Zimbra Collaboration System Administration Participant Guide March2014

8/10/2019 Zimbra Collaboration System Administration Participant Guide March2014

1/331

ZimbraCollaboration Server

System Administration Training


2/331

ii Zimbra Collaboration Suite

Copyright Notice

Copyright 2014 Zimbra, Inc. All rights reserved. This product is protected byU.S. and international copyright and intellectual property laws.

Zimbra is a registered trademark of Zimbra, Inc. in the United states and/or

other jurisdiction. All other marks and names mentioned herein may betrademarks of their respective companies.

3000 Internet Blvd., Suite 200Frisco, Texas 75034www.zimbra.com

Release 8.0


3/331

iii

Table of Contents

1 ZC: System Administration Overview . . . . . . . . . . . . . . . . . . . . . . . 1.1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1Schedule (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2

2 Zimbra Architectural Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.5

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.5Zimbras Architectural Components . . . . . . . . . . . . . . . . . . . . . . . . . 2.5Zimbras Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . 2.7

3 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.13

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.13

Zimbra License Requirements for ZC Network Edition . . . . . . . . . 3.13Obtaining a License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.13License Usage by ZC Account Type . . . . . . . . . . . . . . . . . . . . . . . 3.14License Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.14Licensing Not Installed or Activated . . . . . . . . . . . . . . . . . . . . . . . . 3.15Examining License Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.15

4 Install Zimbra Collaboration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.19

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.19Installation Considerations (5 min) . . . . . . . . . . . . . . . . . . . . . . . . . 4.19Installation Process Overview (5 min) . . . . . . . . . . . . . . . . . . . . . . 4.21ZC Install Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.23

5 Zimbra Administration Console Overview . . . . . . . . . . . . . . . . . . 5.41

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.41Key Administrator Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.41Definitions (5 min) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.42Adding & Modifying Domains (SLIDE) . . . . . . . . . . . . . . . . . . . . . . 5.42Creating New Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.45Administrator Accounts: Global and Delegated (SLIDE) . . . . . . . . 5.47Home > Manage Screen (DEMO) . . . . . . . . . . . . . . . . . . . . . . . . . 5.47Configuration Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.51Defining & Modifying a Class of Service (COS) (SLIDE) . . . . . . . . 5.52Mobile Device Management (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . 5.56

Dumpster, Trash and Landfill (SLIDES) . . . . . . . . . . . . . . . . . . . . . 5.58Auto-Discover for ActiveSync (SLIDES) . . . . . . . . . . . . . . . . . . . . . 5.58Global Settings Configuration (SLIDE) . . . . . . . . . . . . . . . . . . . . . . 5.59Administration Console Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . 5.60

6 CLI Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.63

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.63CLI Utility Overview (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.63


4/331

iv

ZCS System Administration

zmprov . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.64zmmailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.69zmaccts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.70zmcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.71Additional zm Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.72CLI Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.73CLI Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.74Zimbra CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.75

7 Security Topics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.81

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.81Single Sign-On (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.81Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.81

S/Mime(SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.84

8 ZC System Care . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.87

Overview (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.87Server Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.87

Logger Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.88Enabling Server Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.91Disk Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.91Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.93Port & Process Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.98Volumes & HSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.98Statistics & Capacity Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.100ZC Cron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.101Troubleshooting Mailstore Performance - zmdiaglog (SLIDES) . . 8.103Troubleshooting Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.105

9 Additional Information & Support . . . . . . . . . . . . . . . . . . . . . . . . 9.107

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.107Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.107Search for Information Exercise (5-10 minutes) . . . . . . . . . . . . . . 9.108

10 Day 2 Basic Administration Training . . . . . . . . . . . . . . . . . . . . . 10.109

Review and Questions (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . 10.109Quiz (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10.109

11 Backup/Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11.111

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.111Backup Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.111

Scheduling Backups & Restores with CLI . . . . . . . . . . . . . . . . . 11.113Performing Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.114Identifying Backup Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.116Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.117Backup and Restore Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . 11.119

12 Performance Tuning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.121

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.121Performance Tuning Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12.121


5/331

v

Performance Tuning Background . . . . . . . . . . . . . . . . . . . . . . . 12.121

13 Monitoring with zmstats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.123

Overview(SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.123Diagnosing Slowness (SLIDES) . . . . . . . . . . . . . . . . . . . . . . . . . 13.126Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13.127

14 Migration Options & Planning. . . . . . . . . . . . . . . . . . . . . . . . . . . 14.129

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.129Migration Planning Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.129Deployment Planning Worksheet . . . . . . . . . . . . . . . . . . . . . . . . 14.129

Migration Strategy(SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.131Provision and Configure ZC as Primary or Secondary . . . . . . . 14.134The Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.135

15 Upgrading ZC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.143

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.143

Before You Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.143Single-Server Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15.143Single-Server Upgrade Exercise . . . . . . . . . . . . . . . . . . . . . . . . 15.143

16 Upgrade General System Troubleshooting . . . . . . . . . . . . . . . 16.153

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16.1534 Most Common Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16.153

17 Zimbra on vSphere. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17.159

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17.159About Virtualization: Zimbra on vSphere Deployment . . . . . . . . 17.159

18 Personalizing Your Deployment - Themes & Logos . . . . . . . . . 18.163

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.163What is a Theme? (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.163What is a Zimlet? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18.164Customizing Themes Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . 18.167

19 Zimbra Archiving and Discovery . . . . . . . . . . . . . . . . . . . . . . . . 19.169

Overview (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19.169How Archiving Works (SLIDES) . . . . . . . . . . . . . . . . . . . . . . . . . 19.169How Discovery Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19.170Installing Archiving Package as an Update to ZC . . . . . . . . . . . 19.171

Creating Dedicated Archive COS in Multi-Server Environments 19.173Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19.173Administering the archive server . . . . . . . . . . . . . . . . . . . . . . . . 19.174Archiving Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19.175Creating Archive Mailboxes (SLIDE) . . . . . . . . . . . . . . . . . . . . . 19.175Searching Across Mailboxes (SLIDES) . . . . . . . . . . . . . . . . . . . 19.176Archiving and Discovery Exercise . . . . . . . . . . . . . . . . . . . . . . . 19.179


6/331

vi


20 Day 3 Advanced Administration Training Overview . . . . . . . . . 20.183

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20.183Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20.183

21 ZC Architectural Components . . . . . . . . . . . . . . . . . . . . . . . . . . 21.185

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.185Review of Zimbras Architectural Components . . . . . . . . . . . . . 21.185Possible Deployments (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . 21.192IMAP Improvements: NIO (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . 21.192LDAP Multi-Master Replication (SLIDE) . . . . . . . . . . . . . . . . . . . 21.192Policyd (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.193OpenDKIM (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.193

22 Architecture and Storage Considerations . . . . . . . . . . . . . . . . . 22.197

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.197Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.197Customer Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.197Storage and File System Layout . . . . . . . . . . . . . . . . . . . . . . . . 22.208

Backup Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.210Server Sizing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.210Server Performance Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.211NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.213

23 Multi-Server Installation and Upgrading . . . . . . . . . . . . . . . . . . 23.215

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23.215Multi-Server Installation General Steps (SLIDE) . . . . . . . . . . . . 23.215Multi-Server Upgrade Checklist (SLIDES) . . . . . . . . . . . . . . . . . 23.215Multi-Server Installation Prerequisites . . . . . . . . . . . . . . . . . . . . 23.216Load Balancing on ZC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23.217Configuring Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23.217

