.
Thus, thanks to Zextras Backup and Zextras PowerStore, the Zimbra system administrator is able to update all nodes of the Zimbra infrastructure without any risk to the information stored on them.
Source: habr.com
