SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER Buy a load balancer, get a firewall too. Introduction What is the SX series? The most powerful solution for high traffic performance is to deploy the IceWarp server in a load balanced environment. This solution is shown in the topology figure in the bottom of the page. Halon Security has produced a verity of firewalls, or security gateways, ranging from small business to enterprise appliances. They are all based on the same operating system, H/OS. It’s a security-strengthen, slimmed network operating system based on the FreeBSD kernel, and consisting of a simple command-line interpreter that constitutes the product. There is also a web administration, using the commandline interface as back-end. The Halon SX firewall, which also operates as a load balancer, directs traffic from the internet to the IceWarp servers. The servers are then using one or more file and database servers as back-end, providing data coherence. In the topology below, one could have an e-mail security appliance between the load balancer and the IceWarp servers. They are however not necessary for the load balancing deployment. Why load balancing? Since SMTP can be balanced using MX pointers, the most critical protocol for the load balancer is HTTP; the web mail client. In order to achieve high availability, performance and risk mitigation, clusters are desired for critical missions. For example, multiple Halon SX firewalls can be clustered in a master-slave failover configuration. The Halon VSP, an e-mail gateway and spam prevention appliance, can also be clustered in a master-master fashion. So can the IceWarp server. This solution is advanced, and requires a large amount of revenue to start. The main function of the load balancer is to direct traffic to servers with the least amount of connections, and provide fault tolerance by probing the servers. Halon SX TOPOLOGY Internet IceWarp Database IceWarp File Server farm "#$.$ ,.$ 9&.$ *&,5 @,*,';)'< 3;$',.)&3 +#,' ;, 5&;-9$'+L +#$.$(&.$F +#$ 5)3;-33)&' 4)** @$ *) .$;&99$'5$53&*-+)&'F4#);#)3, @,*,';$ @$+4$ ,'5%&'%-./&"&0%/%")> E)<-.$M)**-3+.,+$3,*&,5@,*,';$53&*-+)&'(&.-A $/$' 9&.$> Q+)*)%)'< B;$I,.AJ3 $(();)$'+ $'<)'$ 3$./$.3 #,/$ ,9A*$ A.&;$33)'< A&4$. +& #&-3$ -3$.3>"#$-*+)9,+$'-9@$.&(3-AA&.+$5-3$.35$A ,'5R23A$;)();,+)&'3> SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER IceWarp "#)3 3& .$5-'5 +#$ $'/ 3#&-*5 &((,)*-. )'(.,3+. +#)3 3&* ,** .-' 3+&.$55 The figure to the right illustrates a load balanced solution for up to 150,000 users or even more. Utilizing IceWarp's efficient engine, many off‐the‐shelf servers have ample processing power to house up to even a million users. The ultimate number of supported users depends upon hardware and OS specifications. The solution provides full redundancy for all data in the environment, and there should not be a single point of failure. Even if the entire infrastructure were to crash, this solution would protect all running services and stored data. The system administrator merely needs to reconfigure a few settings. In this solution, IceWarp Server utilizes Open DataBase Connectivity (ODBC) in order to connect to the database. All information regarding domain, user, groupware, and spam can be stored in database format in an SQL server, either on the same system or on a completely different server. See the general requirements. E)<-.