Multi-Server Upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23.217Perform the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23.218Multi-Server Migration Exercise . . . . . . . . . . . . . . . . . . . . . . . . 23.220Multi-Node ZC Setup Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . 23.221

24 Delegated Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24.255

Overview (SLIDES) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24.255Delegated Administration Concepts & Terminology (SLIDES) . . 24.255How Delegated Administration Rights are Granted . . . . . . . . . . 24.256Implementing Delegated Administration . . . . . . . . . . . . . . . . . . . 24.261Revoking Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24.266Viewing Rights Granted to Administrators . . . . . . . . . . . . . . . . . 24.267

Predefined Delegated Administrator Role . . . . . . . . . . . . . . . . . 24.267Specific Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24.268Delegated Administration Exercises . . . . . . . . . . . . . . . . . . . . . . 24.273

25 Directory and GAL Integration . . . . . . . . . . . . . . . . . . . . . . . . . . 25.281

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25.281Zimbra Directory Service (LDAP) (SLIDE) . . . . . . . . . . . . . . . . . 25.281Integration with an External Directory/AD . . . . . . . . . . . . . . . . . 25.287


7/331

vii

Types of Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25.290Free/Busy Interoperability with Exchange . . . . . . . . . . . . . . . . . 25.295IPv6 (SLIDE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25.298Voice Integration (SLIDES) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25.298GAL Integration Exercise (30 minutes) . . . . . . . . . . . . . . . . . . . . 25.299

26 Wrap-Up & Feedback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26.301

A Reporting Problems via Bugzilla . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

B Contacting Zimbra Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

C Training Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.309Network Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.309Configuring your System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C.313

D ZC Deployment Worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315


8/331

viii



9/331

Zimbra, Inc. 1-1

1 ZC: System Administration Overview

1.1 Overview

After completing this course, you will be able to:

Install, troubleshoot, maintain, and manage Zimbra Collaboration (ZC).

Configure and administer a multi-node ZC deployment, including making good decisions on

architecture, performance, and storage design.

1.2 Prerequisites

Class participants should: Be familiar with basic Zimbra Web Client features.

Have downloaded and used the trial version.

Be ready to deploy.

Have some knowledge of Linux and shell scripting.


10/331

1-2 Zimbra, Inc.

1.3 Schedule (SLIDE)

Day 1: Install ZC, admin console, CLI commands, and system care

Day 2: Backup and restore, performance tuning, migration planning, and upgrading

08:30 - 08:50 General Information

08:50 - 09:50 Zimbra Architectural Overview

09:50 - 10:05 Break

10:05 - 11:05 Install ZC (hands-on) and Installation Troubleshooting

11:05 - 12:00 Zimbra Admin Console Demo and Overview (hands-on)

12:00 - 13:00 Lunch

13:00 - 14:15 Frequently-used CLI tools (hands-on) zmprov, zmmailbox, zmcontrol,zmaccount, zmlocalconfig

14:15 - 14:30 Break

14:30 - 15:15 ZC System Care (monitoring system logs, queues, and otherresources)

15:15 - 16:00 Troubleshooting (hands-on)16:00 - 16:30 Question & Answer and Getting Help Use Help Search, which

searches Bugzilla, Wiki, and Documents to answer students questions.Overview of Bugzilla and Support Portal. Hands-on search.

08:30 - 09:00 Day 1 review and answer any questions

09:00 - 09:45 Backup & Restore in ZC - How it works, scheduling, using the adminconsole

09:45 - 10:00 Break

10:00 - 11:00 Performance tuning and monitoring with zmstats

11:00 - 12:00 Migration options and planning Overview of the migration tools andoptions available to migrate mail, calendar, and contacts.

12:00 - 13:00 Lunch

13:00 - 14:00 Upgrading ZC (hands-on)

14:00 - 14:30 Upgrade troubleshooting and general system troubleshooting tips

14:30 - 14:45 Zimbra on vSphere

14:45 - 15:45 Break

15:45 - 16:15 Personalizing ZC deployment Zimlets, Custom Skins/Themes

16:15 - 16:30 Archiving and Discovery

16:30 - 17:00 Question & Answer


11/331

ZC: System Administration Overview

Zimbra, Inc. 1 - 3

Day 3: Advanced ZC Administration

08:30 - 08:45 ZC Architectural Components

08:45 - 9:15 Architecture and Storage Considerations

09:15 10:00 Multi-Server Installation & Upgrading

10:00 - 10:15 Break

10:15 - 12:00 Reconfigure ZC (hands-on) into a multi-node architecture

12:00 - 13:00 Lunch

13:00 - 14:15 Delegated Admin

14:15 - 14:30 Break

14:30 - 15:45 Directory & GAL Integration (hands-on)

15:45 - 16:30 Question & Answer


12/331

1-4 Zimbra, Inc.


13/331

Zimbra, Inc. 2-5

2 Zimbra Architectural Overview

2.1 Overview

After completing this section, you will be able to label the main components of the Zimbraarchitecture.

2.2 Zimbras Architectural Components

Zimbra Collaboration is designed to provide an end-to-end mail solution that is scalable andhighly reliable. The messaging architecture is built with well-known, open-system technology andstandards and is composed of a mail server application and a client interface.

The architecture includes the following core advantages:

Open source integrations: Linux, Jetty, Postfix, MySQL, OpenLDAP

Uses industry standard open protocols: SMTP, LMTP, SOAP, POP3, IMAP4, LDAP, HTTP

Modern technology design: Java, JavaScript, DHTML

Horizontal scalability: Because each mailbox server includes its own data store, message

store, and set mailbox accounts, you dont change anything on existing servers to scale the

system. To scale for additional mail accounts, add more servers.

High availability support: High availability can be achieved in partnership with products like

VMware vSphere, Red Hat Cluster Suite, or Veritas Cluster Server.

Browser-based client interface

Administration console to manage accounts and servers

Zimbra architecture includes open-source integrations using industry standard protocols.

mailboxd: The web application server based on jetty in which Zimbra software runs.

Postfix: An open source message transfer agent (MTA) that routes mail messages to the

appropriate Zimbra server. Postfix is the open source mail transfer agent (MTA) that receives

email via SMTP and routes each message to the appropriate Zimbra mailbox server using

Local Mail Transfer Protocol (LMTP). The Zimbra MTA also includes anti-virus and anti-spam

components. OpenLDAP software: An open source implementation of the Lightweight Directory Access

Protocol (LDAP) that provides user authentication. Zimbra Collaboration uses the OpenLDAP

software, an open source LDAP directory server. User authentication is provided through

OpenLDAP. Each account on the Zimbra server has an unique mailbox ID that is the primary

point of reference to identify the account. The OpenLDAP schema has been customized for

Zimbra Collaboration.


14/331

2-6 Zimbra, Inc.

MySQL: Database software that forms the metadata storewhere internal mailbox IDs are

linked with user accounts. The metadata store maps the mailbox IDs to users OpenLDAP

accounts. This database contains each users set of tag definitions, folders, calendar

schedules, and contacts, as well as the status of each mail message - read, unread, tags

associated with the message, and the folder in which the message resides.

Lucene: An open-source, full-featured text index and search engine. Index files aremaintained for each mailbox.

Autonomy Keyview: A third-party source that converts certain attachment file types to HTML.

Anti-virus and anti-spam: Open source components including:

ClamAV: an anti-virus scanner that protects against malicious files

SpamAssassin: mail filter that attempts to identify spam

Amavisd-new: interfaces between the MTA and one or more content checkers

Other anti-virus and anti-spam software can be integrated with Zimbra.

