SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER
Buy a load balancer,
get a firewall too.
Introduction
What is the SX series?
The most powerful solution for high traffic performance is to
deploy the IceWarp server in a load balanced environment.
This solution is shown in the topology figure in the bottom of
the page.
Halon Security has produced a verity of
firewalls, or security gateways, ranging
from small business to enterprise
appliances. They are all based on the
same operating system, H/OS. It’s a
security-strengthen, slimmed network
operating system based on the FreeBSD
kernel, and consisting of a simple
command-line interpreter that
constitutes the product. There is also a
web administration, using the commandline interface as back-end.
The Halon SX firewall, which also operates as a load
balancer, directs traffic from the internet to the IceWarp
servers. The servers are then using one or more file and
database servers as back-end, providing data coherence.
In the topology below, one could have an e-mail security
appliance between the load balancer and the IceWarp servers.
They are however not necessary for the load balancing
deployment.
Why load balancing?
Since SMTP can be balanced using MX pointers, the most
critical protocol for the load balancer is HTTP; the web mail
client.
In order to achieve high availability,
performance and risk mitigation, clusters
are desired for critical missions. For
example, multiple Halon SX firewalls can
be clustered in a master-slave failover
configuration. The Halon VSP, an e-mail
gateway and spam prevention appliance,
can also be clustered in a master-master
fashion. So can the IceWarp server.
This solution is advanced, and requires a large amount of
revenue to start. The main function of the load balancer is to
direct traffic to servers with the least amount of connections,
and provide fault tolerance by probing the servers.
Halon SX
TOPOLOGY
Internet
IceWarp
Database
IceWarp
File
Server farm
"#$.$ ,.$ 9&.$ *&,5 @,*,';)'< 3;$',.)&3 +#,' ;,
5&;-9$'+L +#$.$(&.$F +#$ 5)3;-33)&' 4)** @$ *)
.$;&99$'5$53&*-+)&'F4#);#)3, @,*,';$ @$+4$
,'5%&'%-./&"&0%/%")>
E)<-.$M)**-3+.,+$3,*&,5@,*,';$53&*-+)&'(&.-A
$/$' 9&.$> Q+)*)%)'< B;$I,.AJ3 $(();)$'+ $'<)'$
3$./$.3 #,/$ ,9A*$ A.&;$33)'< A&4$. +& #&-3$ -3$.3>"#$-*+)9,+$'-9@$.&(3-AA&.+$5-3$.35$A
,'5R23A$;)();,+)&'3>
SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER
IceWarp
"#)3 3&
.$5-'5
+#$ $'/
3#&-*5
&((,)*-.
)'(.,3+.
+#)3 3&*
,** .-'
3+&.$55
The figure to the right illustrates a load balanced solution for up to
150,000 users or even more. Utilizing IceWarp's efficient engine, many
off‐the‐shelf servers have ample processing power to house up to
even a million users. The ultimate number of supported users depends
upon hardware and OS specifications. The solution provides full
redundancy for all data in the environment, and there should not be a
single point of failure. Even if the entire infrastructure were to crash,
this solution would protect all running services and stored data.
The system administrator merely needs to reconfigure a few
settings. In this solution, IceWarp Server utilizes Open DataBase
Connectivity (ODBC) in order to connect to the database. All
information regarding domain, user, groupware, and spam can be
stored in database format in an SQL server, either on the same system
or on a completely different server. See the general requirements.
E)<-.$M
Optimizing System Resources through Effective Load Balancing
© IceWarp 2008 All Rights Reserved.
Installation
The database is the core of the entire solution. Domain and user information is stored here and the tabular information
instructs the server as to which email is acceptable and where it should be sent. Once a message has been
authenticated for delivery, the server writes the email to the \IceWarp\temp\ directory, where it is held just long
enough to pass through important filters, including AntiVirus, AntiSpam and Content. Once the message in transit has
been approved by all filters, the server writes the email to the \IceWarp\mail\ directory. The directory’s format will be:
\IceWarp\mail\domain\user\xxxxxxxxx.tmp (POP3) or .imap for IMAP mail. The data in the \temp\ directory will then
be removed, and the server records the delivery information into the event logs.
When setting up a load balanced group, an administrator will need to specify where certain directories point, and
set up the services to perform specific tasks.The database setup is first. The system administrator will need to create
the database on a central server so that other servers can point to it. This allows all servers to access the same data.
Once the databases are populated and all the servers use the same location, the administrator will need to specify
where the directories go.
The system administrator will need to prepare the database and file server so that IceWarp Server can
communicate with them. IceWarp recommends running the environment in a Windows domain, because of the
Service Access and environmental control. Unlike stand‐alone networks, domains provide Central Access and
Control. When supporting high visibility networks that are on the Internet, it is common practice to separate servers
from one another so that the entire system will not be compromised if a single server is hijacked. This would be
possible because servers in a Windows domain environment share a central authentication system and commonly
have low security and domain policies. Therefore, a firewall is advised. In this scenario, it is simplified by the load
balancer being a firewall.
In order to make the information universally accessible, the administrator should use a “Domain Admin” account to
run the services. Using the domain makes this possible by centralizing the data. This is made easy by adjusting the
settings of all servers in one domain and allowing domain policies to control access between the servers. An
administrator can keep the SQL servers in their own domain or remove them from the mail and file servers. The
domain account is required for two reasons. First, so that the services can access necessary files without issuing a
login command, and second, so that services will not need to log onto the server every time they are rebooted or
disconnected from other servers.
The system administrator should enable IceWarp services via the Windows Services Manager, and then set the
services to log in as a domain admin account via the Windows configuration. This provides IceWarp services with the
appropriate access rights for directory shares without the use of a logon script. Thus, services will initiate the logon
the moment they start. This provides a failsafe in the event that a server is rebooted or if a connection is lost. If this
occurs, the server will not have to log back into the domain in order to have continued access to email on the file
server.
SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER
!
Administrators can take an additional precaution by creating a “domain user”
account and assigning the precise
"#$%&'()&$'*+,-.)/0.&12,)3,)
permissions required for the services to access the necessary files. Alternatively,
the administrator can create the
4$+,.5657,8.98&$&57).7#).11#+.7,57:,+,$7).1%&1,5,)3,).$95,75(/
services as domain administrator accounts. The latter is easier, but it is up to the "#$%&'()&$'*+,-.)/0.&12,)3,)
discretion of
the system
7:,9.7.;.5,<7:,6=&11$,,97#+#$%&'(),7:,8.&15,)3,)5>*$57.11&$'7:,
5#%7=.),&57:,%&)5757,/?
administrator.
ƒ
*%7:,5657,8)($5($9,).9#8.&$<7:,.98&$&57).7#)5:#(19'#
4$+,.5657,8.98&$&57).7#).11#+.7,57:,+,$7).1%&1,5,)3,).$
7#7:,-&$9#=52,)3&+,5.$95,77:,1#'#$.++#($77#@A#8.&$
7:,9.7.;.5,<7:,6=&11$,,97#+#$%&'(),7:,8.&15,)3,)5>*$57
B98&$<C.55:#=$&$%&'(),D>
5#%7=.),&57:,%&)5757,/?
The administrator will need the following folders on the file server: Mail, Spam, Calendar, Logs (optional; logs can
ƒ *%7:,5657,8)($5($9,).9#8.&$<7:,.98&$&57).7#)5
be stored locally for better performance), Config and Config/Server/License
7#7:,-&$9#=52,)3&+,5.$95,77:,1#'#$.++#($77#
B98&$<C.55:#=$&$%&'(),D>
Once a system administrator allocates the central file server and sets
up the database,
they will need to configure the mail servers. Installing the software is the first step:
"#$%&'&()*+),* -,,.(/ 0123 4,5*67(8 ,9)&,' +'$ 6*
!"#$%&'!(:;&<5*7=&..5()*+)7()>+))>76*7+)7$0123(
9,&') ), + ?@4AB $+)+C+(7: ->7
+$%&'&()*+),* D&.. '
J&'(),D
6*7+)7+'0123(,5*67E,*)>7+66,5')(/<*,59D+*7/+'$
1. If the system runs under a domain, the administrator should go to the Windows
Services and set the logon account to “Domain Admin,” as shown to the left.
ƒ
E:,$7:,.98&$&57).7#)5:#(19#/,$7:,*+,-.)/B98&$&57).7&#$
"#$5#1,.$9'#7#7:,F27#).',G7.;.$9+:##5,7:,FA.7.;.5,G
#/7&#$<.5&11(57).7,9&$%&'(),H>
2. Then the administrator should open the IceWarp Administration
Console and go to the [Storage] tab and choose the [Database]
option, as illustrated in the figure.
ƒ
3. If the administrator has not yet created the ODBC connections,
they will now need to do so. In Windows, they must open the
[Administrator Tools, ODBC Sources] option and create a System
DSN. Figure 5 illustrates that the created ODBC sources point to
a MySQL database. The administrator will need to create an ODBC
source for the accounts, groupware, and spam. Link to the guide.
J&'(),D
E:,$7:,.98&$&57).7#)5:#(19#/,$7:,*+,-.)/B98&$
"#$5#1,.$9'#7#7:,F27#).',G7.;.$9+:##5,7:,FA
#/7&#$<.5&11(57).7,9&$%&'(),H>
"#$%&'&()*+),* -,,.(/ 0123 4,5*67(8 ,9)&,' +'$
!"#$%&'!(:;&<5*7=&..5()*+)7()>+))>76*7+)7$012
9,&') ), + ?@4AB $+)+C+(7: ->7 +$%&'&()*+),* D&.
6*7+)7+'0123(,5*67E,*)>7+66,5')(/<*,59D+*7/+'
J&'(),H
*%7:,.98&$&57).7#):.5$#76,7+),.7,97:,4AI"+#$$,+7&#$5<
7:,6=&11$#=$,,97#9#5#>*$-&$9#=5<7:,68(57#/,$7:,
ƒ
;&<5*7=
Optimizing System Resources through Effective Load Balancing
© IceWarp 2008 All Rights Reserved.
ƒ 0'67 )>7 0123 (,5*67( >+F7 C77' 6*7+)7$/ )>7 +$%&'
4. Once the ODBC sources have been created, the administrator can
6+'*7)5*' ),)>7J&'(),H
G67H+*9#$%&'&()*+)&,'3,'(,.7+'$6
return to the IceWarp Administration Console and click on the [DB
)>7 "12 47))&'<(8 C5)),' ,' )>7 "4),*+<78 )+C/ ,97'&
ƒ *%7:,.98&$&57).7#):.5$#76,7+),.7,97:,4AI"+#$
Settings] button on the [Storage] tab, opening the database setup box.
$+)+C+(7(7)59C,J:->701236,''76)&,'D&..C77()+C
7:,6=&11$#=$,,97#9#5#>*$-&$9#=5<7:,68(57
97*%&))&'<)>7+$%&'&()*+),*),6,''76)D&)>)>7K(7*L#
The ODBC connection will be established, permitting the administrator
Optimizing System Resources
through
Effective
Load Balancing
$+)+C+(7:->7+$%&'&()*+),*D&..+.(,'77$),6*7+)7)>7
Reserved.
to connect with the User/Account database. The administrator will also© IceWarp 2008 All Rights
(,)>+)5(7*(+'$$,%+&'(6+'C7(),*7$&')>7$+)+C+(7:
need to create the tables so that users and domains can be stored
;&<5*7=
in the database. For better performance, see the P.D.O. guide.
5. The administrator will need to change the syntax and driver to fit
the connecting database.
6. [Backup Connection] will be noticeable, and can be used as
another database source in case the primary database becomes
unreachable. It should be noted that data does not populate this
second database, so an administrator will need to replicate the
primary to the secondary in order to use it.
7. The administrator is now ready to point IceWarp
directories to the folders created on the file server. The
administrator will need to use the UNC path for these
connections (unless iSCSI is used, since it then
appears as a physical drive). The /temp path should
always stay local to each server.
ƒ
ƒ
ƒ
ƒ
0'67 )>7 0123 (,5*67( >+F7 C77' 6*7+)7$/
! )>7 +$%
6+'*7)5*' ),)>7 G67H+*9#$%&'&()*+)&,'3,'(,.7+'
)>7 "12 47))&'<(8 C5)),' ,' )>7 "4),*+<78 )+C/ ,97
"#$%&'()(*+,%+-,.(//)$$&+-0#%)1$+#$*2)+%3%)&&,(4$,+-
$+)+C+(7(7)59C,J:->701236,''76)&,'D&..C77(
5(++#$0-))$0+()1&%+%6%*$7
89%0:;< =-))$0+(-)>
.(// 6$ )-+(0$%6/$? %)& 0%) 6$ ;*$& %*
97*%&))&'<)>7+$%&'&()*+),*),6,''76)D&)>)>7K(7
%)-+#$,&%+%6%*$*-;,0$()0%*$+#$<,('%,2&%+%6%*$6$0-'$*
$+)+C+(7:->7+$%&'&()*+),*D&..+.(,'77$),6*7+)7)
;),$%0#%6/$7 @+ *#-;/& 6$ )-+$& +#%+ &%+% &-$* )-+ !"!#$%&'
(,)>+)5(7*(+'$$,%+&'(6+'C7(),*7$&')>7$+)+C+(
+#(**$0-)&&%+%6%*$?*-%)%&'()(*+,%+-,.(//)$$&+-,$</(0%+$
+#$<,('%,2+-+#$*$0-)&%,2()-,&$,+-;*$(+7
"#$%&'()(*+,%+-,(*)-.,$%&2+-<-()+@0$A%,<&(,$0+-,($*+-
+#$ 5-/&$,* 0,$%+$& -) +#$ 5(/$ *$,4$,7 "#$ %&'()(*+,%+-, .(//
)$$& +- ;*$ +#$ BC= <%+# 5-, +#$*$ 0-))$0+(-)*7 "#$ D+$'<
;&<5*7M
<%+#*#-;/&%/.%2**+%2/-0%/+-$%0#*$,4$,7
Optimizing System Resources through Effective Load Balancing
© IceWarp 2008 All Rights Reserved.
;&<5*7M
Optimizing System Resources through Effective Load Balancing
All Rights Reserved.
© IceWarp 2008
8. The mailbox path option will allow the administrator to
organize the mail folder in alphabetical order. Servers
with large amounts of users will need to be configured with this
option, in order to keep the folders/users separated as much as
possible. Windows would take a longer to open one folder with
100,000 small folders, while sorting would allow Windows to
easily manage the folders.
9. As shown in the figure, the administrator should now move to the
[Load Balancing] tab and point the other folders not seen in the
[Directories] tab.
M(1;,$N
ƒ
ƒ
"#$'%(/6-3<%+#-<+(-).(//%//-.+#$%&'()(*+,%+-,+--,1%)(E$
+#$ '%(/ 5-/&$, () %/<#%6$+(0%/ -,&$,7 F$,4$,* .(+# /%,1$
%'-;)+*-5;*$,*.(//)$$&+-6$0-)5(1;,$&.(+#+#(*-<+(-)?()
-,&$,+-:$$<+#$5-/&$,*D;*$,**$<%,%+$&%*';0#%*<-**(6/$7
A()&-.*.-;/&+%:$%/-)1$,+--<$)-)$5-/&$,.(+#GHH?HHH
*'%// 5-/&$,*? .#(/$ *-,+()1 .-;/& %//-. A()&-.* +- $%*(/2
'%)%1$+#$5-/&$,*7
I**#-.)()5(1;,$J?+#$%&'()(*+,%+-,*#-;/&)-.'-4$+-+#$
8K-%&9%/%)0()1>+%6%)&<-()++#$-+#$,5-/&$,*)-+*$$)()+#$
8L(,$0+-,($*>+%67
Optimizing System Resources through Effective Load Balancing
© IceWarp 2008 All Rights Reserved.
6)59-%C
ƒ
!"
#$% &'()*)+,-&,.- /)00 *./ *%%' ,. 10)12 .* ,$% 34%,,)*5+
6)0%7
89,,.* )* .-'%- ,. 1.*:)59-% ,$% -%(&)*)*5 ;&,$+ &*' .;,).*+
:.- 0.&' 8&0&*1)*5< 4.(% :)%0'+ /)00 &0-%&'= 8% :)00%' .9,> &*'
,$% &'()*)+,-&,.- +$.90' ;-%++ ,$% 3?.((%*,7 89,,.* ,. +$./
,$%;%-(),,%':)%0'+<4%%:)59-%@<
6)59-%C
SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER
ƒ
10. The administrator will now need to click on the [Settings File]
button in order to configure the remaining paths and options for
load balancing. Some fields will already be filled out, and the
administrator should press the [Comment] button to show the
permitted fields. See the figure. It illustrates a file that has mapped
values for each line. For example, line 1 is reserved for the config
path, so only the config path can be used in line 1. This file would
not be useable if the line did not specify the precise value for
which it is reserved.
#$% &'()*)+,-&,.- /)00 *./ *%%' ,. 10)12 .* ,$% 34%,,)*5+ 6)0%7
89,,.* )* .-'%- ,. 1.*:)59-% ,$% -%(&)*)*5 ;&,$+ &*' .;,).*+
:.- 0.&' 8&0&*1)*5< 4.(% :)%0'+ /)00 &0-%&'= 8% :)00%' .9,> &*'
,$% &'()*)+,-&,.- +$.90' ;-%++ ,$% 3?.((%*,7 89,,.* ,. +$./
,$%;%-(),,%':)%0'+<4%%:)59-%@<
!!
ƒ
"#$% #& %'( &)*( )$ +#% ,$(- .% %')$ %)/( .+- %'( .-/)+)$%0.%#0
$'#,*-'.1(%'(2#+&)34$5./4.+-2.*(+-.05.%'$.*0(.-6&)**(-
#,%7
ƒ 8+ .-/)+)$%0.%#0 9)** $5(2)&6 %'( *)2(+$( 5.%' #+ *)+(
!:7 8$
6)59-%@
-)$2,$$(- (.0*)(04
%'( .-/)+)$%0.%#0 $'#,*- 20(.%( . *)2(+$(
&#*-(0#+%'($'.0(-2#+&)3&#*-(0;%')$)$<(2.,$((.2'$(01(0)+
6)59-% @ )009+,-&,%+ & :)0% ,$&, $&+ (&;;%' A&09%+ :.- %&1$ 0)*%< 6.-
.*#.-<.*.+2(-$#*,%)#+0(=,)0($.*)2(+$(7>&%9#$(01(0$0(.-
%B&(;0%>0)*%!)+-%+%-A%':.-,$%1.*:)5;&,$>+..*0=,$%1.*:)5;&,$
&0#/ %'( !"#$ 2#+&)3 &)*(4 (.2' 9#,*- 0(.- %'( $./( *)2(+$(
1&*8%9+%')*0)*%!<#$)+:)0%/.90'*.,8%9+%&80%):,$%0)*%')'*.,
)+&#0/.%)#+42.,$)+3<#%'%#$',%-#9+7
+;%1):=,$%;-%1)+%A&09%:.-/$)1$),)+-%+%-A%'<
11. Most of the file is not used at this time and the administrator should have the config, spam, and calendar
paths already filled out.
?'(.-/)+)$%0.%#02.+20(.%(%'(*)2(+$(&#*-(0)+%'($'.0(-2#+&)3&)*(
#0@((5)%*#2.*7?'(6$'#,*-%'(+20(.%(&#*-(0$&#0(.2'>2(A.05B(01(0
Optimizing System Resources through Effective Load Balancing
)+$%.**.%)#+)+%'((+1)0#+/(+%)+$)-(%'(*)2(+$(&#*-(07
© IceWarp 2008 All Rights Reserved.
12. An administrator will specify the license path on line 12. As discussed earlier, the
administrator should
create a license folder on the shared config folder; this is because each serverC#0(D./5*(EFFG#.-!F>2(A.05FH#+&)3FG)2(+$(FB(01(0!F*)2(+$(7@(6
in
a
load balanced solution
I+2(
%'($(
&#*-(0$
.0(
20(.%(-4
%'(
.-/)+)$%0.%#0
$'#,*-
/#1(
%'(
requires a license. If two servers read from the same config file, each would read the same license
*)2(+$(7@(6&)*(&0#/(.2'$(01(0J$*#2.*2#+&)3,0.%)#+%#%'()00($5(2%)1(
information, causing both to shut down. The administrator can create the license
in*)2(+$(
the&#*-(0
shared
&#*-(0 folder
)+$)-( #& %'(
#+ %'( 2#//#+ &)*( $(01(07 ?')$ 9)**
.**#9(.2'$(01(0%#0(.-.**$(%%)+3$&0#/%'($'.0(-2#+&)3,0.%)#+&)*(
config file or keep it local. They should then create folders for each IceWarp Server
installation in the
9')*($%)**)$#*.%)+3%'(0($5(2%)1(*)2(+$(7
environment inside the license folder. For example: \\Load1\IceWarp\Config\License\Server1\license.key.
I+ *)+( !:4 %'( $6$%(/ .-/)+)$%0.%#0 9)** 5#)+% %# %'( *)2(+$( 5.%' &#0
Once these folders are created, the administrator should move the license.key%'($(01(0%'(6.0(2#+&)3,0)+37?')$9)**<(%'(#+*6*)+()+%'(&)*(%'.%
file from each server’s local
9)**<(-)&&(0(+%#+(.2'$(01(07?'(0(&#0(4.KͲ$(01(0)+$%.**.%)#+9#,*-
configuration to their respective folder inside of the license folder on the common
server.
This
will$(01(0J$
allow
0(=,)0(file
%'.% *)+(
!: )+ (.2'
0($5(2%)1(
*#.- <.*.+2)+3 $(%%)+3$
!
&)*($'#9)%$#9+*)2(+$(7@(6&)*(7
each server to read all settings from the shared configuration
file while
still isolating
the respective license.
ƒ
?'(
*.$%
%.<
)$
LG#2.*
B(%%)+3$M7
?'($(
9)**
<(
%'(
$(%%)+3$
%'.%
On line 12, the system administrator will point to the license path for the server they
are configuring. This
ƒ #$%&'()*+)*,-./0+,1%2304+%5%*+.*3$%
*%3-.167%3/58
$(5.0.%(%'($(01(0$7?'(B(01(0>N#5%)#+9)**+((-%#<($(%4
2*
2+:)*)73123.1 ()*+7 3$% 7%1;)<%7 3. 2 75%<)9)< &'= 3$%4 <2
will be the only line in the file that will be different on each server.
&#0(D./5*(EO!4!.4(%27B((&)3,0(!O7
502<%3$23&'$%1%8&3<2*1/*-)3$3$%>?00?;2)02(0%@7%33)*,
Therefore, a 3‐server installation would require that line 12 in
(%(./*+3.275%<)9)<&'8A%%9),/1%!!8
each respective server’s load balancing settings file show its
!"
own license.key file.
ƒ
13. The last tab is [Local Settings]. These will be the settings that
separate the servers. The Server ID option will need to be set,
for example: 01, 1a, etc. See the figure.
#$%&'()*+)*,-./0+,1%2304+%5%*+.*3$% *%3-.167%3/58&9
2* 2+:)*)73123.1 ()*+7 3$% 7%1;)<%7 3. 2 75%<)9)< &'= 3$%4 <2*
502<%3$23&'$%1%8&3<2*1/*-)3$3$%>?00?;2)02(0%@7%33)*,.1
(%(./*+3.275%<)9)<&'8A%%9),/1%!!8
C)3,0(!O
14. The IP binding would greatly depend on the network setup. IfOptimizing System Resources through Effective Load Balancing
J),/1%!!
an administrator binds the services to a specific IP, they can © IceWarp 2008 All Rights Reserved.
ƒ ?7 7$.-* )* 9),/1% !"= 3$% $.73*2:% -./0+ (
place that IP here. It can run with the “All Available” setting or be
:C!8+.:2)*8<.: 9.1 .*% 7%1;%1= :C"8+.:2)*8<.: 9.1 3$
bound to a specific IP. See the figure.
7%<.*+7%1;%1=2*+7..*8
15. As shown in the next figure, the hostname would be:
mx1.domain.com for one server, mx2.domain.com for the
second server, and so on. Tips: also use different webmail
logos on each server, in order to differentiate them.
J),/1%!!
