0% found this document useful (0 votes)

241 views262 pages

Zimbra Collaboration System Administration - Jan2014

Uploaded by

Florent Manens

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

241 views262 pages

Zimbra Collaboration System Administration - Jan2014

Uploaded by

Florent Manens

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 262

Zimbra Collaboration

System Administration

February 6, 2014 1
• Day 1:
• General Information
• Zimbra Architecture Overview & Licensing
• Installing ZC & Troubleshooting Install
• Zimbra Administration Console Demo & Overview
• CLI Commands
• Security Topics
• ZC System Care
• Troubleshooting
• Questions & Additional Information/Support

February 6, 2014 2
• Day 2:
• Review & Questions
• Backup/Restore
• Performance Tuning & Monitoring with zmstats
• Migration Options & Planning
• Upgrading ZC
• Upgrade Troubleshooting
• Personalizing ZC Deployment
• Archiving and Discovery (optional module)

February 6, 2014 3
• Day 3:
• ZC Architectural Components
• Architecture and Storage Considerations
• Multi-Server Installation and Upgrading
• Reconfigure ZC (hands-on) into a multi-node
architecture
• Delegated Administration
• Directory and GAL Integration

February 6, 2014 4
ZC Architecture

Sections 2 & 3 in your Student Guide

February 6, 2014 5
ZC Architecture Advantages
• Open source integrations
• Industry-standard open protocols
• Modern technology design
• Horizontal scalability
• High availability (HA) support
• Web client
• Admin console

February 6, 2014 6
Supported Operating Systems
• Zimbra Collaboration Network Edition v8.x is
supported on the following Operating Systems:
• Red Hat Enterprise Linux AS/ES 6, 64 bit
• CentOS 6, 64 bit
• SUSE Linux Enterprise Server 11, 64 bit (SP3 for ZC 8.0.5+)
• Ubuntu 10.04 LTS , 64 bit (deprecated, no support beyond ZC 8.x)
• Ubuntu 12.04 LTS, 64 bit

• Platforms not Supported in ZC 8 (EOL in ZC 7)

• Red Hat Enterprise Linux 5, 32 & 64 bit
• Red Hat Enterprise Linux 4, 32 & 64 bit
• SUSE Linux Enterprise Server 10, 32 bit
• Ubuntu 8.04 LTS, 32 & 64 bit

February 6, 2014 7
ZC Architecture

February 6, 2014 8
Flexible Deployment Models
Traditional Virtualized

ZC ZC ZC ZC ZC

On-premises Hosted On-premises Hosted

• Administer ZC, OS stack • Administer ZC, OS within

manually VMware framework
• Rely on ZC for Hierarchical • Rely on vSphere for High
Storage, OS for clustering Availability, Backup and Data
• Run ZC on Linux servers Recovery
• Run ZC on any server
• Maximum configuration
potential

February 6, 2014 9
Zimbra Client Architecture
Mobile Clients Desktop Clients Browser Clients

Microsoft Apple; other Zimbra Zimbra

Windows Apple HTML Client
Outlook Standard AJAX Client
Zimbra
Desktop
Zimbra Outlook IMAP, POP;
BlackBerry Android Connector Card & CalDAV Zimlet AJAX Framework

Platform API Interfaces

SOAP

POP

RSS
REST

LMTP

CalDAV
IMAP

Atom
ActiveSync

CardDAV
BES

Zimlet WS Proxy

Zimbra Mobile
Zimlet Proxy or
Connector
for BES Nginx Proxy

Postfix MTA
Zimbra Collaboration
Zimlet JSP Tags
Including
Anti-Spam
and Virus
Jetty + JVM + OS

February 6, 2014 10
Mailbox Server (MBS) Architecture

Zimbra Collaboration
(Jetty + JVM)

Database Attachment Free/Busy

Message and File Store Search Meta Data Directory
Reliability Index & View Providers

JDBC
Storage Zimbra Lucene MySQL Open External Autonomy IBM
Microsoft
System Journaling Index LDAP LDAP Keyview Domino
Exchange

Active
Directory

February 6, 2014 11
Licensing
• Necessary to create accounts

February 6, 2014 12
Examining License Status
• Home > Configure > Global Settings > License Page

February 6, 2014 13
Installation

Section 4 in your Student Guide

February 6, 2014 14
Installation Considerations
• Other Servers

• Third-party and Open-source Software

• Ports

February 6, 2014 15
Zimbra Port Mapping

Port Server Port Server

25 Postfix 7071 ZC Admin services connector (SSL)

80 HTTP 7072 ZC Nginx Lookup (backend http service for
nginx lookup/authentication)
110 POP3 7110 Backend POP3 (if proxy configured)
143 IMAP 7143 Backend IMAP (if proxy configured)
389 LDAP 7306 MySQL
443 HTTPS 7993 Backend IMAP SSL (if proxy configured)
587 SMTP Message Submission (RFC 6409) 7995 Backend POP3 SSL (if proxy configured)
993 IMAP SSL 9071 Admin Console SSL Proxy (if configured)
995 POP3 SSL 10024 amavisd-new

7025 LMTP 10025 Postfix answering amavisd-new

7047 Conversion Server (httpd) 11211 memcached – nginx route lookups

Other (miscellaneous): 514 – syslogd (logger), 636 – LDAPS, 7780 – spellcheck (httpd)

February 6, 2014 16
Installation Process Overview
• Verification of prerequisite packages

• Menu-driven configuration

• Configuring IMAP/POP

• Configuring virtual hosting

• Load balancing

• Configuring DNS

February 6, 2014 17
Training Lab Environment
• If necessary, start “vm1” VMware image
• Discover your particular domain for the training session
(such as zimbra1.lab, zimbra2.lab, etc.)
• Run config-host.sh:
# /root/training/scripts/config-host.sh start

• Select the single-server environment option, and

enter the domain you were assigned
• Please re-use that same domain throughout the
training session

February 6, 2014 18
Single-Server Installation –
General Steps
• Log in as root
• Disable unnecessary applications
• Accept software agreement
• Auto-check for prerequisite software
• Select services to be installed
• Accept or change default entries as needed

• Save the files in the appropriate directories

• Modify the server
• End the installation process

February 6, 2014 19
Begin Installation Exercise

Section 4 in your Student Guide

February 6, 2014 20
Troubleshooting Install
• Port conflicts
• FQDN not used
• Firewall stopped
• LDAP cannot start or you cannot connect to LDAP
during installation
• DNS setup
• Cannot resolve hostname
• Compat-* libraries not found
• Remove other MTAs, mail apps, or web servers
• SE Linux disabled

February 6, 2014 21
Administration Console
Managing Zimbra Configuration

Section 5 in your Student Guide

February 6, 2014 22
Overview: Simple, Powerful
Administration
• Proven open technologies, web-scalable architecture
reduce TCO
• Bulk user provisioning and policy management
• Delegated, role-based administration
On average, 33% less time
• Class-of-service and multi-tenancy is spent administering
• HSM and storage management Zimbra than MS Exchange*
• Real-time backup and restore * Source: University of Pennsylvania case study Nov 09

• Integrated anti-spam/virus
• LDAP, Active
Directory integration
• Integrated Archiving
and Discovery

February 6, 2014 23
Key Administrator Features
• Class of Service (COS)
• Controls to create different feature packages for different users
• Advertising and Zimlets can be controlled at the COS or user level

• Granular Delegated Administration

• Accounts, Aliases
• Distribution lists, Resources

• Administrative APIs and Utilities

• Administration API provided for provisioning, billing, integration,
and SSO
• Command line utilities and Ajax Admin Console

February 6, 2014 24
Key Administrator Features, cont.
• Scaling and System Optimization
• Flexible architecture – easy to break out MTAs, directory, mail
servers and the storage
• Single-copy storage of messages and attachments
• Out-of-the-box tools for moving mailboxes

• Disaster Recovery and Back Up

• Per mailbox and online mailbox back up and restore tools

• Multi-Tenancy
• Domains are directory entries, and enabling you to spread all of
your users across shared servers and storage

February 6, 2014 25
Definitions
• Class of Service (COS): a set of common preferences and
available features that are applied to all accounts within
that COS
• Domain: an email domain – every account always has one
primary domain specified
• Account: an email account
• Global Settings: Default values and settings that apply
globally, such as Max. Message Size
• Server Settings: Settings specific to an individual server,
such as MTA relay

February 6, 2014 26
Adding and Modifying Domains
• One domain is identified during the installation
• Create additional domains
• Edit and delete domains
• Domain tabs include
• GAL
• Authentication
• Virtual Host
• Briefcase
• Free/Busy Interop
• Zimlets
• Themes
• Certificate
• Account limits
• ACL (Access Control List)

February 6, 2014 27
Creating New Accounts
• Account Wizard to create a few accounts
• Only a account name and last name are required
• Default COS sets features
• Password can be set
• Can customize further

• Migration Tool to import users mailboxes, calendars &

contacts
• Run the migration tool to create a .xml file with data from the
migrating accounts
• Run the ZC Migration Wizard for Exchange one-step migration
option, which uses the .xml file data to create accounts and import
account content

NOTE: Individual account setting override COS and Domain settings.

February 6, 2014 28
Types of User Accounts
• Global Administrators
• Full privileges to manage server, global settings, domains and
accounts
• One global administrator is created when ZC is installed
• Can create other administrators

• Delegated Administrators
• Custom administrator roles can be created

• Regular User
• COS sets the default attributes and features available

February 6, 2014 29
Types of Addresses
• Account

• Alias

• Distribution List

• Resource

February 6, 2014 30
Defining and Modifying COS
• COS used to group users with same features and
service levels

• COS is configured with the following

• Features
• Themes
• Mailbox quotas
• Message lifetime policy
• Password policy
• Attachment blocking rules
• Server Pool rules
• Mobile Policies

February 6, 2014 31
Mobile Device Management
• Enabled by COS or Account
• Over 30 Policies Configured
• Warning: Remote Wipe Setting
• Approved/Blocked Apps
• Disable Mobile Device Functions
• Camera
• Browser
• POP or IMAP email

New
in ZC
8!

February 6, 2014 32
Dumpster/Trash
• Trash Folder
• All deleted items are moved to Trash folder
• Can be emptied, deleting items

• Dumpster (not enabled by default)

• Right-click ‘Recover Deleted Items’ on Trash folder
• Items deleted by emptying trash can be recovered
• Enabled in Class of Service settings
• Separate retention time from Trash folder

February 6, 2014 33
Landfill
• Second level of the Dumpster, not visible to end users
• Used for litigation holds
• zimbraDumpsterPurgeEnabled setting prevents Dumpster
content from being purged
• Content that would otherwise be purged is shifted to
the Landfill and never deleted, but becomes invisible to
end users
• Admin can access Landfill content
New in
ZC 8!

February 6, 2014 34
Auto-Discover for ActiveSync
Overview and Configuration
• Users enter their email address and password – Auto
Discover returns the required system settings to provision
the mobile devices for their account.
• Configure a valid SSL certificate from a certification
authority (CA)
• Unified Communications Certificate (UCC)
type is recommended for auto discover to
New in
work. ZC 8!
• A DNS SRV record for
autodiscover.<domain>.com, allowing client
devices to locate and connect to the autodiscover service.

February 6, 2014 35
Auto-Discover for ActiveSync, cont.
• Configure ZC
• Use the Certificate
Installation wizard
(ZC Admin Console)
to generate the cert
signing request and
then install the received
signed cert.

• Configure the Subject Alternative Name (SAN) field with all

possible valid domain names
• zmcertmgr can also be used for many operations
# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365 -
subjectAltNames "host1.domain.tld,host2.domain.tld"

February 6, 2014 36
Global Settings Configuration
• Global settings define default global values for servers,
accounts, COS, and domains

• Global settings include the following settings

• General– default domain, mail purge rules, etc.
• Attachments rules – included blocked extensions
• MTA – authentication, network, message size, etc.
• IMAP and POP3 proxy service
• Anti-spam and anti-virus checking
• Free/busy Interop
• Hierarchical storage management
• License information
• Backup and restore configuration

February 6, 2014 37
Administration Console Exercise

Section 5 in your Student Guide

February 6, 2014 38
CLI Utility

Section 6 in your Student Guide

February 6, 2014 39
Command Line Interface
Command Line Interface (CLI) can be used to create, modify and
delete certain features and functions of Zimbra Collaboration. The
admin console is the main tool for maintaining ZC, but some
functions can only be changed from the CLI utility.
The CLI utility can be used for the following:
 Provisioning accounts
 Back up and restore
 Starting and stopping a service
 Moving mailboxes
 Cross mailbox searches
 Installing certificates
 Local configuration
 Rewriting configuration files (zmconfigd)

February 6, 2014 40
General CLI Utility Standards
• Linux user “zimbra”
Run CLI commands as the zimbra user:
# su – zimbra

• Syntax
CLI commands are case sensitive:
$ zmprov modifyAccount [email protected] zimbraAccountStatus locked

• Usage:
/opt/zimbra/bin/zmcontrol [-v -h -H <host>] command [args]

-v: display version

-h: print usage statement
-H: Host name (localhost)

Append “-h” to display the usage options for a command

February 6, 2014 41
Useful CLI Commands
• zmprov modify ldap configuration of accounts, domains, cos’s, global settings

• zmmailbox command-line access to mailboxes

• zmaccts (zmprov –l gaa) lists all accounts and their status

• zmcontrol and zm*ctl (i.e. zmmailboxdctl) used to start/stop/restart/view

status of ZC services

• zmlocalconfig (–e, -s) used to set or get local configuration for ZC

• zmmsgtrace trace messages

• zmmboxmove (zmmboxmovequery) move mailboxes between mailbox servers

• zmblobchk clear mysql of entries that have no blobs

• zmsoap execute soap calls directly

February 6, 2014 42
zmprov Overview
• Single most used admin command-line tool

• Account (create, view, modify, suspend, delete)

• Server (view, modify)

• COS (create, view, modify)

• Domain (create, view, modify)

• Distribution list / security group

• Quota usage, mailbox ID

February 6, 2014 43
zmprov Overview, cont.
• Manage ZC objects, attributes, and their settings
(including GlobalConfig)
• Uses a set of sub-commands
• Get configured object attribute values for global configuration:
zmprov getAllConfig(gacf) # long and (short) sub-command

• Create a new account / Change an attribute value:

a. username, domain and password values are required
b. attr1 and value1 … are optional
zmprov createAccount(ca) {user@domain} {password} [[Attr1 Value1]
[Attr2 Value2] …]
$ zmprov modifyAccount [email protected] zimbraAccountStatus locked

• Usage
zmprov (w/ sub-command): SOAP access to LDAP server
zmprov –l (w/ sub-command): direct LDAP access to LDAP server
zmprov (w/o sub-command): interactive mode

February 6, 2014 44
zmprov Sub-Commands
• createAccount (ca)  modifyConfig (mcf)
• createCos (cc)  modifyAccount (ma)
• createDistributionList (cdl)  modifyCos (mc)
• createDomain (cd)
 modifyDomain (md)
• getAccount (ga)
• getAllAccount (gaa)  modifyServer (ms)
• getAllConfig (gacf) Example :
• getConfig (gcf) $ zmprov getAccount [email protected]
# name [email protected]
• getCos (gc) cn: Last First
displayName: Last First
givenName: First
• getDistributionList (gdl) mail: [email protected]
objectClass: organizationalPerson
• getDomain (gd) objectClass: zimbraAccount
objectClass: amavisAccount
• getServer (gs) sn: Last
uid: Last
userPassword: VALUE-BLOCKED
zimbraAccountStatus: active

February 6, 2014 45
Attribute Types
• Numeric (non alpha)
• zimbraMailPort: Zimbra Web Client port number
• zimbraMailQuota: mail quotas in bytes

• Enum (Keywords)
• zimbraAccountStatus: active, locked, maintenance, …
• zimbraMailMode: http, https, both

• ASCII String
• zimbraServiceEnabled
Enable a new service:
$ zmprov ms `zmhostname` +zimbraServiceEnabled mta
Disable a service:
$ zmprov ms `zmhostname` -zimbraServiceEnabled mta
• zimbraMailHost

February 6, 2014 46
Attribute Description
• Get attribute description and values:
$ zmprov desc –a zimbraAccountStatus
zimbraAccountStatus
account status
type : enum
value : active, maintenance, locked, closed, lockout, pending
callback: AccountStatus
immutable : false
cardinality : single
requiredIn : account
optionalIn :
flags: domainAdminModifiable
defaults :
min :
max :
id : 2
requiresRestart :
since :
deprecatedSince :

February 6, 2014 47
zmprov Syntax Examples
• Create a new account
$ zmprov createAccount [email protected] password

• Lock an account
$ zmprov modifyAccount [email protected] zimbraAccountStatus
locked

• Add a user to a Distribution List (DL)

$ zmprov addDistributionListMember [email protected]
[email protected]

• List all global config info (same as admin console

global settings)
$ zmprov getAllConfig

February 6, 2014 48
zmprov More Syntax Examples
• List the attributes (including users) of a DL
$ zmprov getDistributionList [email protected]

• Restrict who can view addresses in distribution lists to

individuals/domain
$ zmprov grr domain <domain_name> usr [email protected]
viewDistList

• Grant rights to a user in a domain to send messages to all

distribution lists
$ zmprov grr domain <domain_name> usr [email protected]
sendToDistList

More zmprov examples are available in your training guide

February 6, 2014 49
Distribution List Restrictions
• Enabling the ZC Milter
The ZC milter allows for the regulation of distribution list senders on a
Global or server level. When the milter server is enabled, only users
who have been granted explicit sending permissions will be allowed.

• Through Admin Console

• Global: Home > Configure > Global Settings > MTA > Milter Server
• Server: Home > Configure > Servers > Select Desired Server > Milter Server

• With Command Line

February 6, 2014 50
Distribution List Restrictions, cont.
• Examples for granting sender permissions using the CLI
• To allow a specific internal user:
$ zmprov grr dl [email protected] usr [email protected] sendToDistList

• To allow all members in a group:

$ zmprov grr dl [email protected] grp [email protected] sendToDistList

• To allow all internal users:

$ zmprov grr dl [email protected] all sendToDistList

• To allow a specific external email address:

$ zmprov grr dl [email protected] gst [email protected] “” sendToDistList

• To confirm settings:
$ zmprov ckr dl [email protected] [email protected] sendToDistList

February 6, 2014 51
zmmailbox Overview
• zmmailbox tool is used for mailbox management
• Provision new mailboxes along with accounts
• Debug issues with a mailbox
• Help with migrations

• zmmailbox command can be invoked from within zmprov

• Syntax
zmmailbox [args] [cmd] [cmd-args ...]

February 6, 2014 52
zmmailbox Help
Command Function
zmmailbox help admin Help on admin-related commands
zmmailbox help commands Help on all commands
zmmailbox help contact Help on contact-related commands (address book)
zmmailbox help conversation Help on conversation-related commands
zmmailbox help folder Help on folder-related commands
zmmailbox help item Help on item-related commands
zmmailbox help message Help on message-related commands
zmmailbox help misc Help on miscellaneous commands
zmmailbox help search Help on search-related commands
zmmailbox help tag Help on tag-related commands

zmmailbox help account Help on account-related commands

zmmailbox help appointment Help on appointment-related commands

zmmailbox help filter Help on filter-related commands

zmmailbox help right Help on right commands

February 6, 2014 53
zmmailbox Examples
When you create an account, you can pre-create some tags and folders. Invoke
zmmailbox inside of zmprov by using “selectMailbox(sm)”
$ zmprov
prov> ca [email protected] test123
9a993516-aa49-4fa5-bc0d-f740a474f7a8
prov> sm [email protected]
mailbox: [email protected], size: 0 B, messages: 0, unread: 0
mbox [email protected]> createFolder /Archive
257
mbox [email protected]> createTag TODO
258
mbox [email protected]> createSearchFolder /unread "is:unread"
259
mbox [email protected]> exit
prov> exit

To find the mailbox size for an account

$ zmmailbox –z -m [email protected] gms

February 6, 2014 54
CLI Exercise

Section 6 in your Student Guide

February 6, 2014 55
Security Topics

Section 7 in your Student Guide

February 6, 2014 56
Single Sign-On
• PreAuth – Authentication credentials passed from a
trusted external source, such as a single sign-on portal
• SPNEGO – Active Directory + Browser Integration
• Zimbra Authentication based on Active Directory login to the
domain.
a. If you enable SPNEGO SSO on a domain, you must inform/instruct
all users to configure their browsers properly.
b. If the browser is improperly configured, server will redirect the
request to the regular username/password login page.

February 6, 2014 57
Certificates – Server
• Self-Signed vs. Commercial
• Server or Domain based
• (mail.mycompany.com OR mail.companyA.com +
mail.companyB.com)
• Additional IP needed for each domain based certificate

• Subject Alt Names (mail.mycompany.com,

mb1.mycompany.com, mb2.mycompany.com) vs.
Wild Card (*.mycompany.com)
• In the case of SSL offloading, certificates will be applied to
an external device and Zimbra can keep self-signed
certificates

February 6, 2014 58
Commercial Certificates
• Process
1. Generate certificate request (CSR) with filename commercial.csr,
2. Copy and paste to Certificate Authority (e.g., GoDaddy or Verisign)
3. Retrieve the files commercial.crt and commercial_ca.crt
4. Use zmcertmgr (as root) to verify and install
5. For multiple servers:
a. Copy commercial.csr, commercial.crt, commercial_ca.crt to
other servers
b. Use zmcertmgr (as root) to verify and install

February 6, 2014 59
Commercial Certificates, cont.
1. Generate certificate request (CSR) with filename
commercial.csr
• Use Admin Console or zmcertmgr
a. In a Zimbra multi-server certificate deployment, zmcertmgr is the
better tool to use
b. The CSR and private key generated by Zimbra should always return
identical md5-hash values.

2. Copy and paste the CSR to Certificate Authority through the

on-line interfaces provided
3. Retrieve the files from the Certificate Authority

February 6, 2014 60
Commercial Certificates, cont.
• Inspect what you retrieved from the CA!
• What you import into Zimbra is the SSL certificate + the root and
intermediate certificates combined
zmcertmgr deploycrt comm /path/actual_cert.crt
/path/root_and_intermediate.crt
• Use cat or notepad to review the certificate chain
• Check that the actual certificate file has the same md5-hash value as
the private key generated by Zimbra
# openssl rsa -in
/opt/zimbra/ssl/zimbra/commercial/commercial.key -modulus -
noout | openssl md5; openssl x509 -in
/path/hostname.domain.ext.crt -modulus -noout | openssl md5

• If the md5-hashes are different, something went wrong

February 6, 2014 61
Commercial Certificates, cont.
4. Use zmcertmgr (as root) to verify and install
zmcertmgr verifycrt comm
/opt/zimbra/ssl/zimbra/commercial/commercial.key
/path/actual_cert.crt /path/root_and_intermediate.crt
zmcertmgr deploycrt comm /path/actual_cert.crt
/path/root_and_intermediate.crt

5. For multiple servers:

• Copy commercial.csr, commercial.crt, commercial_ca.crt to
other servers
• Use zmcertmgr (as root) to verify and install
• Once Certificates are deployed – one way to check if you have the
right Common Names and Subject Alternative Names – use
http://www.sslshopper.com/ssl-checker.html

February 6, 2014 62
Certificates – User-based
• Used by S/MIME (Zimlet) for encrypting email content or
user validation based on public key/private key pair
• Used for automated Browser Authentication

Create Client Use the CA Import the CA Configure ZC to

Certificate and (Self- Certificate to “sign” Certificate into the
“request Client
Signed) Certificate the Client jetty keystore and
Authority (CA) Certificate client certificate Certificates”
Certificate into browser

New in
ZC 8!

February 6, 2014 63
S/MIME
• Zimlet that provides secure encoding of MIME content for email
messages
• Allows signing and encryption
• Public Keys, Private Keys
a. If I ENCRYPT my message with your PUBLIC key, ONLY YOU will be
able to read (decrypt) the message with your private key (Don’t
encrypt with your key).
b. If I SIGN the message with my private key, you can CONFIRM I sent
the message using my public key
• “Free Email” certificates added by user, must be in “der” format.
• Enabled by COS or Account
• Requires either Firefox, Safari, or IE and
• A recent, and safe, Java version in browser (go to
www.java.com/verify, Version 7 update 45 for example)
Note: Verify that your browser will work with S/MIME
before implementation.
February 6, 2014 64
ZC System Care

Section 8 in your Student Guide

February 6, 2014 65
Overview
• Zimbra Collaboration includes the following to help you
monitor the Zimbra servers, usage, and mail flow:
• Zimbra Logger package to capture and display server statistics
and server status and to create nightly reports
• Mailbox quota monitoring
• MTA mail queue monitoring
• Log files
• zmmsgtrace (tool for tracing messages through logs)
–r –s –F –D –t (recipient, sender, from, destination, time range)

• External monitoring HIGHLY recommended!!

• Also, selected error messages generate SNMP traps,
which can be monitored using an SNMP tool.

February 6, 2014 66
Server Statistics
• Message traffic statistics

• Disk usage statistics

• Data used to plan and implement server configurations

February 6, 2014 67
Admin Console Server Stats
If the Zimbra-logger package is installed on a Zimbra mailbox
server, Server Statistics shows bar graphs of the message
count, message volume, anti-spam, and anti-virus activity.
The information is displayed for the last 48 hours; and 30, 60
and 365 days.
• Message Count
• Message Volume
• Anti-Spam/Virus Activity
• Disk Space
• Session
• Mailbox Quota

February 6, 2014 68
Logger Service & Daily Reports
• When the Logger package is installed, a daily mail report is
automatically scheduled in the crontab. The Zimbra daily mail
report includes the following information:
• Errors generated from the Zimbra MTA Postfix logs
• Total number of messages that moved through the Zimbra MTA
• Message size information (totals and average bytes per message)
• Average delay in seconds for message delivery
• Total number of bounced deliveries
• Most active sender accounts and number of messages
• Most active recipient accounts and number of messages

• The report runs every morning at 11:30 p.m. and is sent to the
administrator’s email address.

February 6, 2014 69
Monitoring Mail Queues

February 6, 2014 70
Enabling Server Statistics
1. On each server, as root, type
/opt/zimbra/libexec/zmsyslogsetup
This enables the server to log data and statistics to the appropriate
log files.
2. Additionally on your logger monitor host, based on your OS, perform
one of the following to enable syslog to listen for/accept log data from
remote machines:
Syslog:
a. Edit the /etc/sysconfig/syslog file, add -r to the SYSLOGD_OPTIONS
setting
SYSLOGD_options=”-r -m 0”
b. Restart the syslog daemon:
/etc/init.d/syslogd restart

February 6, 2014 71
Enabling Server Statistics, cont.
Rsyslog (typically used in recent RHEL/CENTOS versions),
uncomment from /etc/rsyslog.conf:
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

Syslog-ng (typically used in recent SuSE versions),

uncomment from /etc/syslog-ng/syslog-ng.conf
#udp(ip("0.0.0.0") port(514));

February 6, 2014 72
Working with Log Files
• The ZC server uses log4j, a Java logging package, as
the log manager
• By default, the ZC server has log4j configured to log to the
local file system.
• You can configure log4j to direct output to another location.
Go to the Log4j website for information about using log4j.