James/Sieve filtering: Used to create filters for email.Zimbra Collaboration includes the following application packages:

Zimbra Core: Installs the libraries, utilities, monitoring tools, and basic configuration files.

Zimbra LDAP: Installs the OpenLDAP software.

Zimbra MTA: Installs Postfix as the open source mail transfer agent.

Zimbra Store (Zimbra server): Installs the components for the mailbox server, including

Jetty, which is the servlet container the Zimbra software runs in. Each account is configured

on one mailbox server, and this account is associated with a mailbox that contains all the mail

messages and file attachments for that mail account. Each Zimbra server has its own

standalone data store, message store, and index store for the mailboxes on that server.

The Zimbra server includes the following components:

Data store: The data store is a MySQL database where internal mailbox IDs are linked withuser accounts. The data store maps the mailbox IDs to users OpenLDAP accounts. Thisdatabase contains each users set of tag definitions, folders, calendar schedules, andcontacts, as well as the status of each mail message - read, unread, tags associated withthe message, and the folder in which the message resides.

Message store: The message store is where all email messages and file attachmentsreside. Messages are stored in MIME format.

Index store: Index and search technology is provided through Lucene. Index files aremaintained for each mailbox.

HTML attachment conversion utility: As each email message arrives, the Zimbra serverschedules a thread to have the message indexed. Any attachments to the mail messageare scheduled to be converted to HTML, and then the HTML version is scheduled to beindexed.


15/331

Zimbra Architectural Overview

Zimbra, Inc. 2 - 7

Zimbra SNMP: Zimbra uses swatch to watch the syslog output to generate SNMP traps.

Installing the Zimbra-SNMP package is optional. If you choose to install Zimbra-SNMP for

monitoring, the package should be run on every server (Zimbra server, Zimbra LDAP, Zimbra

MTA) that is part of the Zimbra configuration.

Zimbra Logger: Installing the Zimbra Logger package is optional, and it is installed on one

mailbox server. If you do not install Logger, you cannot use the message trace feature.

Zimbra Spell: Installs the open-source spell checker used on the Zimbra Web Client.

Installing the Zimbra Spell package is optional. When Zimbra-spell is installed, the Zimbra-

apache package is also installed.

Zimbra Proxy: Use of an IMAP/POP3 proxy server allows mail retrieval for a domain to be

split across multiple Zimbra servers on a per user basis. Zimbra Proxy includes Nginx, which

is a high performance IMAP/POP3 proxy server that handles all incoming POP/IMAP

requests. Zimbra proxy can also be used as a reverse proxy for HTTP requests. Installing the

Zimbra Proxy package is optional.

Zimbra Archiving: Zimbra Archiving and Discovery is an optional feature that offers the

ability to store and search all messages that were delivered to or sent by ZC. This packageincludes the cross mailbox search function that can be used for both live and archive mailbox

searches. Note: Using Archiving and Discovery can trigger additional mailbox license usage.

Zimbra Convertd: Zimbra-convertd package is installed on the zimbra-store server. Only one

zimbra-convertd package needs to be present in the ZC environment.

Zimbra Memcache: Memcache is a separate package from Zimbra-proxy and is

automatically selected when the Zimbra-proxy package is installed. One server must run

Zimbra-Memcache when the proxy is in use. All installed Zimbra-proxies can use a single

Memcache server.

zmconfigd: This is a service that rewrites the ZC configuration files each time you perform arestart of the Zimbra service or change configurations. It reads in localconfig, ldap global

configs, ldap server configs and ldap domain configs and uses /opt/zimbra/conf/zmmta.cf

(zmconfigd.cf in 8.0) to determine which third-party configuration files to rewrite and which

Zimbra attributes will trigger immediate rewrites and service restarts. This is not an individual

package. Rather, it is installed as part of the core package.

2.3 Zimbras Supported Operating Systems

Zimbra Collaboration Network Edition v8.x is supported on the following operating systems:

Red Hat Enterprise Linux AS/ES 6, 64 bit

CentOS 6, 64 bit

SUSE Linux Enterprise Server 11, 64 bit (SP3 for ZC 8.0.5+)

Ubuntu 10.04 LTS, 64 bit (deprecated, no support beyond ZC 8.x)

Ubuntu 12.04 LTS, 64 bit

Platforms not supported in Zimbra Collaboration v8.x (EOL in ZC 7) include:


16/331

2-8 Zimbra, Inc.

Red Hat Enterprise Linux 5, 32 bit

Red Hat Enterprise Linux 4, 32 & 64 bit

SUSE Linux Enterprise Server 10, 32 bit

Ubuntu 8.04 LTS, 32 & 64 bit

The following graphics show the Zimbra Collaboration architectural design, including the open-source software bundled with the product and other recommended third-party applications.These components have been tested and configured to work with Zimbra Collaboration.


17/331


Zimbra, Inc. 2 - 9

ZC System Architecture (SLIDE)


18/331

2-10 Zimbra, Inc.

Zimbra Flexible Deployment Models(SLIDE)


19/331


Zimbra, Inc. 2 - 11

Zimbra Client Architecture (SLIDE)


20/331

2-12 Zimbra, Inc.

Zimbra Mailbox Server (MBS) Architecture (SLIDE)


21/331

Zimbra, Inc. 3-13

3 Licensing

3.1 Overview

After completing this section, you will be able to:

Describe Zimbra license requirements for ZC Network Edition

Obtain a Zimbra license

Examine license status using the admin console.

3.2 Zimbra License Requirements for ZC Network Edition

ZC licensing gives administrators better visibility and control into the licensed features they planto deploy. The following is a summary of the feature attributes of a ZC Network Edition license:

Number of mailboxes assigned globally.

Number of Zimbra Mobile users: The feature can be enabled or disabled by the administrator

using Class of Service.

Number of Outlook Connector users: The feature can be enabled or disabled by the

administrator using Class of Service.

Number of Archiving users assigned globally.

Number of Attachment indexing users assigned globally.

3.3 Obtaining a License

A Zimbra license is required to create accounts in the Network Edition Zimbra Collaborationservers. Several types of licenses are available:

Trial: You can obtain a free Trial license from the Zimbra website, at www.zimbra.com. The

trial license allows you to create up to 50 users. It expires in 60 days.

Trial Extended: You can obtain the Trial Extended license from Zimbra Sales by contacting

[email protected]. This license allows you to create up to 50 users and is valid for an

extended period of time.

Subscription: You must purchase the Zimbra Subscription license. This license is valid for a

specific Zimbra Collaboration system and is encrypted with the number of Zimbra accounts

(seats) you have purchased, the effective date, and expiration date of the subscription license.

Perpetual: You must purchase the Zimbra Perpetual license. This license is similar to a

subscription license and is valid for a specific Zimbra Collaboration system, is encrypted with

the number of Zimbra accounts (seats) you have purchased, the effective date, and expiration

date of the support agreement. When you renew your support agreement, a new perpetual

license with a new expiration date of the support agreement will be issued to you.


22/331

3-14 Zimbra, Inc.

The Zimbra license controls the following Network Edition features:

Client connectors

ZC Backup and Restore

HSM

Attachment Indexing and Rendering

Zimbra Mobile Accounts limit

MAPI Accounts limit

Zimbra Archiving and Discovery Accounts limit (optional)

Note: Archiving and Discover licenses only come bundled with the Zimbra Collaboration Server

Professional Edition.

Delegated Administrator

Dumpster folder

3.4 License Usage by ZC Account Type

A mailbox license is required for an account assigned to a person, including accounts created forarchiving. Distribution lists, aliases, locations and resources do not count against the license.

