Results 1 to 7 of 7

Thread: Multiple Zimbra Server install to satisfy DMZ requirement

Hybrid View

  1. #1
    Join Date
    Oct 2008
    Posts
    47
    Rep Power
    7

    Default Multiple Zimbra Server install to satisfy DMZ requirement

    I have a rather harsh DMZ requirement to satisfy.

    I have an internal network and a DMZ network. My existing mailserver is located on the internal network. Inbound connections from the internet on port 80 and 443 are only allowed to the DMZ. Connections from the DMZ to the internal network are not allowed unless the connection is initiated from the internal network.

    I want to setup my new mailserver and allow users to access the new server with web and mobile capabilites.

    Is there a way with Zimbra to setup a server on the internal network as my main mailserver and setup a "replication" server on the DMZ. Can this be setup so that the main mailserver will initiate the connection with the replication server in the DNZ? If the setup is possible then can my users access either the internal mailserver or access the replication server via their mobile devices and have the system act like it were a single server?

    I have ~20 users that will use this system.

    Thanks

  2. #2
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Hi Mikeyes,

    Install two zimbra servers, one in internal network and one in DMZ in a way, share the LDAP service between these two servers (Zimbra Multi server installation). You can manage these two servers from a single admin console.

    Read the multi server installation guide http://www.zimbra.com/docs/ne/4.5.10...stall.5.1.html


    Thanks,

    #!Premod

  3. #3
    Join Date
    Oct 2008
    Posts
    47
    Rep Power
    7

    Default

    Quote Originally Posted by premoddev View Post
    Hi Mikeyes,

    Install two zimbra servers, one in internal network and one in DMZ in a way, share the LDAP service between these two servers (Zimbra Multi server installation). You can manage these two servers from a single admin console.

    Read the multi server installation guide Multiple-Server Installation


    Thanks,

    #!Premod
    Thank you. The problem with this is message replication will not occur between the two servers. I have done some more research and the functionality (full server replication) I am looking for looks like it will be included in Zimbra version 5.5. I have no idea when that is due out but I might have to wait until then or find a different mail product.

  4. #4
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    9

    Default

    Sorry i'm not getting you but why do you need 2 servers? Why don't you move your server to DMZ and thats it?

  5. #5
    Join Date
    Oct 2008
    Posts
    47
    Rep Power
    7

    Default

    Quote Originally Posted by __proto__ View Post
    Sorry i'm not getting you but why do you need 2 servers? Why don't you move your server to DMZ and thats it?
    I need the server in the DMZ to do ldap and pop3 polling of external accounts from other mailservers on the internal network. The DMZ cannot communicate with the internal network unless the connection initiates from the internal network. I agree the DMZ restrictions are what limit me but I cannot control them.

    If Zimbra could replicate between servers (hopefully available in 5.5) then I could put one server on the internal network and have it do my pop and ldab pulling, then have another server on the DMZ. The two servers would keep in sync and my mobile devices could poll the server in the DMZ.

  6. #6
    Join Date
    Sep 2006
    Posts
    252
    Rep Power
    9

    Default

    If you have servers on your internal network why do you have a DMZ?

    Sorry i can't you muc with your problem but i want to understand what do you have, maybe this way i can help you with smth outside zimbra.

  7. #7
    Join Date
    Oct 2008
    Posts
    47
    Rep Power
    7

    Default

    It is a weird situation and one most people would not be faced with.

    In our current situation we have internal existing email servers. They have restrictions placed on them and I do not have full administrative control over them.

    My desire was to put in a Zimbra server that would use either IMAP or POP to pull email for the existing email servers into itself. Once on the Zimbra system I would have more control over the email and have the ability to sync with windows mobile devices.

    If the DMZ restriction was not in place I would just locate a single Zimbra server in the DMZ and IMAP or POP mail off the internal servers. Because of the DMZ restriction I would have to locate the Zimbra server on the internal network which prevents my windows mobile devices from syncing with the Zimbra server.

    What I will probably do is setup a Zimbra server on the internal network and find a way to VPN the windows mobile devices so that they can get to the Zimbra server without using the DMZ. Then if a future version of Zimbra is released that support entire server replication I can put a second Zimbra server in the DMZ and let the windows mobile devices talk directly to the replication server.

Similar Threads

  1. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 08:03 AM
  2. Major Issue - 5.0RC2 NE to 5.0GA NE failed
    By DougWare in forum Installation
    Replies: 7
    Last Post: 01-06-2008, 08:56 PM
  3. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 10:38 AM
  4. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 09:39 AM
  5. port 7071 not listening OS X install
    By leeimber in forum Installation
    Replies: 7
    Last Post: 03-21-2006, 09:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •