"Micro-production" environment - Single-VM Setup or Two-VM "Non-Redundant Cluster"?

[Razva]

Hello,

Last week I've tried my first "alpha" Zimbra environment so this week I would like to make it to "micro-production". I spent the last couple of days thinking at the best way to do this, and be able to scale if/when necessary. So here's the question:

For a "micro-production" environment, with 10-15 addresses + ZeXtras S3, would I be better with a single-machine setup which easier to maintain and monitor but might be harder to expand, OR with a LDAP&Proxy&MTA + Mailbox "two VM non-redundant cluster" which is a bit harder to maintain and monitor but might be easier to expand?

Please note that I don't want to go "full ISP level", nor sell this as a public service yet, but still if a friend or client asks me for 5 addresses I should be able to provide them. I won't get pass the 100 addresses any point soon, it's more like a max 50 max addresses for the future. If going past the 50 mark I'll obviously setup a proper cluster, get proper support & licensing etc. But for now I want to cover my current and near-future needs.

Thanks,
Razva

[phoenix]

A single-server installation (depending on the h/w resources) would be sufficent fot thousands of users, guess what I'd recommend?

[Razva]

A single-server installation (depending on the h/w resources) would be sufficent fot thousands of users, guess what I'd recommend?

Thinking the same Supposing that at some point I would need to split resources, would it be possible to add - for example - an external (dedicated) LDAP server and disable LDAP on the current "single-server" installation? If yes, is there any component (LDAP, Proxy, MTA) that cannot be added/split afterwards?

[phoenix]

You cannot remove the zimbra LDAP as it's used for more than just user authentication. You can at any time add external authentication if you want, read the wiki article (or the product documentation) on the subject for detailed information.

[Razva]

You cannot remove the zimbra LDAP as it's used for more than just user authentication. You can at any time add external authentication if you want, read the wiki article (or the product documentation) on the subject for detailed information.

Let me rephrase.

Is it possible to move the Zimbra LDAP role from a single-server setup to a separate/dedicated Zimbra LDAP machine? Example: create a new Zimbra LDAP server and connect it (cluster?) to the current single-server setup, then disable LDAP on the previous single-server setup, thus resulting a separated LDAP from Mailbox/Store.

Succinctly, can I "split roles" of a single-server setup after being in production? Or it would be more feasible to just create a new cluster and copy user data from left to right?

[phoenix]

Sorry if I misunderstood your last question. The answer is yes, you can move to a multi-server set-up after the initial install but if you are only going to run a small server I don't really see the point of splitting the roles for such a small number of users. I'd suggest you'd be better running a single server with a good backup and disaster recovery strategy that you've tried, documented and tested. I've been running my server for the last thirteen years without problems and a few years ago I started using the ZeXtras products for backup, it is an excellent product and saves a lot of manual work configuring and testing a backup strategy.

[Razva]

I'd suggest you'd be better running a single server with a good backup and disaster recovery strategy that you've tried, documented and tested. I've been running my server for the last thirteen years without problems and a few years ago I started using the ZeXtras products for backup, it is an excellent product and saves a lot of manual work configuring and testing a backup strategy.

We're going to use S3 fo storing data, so it'll be kinda "impossible" to lose data (only if Amazon crashes, which has an 0.0001 chance I guess?). Do I really need "hot backups" in this case? Are you referring for backups in case the system gets exploited/hacked and all data is removed? For "disaster recovery" I can think at a simple plan to copy data from S3 to Glacier and call it a day? Or maybe I'm missing something?

[L. Mark Stone]

To expand a single-server to, say, a highly redundant 20,000-mailbox architecture, all you'll do is:

1. Add a separate LDAP server and configure replication with the existing, original single-server node.

2. Add a separate MTA server (with proxy if you like).

3. If you added a second Proxy node, configure a load balancer in front of them.

4. Add a few mailbox servers as needed.

5. Move the mailboxes off the existing single-server to the new dedicated mailbox server(s).

6. If you wish, move the logger service to one of the new mailbox servers and set them as the new MtaAuthHost, then you can remove the logger and mailbox services from the original server, leaving it as an LDAP/MTA/Proxy server.

Other than #6, none of the other expansion steps create downtime for end users.

Hope that helps,
Mark