February 6, 2014 73
Working with Log Files, cont.
• Logging Levels
• The logging level is set by default to include logs that are generated
for INFO, WARNING, ERROR, and FATAL. When problems start to
occur, you can turn on the DEBUG log level.
• To change the logging levels, edit the log4j properties,
logger.com.zimbra.
• When enabling DEBUG, you can specify a specific category to
debug. For example, to see debug details for POP activity, you
would type logger.com.zimbra.pop=DEBUG.
• Protocol trace is available in the following logging categories with
TRACE logging level: zimbra.smtp, zimbra.lmtp, zimbra.soap,
zimbra.imap, zimbra.imap-client, zimbra.pop, zimbra.pop-client.

February 6, 2014 74
Increasing per Server Logging
• To make global changes, edit this file:
$ vi /opt/zimbra/conf/log4j.properties

• Add a line at the end that is similar to:

log4j.logger.zimbra.imap=DEBUG

• No restart of any service is needed, BUT if something happens that

causes a regeneration of the log4j.properties file then your changes
will be overwritten. A regeneration of this file takes the contents of
/opt/zimbra/conf/log4j.properties.in

• To permanently make a change, modify

/opt/zimbra/conf/log4j.properties.in

• A restart of mailboxd is necessary

February 6, 2014 75
Log4J Variables (All Logging Categories)
Variable Provides information on the following
zimbra.all All log events (7.0 or later)
zimbra.index Indexing-related events
zimbra.index.lucene Logging of low-level lucene operations (debug-level
only)
zimbra.searchstat Statistics about what kinds of searches are run
zimbra.redolog Redolog-related events
zimbra.lmtp LMTP-related events**
zimbra.smtp SMTP-related events**
zimbra.nio NIO-related events
zimbra.imap IMAP-related events**
zimbra.pop POP-related events**
zimbra.mailbox Mailbox-related events

** (As of ZC 7.x: use TRACE-level logging for most debug information.

TRACE provides protocol-level details as well as DEBUG.)
February 6, 2014 76
Log4J Variables, cont.
Variable Provides information on the following
zimbra.calendar Calendar-related events
zimbra.im Instant messaging-related events
zimbra.account Account-related events
zimbra.gal GAL-related events
zimbra.ldap LDAP-related events
zimbra.security Security-related events
zimbra.soap Soap-related events**
zimbra.test Testing-related events
zimbra.sqltrace When set to DEBUG, logs SQL statements sent to
the database
zimbra.dbconn Tracing database connections

February 6, 2014 77
Log4J Variables, cont.
Variable Provides information on the following
zimbra.perf Performance statistics
zimbra.cache Tracing object cache activity
zimbra.filter Filter-related logs
zimbra.session Session- and notification-related logs
zimbra.backup Backup- and restore-related logs
zimbra.system Startup/Shutdown and other related logs
zimbra.sync, Sync client interface logs
zimbra.synctrace,
zimbra.syncstate
zimbra.wcbxml Wcbxml client interface logs
zimbra.extensions Extension-loading related info
zimbra.zimlet Zimlet-related info

February 6, 2014 78
Log4J Variables, cont.
Variable Provides information on the following
zimbra.wiki Wiki and document sharing
zimbra.op Server operations
zimbra.dav WebDAV operations
zimbra.io File IO operations
zimbra.datasource External POP/IMAP datasource operations
zimbra.rmgmt Remote management
zimbra.webclient ZimbraWebClient servelet and ISP operations
zimbra.scheduler Scheduled task operations
zimbra.store Filesystem (mailstore) storage operations
zimbra.fb Free/Busy operations
Zimbra.purge Mailbox purge operations
Zimbra.mailop Mailbox operations (e.g. add/delete, move)
Zimbra.misc Events that do not have a specific category
February 6, 2014 79
Summary of Log Files
• syslog
• Captures local mail and application activity
• Gathers data for all components for centralized logging

• /opt/zimbra/log/mailbox.log
• A mailboxd log4j server log containing logs from mailbox server

• /opt/zimbra.log/audit.log
• Contains authentication activity of users and administrators and
login failures

February 6, 2014 80
Summary of Log Files, cont.
• /var/log/zimbra.log
• Details activities of the Zimbra MA, Logger, Authentication, and
Directory
• Logs LDAP activity to Zimbra.log

• sync.log
• Contains information about ZC mobile sync operations

• zmmailboxd.out
• Contains mailbox startup information and thread dumps if
mailboxd is shut down
• Contains information about Denial of Service Filter events

February 6, 2014 81
Reviewing mailbox.log Records

Originator Originator IP Zimbra Client Type Operation Description

Date Time Log Level Jetty thread-pool number mailbox server processing the SOAP request SOAP request type

2013-10-31 14:20:19,592 INFO [qtp1075680019-180857:https://10.137.28.179:443/service/soap/SendMsgRequest]

[[email protected];mid=2;ip=10.113.235.213;ua=ZimbraWebClient - FF24 (Win)/8.0.4_GA_5737;] smtp - Sending message to MTA at zcsmta2.kappa.local:
Message-ID=<[email protected]>, replyType=r

FQDN of MTA Message ID Browser/Version ZC Version

Date Time Log Level Thread/Process IP Operation Description Message size number recipients

2013-10-31 14:20:20,386 INFO [LmtpServer-1] [ip=10.137.28.179;] lmtp - Delivering message: size=1734 bytes, nrcpts=1, [email protected],
msgid=<[email protected]>

Originator Message ID

February 6, 2014 82
Reviewing mailbox.log Records, cont.
• Exceptions
• A handler exception will be added to mailbox.log indicating an
abnormal event occurred.
• The handler exception is sometimes followed by stack trace
information.
• Between the handler exception and the content of the stack trace
you can often find a string that provides more insight to the error
(grep –i “13:00:” mailbox.log | grep –i
exception –A15 –B5)
• Search (Google) zimbra “string” to find links to articles that provide
further insight.

February 6, 2014 83
Reviewing mailbox.log Records, cont.
com.example.cs.mailbox.MailServiceException: Invalid address: Jon R at
com.example.cs.mailbox.MailServiceException.internal_SEND_FAILURE
(MailServiceException.java:416)
-
-
-
at
org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:4
42)
caused by: com.example.cs.mailbox.MailSender$SafeSendFailedException:501 Bad
address syntax
; chained exception is:
com.sun.mail.smtp.SMTPAddressFailedException: 501 Bad address syntax at
com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:1196)
at
com.sun.mail.smtp.SMTPTransport.sendMessage (SMTPTransport.java:584)
at javax.mail.Transport.sent0(Transport.java:169)
at javax.mail.Transport.sent(Transport.java:98)
at
com.example.cs.mailbox.MailSender.sendMessage(MailSender.java:409)
at
com.example.cs.mailbox.MailSender.sendMimeMessage(MailSender.java:262)
… 30 more

February 6, 2014 84
Increasing per user Logging
• addAccountLogger
$ zmprov aal [email protected] zimbra.imap debug

• removeAccountLogger
$ zmprov ral [email protected] zimbra.imap

• Account level settings do not survive mailboxd restarts

• Example:
• Enable tracing of soap requests for an account:
$ zmprov aal [email protected] zimbra.soap trace

• Watch the log file and login via the AJAX client:
$ tail -f /opt/zimbra/log/mailbox.log

February 6, 2014 85
Port and Process Monitoring ZC

Section 8 in your Student Guide

February 6, 2014 86
Port & Process Monitoring
• IMAP/POP

• Web (SOAP)

• SMTP

• LDAP

February 6, 2014 87
Managing Disk Volumes & HSM
• Index volume
• Message volume
• Scheduling HSM
sessions

February 6, 2014 88
Statistics & Capacity Planning
• Server Statistics pane to monitor:
• Message count
• Message volume
• Anti-Spam/Anti-Virus activity

February 6, 2014 89
Postfix Commands
• Postconf: Postfix command to view or modify the postfix
configuration

• Postfix: Start, stop, reload, flush, check, upgrade

configuration

• Qshape: Examine postfix queue in relation to time and

sender/recipient domain

February 6, 2014 90
ZC Cron Jobs

February 6, 2014 91
ZC Cron Jobs
• Log pruning
• /opt/zimbra/log (2:30 am)
• logrotate:
/etc/anacrontab -> /etc/cron.daily/logrotate -> /etc/logrotate.d/zimbra
• Status logging
• zmstatuslog (2 minutes)
• Backups
• Full and incremental backup (1:00 am)
• Jobs for crontab.store
• Log pruning -> /opt/zimbra/mailboxd/logs
• Clean up the quarantine directory
• Table maintenance
• Report on any database inconsistencies -> zmdbintegrityreport
• Monitor for multiple mysqld processes to prevent corruption

February 6, 2014 92
ZC Cron Jobs, cont.
• Jobs for crontab.logger
• Process logs: zmlogprocess (10 minutes).
• Daily reports: Report runs every evening at 11:30pm and is sent
to the administrator’s email address

• Jobs for crontab.mta

• Queue logging -> zmqueue report status (10 minutes).
• Spam training -> zmtrainsa (11:00 p.m.)
• Spam training cleanup
• DSPAM cleanup
• Spam Bayes auto-expiry
• Clean up amavisd/tmp (5:15 a.m. and at 8:15 p.m.)

February 6, 2014 93
Reading the crontab
The crontab is used to schedule commands to be executed
periodically on the ZC servers
$ crontab –l

Field Description
Minute 0 through 59
Hour 0 through 23
Day of the month 1 through 31
Month 1 through 12
Day of the week 0 through 7 (0 or 7 is Sunday, 1 is
Monday, etc., or use names)
Command This is the complete sequence of
commands to be executed for the job.

February 6, 2014 94
Crontab Example

February 6, 2014 95
Crontab Example, cont.

February 6, 2014 96
Troubleshooting Mailstore
Performance
• Run zmdiaglog while problem is still occurring and before
restarting the ZC processes:
# /opt/zimbra/libexec/zmdiaglog

• Optional: run zmdiaglog with the –a argument to produce

a heap dump and core dump:
# /opt/zimbra/libexec/zmdiaglog -a

• Other optional arguments:

-j include the output of /opt/zimbra/libexec/zmjavawatch
-z zip the output directory for easier upload
-d Place the output in a directory other than /opt/zimbra/data/tmp
-t timeout for hanging commands (default 120s)

February 6, 2014 97
Troubleshooting Mailstore
Performance, cont.
• Recommended: Run zmdiaglog with the –a –j -z
arguments to produce a heap dump, core dump, include
the zmjavawatch output and zip everything up:
# /opt/zimbra/libexec/zmdiaglog –a –j -z

• When zmdiaglog is complete, and the mailstore is not

functioning properly, restart the ZC processes:
# su - zimbra
$ zmcontrol restart

• Once ZC has been restarted, upload to our ftp site at:

ftp.zimbra.com
Username/Password: provided by Support

February 6, 2014 98
Troubleshooting Exercise

Section 8 in your Student Guide

February 6, 2014 99
Support Information

Section 9 in your Student Guide

February 6, 2014 100

Additional Information
• Admin Console Help Search
• Support Portal http://support.zimbra.com/
• Web Client Help
• Website
• Forums http://www.zimbra.com/forums/
• Wiki http://wiki.zimbra.com/
• Online documentation
http://www.zimbra.com/products/documentation.html
• Bugzilla bug database http://bugzilla.zimbra.com/
• Product Information
http://www.zimbra.com/products/whats_new.html
• Product Planning (integrated with bugzilla)
http://pm.zimbra.com/

February 6, 2014 101

Search for Information Exercise

Section 9 in your Student Guide

February 6, 2014 102

Day 1 Wrap-up and feedback

February 6, 2014 103

Zimbra Collaboration Day 2

Section 10 in your Student Guide

February 6, 2014 104

• Review & Questions
• Backup/Restore
• Performance Tuning & Monitoring with zmstats
• Migration Options & Planning
• Upgrading ZC
• Upgrade Troubleshooting
• Personalizing ZC Deployment
• Archiving and Discovery (optional module)

February 6, 2014 105

• Questions ?

February 6, 2014 106

Day 1 Quiz
• If you use the Zimbra proxy, you are able to preserve the
same servername.domain.com in the URL no matter how
many backend mailbox servers you have – TRUE or FALSE
• You can install the MySQL component of Zimbra on a
standalone server – TRUE or FALSE
• What components are used by Zimbra to provide
Antispam and Antivirus capabilities?
• What protocol is used to deliver messages from the
Zimbra MTA to the mailbox server?
• What process/package in the Zimbra application converts
attachments to HTML?
February 6, 2014 107
Day 1 Quiz, cont.
• Once a Zimbra Network Edition license expires, IMAP
stops working – TRUE or FALSE
• What port does LMTP connect on to the mailbox server?
• What is the name of the command line utility to deploy
Zimlets?
• What command line utility is used to change the
percentage of memory dedicated to mysql in Zimbra?
• What information is logged in the sync.log?

