Hi,
Obviously, is there a preferred migration method? It seems several options from REST, to backups, to zmztozmig are used with success by others. But there is no "Official" supported method that I could find.
This is the method I like:
https://wiki.zextras.com/wiki/ZxBackup: ... ras_Backup. Back in the day, if zimbra support ever see anything "zextras", they would immediatly point that as the responsable for any problem. Based on Mark comments, I guess that has change since zimbra is now shipping zextras modules. You could even find that zextras migration guide in a zimbra wiki page here
https://wiki.zimbra.com/wiki/Zimbra_NG_ ... -migration which I would consider as you call it an '"official" supported method'.
What will happen with HSM? We recently began using HSM and it is working well. When I migrate the mailboxes will HSM begin a large run that night or will the messages be stored in the proper HSM volume on the new server during migration?
I still did not migrate hsm stores with zextras. But I would expect (i'm just guessing here, you should test this on a lab if you have the opprotunity or ask zimbra support if you hava a contract) that the migration process will just recover the information in a primary storage (not in an hsm), later on, you could run a powerstore task (which is actually part of the incremental migration process) and configure it if you want it to be scheduled at nights (hsm is a process one have to excecute to organize things, is not enough to just confiugre the secondary volume).
I made all the required changes for SSL to enable us to get an A+ grade at SSL Labs (now down to B because of AEAD). Will the 8.8.9 version pass SSL testing after install, or will I need to make modifications again?
By default, if your certificate is good, it will pass with an A. It will still show a copule weak ciphers but that won't take that A away from you.
Things to notice when using zextras migration tool, is that the user id (long ldap identifier) is not migrated to the new ldap server, a new one is created instead. With this being said, note that outlook with zimbra connector will need to be reconfigured in case you use it. It could also affect your synched mobile devices (the ones using mobile syncronization via an exchange/active sync account). Nothing to worry about, just be warned so you can warn your users and prepare in case you need to go "desk by desk" to reconnect the outlook connector.
Also, depending on the amount of data you have, which I will guess is quite a lot since you use hsm, note that migration could take a long time. Don't understimate how slow SATA disks are. The main concern about this, is that if you are using an incremental migration procedure, after you do the 1st of your restores, those items won't be modified upon next recovers. This means that if users delete those items, or just move them, those changes won't be reflected on the new servers. So the longer you run the migration, the more changes are going to be lost. Again, nothing to worry about, but users should be aware of this situation before hand so you don't get flooded with support calls with things like "i dont find the email" just because they moved it somewhere and that change was lost.
Another thing important thing to consider when migrating is user id and gruop id. Maybe the zimbra uid and gid in origin server is differnt from destinty server. This could lead to some problem as if they are different, you wont have read access in the destiny server. In this zextras forum thread I started a discussion (only with myself apparently
)
https://forums.zextras.com/zxbackup/180 ... d-gid.html about that very same thing. As right now, I'm testing "number 2" on that list I propose as "number 1" is not working with the nfs server the customer has. I'm not a big fan of creating the zimbra user before the installation, forcing its uid and gid to match the original server, but I guess ( i should try to check that first) that should work just fine too.
As a personal recomendation, you are talking about a "box". Idk if this is your case or not, but I would suggest to have at least 2 servers. 1 with the core services (store/ldap/webapp/logger/etc) and a second one with frontend services (mta/proxy/memcached/dnscache/av/as/etc). So you can put your frontend in your dmz in case you have one.
Anyways, good luck with your migration!!!