Below is a description of ZC accounts and if they impact your license limit.

System accounts: System accounts are specific accounts used by ZC. They include the spam

filter accounts for junk mail (spam and ham), virus quarantine account for email messages

with viruses, and GALsync account if you configure GAL for your domain. Do not delete these

accounts! These accounts do not count against your license.

Administrator accounts: Administrator accounts count against your license.

User accounts: User accounts count against your license account limit. When you delete an

account, the license account limit reflects the change.

Alias accounts: Aliases do not count against your license.

Distribution lists: Distribution lists do not count against your license.

Resource accounts: Resource accounts do not count against your license.

3.5 License Activation

All ZC Network Edition installations require license activation. New installations have a 10-daygrace period from the license issue date before requiring activation. Your license can beactivated from the admin console by selecting the Global Settings > Licensetab, then clickingActivate Licensein the toolbar. You can also activate your license from the command lineinterface. Upgraded ZC versions require an immediate activation to maintain network featurefunctionality.


23/331

Licensing

Zimbra, Inc. 3 - 15

Automatic License Activation

Licenses are automatically activated if the ZC server has a connection to the Internet and cancommunicate with the Zimbra License server. If you are unable to automatically activate yourlicense, see the next section: Manual License Activation.

Manual License ActivationFor systems that do not have external access to the Zimbra License server, you can use theZimbra Support Portal to manually activate your license. Go to the Zimbra website atwww.zimbra.com and click on the Supporttab to display the Zimbra Technical Support page.Click on the Support Portal Loginbutton to display the Zimbra Support Portal page. Enter youremail and password to log in.

If you have problems accessing the Support Portal, contact Zimbra Sales at [email protected].

3.6 Licensing Not Installed or Activated

If you fail to install or activate your ZC server license, the following scenarios describe how yourZC server will be impacted.:

License is not installed: If a license is not installed, ZC defaults to single user mode where all

features limited by license are limited to one user.

License is not valid: If the license file is forged or could not be validated for other reasons, ZC

defaults to single user mode.

License is not activated: A license activation grace period is 10 days. If for some reason the

license is never activated, ZC defaults to single user mode.

License is in future: If the license starting date is still in the future, ZC defaults to single user

mode.

License is in grace period: If the license ending date has passed and is within the 30-day

grace period, all features limited by license are still enabled, but administrators may see

license renewal prompts.

License expired: If the license ending date has passed and the 30-day grace period expired,

ZC defaults to single user mode.

Note: We recommend that you regularly monitor the Admin account for these notifications or

create a filter in the Admin account, so your Operations team is notified when these warnings

start.

3.7 Examining License Status

Use the Global Settings > License tab in the admin console to view current license information,including the following:

Company name for which the license was purchased. The license can only be installed on the

ZC system for which it is purchased.

License Type: three license types exist: trial, regular, and perpetual.


24/331

3-16 Zimbra, Inc.

License ID: The ID number of your license.

Issue Date: the date that Zimbra created your license.

Effective Date: the date the license subscription begins.

Expiration Date: the date your Zimbra license expires.

Accounts Limit: the maximum number of accounts you can create and the number of accountscreated.

Mobile Accounts Limit: the maximum number of mobile accounts you can create and the

number of mobile accounts created.

MAPI Accounts Limit: the maximum number of MAPI accounts you can create and the number

of MAPI accounts created.

Archiving Accounts Limit: the maximum number of archiving accounts you can create and the

number of archiving accounts created.

Attachment Indexing Accounts Limit: the maximum number of attachment indexing accounts

you can create and the number of attachment indexing accounts created.

Activation ID: The identification of the license from Zimbra.

Activation Fingerprint: The encoded value of the license.

Activation Last update: When the license was registered with the ZImbra License Server.

Product Version: the ZC version currently installed.


25/331

Licensing

Zimbra, Inc. 3 - 17

Note: You can use the CLI, zmlicense p, to see additional license information.


26/331

3-18 Zimbra, Inc.


27/331

Zimbra, Inc. 4-19

4 Install Zimbra Collaboration

4.1 Overview

After completing this section, you will be able to:

Identify ZC installation considerations

Install ZC on a single server

Troubleshoot common installation problems

4.2 Installation Considerations (5 min)

Other Servers, etc.

You cannot have any other web server, database, LDAP, or MTA server running when you installthe Zimbra software. If you have installed any such applications, disable them before you installZC. During ZC install, Zimbra makes global system changes that may break applications on yourserver.

Third-Party and Open-Source Software

ZC is designed to be the only application suite installed on the server. ZC bundles and installsvarious other third-party and open-source software, including Jetty, Postfix, OpenLDAP, andMySQL. The versions installed have been tested and configured to work with the Zimbrasoftware. See the Administration Guide for a complete list of software.

Disabling Server Ports

The following ports are set as defaults when Zimbra Collaboration is installed. Make sure thatthere are no port conflicts.


28/331

4-20 Zimbra, Inc.

Zimbra Port Mapping (SLIDE)

Important: You cannot have any other web server, database, LDAP, or MTA server running

Server Port

Postfix 25

HTTP 80

POP3 110

IMAP 143

LDAP 389

HTTPS 443

SMTP Message Submission (RFC 6409) 587

LDAPS (if enabled) 636

Mailboxd IMAP SSL 993

Mailboxd POP SSL 995

Mailbox LMTP 7025

Conversion Server 7047

ZC Admin Services Connector (SSL) 7071

ZC Extension Port 7072

Backend POP3 (if proxy configured) 7110

Backend IMAP (if proxy configured) 7143

MySQL 7306

Logger MySQL 7307

Spell Check 7780

Backend IMAP SSL (if proxy configured) 7993

Backend POP3 SSL (if proxy configured) 7995

HTTP on mailbox server backend (if proxy used) 8080

HTTPS on mailbox server backing (if proxy used) 8443

HTTPS (if proxy configured) 9071amavisd-new 10024

Postfix answering amavisd-new 10025

memcached[proxy] - to memcached from proxy 11211


29/331

Install Zimbra Collaboration

Zimbra, Inc. 4 - 21

when you install the Zimbra software. If you have installed any of the applications, disable them

before you install the Zimbra software. During the ZC install, Zimbra makes global system

changes that may break applications that are on your server.

4.3 Installation Process Overview (5 min)

When you run the install script, Zimbra installs the following prerequisite packages:

Zimbra Core installs the libraries, utilities, and monitoring tools.

Zimbra LDAP installs the OpenLDAP software, an open-source LDAP directory service.

Zimbra MTA installs the Postfix open source MTA, the Clam AntiVirus antivirus engine, the

SpamAssassin junk mail filter, and the Amavisd-New content filter.

Zimbra Store installs the mailbox server, including Jetty, the servlet container for the Zimbra

server.

Zimbra Spell installs the Aspell open source spelling checker. When Zimbra spell is installed,

Zimbra-Apache is also installed.

Zimbra SNMP installs the SNMP package for monitoring. This package is optional.

Zimbra Logger installs tools for syslog aggregation and reporting.

Zimbra Proxy installs the proxy server that allows mail retrieval for a domain to be split across

multiple Zimbra servers on a per user basis. This is optional.

Zimbra Archive installs a separate optional feature that offers the ability to store and search all

messages that were delivered to or sent by ZC. This package includes the cross mailbox

search function thar can be used for both live and archive mailbox searches. This package is

optional.