$M Optimizing System Resources through Effective Load Balancing © IceWarp 2008 All Rights Reserved. Installation The database is the core of the entire solution. Domain and user information is stored here and the tabular information instructs the server as to which email is acceptable and where it should be sent. Once a message has been authenticated for delivery, the server writes the email to the \IceWarp\temp\ directory, where it is held just long enough to pass through important filters, including AntiVirus, AntiSpam and Content. Once the message in transit has been approved by all filters, the server writes the email to the \IceWarp\mail\ directory. The directory’s format will be: \IceWarp\mail\domain\user\xxxxxxxxx.tmp (POP3) or .imap for IMAP mail. The data in the \temp\ directory will then be removed, and the server records the delivery information into the event logs. When setting up a load balanced group, an administrator will need to specify where certain directories point, and set up the services to perform specific tasks.The database setup is first. The system administrator will need to create the database on a central server so that other servers can point to it. This allows all servers to access the same data. Once the databases are populated and all the servers use the same location, the administrator will need to specify where the directories go. The system administrator will need to prepare the database and file server so that IceWarp Server can communicate with them. IceWarp recommends running the environment in a Windows domain, because of the Service Access and environmental control. Unlike stand‐alone networks, domains provide Central Access and Control. When supporting high visibility networks that are on the Internet, it is common practice to separate servers from one another so that the entire system will not be compromised if a single server is hijacked. This would be possible because servers in a Windows domain environment share a central authentication system and commonly have low security and domain policies. Therefore, a firewall is advised. In this scenario, it is simplified by the load balancer being a firewall. In order to make the information universally accessible, the administrator should use a “Domain Admin” account to run the services. Using the domain makes this possible by centralizing the data. This is made easy by adjusting the settings of all servers in one domain and allowing domain policies to control access between the servers. An administrator can keep the SQL servers in their own domain or remove them from the mail and file servers. The domain account is required for two reasons. First, so that the services can access necessary files without issuing a login command, and second, so that services will not need to log onto the server every time they are rebooted or disconnected from other servers. The system administrator should enable IceWarp services via the Windows Services Manager, and then set the services to log in as a domain admin account via the Windows configuration. This provides IceWarp services with the appropriate access rights for directory shares without the use of a logon script. Thus, services will initiate the logon the moment they start. This provides a failsafe in the event that a server is rebooted or if a connection is lost. If this occurs, the server will not have to log back into the domain in order to have continued access to email on the file server. SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER ! Administrators can take an additional precaution by creating a “domain user” account and assigning the precise "#$%&'()&$'*+,-.)/0.&12,)3,) permissions required for the services to access the necessary files. Alternatively, the administrator can create the 4$+,.5657,8.98&$&57).7#).11#+.7,57:,+,$7).1%&1,5,)3,).$95,75(/ services as domain administrator accounts. The latter is easier, but it is up to the "#$%&'()&$'*+,-.)/0.&12,)3,) discretion of the system 7:,9.7.;.5,<7:,6=&11$,,97#+#$%&'(),7:,8.&15,)3,)5>*$57.11&$'7:, 5#%7=.),&57:,%&)5757,/? administrator. *%7:,5657,8)($5($9,).9#8.&$<7:,.98&$&57).7#)5:#(19'# 4$+,.5657,8.98&$&57).7#).11#+.7,57:,+,$7).1%&1,5,)3,).$ 7#7:,-&$9#=52,)3&+,5.$95,77:,1#'#$.++#($77#@A#8.&$ 7:,9.7.;.5,<7:,6=&11$,,97#+#$%&'(),7:,8.&15,)3,)5>*$57 B98&$<C.55:#=$&$%&'(),D> 5#%7=.),&57:,%&)5757,/? The administrator will need the following folders on the file server: Mail, Spam, Calendar, Logs (optional; logs can *%7:,5657,8)($5($9,).9#8.&$<7:,.98&$&57).7#)5 be stored locally for better performance), Config and Config/Server/License 7#7:,-&$9#=52,)3&+,5.$95,77:,1#'#$.++#($77# B98&$<C.55:#=$&$%&'(),D> Once a system administrator allocates the central file server and sets up the database, they will need to configure the mail servers. Installing the software is the first step: "#$%&'&()*+),* -,,.(/ 0123 4,5*67(8 ,9)&,' +'$ 6* !"#$%&'!(:;&<5*7=&..5()*+)7()>+))>76*7+)7$0123( 9,&') ), + ?@4AB $+)+C+(7: ->7 +$%&'&()*+),* D&.. ' J&'(),D 6*7+)7+'0123(,5*67E,*)>7+66,5')(/<*,59D+*7/+'$ 1. If the system runs under a domain, the administrator should go to the Windows Services and set the logon account to “Domain Admin,” as shown to the left. E:,$7:,.98&$&57).7#)5:#(19#/,$7:,*+,-.)/B98&$&57).7&#$ "#$5#1,.$9'#7#7:,F27#).',G7.;.$9+:##5,7:,FA.7.;.5,G #/7&#$<.5&11(57).7,9&$%&'(),H> 2. Then the administrator should open the IceWarp Administration Console and go to the [Storage] tab and choose the [Database] option, as illustrated in the figure. 3. If the administrator has not yet created the ODBC connections, they will now need to do so. In Windows, they must open the [Administrator Tools, ODBC Sources] option and create a System DSN. Figure 5 illustrates that the created ODBC sources point to a MySQL database. The administrator will need to create an ODBC source for the accounts, groupware, and spam. Link to the guide. J&'(),D E:,$7:,.98&$&57).7#)5:#(19#/,$7:,*+,-.)/B98&$ "#$5#1,.$9'#7#7:,F27#).',G7.;.$9+:##5,7:,FA #/7&#$<.5&11(57).7,9&$%&'(),H> "#$%&'&()*+),* -,,.(/ 0123 4,5*67(8 ,9)&,' +'$ !"#$%&'!(:;&<5*7=&..5()*+)7()>+))>76*7+)7$012 9,&') ), + ?@4AB $+)+C+(7: ->7 +$%&'&()*+),* D&. 6*7+)7+'0123(,5*67E,*)>7+66,5')(/<*,59D+*7/+' J&'(),H *%7:,.98&$&57).7#):.5$#76,7+),.7,97:,4AI"+#$$,+7&#$5< 7:,6=&11$#=$,,97#9#5#>*$-&$9#=5<7:,68(57#/,$7:, ;&<5*7= Optimizing System Resources through Effective Load Balancing © IceWarp 2008 All Rights Reserved. 