ƒ
?7 7$.-* )* 9),/1% !"= 3$% $.73*2:% -./0+ (%B
:C!8+.:2)*8<.: 9.1 .*% 7%1;%1= :C"8+.:2)*8<.: 9.1 3$%
7%<.*+7%1;%1=2*+7..*8
!"
#$%&' ()* $*+,&- ,.(%,&/ 012(,34(%+4556 +)*+7 %8 ()* +,&8%'294(%,& )4
16. The remaining options are recommended, though not required.
:**& +)4&'*-,92.-4(*-;/()*4-3%&%$(94(,9+4&42(,34(*()* $*9<*
(,<*9%86%8+)4&'*$)4<*:**&34-*/4&-()*&4..56(),$*+)4&'*$=
The first option, [This Server Operated in Slave Mode], will allow
J),/1%!"
an administrator to designate all other servers to be slaves to
ƒ #$%1%:2)*)*,.53).*721%1%<.::%*+%+=3$./,$*.31%D/)1%
the primary server. This means only the primary server will
#$%9)173.53).*=E#$)7A%1;%1F5%123%+)*A02;%G.+%H=-)00200.
deliver spam reports, perform system backups, operate remote
2* 2+:)*)73123.1 3. +%7),*23% 200 .3$%1 7%1;%173. (% 702;%7
J),/1%!"
7%1;%18 #$)7 :%2*7 .*04 3$% 51):214 7%1;%1 3$% 51):214
watchdog, etc. Not all servers have to perform these actions
+%0);%1752:1%5.137=5%19.1:7473%:(2<6/57=.5%123%1%:.
ƒ #$%1%:2)*)*,.53).*721%1%<.::%*+%+=3$./,$*.31%D/)1%+8
since it can cause duplicates. Using the second option,
%3<8
I.3 200 7%1;%17 $2;% 3. 5%19.1: 3$%7% 2<3).
-23<$+.,=
#$%9)173.53).*=E#$)7A%1;%1F5%123%+)*A02;%G.+%H=-)00200.-
[Automatically check if the configuration has been changed or
7)*<%)3<2*<2/7%+/50)<23%78
2* 2+:)*)73123.1 3. +%7),*23% 200 .3$%1 7%1;%17 3. (% 702;%7 3.
3$% 51):214 7%1;%18 #$)7 :%2*7 .*04 3$% 51):214 7%1;%1 -)00
updated], the administrator can automate the server to verify
if
+%0);%1752:1%5.137=5%19.1:7473%:(2<6/57=.5%123%1%:.3%
changes have been made, and then apply those changes. In
-23<$+.,= %3<8 I.3 200 7%1;%17 $2;% 3. 5%19.1: 3$%7% 2<3).*7
7)*<%)3<2*<2/7%+/50)<23%78
Load Balancing
the final step, the administrator must move Anti Spam and Optimizing System Resources through Effective
J%'29*!"
© IceWarp 2008 All Rights Reserved.
GroupWare databases to the shared database. To do this, they
should go to the [General] tab of each, click on [DB Settings], and point them>&to()*the
8%&45ODBC
$(*./ ()* sources
4-3%&%$(94(,9and
32$( 3,<* 1&(% ?.43 4&
Optimizing System Resources @9,2.A49*-4(4:4$*$(,()*!"#$%&-4(4:4$*=B,-,()%$/()*6$),25through Effective Load Balancing
create the tables.
© IceWarp 2008 All Rights Reserved.
',(,()*0@*&*945;(4:,8*4+)/+5%+7,&0CD?*((%&'$;/4&-.,%&(()*3(,
()*ECDF$,29+*$4&-+9*4(*()*(4:5*$=
17. The system is now load balanced, and as long as the servers can communicate
with the database and
B)* $6$(*3 %$ &,G 5,4- :454&+*-/ 4&- 4$ 5,&' 4$ ()* $*9<*9$ +4&
+,332&%+4(* G%() ()* -4(4:4$* 4&- $)49*- 8,5-*9$/ 455 -4(4 G%55 :*
shared folders, all data will be shared and seen across all IceWarp Server installations.
$)49*-4&-$**&4+9,$$455>+*A49.?*9<*9%&$(4554(%,&$=
>+*A49.?+454:%5%(6
B)* *&<%9,&3*&( G%55 &,G $+45* '94+*82556= B)* $,52(%,& -*$+9%:*)*9*%&%$4$%3.5*.9,+*$$8,94&%&$(4554(%,&%&<,5<%&'H
x I>+*A49.?*9<*9$
x !-4(4:4$*$*9<*9
SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER
Scalability
The environment will now scale gracefully. The solution described herein is a simple process for an installation
involving the servers below (where if needed, the database and file servers can be located on the same server).
• 2 IceWarp Servers
• 1 database server
• 1 file server
It is easy to accommodate a business experiencing significant growth and that has too much traffic or too large a
user base. The system administrator merely needs to move the database to a dedicated server and use an additional
server or servers running IceWarp.
Conclusion
There are a number of variables that need to be considered before making a final decision:
• Cost – namely, initial equipment, software, bandwidth, monthly overhead, replacement hardware, etc.
• Technical knowledge to maintain the servers
• Number of users versus cost and overhead
• Expectation of performance versus number of servers (webmail, incoming mail, filtering, etc.)
The following are key points to be aware of when setting up the environment:
• All servers should be in the same domain.
• Administrators should set the IceWarp Services to run as a ‘Domain Admin’ account. This allows the
services to access the share drive on the file server without having to log into the Window operating
system.
• One SQL server will manage all the User/Domains Authentication for all front‐end servers.
• The file server will hold central data for all the servers to access.
• The administrator should create a share for a space on the file server where all IceWarp files will be located.
• The \IceWarp\TEMP\ directory needs to stay on each server.
• The \IceWarp\mail\ directory needs to be located on the File server and all servers need to point their
directory for mail to this location.
Load balancer configuration
Purchase a firewall and a load balancing license, and perform
initial configuration. Go to the Load Balancing section. Add
an IP balancer as in the figure. Usually only one is needed,
but one per TCP port (service) for independent probing and
failover might be desired. Notice that frequent connects will
be made to the mail server by the firewall, for probing.
Then create policies. The most important is a “forwarding”
policy. Press New Policy. Select a service (usually one of your
own custom services, containing many ports), from “any” to
“ether1:ip”, and packet flow in on “ether1” and out on
“ether2” (assuming that the server is on ether2 and ether1 is
the internet). Then on the Redirection tab, select the IP
balancer, and check Smart Balancing. Additional policies for
non-balanced redirections to each server might be desired.
Finally go to the firewalling section “Options”, click the
Timeout tab, and increase Source Tracking to at least 15,000
seconds. It’s needed for persistence to work. Happy load
balancing, and please contact us if you have any questions.
SOLUTIONS BRIEF: LOAD BALANCING AN ICEWARP SERVER
Contact us
Should you like any assistance, don’t hesitate to employ
our support.
‣ E-mail: [email protected]
‣ Phone: +46 31 301 1920
Resources
Company Website
halon.se
Product Overview
halon.se/products/firewalls
E-mail [email protected]
Support
[email protected]
Sales and Marketing
[email protected]
Phone +46 31 301 1920
About Halon Security
Halon Security AB is Sweden's most prominent e-mail
security and spam prevention appliance manufacturer.
The company was founded in 2002 and is
headquartered in Gothenburg, Sweden. It's known for
it's award-winning firewalls and e-mail security
appliances, which are used by large hosting providers,
non-commercial and government organizations,
municipalities and companies of all sizes.
All of the development, testing and support are
carried out in Gothenburg, making Halon Security
unique as of producing entirely Swedish products that
in many cases are worldwide market leading in their
respective niches. Today Halon Security is represented
in 16 countries.
Learn more at www.halon.se
About IceWarp
Unified Communications is IceWarp's sole focus and
has been our raison d'être for over a decade. Built with
the best features of communication, collaboration,
security and mobility, IceWarp revolutionizes how
organizations work and communicate.
We develop solutions capable of serving the entire
spectrum of organizations – from small businesses, to
enterprise, to multi-million user data centers – on the
same scalable, secure and affordable platform.
Learn more at www.icewarp.com
Halon Security AB
Olskroksgatan 30, 416 66, Gothenburg, Sweden
+46 31 301 1920
www.halon.se