Zimbra License

A Zimbra license is required to create accounts. Refer to www.zimbra.comfor additional licenseinformation.

Menu-Driven Configuration

The menu-driven installation displays the components and their existing default values. Duringthe installation process, you can modify the default values. Only those menu options associatedwith the package being installed are displayed.

Configuring IMAP and POP3 Proxy Server

Use of an IMAP/POP3 proxy server allows routing users of these services to the Zimbra mailboxserver on which their mailbox resides. For example, proxying allows users to enterimap.example.com as their IMAP server. The proxy running on imap.example.com inspects theirIMAP traffic, does a lookup to determine which back-end mailbox server a users mailbox liveson, and transparently proxies the connection from the users IMAP client to the correct mailboxserver.


30/331

4-22 Zimbra, Inc.

The open source Nginx proxy is bundled as part of the Zimbra-proxy package. When the proxyserver is configured, the service ports on back-end Zimbra mailbox servers are changed toalternate ports. The proxy now services the standard ports for these protocols. This change isapplied even if the proxy services are run on their own independent hosts in order to distinguishand avoid confusion between the services.

Configuring for Virtual Hosting

You can configure multiple virtual host names to host more than one domain name on a server.When you create a virtual host, users can log in without having to specify the domain name aspart of their user name.

Virtual hosts are configured from the Domains > Virtual Hosttab in the Zimbra AdministrationConsole (admin console). The virtual host requires a valid DNS configuration with an A record.

Configuring DNS

To send and receive email, the Zimbra MTA must be configured in DNS with both A and MXrecords. For sending mail, the MTA uses DNS to resolve hostnames and email-routinginformation. To receive mail, the MX record must be configured correctly to route the message tothe mail server.

During the installation process, ZC checks to see if you have an MX record correctly configured.If not, an error is displayed suggesting that the domain name may have an MX record configuredin DNS.

You must configure a relay host if you do not enable DNS. After ZC is installed, go to theGlobalSettings > MTAtab in the admin console and uncheck Enable DNS lookups. Enter the relayMTA address to use for external delivery.

Note: Even if a relay host is configured, an MX record is still required if the ZC server is going to

receive email from the Internet.


31/331


Zimbra, Inc. 4 - 23

4.4 ZC Install Exercises

Overview

In this exercise, you will be installing ZC on a single-server. General steps include:

Log in as root

Disable unnecessary applications

Accept software agreement

Auto-check for prerequisite software

Select services to be installed, including accepting or changing default entries as needed

Save the files in the appropriate directories

Modify the server

End the installation process

Installing ZC on Single-Server

The following are detailed steps for installing ZC on a single-server. The lines in bold mean thereis an action to be performed.

Important: During the Install exercise, enter your domain name where you see zimbraX.lab. For

example, if your domain name is zimbra12.lab, use this name consistently during the install

exercise and when applying zmprov commands. If you enter zimbraX.lab you will get an error.

Note: These steps are performed on all servers. Some of the information contained in thesesteps and screens may differ from the actual installation you are performing in class.

Exercise - Single-Server Installation of ZC


32/331

4-24 Zimbra, Inc.

Start on VM image vm1:=

1. Postfix and iptables should not be running when you start to install ZC. To check if they arerunning and to stop, do the following:

2. Confirm that the/etc/hostsfile contains the following (be sure to use your own IP address andzimbraX.lab)

3. Confirm that the hostname has the right value on all servers.

4. Confirm that SELinux and iptables are disabled.

[root@vm1 ~]# service postfix status

master (pid 1972) is running...[root@vm1 ~]# service postfix stop

[root@vm1 ~]# service iptables stop

[root@vm1 ~]# chkconfig postfix off

[root@vm1 ~]# chkconfig iptables off

[root@vm1 ~]#

[root@vm1 ~]#more /etc/hosts# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

::1 localhost.localdomain localhost

192.168.168.5 vm1.zimbra0.lab vm1

192.168.168.6 vm2.zimbra0.lab vm2

[root@vm1 ~]# hostname

vm1.zimbra0.lab

[root@vm1 ~]#more /etc/sysconfig/networkNETWORKING=yesNETWORKING_IPV6=no

HOSTNAME=vm1.zimbra0.lab

[root@vm1 ~]#

[root@vm1 ~]# more /etc/selinux/config

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - No SELinux policy is loaded.SELINUX=disabled

# SELINUXTYPE= can take one of these two values:

# targeted - Targeted processes are protected,

# mls - Multi Level Security protection.

SELINUXTYPE=targeted


33/331


Zimbra, Inc. 4 - 25

5. Confirm that DNS is correctly setup and you can access the Internet.

Important: All the checks above apply for single server, multi-server, and cluster installs.

6. Now untar the ZC file, cd to the directory where the tar file is saved.

7. Now start the installation. Type the install command and the ZC License to use.

root@vm1 ~]# dig vm1.zimbra0.lab a

; DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.5 vm1.zimbra0.lab a

;; global options: +cmd

;; Got answer:

;; ->>HEADER


34/331

4-26 Zimbra, Inc.

[root@vm1 training]# cd zcs-NETWORK-

8.0.3_GA_5664.RHEL6_64.20130305090219

[root@vm1 zcs-NETWORK-8.0.3_GA_5664.RHEL6_64.20130305090219]#

./install.sh -l /root/training/ZCSLicense-2013.xml

Operations logged to /tmp/install.log.8017

Checking for existing installation...

zimbra-ldap...NOT FOUND zimbra-logger...NOT FOUND

zimbra-mta...NOT FOUND

zimbra-snmp...NOT FOUND

zimbra-store...NOT FOUND

zimbra-apache...NOT FOUND

zimbra-spell...NOT FOUND

zimbra-convertd...NOT FOUND

zimbra-memcached...NOT FOUND

zimbra-proxy...NOT FOUND

zimbra-archiving...NOT FOUND

zimbra-cluster...NOT FOUND

zimbra-core...NOT FOUND

VMWARE END USER LICENSE AGREEMENT

PLEASE NOTE THAT THE TERMS OF THIS END USER LICENSE AGREEMENT SHALL GOVERN

YOUR

USE OF THE SOFTWARE, REGARDLESS OF ANY TERMS THAT MAY APPEAR DURING THE

INSTALLATION OF THE SOFTWARE.

IMPORTANT-READ CAREFULLY: BY DOWNLOADING, INSTALLING, OR USING THE

SOFTWARE,

YOU (THE INDIVIDUAL OR LEGAL ENTITY) AGREE TO BE BOUND BY THE TERMS OF THIS

END

USER LICENSE AGREEMENT ("EULA"). IF YOU DO NOT AGREE TO THE TERMS OF THIS

EULA,

YOU MUST NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND YOU MUST DELETE OR

RETURN THE UNUSED SOFTWARE TO THE VENDOR FROM WHICH YOU ACQUIRED IT WITHINTHIRTY (30) DAYS AND REQUEST A REFUND OF THE LICENSE FEE, IF ANY, THAT YOU

PAID

FOR THE SOFTWARE.

EVALUATION LICENSE. If You are licensing the Software for evaluation

purposes,

Your use of the Software is only permitted in a non-production environment

and

for the period limited by the License Key. Notwithstanding any other

provision

in this EULA, an Evaluation License of the Software is provided "AS-IS"

without

indemnification, support or warranty of any kind, expressed or implied.


35/331


Zimbra, Inc. 4 - 27

8. Check for the installable packages, type ynext to the packages to install. For this exercise youwill not install zimbra-proxy.