0'67 )>7 0123 (,5*67( >+F7 C77' 6*7+)7$/ )>7 +$%&' 4. Once the ODBC sources have been created, the administrator can 6+'*7)5*' ),)>7J&'(),H G67H+*9#$%&'&()*+)&,'3,'(,.7+'$6 return to the IceWarp Administration Console and click on the [DB )>7 "12 47))&'<(8 C5)),' ,' )>7 "4),*+<78 )+C/ ,97'& *%7:,.98&$&57).7#):.5$#76,7+),.7,97:,4AI"+#$ Settings] button on the [Storage] tab, opening the database setup box. $+)+C+(7(7)59C,J:->701236,''76)&,'D&..C77()+C 7:,6=&11$#=$,,97#9#5#>*$-&$9#=5<7:,68(57 97*%&))&'<)>7+$%&'&()*+),*),6,''76)D&)>)>7K(7*L# The ODBC connection will be established, permitting the administrator Optimizing System Resources through Effective Load Balancing $+)+C+(7:->7+$%&'&()*+),*D&..+.(,'77$),6*7+)7)>7 Reserved. to connect with the User/Account database. The administrator will also© IceWarp 2008 All Rights (,)>+)5(7*(+'$$,%+&'(6+'C7(),*7$&')>7$+)+C+(7: need to create the tables so that users and domains can be stored ;&<5*7= in the database. For better performance, see the P.D.O. guide. 5. The administrator will need to change the syntax and driver to fit the connecting database. 6. [Backup Connection] will be noticeable, and can be used as another database source in case the primary database becomes unreachable. It should be noted that data does not populate this second database, so an administrator will need to replicate the primary to the secondary in order to use it. 7. The administrator is now ready to point IceWarp directories to the folders created on the file server. The administrator will need to use the UNC path for these connections (unless iSCSI is used, since it then appears as a physical drive). The /temp path should always stay local to each server. 0'67 )>7 0123 (,5*67( >+F7 C77' 6*7+)7$/ ! )>7 +$% 6+'*7)5*' ),)>7 G67H+*9#$%&'&()*+)&,'3,'(,.7+' )>7 "12 47))&'<(8 C5)),' ,' )>7 "4),*+<78 )+C/ ,97 "#$%&'()(*+,%+-,.(//)$$&+-0#%)1$+#$*2)+%3%)&&,(4$,+- $+)+C+(7(7)59C,J:->701236,''76)&,'D&..C77( 5(++#$0-))$0+()1&%+%6%*$7 89%0:;< =-))$0+(-)> .(// 6$ )-+(0$%6/$? %)& 0%) 6$ ;*$& %* 97*%&))&'<)>7+$%&'&()*+),*),6,''76)D&)>)>7K(7 %)-+#$,&%+%6%*$*-;,0$()0%*$+#$<,('%,2&%+%6%*$6$0-'$* $+)+C+(7:->7+$%&'&()*+),*D&..+.(,'77$),6*7+)7) ;),$%0#%6/$7 @+ *#-;/& 6$ )-+$& +#%+ &%+% &-$* )-+ !"!#$%&' (,)>+)5(7*(+'$$,%+&'(6+'C7(),*7$&')>7$+)+C+( +#(**$0-)&&%+%6%*$?*-%)%&'()(*+,%+-,.(//)$$&+-,$</(0%+$ +#$<,('%,2+-+#$*$0-)&%,2()-,&$,+-;*$(+7 "#$%&'()(*+,%+-,(*)-.,$%&2+-<-()+@0$A%,<&(,$0+-,($*+- +#$ 5-/&$,* 0,$%+$& -) +#$ 5(/$ *$,4$,7 "#$ %&'()(*+,%+-, .(// )$$& +- ;*$ +#$ BC= <%+# 5-, +#$*$ 0-))$0+(-)*7 "#$ D+$'< ;&<5*7M <%+#*#-;/&%/.%2**+%2/-0%/+-$%0#*$,4$,7 Optimizing System Resources through Effective Load Balancing © IceWarp 2008 All Rights Reserved. ;&<5*7M Optimizing System Resources through Effective Load Balancing All Rights Reserved. © IceWarp 2008 8. The mailbox path option will allow the administrator to organize the mail folder in alphabetical order. Servers with large amounts of users will need to be configured with this option, in order to keep the folders/users separated as much as possible. Windows would take a longer to open one folder with 100,000 small folders, while sorting would allow Windows to easily manage the folders. 9. As shown in the figure, the administrator should now move to the [Load Balancing] tab and point the other folders not seen in the [Directories] tab. M(1;,$N "#$'%(/6-3<%+#-<+(-).(//%//-.+#$%&'()(*+,%+-,+--,1%)(E$ +#$ '%(/ 5-/&$, () %/<#%6$+(0%/ -,&$,7 F$,4$,* .(+# /%,1$ %'-;)+*-5;*$,*.(//)$$&+-6$0-)5(1;,$&.(+#+#(*-<+(-)?() -,&$,+-:$$<+#$5-/&$,*D;*$,**$<%,%+$&%*';0#%*<-**(6/$7 A()&-.*.-;/&+%:$%/-)1$,+--<$)-)$5-/&$,.