February 6, 2014 108

Backup & Restore

Section 11 in your Student Guide

February 6, 2014 109

Backup Overview
• Helps you quickly restore mail service in the event of a
crash
• Full Backup: Includes LDAP directory server, database,
index directory, and message directory for each mailbox
• Incremental Backup: Includes LDAP directory server and
gathers all redo log transactions

February 6, 2014 110

Backup & Restore
• Zimbra backup tools write a consistent snapshot of mailboxes to a designated backup
directory.
• Zimbra mailboxes can be restored from the following:
1. Full backup files that contains all the information needed to restore mailboxes
2. Incremental backup files that contains the LDAP directory server files and all the redo
log transactions written since the last backup
3. Redo logs that contains current and archived transactions processed by the Zimbra
server since the last incremental backup
• Figure below shows the sequence of a full point-in-time recovery. When a system is
restored, the last full backup is restored, each incremental backup since the last backup is
restored, and the archived and current redo logs are restored.
• Sample backup timeline:

February 6, 2014 111

Backup Methods
Two distinct backup methods are available on ZC:
• Standard backup method: Appropriate for enterprise
deployments where full backups are run on non-working days.
• Weekly full backup session
• Daily incremental backup sessions

• Auto-grouped backup method: Recommended for large ZC

environments where running a full backup of all accounts at
one time would take too long.
• Runs a full backup session for a different group of mailboxes each
scheduled backup
• System administrator configures the interval in days that backups
should run and the number of groups backups are made up of

February 6, 2014 112

Backup & Restore CLI
• CLI backup and restore commands include:
• zmschedulebackup - Used to schedule full backups, incremental
backups, and deletion of old backups
• zmbackup - Executes full or incremental backup of the mail server
a. This is run on a live server, while the mailboxd process and the
mailbox server are running
b. This command also has an option to manually delete old backups
when they are no longer needed

February 6, 2014 113

Backup & Restore CLI, cont.
• zmrestore: Executes a full or incremental restore to the ZC
mail server
• The zmrestore command is performed on a server that is running

• zmrestoreoffline: Restores the ZC mail server when the

mailboxd process is stopped
• zmrestoreldap: Restores the complete LDAP directory
server, including accounts, domains, servers, COS, and
other data
• Zimbra backup & restore can also be run from the admin
console

February 6, 2014 114

CLI Backup Examples
• Perform a full backup of all mailboxes on server1:
$ zmbackup -f -a all -s server1.domain.com
• Perform incremental backup of all mailboxes on server1 since last full
backup:
$ zmbackup -i -a all -s server1.domain.com

• Perform full backup of only user1’s mailbox on server1. Note that

hostname does not need full domain if account is used:
$ zmbackup -f -s server1 -a [email protected]

• Perform incremental backup of user1’s mailbox on server1:

$ zmbackup -i -s server1 -a [email protected]

• Enabling MySQL database backups (mysqldump):

zmlocalconfig –e mysql_backup_retention=<N>

February 6, 2014 115

CLI Restore Examples
• Put accounts into maintenance mode:
$ zmprov ma account1 zimbraAccountStatus maintenance

• The maintenance mode prevents delivery of new emails during the

restore. Otherwise, the emails would be overwritten during the
restore process.
• Run the zmrestore command to restore the accounts, using commas
between accounts:
$ zmrestore -s server1 -a [email protected], [email protected]

• Put accounts into active mode:

$ zmprov ma account1 zimbraAccountStatus active

• Important: If a user account is restored and the COS that the account
was assigned to no longer exists, the default COS is assigned to the
account.

February 6, 2014 116

CLI Restore Examples, cont.
• Perform a full restore of all accounts on server1, including last full
backup and any incremental backups since last full backup:
$ zmrestore -s server1.domain.com -a all

• Perform a single account restore on server1:

$ zmrestore -s server1.domain.com -a [email protected]

• Note: A single account can also be restored from the admin console.

February 6, 2014 117

Backup and Restore Exercise

Section 11 in your Student Guide

February 6, 2014 118

Performance Tuning & Monitoring

Section 12 in your Student Guide

February 6, 2014 119

ZC Architecture
• ZC depends on many open source components
• Linux
• Postfix
• OpenLDAP
• MySQL

• Each component can affect system performance

February 6, 2014 120

zmstat Framework
• ZC writes statistics to CSV files in /opt/zimbra/zmstat
• cpu.csv: CPU utilization
• fd.csv: file descriptor count
• mailboxd.csv: ZC server and JVM statistics
• mtaqueue.csv: Postfix queue length
• mysql.csv: MySQL status variables
• proc.csv: per-process CPU and memory consumption
• soap.csv, pop3.csv, imap.csv: request processing time
• threads.csv: JVM thread counts
• io.csv: per-device disk utilization
• io-x.csv: extended IO statistics per device

February 6, 2014 121

What to do with the data?
• Import into Excel or DB of choice

• View graphs in the Admin UI

• Generate charts with zmstat-chart

• Push chart data (.png + index.html) to web server or IT
management for review

February 6, 2014 122

Admin UI charts
Admin UI Charts
• Charts displayed directly in the admin web UI

• Chart and date range are user-selectable

• Good for viewing a small number of stats, various date

ranges

February 6, 2014 123

Admin UI charts
Admin UI Charts, cont.

February 6, 2014 124

zmstat-chart
zmstat-chart
• Command-line utility that generates charts in HTML/PNG
format

• Reads chart configuration from

/opt/zimbra/conf/zmstat-chart.xml or custom config file

• Reads data from CSV files

• Chart timelines are aligned, to help correlate system

events and performance measurements

• Example:
$ zmstat-chart -s /opt/zimbra/zmstat/YYYY-MM-DD -d ~/charts

February 6, 2014 125

Sample HTML Charts
• Response time by client protocol

February 6, 2014 126

Sample HTML Charts, cont.
• Message add rate

• Message add speed

February 6, 2014 127

Sample HTML Charts, cont.
• CPU

• Disk

February 6, 2014 128

Sample HTML Charts, cont.
• Process memory

• JVM garbage collection

February 6, 2014 129

Sample HTML Charts, cont.
• InnoDB buffer pool hit rate

February 6, 2014 130

Diagnosing Slowness
• Questions to ask when “Zimbra is slow”
1. Disk or CPU?
2. Which component (Postfix, server, MySQL, LDAP, etc.)?
3. Which disk partition?
4. Which protocol (SOAP, POP or IMAP)?
5. Client or server?
6. Which client? Check ua (user agent) context in mailbox.log

February 6, 2014 131

Diagnosing Slowness, cont.
• High disk utilization
• Database, index, mail store?
• Put components on separate devices to get separate utilization
stats

• High database disk utilization

• InnoDB buffer pool hit rate should be > 995
• Add memory if necessary

February 6, 2014 132

Diagnosing Slowness, cont.
• High CPU utilization
• Garbage collection? Increase JVM heap size.
• Do thread dumps during time of slowness to see what the server
is doing

• Slow response time, but disk and CPU utilization are low
• Thread dumps will show blocked threads

February 6, 2014 133

Wrap-Up
• Questions

February 6, 2014 134

Migration

Section 14 in your Student Guide

February 6, 2014 135

Migration Planning Overview
• Customer Requirements
• Accessing customer environment
• Current workload and traffic flow
• Migration Strategy
• Quick migration
• Split-Domain migration
• Provisioning
• Test Migration
• Small, medium and large size mailboxes part of pilot pool
• Determine the time for the migration
• Go-Live Steps
• Communication plan
• Final Migration plan

February 6, 2014 136

Customer Requirements – Data
• What will or will not be migrated?
• User settings/preferences
• Email messages and attachments
• Calendar
• Address books
• Distribution lists/Groups
• Tasks
• Filters
• Signatures
• Vacation messages
• Public folders

February 6, 2014 137

Customer Requirements -
Back-End
• How is the current email system implemented?

• How are users accessing the current system?

February 6, 2014 138

Current Workload Profile
• Helps determine:
• ZC storage requirements

• ZC servers to deploy

• High availability and clustering

February 6, 2014 139

Migration Strategy
For additional information see section 14 in your student guide.
• Migration Options
• Quick migration
• Split-Domain/Phased migration
• Which Migration Tools to be used?
• Provisioning
• Passwords & User settings
• Documentation containing:
• Proposed New Architecture
• Migration Strategy
• Migration Tools to be used
• Testing Criteria
• Test Migration

February 6, 2014 140

Split-Domain Migration
Split-Domain Migration
Co-Existence/Split-Domain Migration - Logical Diagram
`
Migration Components
required for Co-Existence
Strategy:

(1) Webmail Selectors – web

(6) DNS to route traffic transparently S
PO IMA MT
portal directs Webmail
(without end-user changes) P P P
HTTP sessions to correct
Customer Legacy environment at authentication,
Webmail Selectors (1)
System based on LDAP query result.
Required for duration of
MTAs & HTTP/IMAP/POP Proxies (2) HTTP migration period.
HTTP MTAs & HTTP/IMAP/POP Proxies

Frontends MTAs
(2) MTAs and IMAP/POP
SMTP Proxies – routes email and
IMAP Proxies IMAP/POP connections to
MTAs
POP legacy or Zimbra system,
LDAP Master LDAP Replicas LDAP Master LDAP Replicas based on LDAP query result.
Active Active
(3) Directory synchronization –
Directory Synchronization (3)
changes to the legacy system
Standby Standby must be propagated to the
ZCS environment.
Mailstores Mailstores
(4) Provisioning/Migration of
Provisioning of User Metadata (4) Active settings and other metadata –
forwards, vacations, contacts/
IMAP migration (5) address books, rules, etc.,
Standby
using scripts and zmprov
Storage Hosted Storage
(5) IMAP migration using
imapsync for mail data.

(6) DNS control (with low

Primary TTLs) of active A- and MX-
Primary records for Webmail, Email,
Secondary
and IMAP/POP – provides
Backup Backup transparency to end-users.

February 6, 2014 141

Split Domain Strategy
• You can run Zimbra system with customer’s existing
legacy system

• Zimbra can be deployed as the primary system or the

secondary system to an existing messaging environment

February 6, 2014 142

Split Domain – Zimbra as Primary
System
• Can be used during migration
• ZC as primary system gives customers options
• Taking advantage of ZC functionality
• Re-directing access to legacy system for accounts that have not
migrated

• Less technical tasks to perform once the cutover to

ZC is complete
• Turnoff legacy system

February 6, 2014 143

Split Domain - Zimbra as Secondary
System

• Allows a customer to not change any email routing

configuration in production

• Setup ZC with same email domain during trial and

migration period

• Allows Pilot users to be moved from one system to

another

February 6, 2014 144

The Migration
• ZC single-server or multi-server install is performed

• COSs are created to match user’s existing features and

preferences

• User accounts are created on the Zimbra server

• Appropriate migration tools are run to migrate user’s

mail, calendar, contacts, etc. to ZC

February 6, 2014 145

Migration Tools - Server
• ZC Migration Wizard for Exchange
• Run by Administrator (from admin console)
• One-step process uses .xml template to provision accounts and import
users’ email, calendars, contacts, and tasks
• Domino Migration Tools
• Run by Administrator
• System-to-System
• Includes NSF-import tool for local PAB’s
• Groupwise Migration Tools
• Run by Administrator
• System-to-System
• IMAP tools for migrating email
• IMAPsync run by Administrator,
• External IMAP connection in “Inbox” by user
• System-to-System

February 6, 2014 146

Migration Tools - Client
• PST-based User Migration Tool
• Usually run by End-User, could be done by Administrator
• Loads Outlook-created PST to Zimbra

• REST interface to import calendar and contacts

• Run by Administrator
• System-to-System

• Sun iPlanet calendar migration tool

• Oracle calendar migration tool
• Migration tool information available at:
http://wiki.zimbra.com/index.php?title=User_Migration
http://www.zimbra.com/products/documentation_additi
onal.html

February 6, 2014 147

Auto-Provisioning
• Allows you to create users from an external LDAP source such as
Active Directory
• Definable Attribute Mapping
• Generates “Welcome Email”
• Limited by LDAP Search Base/Search Filter

• Does not “clean-up” deleted users, dynamically assign COS, create

archive accounts
• “Eager” Mode
• Users automatically created on a schedule basis
• By domain

• “Lazy” Mode - Account creation occurs when user attempts to login

• Alternative: zmexternaldirsync, a tool from the Zimbra PS Team that
requires configuration and customization

February 6, 2014 148

Exchange Migration Information
• General Migration Guidelines:
• Primary bottleneck for migrating from Exchange can be Exchange
I/O Subsystem

• Number of messages and size of the messages can impact the

length of the migration

• OPTIONAL CONSIDERATION: Have the users clean out Trash and

Junk folders prior to migration

NOTE: This is optional because some users use their Trash folder
as an archive

February 6, 2014 149

Exchange Migration Information, cont.
• General Setup Guidelines:
• Use at least Windows 2003 Server to run the migration wizard
with Outlook 2010 installed
• Migration Wizard must be joined to the customer’s domain and
logged into that domain with Exchange Administrator privileges
• Recommended for the migration server to be at the customer’s
site since MAPI calls are made to retrieve messages
• Ports 443, 7070, and 7071 are used for communication by the
Wizard to talk to the Zimbra environment

February 6, 2014 150

Exchange Migration Execution
• General Migration execution guidelines:
• Migration Wizard performs best with X simultaneous threads per
instance
The number of threads per instance is based on your environment. In
many cases, 3-4 simultaneous threads per instance works

• You can run multiple instances of the migration wizard

• If an account migration fails, you can restart the migration by

using the SAME original account login name

February 6, 2014 151

Upgrading ZC

Section 15 in your Student Guide

February 6, 2014 152

Single Server Upgrade – Checklist I
• Review Known Issues in Release Notes

• Pre-requisite Recommendation
1. Perform a test upgrade in test environment
Note: This could be a Virtual Environment