1. DEFINITIONS.

1.1 "Affiliate" means, with respect to a party, an entity that is

directly

or indirectly controlled by or is under common control with such

party,

where "control" means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then

outstanding of the relevant entity (but only as long as such person

or

entity meets these requirements).

.

Checking for prerequisites...

FOUND: NPTL

FOUND: nc-1.84-22

FOUND: sudo-1.8.6p3-7

FOUND: libidn-1.18-2

FOUND: gmp-4.3.1-7

FOUND: /usr/lib64/libstdc++.so.6

Checking for suggested prerequisites...

FOUND: perl-5.10.1

FOUND: sysstat

FOUND: sqlite

Prerequisite check complete.


36/331

4-28 Zimbra, Inc.


37/331


Zimbra, Inc. 4 - 29

Checking for installable packages

Found zimbra-core

Found zimbra-ldap

Found zimbra-logger

Found zimbra-mta

Found zimbra-snmp

Found zimbra-store

Found zimbra-apache

Found zimbra-spell

Found zimbra-convertd

Found zimbra-memcached

Found zimbra-proxy

Found zimbra-archiving

Select the packages to install

Install zimbra-ldap [Y]

Install zimbra-logger [Y]

Install zimbra-mta [Y]

Install zimbra-snmp [Y]

Install zimbra-store [Y]

Install zimbra-apache [Y]

Install zimbra-spell [Y]

Install zimbra-convertd [Y]

Install zimbra-memcached [N]

Install zimbra-proxy [N]

Install zimbra-archiving [N] y

Checking required space for zimbra-core

Checking space for zimbra-store

Installing:

zimbra-core

zimbra-ldap

zimbra-logger

zimbra-mta

zimbra-snmp

zimbra-store zimbra-apache

zimbra-spell

zimbra-convertd

zimbra-archiving

You appear to be installing packages on a platform different

than the platform for which they were built.

The system will be modified. Continue? [N] y


38/331


39/331


Zimbra, Inc. 4 - 31


40/331

4-32 Zimbra, Inc.

1) Common Configuration: 2) zimbra-ldap: Enabled 3) zimbra-store: Enabled +Create Admin User: yes +Admin user to create: [email protected]******* +Admin Password UNSET +Anti-virus quarantine user: [email protected] +Enable automated spam training: yes +Spam training user: [email protected] +Non-spam(Ham) training user: [email protected] +SMTP host: vm1.zimbra0.lab +Web server HTTP port: 80 +Web server HTTPS port: 443 +Web server mode: https +IMAP server port: 143 +IMAP server SSL port: 993 +POP server port: 110 +POP server SSL port: 995 +Use spell check server: yes

+Spell server URL: http://vm1.zimbra0.lab:7780/aspell.php +Configure for use with mail proxy: FALSE +Configure for use with web proxy: FALSE +Enable version update checks: TRUE +Enable version update notifications: TRUE +Version update notification email: [email protected] +Version update source email: [email protected]

4) zimbra-mta: Enabled 5) zimbra-snmp: Enabled 6) zimbra-logger: Enabled 7) zimbra-spell: Enabled 8) zimbra-convertd: Enabled

9) Enable VMware HA: no 10) Default Class of Service Configuration: 11) Enable default backup schedule: yes r) Start servers after configuration yes s) Save config to file x) Expand menu q) Quit

Address unconfigured (**) items (? - help) 3


41/331


Zimbra, Inc. 4 - 33

Store configuration

1) Status: Enabled 2) Create Admin User: yes 3) Admin user to create: [email protected]** 4) Admin Password UNSET 5) Anti-virus quarantine user: [email protected] 6) Enable automated spam training: yes 7) Spam training user: [email protected] 8) Non-spam(Ham) training user: [email protected] 9) SMTP host: vm1.zimbra0.lab 10) Web server HTTP port: 80 11) Web server HTTPS port: 443 12) Web server mode: https 13) IMAP server port: 143 14) IMAP server SSL port: 993 15) POP server port: 110 16) POP server SSL port: 995 17) Use spell check server: yes

18) Spell server URL: http://vm1.zimbra0.lab:7780/aspell.php 19) Configure for use with mail proxy: FALSE 20) Configure for use with web proxy: FALSE 21) Enable version update checks: TRUE 22) Enable version update notifications: TRUE 23) Version update notification email: [email protected] 24) Version update source email: [email protected]

Select, or 'r' for previous menu [r] 4

Password for [email protected] (min 6 characters): [LdmYuPVxZ0] zimbra

Store configuration

1) Status: Enabled 2) Create Admin User: yes 3) Admin user to create: [email protected] 4) Admin Password set 5) Anti-virus quarantine user: [email protected] 6) Enable automated spam training: yes 7) Spam training user: [email protected] 8) Non-spam(Ham) training user: [email protected] 9) SMTP host: vm1.zimbra0.lab 10) Web server HTTP port: 80 11) Web server HTTPS port: 443 12) Web server mode: https

13) IMAP server port: 143 14) IMAP server SSL port: 993 15) POP server port: 110 16) POP server SSL port: 995 17) Use spell check server: yes


42/331

4-34 Zimbra, Inc.

10.The configuration is complete.

Enter a to apply the configuration.

Then enter Yto save the configuration data to a file that you can review later.

When The system will be modified - continue? displays, enterYto continue.

11.The installation continues as follows. When it is complete, press Enterto exit.

18) Spell server URL: http://vm1.zimbra0.lab:7780/aspell.php 19) Configure for use with mail proxy: FALSE 20) Configure for use with web proxy: FALSE 21) Enable version update checks: TRUE 22) Enable version update notifications: TRUE 23) Version update notification email: [email protected] 24) Version update source email: [email protected]

Select, or 'r' for previous menu [r]

Main menu

1) Common Configuration: 2) zimbra-ldap: Enabled 3) zimbra-store: Enabled 4) zimbra-mta: Enabled 5) zimbra-snmp: Enabled 6) zimbra-logger: Enabled 7) zimbra-spell: Enabled 8) zimbra-convertd: Enabled 9) Enable VMware HA: no 10) Default Class of Service Configuration: 11) Enable default backup schedule: yes r) Start servers after configuration yes

s) Save config to file x) Expand menu q) Quit

*** CONFIGURATION COMPLETE - press 'a' to applySelect from menu, or press 'a' to apply config (? - help) aSave configuration data to a file? [Yes]Save config in file: [/opt/zimbra/config.18414]Saving config in /opt/zimbra/config.18414...done.The system will be modified - continue? [No] yes


43/331


Zimbra, Inc. 4 - 35

Operations logged to /tmp/zmsetup.08172013-150031.log

Setting local config values...done.

Initializing core config...Setting up CA...done.

Deploying CA to /opt/zimbra/conf/ca ...done.

Creating SSL zimbra-store certificate...done.

Creating new zimbra-ldap SSL certificate...done.Creating new zimbra-mta SSL certificate...done.

Installing mailboxd SSL certificates...done.

Installing MTA SSL certificates...done.

Installing LDAP SSL certificate...done.

Initializing ldap...done.

Setting replication password...done.

Setting Postfix password...done.

Setting amavis password...done.

Setting nginx password...done.

Creating server entry for vm1.zimbra0.lab...done.

Setting Zimbra IP Mode...done.

Saving CA in ldap ...done.

Saving SSL Certificate in ldap ...done.

Setting spell check URL...done.

Setting service ports on vm1.zimbra0.lab...done.

Adding vm1.zimbra0.lab to zimbraMailHostPool in default COS...done.