(+#GHH?HHH *'%// 5-/&$,*? .#(/$ *-,+()1 .-;/& %//-. A()&-.* +- $%*(/2 '%)%1$+#$5-/&$,*7 I**#-.)()5(1;,$J?+#$%&'()(*+,%+-,*#-;/&)-.'-4$+-+#$ 8K-%&9%/%)0()1>+%6%)&<-()++#$-+#$,5-/&$,*)-+*$$)()+#$ 8L(,$0+-,($*>+%67 Optimizing System Resources through Effective Load Balancing © IceWarp 2008 All Rights Reserved. 6)59-%C !" #$% &'()*)+,-&,.- /)00 *./ *%%' ,. 10)12 .* ,$% 34%,,)*5+ 6)0%7 89,,.* )* .-'%- ,. 1.*:)59-% ,$% -%(&)*)*5 ;&,$+ &*' .;,).*+ :.- 0.&' 8&0&*1)*5< 4.(% :)%0'+ /)00 &0-%&'= 8% :)00%' .9,> &*' ,$% &'()*)+,-&,.- +$.90' ;-%++ ,$% 3?.((%*,7 89,,.* ,. +$./ ,$%;%-(),,%':)%0'+<4%%:)59-%@< 6)59-%C SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER 10. The administrator will now need to click on the [Settings File] button in order to configure the remaining paths and options for load balancing. Some fields will already be filled out, and the administrator should press the [Comment] button to show the permitted fields. See the figure. It illustrates a file that has mapped values for each line. For example, line 1 is reserved for the config path, so only the config path can be used in line 1. This file would not be useable if the line did not specify the precise value for which it is reserved. #$% &'()*)+,-&,.- /)00 *./ *%%' ,. 10)12 .* ,$% 34%,,)*5+ 6)0%7 89,,.* )* .-'%- ,. 1.*:)59-% ,$% -%(&)*)*5 ;&,$+ &*' .;,).*+ :.- 0.&' 8&0&*1)*5< 4.(% :)%0'+ /)00 &0-%&'= 8% :)00%' .9,> &*' ,$% &'()*)+,-&,.- +$.90' ;-%++ ,$% 3?.((%*,7 89,,.* ,. +$./ ,$%;%-(),,%':)%0'+<4%%:)59-%@< !! "#$% #& %'( &)*( )$ +#% ,$(- .% %')$ %)/( .+- %'( .-/)+)$%0.%#0 $'#,*-'.1(%'(2#+&)34$5./4.+-2.*(+-.05.%'$.*0(.-6&)**(- #,%7 8+ .-/)+)$%0.%#0 9)** $5(2)&6 %'( *)2(+$( 5.%' #+ *)+( !:7 8$ 6)59-%@ -)$2,$$(- (.0*)(04 %'( .-/)+)$%0.%#0 $'#,*- 20(.%( . *)2(+$( &#*-(0#+%'($'.0(-2#+&)3&#*-(0;%')$)$<(2.,$((.2'$(01(0)+ 6)59-% @ )009+,-&,%+ & :)0% ,$&, $&+ (&;;%' A&09%+ :.- %&1$ 0)*%< 6.- .*#.-<.*.+2(-$#*,%)#+0(=,)0($.*)2(+$(7>&%9#$(01(0$0(.- %B&(;0%>0)*%!)+-%+%-A%':.-,$%1.*:)5;&,$>+..*0=,$%1.*:)5;&,$ &0#/ %'( !"#$ 2#+&)3 &)*(4 (.2' 9#,*- 0(.- %'( $./( *)2(+$( 1&*8%9+%')*0)*%!<#$)+:)0%/.90'*.,8%9+%&80%):,$%0)*%')'*., )+�/.%)#+42.,$)+3<#%'%#$',%-#9+7 +;%1):=,$%;-%1)+%A&09%:.-/$)1$),)+-%+%-A%'< 11. Most of the file is not used at this time and the administrator should have the config, spam, and calendar paths already filled out. ?'(.-/)+)$%0.%#02.+20(.%(%'(*)2(+$(&#*-(0)+%'($'.0(-2#+&)3&)*( #0@((5)%*#2.*7?'(6$'#,*-%'(+20(.%(&#*-(0$�(.2'>2(A.05B(01(0 Optimizing System Resources through Effective Load Balancing )+$%.**.%)#+)+%'((+1)0#+/(+%)+$)-(%'(*)2(+$(&#*-(07 © IceWarp 2008 All Rights Reserved. 12. An administrator will specify the license path on line 12. As discussed earlier, the administrator should create a license folder on the shared config folder; this is because each serverC#0(D./5*(EFFG#.-!F>2(A.05FH#+&)3FG)2(+$(FB(01(0!F*)2(+$(7@(6 in a load balanced solution I+2( %'($( &#*-(0$ .0( 20(.%(-4 %'( .-/)+)$%0.%#0 $'#,*- /#1( %'( requires a license. If two servers read from the same config file, each would read the same license *)2(+$(7@(6&)*(&0#/(.2'$(01(0J$*#2.*2#+&)3,0.%)#+%#%'()00($5(2%)1( information, causing both to shut down. The administrator can create the license in*)2(+$( the&#*-(0 shared &#*-(0 folder )+$)-( #& %'( #+ %'( 2#//#+ &)*( $(01(07 ?')$ 9)** .**#9(.2'$(01(0%#0(.-.**$(%%)+3$&0#/%'($'.0(-2#+&)3,0.