2. Apply and test any customization, especially

a. Existing provisioning scripts
b. Zimlets
c. Skins and Themes

February 6, 2014 153

Single Server Upgrade – Checklist II
• Important: Before you begin the upgrade, make sure you have a good backup
for all users!
• Backup all customizations including:
• Customized files you might have created for branding
• Any Postfix MTA configurations
• Any configuration file changes like SpamAssassin
• Your SSL certificates
• Any Zimlets created
• Other items not on this list, such as scripts you have created
• Backup a copy of ZCLicense.xml
• Make sure backups are stored in a safe partition or on another server
• Stop servers
• Perform install steps
• Run a full backup with the upgraded ZC version
• Re-apply the customizations

February 6, 2014 154

Single-Server Upgrade Exercise

Section 15 in your Student Guide

ZC 8.0 Release notes can be found at
http://www.zimbra.com/support/documentation.html

February 6, 2014 155

Troubleshooting
• 4 Common Problems
1. Login failures

2. Mail delivery

3. Server not responding

4. Poor performance

February 6, 2014 156

Zimbra on vSphere
Deployment Best Practices

Section 17 in your Student Guide

February 6, 2014 157

Zimbra on vSphere
• Deployment model
• Single Server or Simple deployment model
a. All services deployed in a single virtual machine
b. Ideal for small to medium businesses
c. Simple HA and backup model

• Multi-server or distributed deployment model

• Services distributed among multiple virtual machines
• Ideal for large enterprise deployments
• Message archiving, HA and backup a must to ensure maximum
uptime

February 6, 2014 158

Zimbra on vSphere Best Practices - CPU
• Zimbra is NOT a CPU bound application when proper disk and memory
resources are allocated to the virtual machine
• Can over commit CPU resources however, be aware of other applications
sharing the resources
• NUMA is employed in all recent hardware. When sizing your virtual machines
take into consideration the NUMA architecture. Crossing a NUMA node
results in degraded performance
• Example:
• 4 CPU sockets with 4 cores per socket equipped with 64GB of system
memory
• The maximum recommended virtual machine size is 4vCPU with 16GB of
system memory
• Ensure that Hyper-Threading or HT Sharing is disabled on your Zimbra VMs
• Monitor host CPU utilization, VM ready time and enable Distributed Resource
Scheduler (DRS) to balance virtual machines across hosts in the vSphere
cluster

February 6, 2014 159

Zimbra on vSphere Best Practices -
Memory
• Size virtual machines appropriately taking into consideration NUMA
architecture
• Follow earlier example of configuration:
• ESX host with 4x4 (4 sockets and 4 cores per socket) and 64GB of
system memory.
• Build your virtual machine with 4vCPU and 16GB of memory. This is the
maximum configuration you can build without crossing and NUMA node
• Remember – Crossing a NUMA node results in performance degradation
because the system must access memory that is not local to the CPUs the
virtual machine might be executing on
• Configure the memory reservation for the Zimbra mailbox virtual
machines to the allocated memory of the virtual machine. Example:
• If you allocate 16384MB of memory to your Zimbra mailbox virtual
machine, you should configure the memory reservation to 16384MB. You
can set the memory reservation in settings of the Zimbra mailbox virtual
machine

February 6, 2014 160

Zimbra on vSphere Best Practices –
Storage
• How you design your storage for your Zimbra deployment will impact
how your Zimbra configuration will perform whether it be physical or
virtual
• DO NOT over subscribe VMFS datastores
• Always take into consideration your existing and projected workloads
when designing the storage for your Zimbra deployment
• Eight major partitions for Zimbra mailbox server in a multi-server
deployment
a. /opt/zimbra root partition for Zimbra application
b. /opt/zimbra/db mySQL database files (holds all metadata)
c. /opt/zimbra/store Blob store (messages, attachments, etc.)
d. /opt/zimbra/index message index partition for fast user searches
e. /opt/zimbra/redo mySQL database log files also holds incr. backups
f. /opt/zimbra/logs general Zimbra log files
g. /opt/zimbra/backup holds all backup data for the Zimbra mailbox server
h. /opt/zimbra/store02… Zimbra Hierarchal Storage Management (HSM)

February 6, 2014 161

Zimbra on vSphere Best Practices –
Storage, cont.
• Use paravirtualized (PVSCSI) SCSI adapter for workloads that generate
greater than 2000 IOPS
• Use separate vSCSI adapters to separate I/O patterns (sequential .vs. random)
• Also using multiple vSCSI adapters within a virtual machine will allow more
‘in-flight’ I/O
• Configuration physical storage with appropriate number of spindles
• Use eager thick-zero disks. This will prevent duplicate disk I/Os !!
• Slow disk usage under zimbra requires capacity and can use inexpensive
disks (SATA, RAID-5)
• Fast disk usage under Zimbra requires speed vs. capacity and should be
deployed using enterprise-level disks. (fibre channel, iSCSI and RAID-10 or
better)
• Use Raw Data Mapped disks (RDM) only if you require access to array based
functions
• Take into consideration shared storage resources and never oversubscribe
your disks !!

February 6, 2014 162

Zimbra on vSphere Best Practices –
Network
• Use latest VMXNET3 adapter if supported by the
operating system
• Use separate physical adapters, VLANs and NIC teams to
separate network traffic and provide redundancy for your
vMotion and IP based storage traffic (iSCSI and NFS)
• Use separate physical switches on the infrastructure to
eliminate single points of failure

February 6, 2014 163

Zimbra on vSphere Best Practices –
vSphere Cluster Resources
• VMware HA – Enable HA to provide out of the box high
availability for your Zimbra virtual machines
• VMware HA will automatically recover your Zimbra virtual
machines in the case of unplanned downtime

• VMware vMotion – can reduce planned downtime by

relocating your Zimbra virtual machines to other hosts in
the vSphere cluster in the case of hardware maintenance
• Be sure to use dedicated NIC ports, VLANs and NIC teams to avoid
network contention between client/server, storage I/O and
vMotion traffic

February 6, 2014 164

Zimbra on vSphere Best Practices –
vSphere Cluster Resources, cont.
• VMware DRS – Enable DRS to provide intelligent
placement of your Zimbra virtual machines in the
vSphere cluster
• VMware DRS will continuously monitor the vSphere cluster and
ensure the cluster is balanced for resource utilization. In the case
your Zimbra virtual machines should become resource
constrained they will be placed where the resources are
• Enable Affinity Rules - To keep virtual machines that
communicate each other together and to separate virtual
machines that could cause your Zimbra deployment to fail.
Affinity rules can eliminate single points of failure by not
allowing ‘all of the eggs in one basket’

February 6, 2014 165

Zimlets and Themes

Section 18 in your Student Guide

February 6, 2014 166

Custom UI Skins / Themes
Skins, AKA themes, are a combination of HTML, CSS, and properties files that
control the appearance of the ZWC. You can change the appearance of ZWC to use
specific logo and colors. You can create many different skins to provide your users
with choices, or you can restrict users to a single skin to enforce brand identity.
Logo
Username
App Search
Chooser

app_top_toolbar
Tree app_main

Tree
Footer

February 6, 2014 167

Customization Options
• Themes by COS or Account
• Via the Admin Console or CLI (zmprov)
• Options include:
• ad_bottom
• ad_top
• ad_tree_bottom
• ad_side

February 6, 2014 168

Skin Example

February 6, 2014 169

Managing Zimlets from the
Admin Console
• Deploy a Zimlet

• Make a Zimlet available or not per COS or account

• Disable a Zimlet

• Undeploy a Zimlet

February 6, 2014 170

Managing Zimlets from the
Admin Console
• You can manage Zimlet tasks from the ZC Admin Console
(Home > Configure > Class of Service > Zimlets)

February 6, 2014 171

Managing Zimlets from the
Admin Console
• You can:
• Make a Zimlet available or not available per COS or account.
• Make a Zimlet mandatory.
• Disable a Zimlet, which leaves it on the server but the Zimlet is
not used.
• Deploy a Zimlet, which:
• Creates the Zimlet entry in the LDAP server
• Installs the Zimlet files on the server
• Enables the Zimlet
• Makes the Zimlet available to the members of the default COS
• Undeploy a Zimlet, which removes it from the COS listings and the
Zimlets list.

February 6, 2014 172

Customizing Themes Exercise

Section 18 in your Student Guide

February 6, 2014 173

Zimbra Archiving and Discovery
(ZAD)

Section 19 in your Student Guide

February 6, 2014 174

Introduction
• ZC optional package  ZAD
• Archiving: the ability to archive messages that were delivered to
or sent by ZC

• Discovery: the ability to search across mailboxes – referred to as

Cross Mailbox Search

• Inbound and outbound mail is forked at the Zimbra MTA

• Can be installed in a single server or multi-server

deployment

• Searched can be performed on live and archived

mailboxes

February 6, 2014 175

ZAD – How it works
• If User A sends a message to User B, and if User B has
archiving enabled, the MTA delivers two messages — one
to User B’s mailbox and one to User B’s archive mailbox.
The message received in User B’s mailbox looks normal, as
shown in the following example:
Received: from localhost (localhost.localdomain [127.0.0.1]) …
From: [email protected]
To: [email protected]
Subject: New License Key
Message-ID: <015f01c717fe$70f042d1$b1d6f61d@thom>
Date: Mon, 04 Nov 2008 23:48:18 -0000
Hi B,
Can you send me the license key for the software again?
Thanks, A

February 6, 2014 176

ZAD – How it works, cont.
• The message received in User B’s archive mailbox contains
additional X-Envelope-From and X-Envelope-To headers.
These headers show the real email address the message
was sent from and each of the email addresses to which
the message was sent.
Received: from localhost (localhost.localdomain [127.0.0.1]) …
From: [email protected]
To: [email protected]
Subject: New License Key
Message-ID: <015f01c717fe$70f042d1$b1d6f61d@thom>
X-Envelope-From: [email protected]
X-Envelope-To: [email protected]
Date: Mon, 04 Nov 2008 23:48:18 -0000
Hi B,
Can you send me the license key for the software again?
Thanks, A

February 6, 2014 177

Enabling Archiving
• To enable archiving (single server)
$ zmprov ms <zmhostname> +zimbraServiceEnabled archiving

• The server must be restarted

$ zmcontrol restart

• To enable archiving (multi-server)

See student’s guide

February 6, 2014 178

Archive Account Name Templates
• zimbraArchiveAccountDateTemplate
• Sets the date format used in the name template.
• The default is yyyyMMdd.
• Adding the date to the account name makes it easier to roll off
older data from the system to backups

• zimbraArchiveAccountNameTemplate
• Sets up how the archive mailbox name is created.
• The default value is ${user}-${date}@${domain}.archive.
• The archive account address would be like this example:
[email protected].

February 6, 2014 179

Create an Archive Mailbox
• Type as Zimbra user:
$ zmarchiveconfig enable <[email protected]> archive-cos <cosname>

• Archive accounts are created based on the Zimbra Archive

name templates
• The attribute zimbraIsSystemResource is added to the
archive account and set to TRUE
• The archive account is displayed in the admin console
• When a message is received in a mailbox with archiving
enabled, a copy of the message is delivered to the archive
mailbox

February 6, 2014 180

Cross Mailbox Search from
Admin Console

February 6, 2014 181

Cross Mailbox Advanced Search

February 6, 2014 182

Day 2 Wrap-up and feedback

February 6, 2014 183

Zimbra Collaboration Server Day 3

Sections 20-26 in your Student Guide

February 6, 2014 184

• ZC Architectural Components - Review
• Architecture and Storage Considerations
• Multi-Server Installation and Upgrading
• Reconfigure ZC (hands-on) into a
multi-node architecture
• Clustering
• Delegated Administration
• Directory and GAL Integration

February 6, 2014 185

Open Source Software
• Zimbra leverages over 80 OSS projects:
• CyberNeko HTML Parser, Xerces, SpamAssassin, MINA, Lucene,
log4j, joda, jml, Jetty, James jSieve, Jakarta Taglibs, Jakarta ORO,
Jakarta Commons Libraries, cindy, Apache HTTPD, Apache Derby

• Yahoo User Interface Library, tcmalloc, SoundManager2, pcre,

libvent, JavaScript MD5, zlib, TinyLine GZIPInputStream, RSA MD4,
OpenSSL, nginx, net-snmp, memcached, kxml2, jzlib, joscar, jaxen,
iCal4j, Heimdal, gifencoder, Ganymed SSH-2 for Java, dom4j, cyrus-
sasl

• Swatch, rrdtool, MySQL Connector/j, MySQL, Dspam, ClamAV,

amavisd-new, Postfix

• OpenLDAP, PHP, SleepyCat, JavaMail, Rhino, libical, AND MORE!

February 6, 2014 186

Flexible Deployment Models
Traditional Virtualized

ZC ZC ZC ZC ZC

On-premises Hosted On-premises Hosted

• Administer ZC, OS stack • Administer ZC, OS within

February 6, 2014 187

Zimbra Client Architecture
Mobile Clients Desktop Clients Browser Clients

Microsoft Apple; other Zimbra Zimbra

Windows Apple HTML Client
Outlook Standard AJAX Client
Zimbra
Desktop
Zimbra Outlook IMAP, POP;
BlackBerry Android Connector Card & CalDAV Zimlet AJAX Framework

Platform API Interfaces

SOAP

POP

RSS
REST

LMTP

CalDAV
IMAP

Atom
ActiveSync

CardDAV
BES

Zimlet WS Proxy

Zimbra Mobile
Zimlet Proxy or
Connector
for BES Nginx Proxy

Postfix MTA
Zimbra Collaboration Server
Zimlet JSP Tags
Including
Anti-Spam
and Virus
Jetty + JVM + OS

February 6, 2014 188

Mailbox Server (MBS) Architecture

Zimbra Collaboration Server

(Jetty + JVM)

Database Attachment Free/Busy

Message and File Store Search Meta Data Directory
Reliability Index & View Providers

JDBC
Storage Zimbra Lucene MySQL Open External Autonomy IBM
Microsoft
System Journaling Index LDAP LDAP Keyview Domino
Exchange

Active
Directory

February 6, 2014 189

Common Interfaces

February 6, 2014 190

ZC Architecture

February 6, 2014 191

Multi-Server Architecture

February 6, 2014 192

Possible Deployments
Note:
1. The number of users are considered active users, not the number
provisioned.
2. IMAP usage will dramatically affect these numbers.

Small Medium Large Very Large

Less than 1000 1000 to 2500 Users 2501 to 15,000 Over 15,000 Users
Users Users
• All ZC components • Zimbra LDAP and • Zimbra LDAP on • Zimbra LDAP server
installed on one Zimbra message one server as master
server store on one server • LDAP replicas • LDAP replicas
• Zimbra MTA on a • Multiple Zimbra • Multiple Zimbra
separate server mailbox servers mailbox servers
• Possibly include • Multiple Zimbra • Multiple Zimbra
additional Zimbra MTA servers MTA servers
MTA servers
configured • Multiple Proxy • Multiple Proxy
servers servers

February 6, 2014 193

IMAP Improvements: NIO
• With ZC 8 there were significant improvements to IMAP support that enable
more IMAP transactions compared to prior releases
• Historically, with high IMAP usage on a ZC mailbox server, IO against MySQL and
memory consumption were potential bottlenecks

• A new threading model, known as NIO, reduces the memory footprint of

mailboxd and the ZC server overall (by lowering threads required)
• Java thread counts prior to NIO were 3-4 client connections per IMAP user (1000
logged in IMAP users consume about 3500 threads)
• Java thread count after ZC 8 NIO implementation is reduced significantly (1000
logged in IMAP users consume less than 100 threads)
• Java threads use 256K memory, hence less than 25MB of Java memory consumed.

• NIO is enabled by default

February 6, 2014 194

LDAP Multi-Master Replication
• Read rates ~300x greater performance
(2 MMRs = 1 Master + 5 Replicas)
• Writes can be made to multiple
“master” LDAP servers
• Remote sites can perform writes locally
• Eliminates Single Point of Failure for LDAP
• Requires all LDAP servers to be “master” (no replicas)

• Disaster Recovery is simplified if an LDAP master fails

February 6, 2014 195

LDAP Multi-Master Replication, cont.
• Options:
• Add new LDAP servers
• Modify existing LDAP replicas to participate as Masters
Note: Server IDs MUST be unique between masters, and Replication
IDs must be unique in a master.

• See also:
http://wiki.zimbra.com/wiki/LDAP_Multi_Master_Replication

February 6, 2014 196

Policyd
• Policyd
• Policyd is an anti-spam policy daemon for Postfix (written in C)
that does Greylisting, Sender-(envelope, SASL or host / ip)based
throttling (on messages and/or volume per defined time unit),
Recipient rate limiting, Spamtrap monitoring / blacklisting, HELO
auto blacklisting and HELO randomization prevention
• Included in Zimbra package, but not enabled by default

• Examples:
• System admins can restrict the number of emails sent by a
user to 100/day
• Service providers can restrict “spammers” on compromised
accounts

February 6, 2014 197

OpenDKIM
• DKIM – Domain Keys Identified Mail
• Allows creation of Public/Private Keys used to validate email sent
from your domain
• Used by ISP’s, Yahoo, Gmail, Financial Institutions, DOD, etc.
• DKIM can be used to verify inbound mail, but no warning
to user:
https://bugzilla.zimbra.com/show_bug.cgi?id=78424
• zmdkimkeyutil is used to manage domain keys
$ /opt/zimbra/libexec/zmdkimkeyutil -a -d example.com

Public key to enter into DNS: 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey IN TXT "v=DKIM1;=rsa;

p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDY5CBg15nZ2vYnRmrNub6Jn6ghQ2DXQbQgOJ/E5IGzi
UYEuE2OnxkBm1h3jived21uHjpNy0naOZjLj0xLyyjclVy1chrhSbsGAhe8HLXUsdXyfRvNTq8NWLsUnMEsoomtJCJ
/6LYWYU1whOQ9oKZVAwWHSovAWZpByqNMZmFg7QIDAQAB" ; ----- DKIM 0E9F184A-9577-11E1-AD0E-
2A2FBBAC6BCB
dig -t txt 0E9F184A-9577-11E1-AD0E-2A2FBBAC6BCB._domainkey.example.com ns.example.com

February 6, 2014 198

Architecture and Storage
Considerations
• Hardware sizing and capacity planning
• Customer transaction profile
• Sizing worksheet
• Storage and file system layout
• Server sizing

February 6, 2014 199

Multi-Server Installation and
Upgrading

Section 23 in your Student Guide

February 6, 2014 200

Multi-Server Installation –
General Steps

• Start the installation process

• Install the ZC LDAP master server
• Install the ZC mailbox server
• Install ZC MTA on a server
• Install ZC Proxy on a server
• Run final set-up
• Verify server configuration
• Log onto the admin console

February 6, 2014 201

Multi-Server Upgrades – Checklist I
Important: Before you begin the upgrade, make sure you
have a good backup for all users!

• Review Known Issues in Release Notes

• Pre-requisite recommendation:
1. Perform a Test Upgrade in Test environment
Note: This could be a Virtual Environment.
2. Apply and test any customization, especially
a. Existing provisioning scripts
b. Zimlets
c. Skins and Themes

February 6, 2014 202

Multi-Server Upgrades – Checklist II
• Save all customizations including:
• Themes and Skins created
• Any Postfix MTA configurations
• Any configuration file changes like SpamAssassin
• Copy of SSL certificates
• Any Zimlets created
• Others not on this list like scripts

• Make sure backups are stored in a safe partition or on

another server
• Perform install steps
• Run a full backup with the upgraded ZC version
• Re-apply customizations
February 6, 2014 203
Multi-Server Exercise Checklist
• Configure hostname and IP address of vm2 virtual machine
• Bring up the vm2 virtual machine
• Bring up the existing vm1 virtual machine
NOTE: You will use this machine for LDAP and MTA

• Locate the license file and ZC software

• Install Mailbox Service on vm2
• Install Proxy Service on vm1
• Configure vm1 and vm2 for running Proxy service
• Log into the Admin Console

February 6, 2014 204

Environment Information
• Location of the Zimbra software
/root/training

• Location of the Zimbra License File

/root/training/ZCLicense.xml

• Data organized into tree-shaped hierarchy

February 6, 2014 205

Before You Upgrade
• Backup ZC as a normal disaster recovery requirement

• Backup a copy of ZCLicense.xml

• Backup customized files you might have created for

branding

• Backup your certificates

February 6, 2014 206

Multi-Server Migration Exercise

Section 23 in your Student Guide

February 6, 2014 207

Delegated Administration

Section 24 in your Student Guide

February 6, 2014 208

Overview
• What: Delegated Administration lets you create different
delegated administrator roles to manage your ZC
environment
• Who: Accounts or distribution lists can be provisioned as
administrator accounts or groups
• How: These administrator accounts or distribution lists
are granted rights to perform administrator tasks on a
specific target

February 6, 2014 209

Overview, cont.
• Delegated administration is flexible
• Manage one or more distribution lists
• Reset passwords for one or more users
• Manage domain administration rights on one or more domains

• Predefined delegated administrator roles

• Domain administrators
• Distribution list administrators

February 6, 2014 210

Concepts
• Target: A ZC object on which rights can be granted
• Examples: Account, Calendar Resource, Class of Service (COS),
Distribution List (DL), Domain, Global Config, Global Grant,
Server, and Zimlet

• Admin Group: A distribution list that has been assigned an

administrator role
• Admin Account: An individual user account that has been
assigned an administrator role to administer specific
targets

February 6, 2014 211

Concepts, cont.
• Grantee: Refers to the admin user who has been granted
specific permissions (rights) to administer a target
• Rights: Functions that the delegated administrator can or
cannot perform on a target.
• Grant: Specifies the specific grantee who can or cannot
view or modify the right on a target

February 6, 2014 212

Concepts, cont.
• Access Control Entry (ACE): The specific access granted
on a target
• Access Control List (ACL): A list of the access control
entries (ACE) set on a specific target.
• Admin View: Refers to the tabs and content in the admin
console a delegated administrator sees when he logs in

February 6, 2014 213

Concepts, cont.
ACE (Access Control Entries)

Who Grant/Deny Right Target

members of group-1 can createAccount Domain-2

admin-1 cannot setPassword all-users-in-domain-1

admin-2 cannot modifyQuota all-users-in-domain-1

ACL (Access Control List)

Who Grant/Deny Right Target

admin-1 cannot setPassword all-users-in-domain-1

admin-2 cannot modifyQuota all-users-in-domain-1

February 6, 2014 214

Rights
• System-defined rights
• Preset
a. Predefined and fixed implication on targets
b. Associated with a fixed target type
c. Independent of other rights on the same target
d. Requires granting rights on multiple targets in order for the right to be valid.
If the right involves accessing multiple targets, the Admin user needs to have
adequate rights on all pertinent targets
• setAttrs
a. Allows the domain admin
to modify and view an attribute
value
• getAttrs
a. Allows the domain admin to
view an attribute value
• Combo
a. Contains other rights
System rights are listed and described on the
Home>Configure>Rights page
February 6, 2014 215
Rights, cont.
• Attribute Rights
• Specific to a defined
attribute
• Configured on the target
• Type of permission is
specified
read (get) or write (set)

• Positive or Negative Rights

• Negative rights are rights specifically denied to a delegated administrator
account or group
• To be able to revoke a right granted
a. to a wider scope of delegated administrator account or group
b. on a wider scope of targets

February 6, 2014 216

How Rights are Granted
• Scope of rights across target type
• Target types = ‘Account’, ‘Calendar resource’, ‘COS’, ‘Config’,
‘Server’, => Scope = the selected account, Calendar, COS, …
• Target type = ‘Distribution list’ =>
• For DL, Scope = DL and all DLs under this DL
• For accounts or calendar resources, Scope = all accounts or calendar
res. that are direct or indirect members of this DL

• Target type = ‘Domain’ =>

• Rights for all accounts, calendar resources, DL in this domain

• Target type = ‘Global ACL’ =>

• Used to grant admin rights for all entries in a target type

February 6, 2014 217

Implementing Delegated
Administration

• Provisioning
• Global administrator provisions delegated administrators and
delegated administrator groups
• Define Roles: Which rights to assign to the targets the
administrator will manage?
• Admin Group: Create administrator groups and add individual
administrator accounts to the group
• Global Admin: Accounts that are configured as global
administrator accounts cannot be granted ACLs

February 6, 2014 218

Implementing Delegated
Administration, cont.

• Manage the rights

• Administrator Wizard: Allows you to create admin accounts and
grant rights to the account
• Configure grants on existing administrator accounts: Add new
rights or modify rights to an existing delegated administrator or
administrator group account
• Set ACEs directly on a target: Add, modify and delete rights
directly in a target’s Access Control List tab

February 6, 2014 219

Create a Delegated Admin
• Manage Accounts section
1. Home > Manage > Accounts > Options Menu

1. Choose the
Administrator type:
a. Admin Account
b. Admin Group

February 6, 2014 220

Create a Delegated Admin, cont.
• Create a new Admin Group
1. Set the admin name
2. Select or unselect the box
to assign default admin
views and rights
3. Select an existing admin
role and either:
a. Click Finish
b. Or click Next to define admin role.
• Select the views from the
Directly Assigned Admin
views list

February 6, 2014 221

Create a Delegated Admin, cont.
• Configure the Grants
• List of all the grants
necessary to display all
the items selected in the
directly assigned views
column

• Add access rights (ACE) to the account, select:

• Target type
• Target name to administer
• Rights to be granted

February 6, 2014 222

Configure Grants
• Granting rights at the accounts level

February 6, 2014 223

Configure Grants, cont.
• Granting rights at the target level
• Granting rights at the attribute level
• Allow to modify or view (or not modify or view) a specific
attribute on a target

• Revoking rights: Select the right to revoke and click Delete

• Viewing rights

February 6, 2014 224

Assign Administrator Role
• To assign administrator rights to a user, click the
Administrator box on General Information page
• Additional options are then displayed

February 6, 2014 225

Predefined Admin Roles
• Domain Administration Group
• zimbradomainadmins: Delegated admin group grants all the rights
necessary to support ZC domain administration for accounts,
aliases, distribution lists and resources
• Domain Admin Console View
a. Only the functions they are authorized to manage are displayed on
the console’s Navigation pane
b. Access the following utilities on the Downloads page to be used for
accounts on domains they administer:
– Migration wizards
– Import wizard
– Zimbra Connector for Outlook
– Zimbra Connector for Apple® iSync

February 6, 2014 226

Predefined Admin Roles, cont.
• Distribution List Administration Group
• zimbradladmin: Delegated admin group grants all the rights
necessary to log on to the admin console and manage
distribution lists

February 6, 2014 227

Specific Access Rights
• Manage multiple domains
1. Create the administrator account on one of the domains
to be managed

2. Select the following views:

a. Account List View
b. Distribution List View
c. Alias List View
d. Resource List View

February 6, 2014 228

Specific Access Rights, cont.
3. Configure default grants
for this domain

4. Add another domain to be managed (domainexample2.com)

a. Set adminConsoleAccountRights
b. Add more rights:
– adminConsoleDLRights
– adminConsoleAliasRights
– adminConsoleResourceRights
– adminConsoleSavedSearchRights
– adminConsoleDomainRights

February 6, 2014 229

Specific Access Rights, cont.
• Manage Distribution Lists
• To assign a user to manage a distribution list:
1. Create a distribution list and Enable Admin Group
2. Select the view and grant the distribution list rights.
3. Add the user to the list and make that user an administrator
4. Create a new distribution list
and include the following:
• Check Admin Group
• Add the user who will be the
admin as a member of the DL
• Go to the Admin Views tab
and check Distribution List View
so the admin can view the DL
• Click Save
5. In the Configure Grants pages
add the rights shown here:

February 6, 2014 230

Specific Access Rights, cont.
• Change Passwords
• To create delegated administrators who only change passwords
a. Create the admin or admin group
b. Select the views and grant the taskSetPassword combo right

• Select the following views:

a. Account List view to be able to select accounts to change passwords
b. Alias List view to be able to find users who use an alias instead of account name

• Add the specific right:

a. The ‘Configure the Grants page’ displays recommended grants for the views you have
chosen
b. For Change Password rights, do not configure these grants
c. Select Skip
d. Click Add to add the following right:

February 6, 2014 231

Demo/Exercise
• An admin who is only allow to change passwords and
create/modify aliases
• ListDomain, createAlias, deleteAlias, setAccountPassword

• A domain admin who is allowed to administer a domain

but not View Mail
• adminLoginAs

• Domain Admin with rights to administer a 2nd domain

(da1)
• domainAdminConsoleRights on 2nd domain
• domainAdminZimletRights on global target

February 6, 2014 232

Delegated Administration Exercises

Section 24 in your Student Guide

February 6, 2014 233

Provisioning and Integration of External
Directories for GAL and Authentication

Section 25 in your Student Guide

February 6, 2014 234

Overview
• What is the ZC LDAP directory like?

• Types of integration with external directories

• Authentication
• Global Address List lookup
• Free/Busy lookup

February 6, 2014 235

ZC LDAP Hierarchy
• Data organized into tree-shaped hierarchy

• Each entry specified by a unique “distinguished name”

(DN)

• Empty Root, Base, Suffix (-b “”)

February 6, 2014 236

ZC Directory Schema
• ZC installation configures the system with a custom
extension of generic OpenLDAP schema

• All ZC components depend upon this

• All Zimbra defined attributes prefixed with “zimbra”

February 6, 2014 237

Object Definitions
• Class of Service (COS)
• Set of common preferences and available features that are applied
to all accounts within that COS
• dn: cn=default,cn=cos,cn=zimbra

• Domain
• Internet domain name for which the server will handle mail
• dn: dc=zimbra,dc=com

February 6, 2014 238

Object Definitions, cont.
• Account
• Email account: every account belongs to a single COS and domain
• dn: uid=admin,ou=people,dc=zimbra,dc=com

• Meta-accounts have parallel DN’s, but different

objectClasses
• Account Aliases
• Distribution Lists (DL’s)
• Resource Accounts

February 6, 2014 239

Object Definitions, cont.
• Global Configuration
• ZC system wide configuration
• dn: cn=config,cn=zimbra

• Server
• ZC server specific configuration
• Overrides global config
• dn: cn=dogfood.zimbra.com,cn=servers,cn=zimbra

• LDAP Admin/Access Accounts

• Used for access from other ZC services
• dn: uid=zmpostfix,cn=appaccts,cn=zimbra
• dn: uid=zimbra,cn=admins,cn=zimbra

February 6, 2014 240

External Directory Access
• Authentication and GAL configured independently for
each domain

• Configuration elements
• LDAP search base
ou=people,dc=zimbra,dc=com
• LDAP bind DN
Ldap user on the external directory with search access
• Search Filter
Search to run on the external directory

February 6, 2014 241

Types of Integration
• Authentication
• Internal
• External LDAP
• External Active Directory

• Global Address List

• Free/Busy lookup
• Calendar scheduling
• Automatic for other users on the same ZC
• Default external integration is with Exchange 2003

February 6, 2014 242

Types of Integration, cont.
• Single Sign on
• SPNEGO can be configured on ZC for single sign-on
authentication. When users log on to their Intranet through
Active Directory, they can enter their ZWC mailbox without
having to re-authenticate to Zimbra.

• PreAuth Keys

February 6, 2014 243

Single Sign-on
Zimbra provides a pre-authentication mechanism to enable a
trusted third party to forward authentication credentials to
the Zimbra system. This enables the user not have to enter
the login information twice.

Example Single Sign-on Flow:

• A portal application is accessed by the User
• The application presents a “Mail” link
• Using our framework, an Authentication Token is created
• Secret keys are exchanged between the Portal application and Zimbra
• Server computes Hash secret key and creates an authentication sequence
• User is redirected to ZC mail with this authentication token with secret HMAC
key

February 6, 2014 244

External Directory Authentication

February 6, 2014 245

External Directory GAL

Note: GAL Polling interval is set up on this tab for the COS.

February 6, 2014 246

GALsync
• Syncing LDAP to GALsync accounts gives users faster
access to GAL data
• GALsync accounts are created for internal or external GAL
• With Both, a GALsync account is created for each LDAP data
source
• GALsync account polling interval to LDAP server can be set
• New contact, modified contact and deleted contact information is
synced to the GALsync account

February 6, 2014 247

AD and GalSync Accounts
• During message composition from Zimbra Web Client, directory
lookups against an external (AD or other LDAPv3 source) can be
costly in larger directories
• By enabling a GalSync Account, the browsing and paging of the global
address list is done locally (less resource consumption)
• A galsync account will always be created by default in a ZC 8
installation, of the format [email protected] (where
xxxxxxxxxx is random alpha-numerics)
• An internal or external datasource is required, that must be associated
to the galsync account
• Many other settings must be configured correctly, which is where the
complexity (and sometimes confusion) occurs.
• ZC Admin Console or CLI can be used
• GALs and GalSync Facilities are Domain configurations

February 6, 2014 248

AD and GalSync Accounts, cont.
• Adding Active Directory GAL to existing GalSync Account
$ zmprov md domain.ext zimbraGalMode both
$ zmmailbox -z -m [email protected] createFolder -
-view contact /_ADGAL
$ zmgsautil adddatasource -a [email protected] -n
ADGAL –domain domain.ext -t ldap -f _ADGAL -p 1h

• At this point you have two datasources within the Galsync account,
however the ADGAL datasource requires a lot more configuration to
work properly.
• LDAP Search Base
• LDAP Bind DN
• LDAP Bind Password
• LDAP URL (where to connect to Active Directory)
• LDAP Filter (what AD objects you want to reveal to Zimbra users)

February 6, 2014 249

AD and GalSync Accounts, cont.
• Configuring the Galsync Account for Active Directory
Access
Baseline Example
$ zmprov mds [email protected] ADGAL
zimbraGalSyncLdapBindDn [email protected]
zimbraGalSyncLdapBindPassword ‘ma$hp0W'
zimbraGalSyncLdapFilter "(&(objectClass=user)(mail=*))"
zimbraGalSyncLdapSearchBase cn=users,dc=domain,dc=local
zimbraGalSyncLdapURL ldap://10.17.111.159:389

Optional zimbraGalSyncLdapFilter (for Coexistence Scenario)

'(&(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(
mail=*%s*))(!(msExchHideFromAddressLists=TRUE))(|(&(object
Category=person)(objectClass=user)(!(homeMDB=*))(!(msExchH
omeServerName=*)))(&(objectCategory=person)(objectClass=us
er)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategor
y=person)(objectClass=contact))(objectCategory=group)(obje
ctCategory=publicFolder)(objectCategory=msExchDynamicDistr
ibutionList)))'

February 6, 2014 250

AD and GalSync Accounts, cont.
• If you created Contacts in AD to be used for forwarding
message from Exchange Mailboxes to Zimbra, you do not
want those contacts to be displayed in your GAL
• If you have used a prefix for the contacts as an identifier (for
example zcon-contact_name), then you would need to add
(!(givenName=zcon*)) – to exclude all entries that begin with
“zcon”

• You may need to enable ZC for Multi-Domain Search, in

which case you would need to issue these commands
$ zmprov mcf zimbraGalInternalSearchBase ROOT
$ zmprov mcf zimbraGalSyncInternalSearchBase ROOT
$ zmprov md work.net zimbraGalSyncLdapSearchBase ROOT

February 6, 2014 251

Free/Busy Lookup
• Exchange to ZC f/b retrieval
• REST interface on the Exchange server

• ZC to Exchange f/b propagation

• WebDAV interface on the Exchange server

• ZC must authenticate in both cases

• HTTP basic authentication
• HTML form based authentication (like OWA)

February 6, 2014 252

Free/Busy
• ZC global configuration ldap attributes that configure
free/busy interoperation with Exchange server
• zimbraFreebusyExchangeAuthUsername
• zimbraFreebusyExchangeAuthPassword
• zimbraFreebusyExchangeAuthScheme
• zimbraFreebusyExchangeURL
• zimbraFreebusyExchangeUserOrg

February 6, 2014 253

IPv6
• Added (beta) in ZC 8
New in
• Defaults to IPv4 ZC 8!

• Configured at installation
• Not available on Zimbra Collaboration Appliance
• Configuration
• Controlled by zimbraIPMode server setting
• After setting zimbraIPMode, use zmiptool to configure
services
$ zmprov ms `zmhostname` zimbraIPMode ipv4
$ libexec/zmiptool
$ zmcontrol restart

February 6, 2014 254

Voice Integration
• Utilizes third-party Unified Communications (UC) server
to bridge calls between ZC and the UC server
• Based on the inherent URL support of many UC servers
(examples below)
• Fetch voicemail from Cisco UC Server: https://xx.xx.xxx.xx.
• ZC Cisco Click2Call Zimlet (send requests to Cisco CUCM server):
https://xx.xx.xxx.xx/webdialer/services/WebdialerSoapService70
• Cisco CUPS server Presence: http://xx.xx.xxx.xx:8082/presence-
service/users

February 6, 2014 255

Voice Integration, cont.
• The voice service is enabled in the admin console, which
provides users with the Voice tab in the ZWC and the voice
service features contained within
• UC server domain information is added to the admin Console
configures Unified Communication server’s domain information
as a “Proxy Allowed Domain”, which then allows configured voice
service Zimlets to send requests to the UC servers

February 6, 2014 256

Voice Integration Services
• Visual Voice Mail: From the Voice tab, users can perform
all voice mail tasks. Supported audio formats include WAV
and MP3.
• Click-to-Call: Users can make a phone call from a ZWC
account. Click-to-Call eliminates the use for a dial pad
on a phone.
• Click-to-Chat: (Cisco clients only) Users can chat with a
contact using the Cisco Jabber client and ZC.
• Presence: (Cisco clients only) Availability information
about users or contacts is displayed in real time.

February 6, 2014 257

GAL Integration Exercise

Section 25 in your Student Guide

February 6, 2014 258

Support Information

February 6, 2014 259

Additional Information
1. Admin Console Help Search
2. Support Portal
3. Web Client Help
4. Website
Forums
http://www.zimbra.com/forums/
Wiki
http://wiki.zimbra.com/
Online documentation
http://www.zimbra.com/support/documentation.html
Bugzilla bug database
http://bugzilla.zimbra.com/
Product Info
http://www.zimbra.com/products/whats_new.html
Product Planning
http://pm.zimbra.com/

February 6, 2014 260

Thank you!

February 6, 2014 261

©2014 Zimbra Systems, Inc. All rights reserved. Telligent
and its symbol are registered trademarks or trademarks of
Zimbra, Inc. Other company and product names mentioned
herein are property of their respective owners. The
contents of this publication are subject to change without
notification and are the property of and cannot be
reproduced without the written permission of Zimbra. The
contents of this publication are not a commitment by
Zimbra to provide the features and benefits described.

