The implementation of any IT solution in an enterprise begins with design. At this stage, the IT manager will have to calculate the number of servers and their characteristics so that, on the one hand, they are enough for all users, and on the other hand, so that the price-quality ratio of these servers is optimal and the costs of creating a computing infrastructure for a new information system do not made a serious hole in the IT budget of the enterprise. Let's figure out how to design the infrastructure for implementing the Zimbra Collaboration Suite in an enterprise.
The main feature of Zimbra in comparison with other solutions is that in the case of ZCS, the bottleneck rarely becomes processor power or RAM. The main limitation is usually the input and output speed of the hard disk, and therefore the main attention should be paid to data stores. The officially stated minimum requirements for Zimbra in a production environment are a 4-core 64-bit processor with 2 GHz clock speed, 10 gigabytes for system files and logs, and 8 gigabytes of RAM. Typically, these characteristics are enough for responsive server operation. But what if you have to implement Zimbra for 10 users? Which servers and how should be implemented in this case?
Let's start with the fact that the infrastructure for 10 thousand users should be multi-server. On the one hand, the multi-server infrastructure makes it possible to make Zimbra scalable, and on the other hand, to achieve responsive operation of the information system even with a large influx of users. It is usually quite difficult to predict exactly how many users a Zimbra server will be able to serve well, since a lot depends on the intensity of their work with calendars and e-mail, as well as on the protocol used. That is why, for example, we will implement 4 mail storages. In the event of a shortage or a serious excess of capacity, it will be possible to either turn off or add another one.
Thus, when designing an infrastructure for 10.000 people, it will be necessary to create LDAP, MTA and Proxy servers and 4 mail storages. Note that LDAP, MTA and Proxy servers can be made virtual. This will reduce the cost of server hardware and facilitate data backup and recovery, but on the other hand, in the event of a physical server failure, you risk being immediately without MTA, LDAP and Proxy. That is why the choice between physical or virtual servers should be made based on how much downtime you can afford in the event of an emergency. Mail storages, on the other hand, would be best placed on physical servers, since it is on them that the main number of write cycles will occur, which limit the performance of Zimbra, and therefore a larger number of channels for data transfer will significantly increase the performance of Zimbra.
In principle, after creating LDAP, MTA, Proxy servers, network storages and combining them into a single infrastructure, the Zimbra Collaboration Suite for 10000 users is ready for commissioning. The scheme of operation of such a configuration will be quite simple:
The diagram shows the main nodes of the system and the data flows that will circulate between them. With this configuration, the infrastructure will be completely unprotected from data loss, downtime associated with the failure of any of the servers, and so on. Let's take a look at exactly how you can protect your infrastructure from these problems.
The main method is hardware redundancy. Additional MTA and Proxy nodes can, in the event of a failure of the main servers, temporarily take over the role of the main ones. Duplicating critical infrastructure nodes is almost always a great idea, but not always feasible to the extent desired. A striking example is the redundancy of servers that store mail. Zimbra Collaboration Suite Open-Source Edition does not currently support the creation of duplicate stores, so if one of these servers fails, downtime cannot be avoided, and to reduce downtime caused by mail store failure, an IT manager can deploy a backup of it on another server.
Since there is no built-in backup system in Zimbra OSE, we will need Zextras Backup, which supports real-time backup, and external storage. Since Zextras Backup, when taking full and incremental backups, puts all the data in the /opt/zimbra/backup folder, it would be reasonable to mount external, network or even cloud storage into it, so that in the event one of the servers crashes, you have a media with up-to-date backup copy at the time of the emergency. It can be deployed both on a redundant physical server, and on a virtual machine and in the cloud. It is also a good idea to install an MTA with a spam filter in front of the server with Zimbra Proxy to reduce the amount of junk traffic entering the server.
As a result, the secure Zimbra infrastructure will look something like this:
With this configuration, the Zimbra infrastructure will not only be able to provide quality services to 10.000 users, but also in the event of an emergency situation, it will allow to eliminate its consequences as quickly as possible.
Source: habr.com