%)#+&)*( config file or keep it local. They should then create folders for each IceWarp Server installation in the 9')*($%)**)$#*.%)+3%'(0($5(2%)1(*)2(+$(7 environment inside the license folder. For example: \\Load1\IceWarp\Config\License\Server1\license.key. I+ *)+( !:4 %'( $6$%(/ .-/)+)$%0.%#0 9)** 5#)+% %# %'( *)2(+$( 5.%' � Once these folders are created, the administrator should move the license.key%'($(01(0%'(6.0(2#+&)3,0)+37?')$9)**<(%'(#+*6*)+()+%'(&)*(%'.% file from each server’s local 9)**<(-)&&(0(+%#+(.2'$(01(07?'(0(�(4.KͲ$(01(0)+$%.**.%)#+9#,*- configuration to their respective folder inside of the license folder on the common server. This will$(01(0J$ allow 0(=,)0(file %'.% *)+( !: )+ (.2' 0($5(2%)1( *#.- <.*.+2)+3 $(%%)+3$ ! &)*($'#9)%$#9+*)2(+$(7@(6&)*(7 each server to read all settings from the shared configuration file while still isolating the respective license. ?'( *.$% %.< )$ LG#2.* B(%%)+3$M7 ?'($( 9)** <( %'( $(%%)+3$ %'.% On line 12, the system administrator will point to the license path for the server they are configuring. This #$%&'()*+)*,-./0+,1%2304+%5%*+.*3$% *%3-.167%3/58 $(5.0.%(%'($(01(0$7?'(B(01(0>N#5%)#+9)**+((-%#<($(%4 2* 2+:)*)73123.1 ()*+7 3$% 7%1;)<%7 3. 2 75%<)9)< &'= 3$%4 <2 will be the only line in the file that will be different on each server. �(D./5*(EO!4!.4(%27B((&)3,0(!O7 502<%3$23&'$%1%8&3<2*1/*-)3$3$%>?00?;2)02(0%@7%33)*, Therefore, a 3‐server installation would require that line 12 in (%(./*+3.275%<)9)<&'8A%%9),/1%!!8 each respective server’s load balancing settings file show its !" own license.key file. 13. The last tab is [Local Settings]. These will be the settings that separate the servers. The Server ID option will need to be set, for example: 01, 1a, etc. See the figure. #$%&'()*+)*,-./0+,1%2304+%5%*+.*3$% *%3-.167%3/58&9 2* 2+:)*)73123.1 ()*+7 3$% 7%1;)<%7 3. 2 75%<)9)< &'= 3$%4 <2* 502<%3$23&'$%1%8&3<2*1/*-)3$3$%>?00?;2)02(0%@7%33)*,.1 (%(./*+3.275%<)9)<&'8A%%9),/1%!!8 C)3,0(!O 14. The IP binding would greatly depend on the network setup. IfOptimizing System Resources through Effective Load Balancing J),/1%!! an administrator binds the services to a specific IP, they can © IceWarp 2008 All Rights Reserved. ?7 7$.-* )* 9),/1% !"= 3$% $.73*2:% -./0+ ( place that IP here. It can run with the “All Available” setting or be :C!8+.:2)*8<.: 9.1 .*% 7%1;%1= :C"8+.:2)*8<.: 9.1 3$ bound to a specific IP. See the figure. 7%<.*+7%1;%1=2*+7..*8 15. As shown in the next figure, the hostname would be: mx1.domain.com for one server, mx2.domain.com for the second server, and so on. Tips: also use different webmail logos on each server, in order to differentiate them. J),/1%!! ?7 7$.-* )* 9),/1% !"= 3$% $.73*2:% -./0+ (%B :C!8+.:2)*8<.: 9.1 .*% 7%1;%1= :C"8+.:2)*8<.: 9.1 3$% 7%<.*+7%1;%1=2*+7..*8 !" #$%&' ()* $*+,&- ,.(%,&/ 012(,34(%+4556 +)*+7 %8 ()* +,&8%'294(%,& )4 16. The remaining options are recommended, though not required. :**& +)4&'*-,92.-4(*-;/()*4-3%&%$(94(,9+4&42(,34(*()* $*9<* (,<*9%86%8+)4&'*$)4<*:**&34-*/4&-()*&4..56(),$*+)4&'*$= The first option, [This Server Operated in Slave Mode], will allow J),/1%!" an administrator to designate all other servers to be slaves to #$%1%:2)*)*,.53).*721%1%<.::%*+%+=3$./,$*.31%D/)1% the primary server. This means only the primary server will #$%9)173.53).*=E#$)7A%1;%1F5%123%+)*A02;%G.