Setting zimbraFeatureTasksEnabled=TRUE...done.

Setting zimbraFeatureBriefcasesEnabled=FALSE...done.

Setting convertd URL...done.

Setting MTA auth host...done.

Setting TimeZone Preference...done.

Initializing mta config...done.

Setting services on vm1.zimbra0.lab...done.

Creating domain zimbra0.lab...done.

Setting default domain name...done.

Setting up default domain admin UI components..done.

Granting group [email protected] domain right

+domainAdminConsoleRights on zimbra0.lab...done.

Granting group [email protected] global right

+domainAdminZimletRights...done.

Setting up global distribution list admin UI components..done.

Granting group [email protected] global right

+adminConsoleDLRights...done.

Granting group [email protected] global right +listAccount...done.

Creating domain zimbra0.lab...already exists.

Creating admin account [email protected].

Creating root alias...done.

Creating postmaster alias...done.

Creating user [email protected].

Creating user [email protected].

Creating user [email protected] spam training and Anti-virus quarantine accounts...done.

Initializing store sql database...done.

Setting zimbraSmtpHostname for vm1.zimbra0.lab...done.

Configuring SNMP...done.

Setting up syslog.conf...done.

Setting default backup schedule...Done

Looking for valid license to install...license installed.

Starting servers...done.


44/331

4-36 Zimbra, Inc.

12. To verify that everything is running, typezmcontrol status. All packages should be running.

Installing common zimlets...

com_zimbra_srchhighlighter...done.

com_zimbra_attachmail...done.

com_zimbra_ymemoticons...done.

com_zimbra_url...done. com_zimbra_cert_manager...done.

com_zimbra_viewmail...done.

com_zimbra_webex...done.

com_zimbra_tooltip...done.

com_zimbra_attachcontacts...done.

com_zimbra_phone...done.

com_zimbra_date...done.

com_zimbra_proxy_config...done.

com_zimbra_bulkprovision...done.

com_zimbra_adminversioncheck...done.

com_zimbra_clientuploader...done.

com_zimbra_email...done.

Finished installing common zimlets.

Installing network zimlets... com_zimbra_ucconfig...done.

com_zimbra_smime_cert_admin...done.

com_zimbra_xmbxsearch...done.

com_zimbra_smime...done.

com_zimbra_convertd...done.

com_zimbra_click2call_cisco...done.

com_zimbra_license...done.

com_zimbra_delegatedadmin...done.

com_zimbra_voiceprefs...done.

com_zimbra_hsm...done.

com_zimbra_click2call_mitel...done.

com_zimbra_archive...done.

com_zimbra_backuprestore...done.

com_zimbra_mobilesync...done.Finished installing network zimlets.

Restarting mailboxd...done.

Creating galsync account for default domain...done.

Setting up zimbra crontab...done.

Moving /tmp/zmsetup.08172013-150031.log to /opt/zimbra/log

Configuration complete - press return to exit


45/331


Zimbra, Inc. 4 - 37

Logging on to the Admin Console

To log on to the admin console, open your browser, type the admin console URL, and log on tothe console. The admin console URL is entered as:

https://[example.com]:7071

Note: The admin console address must be typed with https, even if you configured only http.

The first time you log on, a certificate authority (CA) alert may be displayed. Click Accept thiscertificate permanentlyto accept the certificate and to be able connect to the admin console.

Enter the admin user name and password configured during the installation process. Enter theuser name as admin@[example.com].

Post Installation Tasks

Once ZC is installed, if you installed the Zimbra license, you can log on to the admin console andconfigure additional domains, create Classes of Service, and provision accounts.

Troubleshooting Install

Common error messages during ZC installation and their solution are listed in the table thatfollows.

[root@vm1 zcs-NETWORK-8.0.3_GA_5664.RHEL6_64.20130305090219]# su - zimbra

[zimbra@vm1 ~]$ zmcontrol status

Host vm1.zimbra0.lab

antispam Running

antivirus Running

convertd Running ldap Running

logger Running

mailbox Running

mta Running

snmp Running

spell Running

stats Running

zmconfigd Running stats Running

The installation excercise is finished.

You can now log on to the Admin Console.


46/331

4-38 Zimbra, Inc.

Error Conditions/Messages

Solution

Port conflicts Disable HTTP, SMTP, POP3, IMAPservices on the host prior to installation.

Note: Disable services so that they do not

start on reboot.

Fully Qualified Domain Name(FQDN) not used

Use FQDN during installation. For example:app.domain.com

Firewall stopped Make sure firewall daemons are stoppedduring the installation.

Note: You can always re-enable the

firewall again and open specific ports later.

LDAP cannot start or youcannot connect to LDAPduring installation

Error message: LDAP

startup failed with exit code

256

LDAP is trying to access ldap://hostname.domain.com:389 make sure389 is not blocked.

DNS setup Make sure all hostnames that are used forthe Zimbra installation are defined with Arecord/MX record in DNS.

Cannot resolve hostname Make sure IP address and full hostnameand domain of the server are also defined in/etc/ hosts file.

Compat -* libraries not found Make sure pre-requisite Linux or Mac OSXlibraries have been installed on the system.

Remove other MTAs, mailapps, or web servers


47/331


Zimbra, Inc. 4 - 39


48/331

4-40 Zimbra, Inc.


49/331

Zimbra, Inc. 5-41

5 Zimbra Administration Console Overview

5.1 Overview

The Administration Console (admin console) is the browser-based user interface used tocentrally manage all Zimbra servers and user accounts. You can manage addresses and ZCconfiguration. Certain tools, including Mail Queues, Backups, Migration, Certificates and SearchMail area available from the admin console as well.

The admin console provides:

Bulk user provisioning and policy management

Delegated, role-based administration

COS and multi-tenancy

HSM and storage management

Real-time backup and restore

Integrate AS/AV

LDAP, AD integration

Integrated archiving and discovery

This section is a demo of some of the areas you can manage from the admin console. Aftercompleting this section, you will be able to:

Create an account using the admin console.

Identify the elements of a COS.

List the factors to consider when adding a domain.

Create a distribution list using the admin console.

Identify the purpose of the Domain Administrator function.

5.2 Key Administrator Features

The Zimbra admin console :

Class of Service (COS)

Create different feature packages for different users. For example, a student COS canhave different functionality than a faculty COS.

Control advertising and Zimlets at the COS or user level

Granular Delegated Administration


50/331


51/331

Zimbra Administration Console Overview

Zimbra, Inc. 5 - 43

Click Configure on the Home screen, then click Domains. On the Domains screen, you canmodify the domain configurations in two ways:

Use the items in the Options menu (gear icon)

Double-click an existing domain. The options in the overview pane change, so you can modify

different values for the domain.

Important domain settings are explained on the following pages.


52/331

5-44 Zimbra, Inc.

Modification Options

Use the options in the overview pane (accessed by double-clicking a domain) as follows:

General Information (shown above)

The default time zone for the domain: If a time zone is configured in a COS or for anaccount, the domain time zone setting is ignored.

Public service host name: Optional. Name to be used in public API, such as REST.

Inbound SMTP host name: If your MX records point to a spam-relay or any other externalnon-Zimbra server, enter the name of the server here.

Description: Use this field to add information about the domain that you want to display onthe Domain Content pane in the administration console.

Default Class of Service (COS) for the domain: This COS is automatically assigned toaccounts created on the domain if another COS is not set.