Zimbra
3000 Internet Blvd., Suite 200
Frisco, TX 75034 USA
Main: +1 972-407-0688
Main US toll-free: 877-492-9484
www.zimbra.com

February 6, 2014 262

System Models PDF
No ratings yet
System Models PDF
17 pages
sample-questions-for-fortinet-fcss-soc-an-7.4-exam-by-baker
No ratings yet
sample-questions-for-fortinet-fcss-soc-an-7.4-exam-by-baker
15 pages
Cyber Chronicle
No ratings yet
Cyber Chronicle
123 pages
DENEDU2007. Deployment Architectures_03052024
No ratings yet
DENEDU2007. Deployment Architectures_03052024
31 pages
New - Hive
No ratings yet
New - Hive
46 pages
TICON Integration With Active Workspace 1 1
No ratings yet
TICON Integration With Active Workspace 1 1
13 pages
Pharos IMFP For Ricoh Installation and Configuration Guide v1.5.4
No ratings yet
Pharos IMFP For Ricoh Installation and Configuration Guide v1.5.4
44 pages
SAA-C03 Flashcards - Quizlet
No ratings yet
SAA-C03 Flashcards - Quizlet
469 pages
SP20-BSE-032 Assign1 G06
No ratings yet
SP20-BSE-032 Assign1 G06
20 pages
NYC DEP GIS Job Posting - GreenHUB
No ratings yet
NYC DEP GIS Job Posting - GreenHUB
2 pages
DBA As Service - Scope of Work
No ratings yet
DBA As Service - Scope of Work
5 pages
LFSS Copyright Procedure
No ratings yet
LFSS Copyright Procedure
7 pages
Ibm Aix 4 Installation
No ratings yet
Ibm Aix 4 Installation
8 pages
Zimlet Dev Training Xmlapi
No ratings yet
Zimlet Dev Training Xmlapi
11 pages
Scope of e Library Establish e Library W
No ratings yet
Scope of e Library Establish e Library W
2 pages
Zimbra System Administration
No ratings yet
Zimbra System Administration
7 pages
VMware TKGI v1.18 Documentation
No ratings yet
VMware TKGI v1.18 Documentation
1,445 pages
Cyber Security Notes Unit 1
100% (1)
Cyber Security Notes Unit 1
9 pages
Vykon Integrated Analytics: Data Sheet
No ratings yet
Vykon Integrated Analytics: Data Sheet
2 pages
JavaScript Object Destructuring
No ratings yet
JavaScript Object Destructuring
9 pages
Advanced Classes and Relationships
No ratings yet
Advanced Classes and Relationships
22 pages
Objective
No ratings yet
Objective
4 pages
Deploying and Managing Zimlets Deploying and Managing Zimlets
No ratings yet
Deploying and Managing Zimlets Deploying and Managing Zimlets
12 pages
WinRunner For Beginners
No ratings yet
WinRunner For Beginners
62 pages
SAP ASE Reference Manual Configuration Parameters en PDF
No ratings yet
SAP ASE Reference Manual Configuration Parameters en PDF
268 pages
CIS SUSE Linux Enterprise 12 Benchmark v3.2.0
No ratings yet
CIS SUSE Linux Enterprise 12 Benchmark v3.2.0
524 pages
Kubernetes
No ratings yet
Kubernetes
185 pages
EDU-EN-NSXTIS31-LAB-SE
No ratings yet
EDU-EN-NSXTIS31-LAB-SE
110 pages
Vmware Zimbra Collaboration Server: Install, Configure, Manage
No ratings yet
Vmware Zimbra Collaboration Server: Install, Configure, Manage
2 pages
NeXpose User Guide
No ratings yet
NeXpose User Guide
317 pages
Red Hat Ceph Storage-5-File System Guide-En-Us
No ratings yet
Red Hat Ceph Storage-5-File System Guide-En-Us
160 pages
Stream Processing Everywhere
No ratings yet
Stream Processing Everywhere
46 pages
Openstack HP
No ratings yet
Openstack HP
15 pages
TR Openshift Skills Path Infographic f29300 202106 en - 0
No ratings yet
TR Openshift Skills Path Infographic f29300 202106 en - 0
2 pages
Learn Puppet:: Quest Guide For The Learning VM
No ratings yet
Learn Puppet:: Quest Guide For The Learning VM
88 pages
Cloud Computing - Prashant
No ratings yet
Cloud Computing - Prashant
6 pages
RH415 Red Hat Security - Linux in Physical Virtual and Cloud 1 PDF
0% (1)
RH415 Red Hat Security - Linux in Physical Virtual and Cloud 1 PDF
1 page
RH254 RHEL7 en 1 20140711 Slides
0% (1)
RH254 RHEL7 en 1 20140711 Slides
153 pages
Red Hat Openstack Platform-16.1-Networking Guide-En-Us
No ratings yet
Red Hat Openstack Platform-16.1-Networking Guide-En-Us
208 pages
Tuning For Web Serving On RHEL 64 KVM
No ratings yet
Tuning For Web Serving On RHEL 64 KVM
19 pages
Introduction To SaltStack
No ratings yet
Introduction To SaltStack
13 pages
OVN Kubernetes Presentation OCTO October6th2020
No ratings yet
OVN Kubernetes Presentation OCTO October6th2020
43 pages
Red Hat Enterprise Linux-7-Performance Tuning Guide-En-US
No ratings yet
Red Hat Enterprise Linux-7-Performance Tuning Guide-En-US
78 pages
Check Point Security Administration III NGX Searchable
No ratings yet
Check Point Security Administration III NGX Searchable
460 pages
SAP® BusinessObjects™ Analysis, Edition For Microsoft Office
No ratings yet
SAP® BusinessObjects™ Analysis, Edition For Microsoft Office
22 pages
IBM CEPH Storage
No ratings yet
IBM CEPH Storage
180 pages
Mastering Devops - 2024
No ratings yet
Mastering Devops - 2024
17 pages
SPP Practical Guidance PDF
No ratings yet
SPP Practical Guidance PDF
500 pages
Red Hat Virtualization-4.4-Planning and Prerequisites Guide-En-US
No ratings yet
Red Hat Virtualization-4.4-Planning and Prerequisites Guide-En-US
36 pages
Red Hat System Administration I 3.6 Practice
No ratings yet
Red Hat System Administration I 3.6 Practice
8 pages
PDI2000 Labs
No ratings yet
PDI2000 Labs
281 pages
PL Course File
No ratings yet
PL Course File
15 pages
HCIA Storage Training Material V4.0 Разблокирован (001 064)
No ratings yet
HCIA Storage Training Material V4.0 Разблокирован (001 064)
64 pages
Open VSwitch Getting Started
No ratings yet
Open VSwitch Getting Started
6 pages
The Leading Open Source Backup Solution: Bacula Console and Operators Guide
No ratings yet
The Leading Open Source Backup Solution: Bacula Console and Operators Guide
39 pages
WVD Fall LLD
No ratings yet
WVD Fall LLD
15 pages
OpenStack Virtual Machine Image Guide
No ratings yet
OpenStack Virtual Machine Image Guide
64 pages
NCC Group Understanding Hardening Linux Containers-1.0
No ratings yet
NCC Group Understanding Hardening Linux Containers-1.0
122 pages
IBM ProtecTIER
No ratings yet
IBM ProtecTIER
516 pages
Classroom Requirements: Red Hat Training & Certification
100% (1)
Classroom Requirements: Red Hat Training & Certification
11 pages
Kubernetes: What's It Do?: Presenter Eric Paris Red Hat
No ratings yet
Kubernetes: What's It Do?: Presenter Eric Paris Red Hat
25 pages
Suse Linux
No ratings yet
Suse Linux
576 pages
KVM Virtualization in RHEL 7 Made Easy
100% (1)
KVM Virtualization in RHEL 7 Made Easy
15 pages
Red Hat Enterprise Linux-8-Managing Monitoring and Updating The Kernel-En-us
No ratings yet
Red Hat Enterprise Linux-8-Managing Monitoring and Updating The Kernel-En-us
184 pages
Devops&Cloud CV
No ratings yet
Devops&Cloud CV
7 pages
Chapter 1 Introduction To SCM
No ratings yet
Chapter 1 Introduction To SCM
23 pages
Dell Emc Ready Architecture Guide Red Hat v16 1
No ratings yet
Dell Emc Ready Architecture Guide Red Hat v16 1
77 pages
Upgrading Satellite and Capsule From RHEL 7 To RHEL 8 - HackMD
No ratings yet
Upgrading Satellite and Capsule From RHEL 7 To RHEL 8 - HackMD
22 pages
Red Hat System Administration I: Document Version
No ratings yet
Red Hat System Administration I: Document Version
8 pages
Openstack Redhat
No ratings yet
Openstack Redhat
24 pages
Set Up An iSCSI Server in RHEL 6.x
No ratings yet
Set Up An iSCSI Server in RHEL 6.x
6 pages
Extending SaltStack - Sample Chapter
No ratings yet
Extending SaltStack - Sample Chapter
15 pages
Project Report On Shopping Application
No ratings yet
Project Report On Shopping Application
118 pages
Openstack Super Bootcamp PDF
No ratings yet
Openstack Super Bootcamp PDF
96 pages
Software-Defined Networking (SDN) Deployment Guide
No ratings yet
Software-Defined Networking (SDN) Deployment Guide
38 pages
Dell Emc Ready Architecture For Red Hat Hci Architecture Guide
No ratings yet
Dell Emc Ready Architecture For Red Hat Hci Architecture Guide
100 pages
The Complete Data Migration Methodology
No ratings yet
The Complete Data Migration Methodology
6 pages
Red Hat System Administration II (RH134R) (RHEL 8) - 6
0% (1)
Red Hat System Administration II (RH134R) (RHEL 8) - 6
11 pages
(Redhat) Linux Important Stuff
No ratings yet
(Redhat) Linux Important Stuff
7 pages
LinuxCBT KVM Edition Notes
No ratings yet
LinuxCBT KVM Edition Notes
5 pages
LinuxCBT Squid Notes
No ratings yet
LinuxCBT Squid Notes
3 pages
Troubleshooting Open Stack
No ratings yet
Troubleshooting Open Stack
20 pages
Boq
No ratings yet
Boq
4 pages
RH442: Red Hat® System Monitoring and Performance Tuning: Includes
No ratings yet
RH442: Red Hat® System Monitoring and Performance Tuning: Includes
1 page
TXLF2011 OpenStack
No ratings yet
TXLF2011 OpenStack
83 pages
Best Practices For Performance Tuning JBoss Enterprise Application Platform 4.3
No ratings yet
Best Practices For Performance Tuning JBoss Enterprise Application Platform 4.3
16 pages
Suse Linux Administration Guide PDF
No ratings yet
Suse Linux Administration Guide PDF
292 pages
Complete Guide To Setting Up An OpenStack Development Environment
No ratings yet
Complete Guide To Setting Up An OpenStack Development Environment
4 pages
Rha130 Workbook 03 Student 5.0 0 Linux File System Management
No ratings yet
Rha130 Workbook 03 Student 5.0 0 Linux File System Management
97 pages
Splunk Punk: Taming Logs, Alerts, and the Chaos of SIEM
From Everand
Splunk Punk: Taming Logs, Alerts, and the Chaos of SIEM
Scott Markham
No ratings yet
Ultimate VMware NSX for Professionals
From Everand
Ultimate VMware NSX for Professionals
Vinay Aggarwal
No ratings yet
Extending Puppet - Second Edition
From Everand
Extending Puppet - Second Edition
Alessandro Franceschi
No ratings yet
Implementing NetScaler VPX™ - Second Edition
From Everand
Implementing NetScaler VPX™ - Second Edition
Sandbu Marius
No ratings yet
VMware Horizon View Essentials
From Everand
VMware Horizon View Essentials
Peter von Oven
No ratings yet

Zimbra Collaboration System Administration - Jan2014

Uploaded by

Zimbra Collaboration System Administration - Jan2014

Uploaded by

Zimbra Collaboration

Sections 2 & 3 in your Student Guide

• Platforms not Supported in ZC 8 (EOL in ZC 7)

On-premises Hosted On-premises Hosted

• Administer ZC, OS stack • Administer ZC, OS within

Microsoft Apple; other Zimbra Zimbra

Platform API Interfaces

Database Attachment Free/Busy

• Controls ZC “Network Edition” Features

Section 4 in your Student Guide

• Third-party and Open-source Software

Port Server Port Server

25 Postfix 7071 ZC Admin services connector (SSL)

7025 LMTP 10025 Postfix answering amavisd-new

7047 Conversion Server (httpd) 11211 memcached – nginx route lookups

• Configuring virtual hosting

• Select the single-server environment option, and

• Save the files in the appropriate directories

Section 4 in your Student Guide

Section 5 in your Student Guide

• Granular Delegated Administration

• Administrative APIs and Utilities

• Disaster Recovery and Back Up

• Migration Tool to import users mailboxes, calendars &

NOTE: Individual account setting override COS and Domain settings.

• COS is configured with the following

• Dumpster (not enabled by default)

• Configure the Subject Alternative Name (SAN) field with all

• Global settings include the following settings

Section 5 in your Student Guide

Section 6 in your Student Guide

-v: display version

Append “-h” to display the usage options for a command

• zmmailbox command-line access to mailboxes

• zmaccts (zmprov –l gaa) lists all accounts and their status

• zmcontrol and zm*ctl (i.e. zmmailboxdctl) used to start/stop/restart/view

• zmlocalconfig (–e, -s) used to set or get local configuration for ZC

• zmmsgtrace trace messages

• zmmboxmove (zmmboxmovequery) move mailboxes between mailbox servers

• zmblobchk clear mysql of entries that have no blobs

• zmsoap execute soap calls directly

• Account (create, view, modify, suspend, delete)

• Server (view, modify)

• COS (create, view, modify)

• Domain (create, view, modify)

• Distribution list / security group

• Quota usage, mailbox ID

• Create a new account / Change an attribute value:

• Add a user to a Distribution List (DL)

• List all global config info (same as admin console

• Restrict who can view addresses in distribution lists to

• Grant rights to a user in a domain to send messages to all

More zmprov examples are available in your training guide

• Through Admin Console

• With Command Line

• To allow all members in a group:

• To allow all internal users:

• To allow a specific external email address:

• zmmailbox command can be invoked from within zmprov

zmmailbox help account Help on account-related commands

zmmailbox help filter Help on filter-related commands

To find the mailbox size for an account

Section 6 in your Student Guide

Section 7 in your Student Guide

• Subject Alt Names (mail.mycompany.com,

2. Copy and paste the CSR to Certificate Authority through the

• If the md5-hashes are different, something went wrong

5. For multiple servers:

Create Client Use the CA Import the CA Configure ZC to

Section 8 in your Student Guide

• External monitoring HIGHLY recommended!!

• Disk usage statistics

• Data used to plan and implement server configurations

Syslog-ng (typically used in recent SuSE versions),

• Add a line at the end that is similar to:

• No restart of any service is needed, BUT if something happens that