+%H=-)00200. deliver spam reports, perform system backups, operate remote 2* 2+:)*)73123.1 3. +%7),*23% 200 .3$%1 7%1;%173. (% 702;%7 J),/1%!" 7%1;%18 #$)7 :%2*7 .*04 3$% 51):214 7%1;%1 3$% 51):214 watchdog, etc. Not all servers have to perform these actions +%0);%1752:1%5.137=5%19.1:7473%:(2<6/57=.5%123%1%:. #$%1%:2)*)*,.53).*721%1%<.::%*+%+=3$./,$*.31%D/)1%+8 since it can cause duplicates. Using the second option, %3<8 I.3 200 7%1;%17 $2;% 3. 5%19.1: 3$%7% 2<3). -23<$+.,= #$%9)173.53).*=E#$)7A%1;%1F5%123%+)*A02;%G.+%H=-)00200.- [Automatically check if the configuration has been changed or 7)*<%)3<2*<2/7%+/50)<23%78 2* 2+:)*)73123.1 3. +%7),*23% 200 .3$%1 7%1;%17 3. (% 702;%7 3. 3$% 51):214 7%1;%18 #$)7 :%2*7 .*04 3$% 51):214 7%1;%1 -)00 updated], the administrator can automate the server to verify if +%0);%1752:1%5.137=5%19.1:7473%:(2<6/57=.5%123%1%:.3% changes have been made, and then apply those changes. In -23<$+.,= %3<8 I.3 200 7%1;%17 $2;% 3. 5%19.1: 3$%7% 2<3).*7 7)*<%)3<2*<2/7%+/50)<23%78 Load Balancing the final step, the administrator must move Anti Spam and Optimizing System Resources through Effective J%'29*!" © IceWarp 2008 All Rights Reserved. GroupWare databases to the shared database. To do this, they should go to the [General] tab of each, click on [DB Settings], and point them>&to()*the 8%&45ODBC $(*./ ()* sources 4-3%&%$(94(,9and 32$( 3,<* 1&(% ?.43 4& Optimizing System Resources @9,2.A49*-4(4:4$*$(,()*!"#$%&-4(4:4$*=B,-,()%$/()*6$),25through Effective Load Balancing create the tables. © IceWarp 2008 All Rights Reserved. ',(,()*0@*&*945;(4:,8*4+)/+5%+7,&0CD?*((%&'$;/4&-.,%&(()*3(, ()*ECDF$,29+*$4&-+9*4(*()*(4:5*$= 17. The system is now load balanced, and as long as the servers can communicate with the database and B)* $6$(*3 %$ &,G 5,4- :454&+*-/ 4&- 4$ 5,&' 4$ ()* $*9<*9$ +4& +,332&%+4(* G%() ()* -4(4:4$* 4&- $)49*- 8,5-*9$/ 455 -4(4 G%55 :* shared folders, all data will be shared and seen across all IceWarp Server installations. $)49*-4&-$**&4+9,$$455>+*A49.?*9<*9%&$(4554(%,&$= >+*A49.?+454:%5%(6 B)* *&<%9,&3*&( G%55 &,G $+45* '94+*82556= B)* $,52(%,& -*$+9%:*)*9*%&%$4$%3.5*.9,+*$$8,94&%&$(4554(%,&%&<,5<%&'H x I>+*A49.?*9<*9$ x !-4(4:4$*$*9<*9 SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER Scalability The environment will now scale gracefully. The solution described herein is a simple process for an installation involving the servers below (where if needed, the database and file servers can be located on the same server). • 2 IceWarp Servers • 1 database server • 1 file server It is easy to accommodate a business experiencing significant growth and that has too much traffic or too large a user base. The system administrator merely needs to move the database to a dedicated server and use an additional server or servers running IceWarp. Conclusion There are a number of variables that need to be considered before making a final decision: • Cost – namely, initial equipment, software, bandwidth, monthly overhead, replacement hardware, etc. • Technical knowledge to maintain the servers • Number of users versus cost and overhead • Expectation of performance versus number of servers (webmail, incoming mail, filtering, etc.) The following are key points to be aware of when setting up the environment: • All servers should be in the same domain. • Administrators should set the IceWarp Services to run as a ‘Domain Admin’ account. This allows the services to access the share drive on the file server without having to log into the Window operating system. • One SQL server will manage all the User/Domains Authentication for all front‐end servers. • The file server will hold central data for all the servers to access. • The administrator should create a share for a space on the file server where all IceWarp files will be located. • The \IceWarp\TEMP\ directory needs to stay on each server. • The \IceWarp\mail\ directory needs to be located on the File server and all servers need to point their directory for mail to this location. Load balancer configuration Purchase a firewall and a load balancing license, and perform initial configuration. Go to the Load Balancing section. Add an IP balancer as in the figure. Usually only one is needed, but one per TCP port (service) for independent probing and failover might be desired. Notice that frequent connects will be made to the mail server by the firewall, for probing. Then create policies. The most important is a “forwarding” policy. Press New Policy. Select a service (usually one of your own custom services, containing many ports), from “any” to “ether1:ip”, and packet flow in on “ether1” and out on “ether2” (assuming that the server is on ether2 and ether1 is the internet). Then on the Redirection tab, select the IP balancer, and check Smart Balancing. Additional policies for non-balanced redirections to each server might be desired. Finally go to the firewalling section “Options”, click the Timeout tab, and increase Source Tracking to at least 15,000 seconds. It’s needed for persistence to work. Happy load balancing, and please contact us if you have any questions. SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER Contact us Should you like any assistance, don’t hesitate to employ our support. ‣ E-mail: [email protected] ‣ Phone: +46 31 301 1920 Resources Company Website halon.se Product Overview halon.se/products/firewalls E-mail [email protected] Support [email protected] Sales and Marketing [email protected] Phone +46 31 301 1920 About Halon Security Halon Security AB is Sweden's most prominent e-mail security and spam prevention appliance manufacturer. The company was founded in 2002 and is headquartered in Gothenburg, Sweden. It's known for it's award-winning firewalls and e-mail security appliances, which are used by large hosting providers, non-commercial and government organizations, municipalities and companies of all sizes. All of the development, testing and support are carried out in Gothenburg, making Halon Security unique as of producing entirely Swedish products that in many cases are worldwide market leading in their respective niches. Today Halon Security is represented in 16 countries. Learn more at www.halon.se About IceWarp Unified Communications is IceWarp's sole focus and has been our raison d'être for over a decade. Built with the best features of communication, collaboration, security and mobility, IceWarp revolutionizes how organizations work and communicate. We develop solutions capable of serving the entire spectrum of organizations – from small businesses, to enterprise, to multi-million user data centers – on the same scalable, secure and affordable platform. Learn more at www.icewarp.com Halon Security AB Olskroksgatan 30, 416 66, Gothenburg, Sweden +46 31 301 1920 www.halon.se