Domain status: The domain status is active in the normal state. Users can log in and mail isdelivered. Changing the status can affect the status for accounts on the domain also. Thedomain status is displayed on the Domain General tab. Domain status can be set as

Active, Closed, Locked, Maintenance, and Suspended.


53/331


Zimbra, Inc. 5 - 45

GAL: Displays the GAL mode, which is Internal, External, or both, and the most results

returned from a GAL search. If you configured GAL search and GAL sync differently, the GAL

sync settings are also shown. The internal GAL polling interval is set from this tab.

Authentication: Displays the authentication mechanism, which is Internal, External LDAP, or

External Active Directory. You cannot modify the authentication settings.

Virtual Hosts: Virtual hosts allow the system to establish a default domain for a user login.

Users that log in while using a URL with one of the hostnames listed here are assumed to be

in the domain.

Features: Used to enable certain calendar features, such as SMS reminders.

Advanced: Used to configure the company name that displays when external guests log on to

see a shared Briefcase folder. Also used to set the Account Email Validation expression and

set domain quotas.

Free/Busy Interop: Used to configure the Exchange server settings so that the Free/Busy

module can be configured between ZC and Microsoft Exchange servers.

Zimlets: Displays the Zimlets that are available for the domain. Used to disable/enable Zimletsfor a domain.

Themes: Used to quickly add your logo and to change the colors used for the client interface.

Certificate: Used to install a SSL certificate for a domain. You can copy the domains issued

signed commercial certificate and private key files here.

Mailbox Quota: Used to set the quota for each account and displays quota used.

S/MIME: Used to set up external S/MIME LDAP servers. Multiple servers can be set up.

Account Limits: Shows the account limit for the domain. You can set the maximum number of

accounts and maximum accounts per COS.

ACL: Used for delegated administration configuration. Access Control List (ACL) is a set of

access control entries (ACE). ACE specifies who has the right to act on this object. The table

in the tab allows for adding and removing ACEs for the target that is being edited.

5.5 Creating New Accounts

When user accounts are provisioned, the mailbox is created on the designated server and adirectory account is created on the LDAP server.

A Class of Service (COS) is assigned to an account to set the default attributes and features forthe account.

Before you add a user account, you should determine the type of account you need (Admin orregular user) and what features and access privileges should be assigned to the account.

Use the New Account Wizard to easily create new Zimbra accounts.

Note: Individual account settings override COS and Domain settings.


54/331

5-46 Zimbra, Inc.

On the Home screen, click Manage. The Accounts screen shows all existing accounts. Open theOptions menu (gear icon), and select New. The New Account Wizard opens, as shown in thefollowing screen.

When creating a new account, the Wizard will prompt you for the following information:

General information, including account name, Class of Service (COS) to be assigned,password, and timezone

Contact information, including phone number, company name, and address

Aliases to be used

Member of, a list of distribution lists to which the user belongs

Forwarding directions

Features and Preferences for this specific account. Changes made at the account leveloverride the rules in the COS assigned to the account

Default time zone

Themes and Zimlets that the user can access

Advanced settings including attachment settings, quotas, quota warning flag, and passwordlog in policies

Mobile Access options for the user

Changes made at the account level override any rules in the Class of Service (COS) assigned to

the account.

When the end-user logs in for the first time or when an email is delivered to the users account,the mailbox is created on the mailbox server.


55/331


Zimbra, Inc. 5 - 47

5.6 Administrator Accounts: Global and Delegated (SLIDE)

One administrator account is automatically created when ZC is installed and you can createadditional admin accounts. Only accounts designated as an administrator can log on to theadmin console to manage accounts and server configurations. Two kinds of administratoraccounts can be created:

Global Administrators: have full privileges to manage servers, global settings, domains, and

accounts. One global administrator account is initially created when the software is installed.

Additional administrator accounts can be created. The global administrator can give the

domain administrator privileges to set mail quotas for accounts. The global administrator sets

the maximum quota that can be configured for an account.

Delegated Administrators: are granted customized administrator roles by the global

administrator to manage different tasks from the administration console. Delegated

Administrator information is covered later in this course.

Global administrators and administrators of a domain can be designated when you create a newadministrator or a new account.

5.7 Home > Manage Screen (DEMO)

The account you created is displayed on the Home > Manage > Accountsscreen. OtherManage options include Aliases, Distribution Lists and Resources. Click on one of theseelements in the overview pane to view the corresponding information.

Accounts

The Accounts Content pane shows user accounts, the display name, status, last login date anddescription of the account.


56/331

5-48 Zimbra, Inc.

New accounts that you create are displayed. To make modifications, double-click on the accountyou want to modify. When an account is opened, the account header displays generalinformation about the account, including status, ID, and amount of mailbox quota used.

Aliases

An email alias is an email address that redirects all mail to a specified mail account. An alias isnot an email account but can be applied to an account or a distribution list. Each account canhave unlimited numbers of aliases.

When you select Aliases from the Addresses pane, all aliases that are configured are displayed

in the Content pane. From Aliases you can use the tabs to view the account information for aspecific alias, move the alias from one account to another, and delete the alias.


57/331


Zimbra, Inc. 5 - 49

Distribution Lists

A distribution list (DL) is a group of email addresses contained in a list with a common emailaddress. When users send to a distribution list, they are sending to everyone whose address is

on the list.In an email message, the address line displays the distribution list address. The individualrecipient addresses cannot be viewed.

Only administrators can create, change, or delete distribution lists. Users can create and managetheir own group lists.

When you select Distribution Lists from the Overview pane, all distribution lists that areconfigured are displayed in the Content pane. You can use the tabs to view the distributioninformation and edit the DL.

When new members are added to the distribution list, they are automatically granted the sameshare privileges as other members of the group. When members are removed from thedistribution list, their share privileges are revoked.

A few features to note:

Enable the Hide in GALcheckbox to create distribution lists that do not display in the Global

Address List (GAL). You can use this feature to limit the exposure of the distribution list to only

those who know the address.

Uncheck the Can receive mailcheckbox to create a distribution list for sharing that will not

receive mail.


58/331

5-50 Zimbra, Inc.

When a Zimbra users email address is added to a distribution list, the users Accounts >

Member Of tab is updated with the list name.

When a distribution list is deleted or removed, the distribution list is automatically removed

from the Accounts > Member Of tab.

Resources

A resource is a location or piece of equipment that can be scheduled for a meeting. Eachresource has its own mailbox address and accepts or rejects meeting invitations automatically.

User accounts with the Calendar feature can select resources for their meetings.

Administrators create resources. A Resource Wizard guides you through the resourceconfiguration, including designating the type of resource, the scheduling policy, the location, anda description of the resource.

From Home > Manage > Resources in the admin console, you can add a new resource andchange the properties for a resource.


59/331


Zimbra, Inc. 5 - 51

To schedule a resource or location, users invite the equipment and/or location to a meeting.

When they select the resource, they can view the notes about the resource and view free/busystatus for the resource, if set up. When the meeting invite is sent, an email is sent to the resourceaccount, and if the resource is free, the meeting is automatically entered in the resourcescalendar.

Managing Resources

To specify users who can manage the resource, including overriding reservations that have beenadded, you share the resources default Calendar and configure the role as Manager. Usersdelegated as Manager can modify the resources calendar.

5.8 Configuration Elements

Configuration includes Classes of Service (COS), Domains, Servers, Global Settings, Zimlets,Admin Extensions, Certificates, Voice/Chat Service, Rights and GlobalACL.


60/331

5-52 Zimbra, Inc.

5.9 Defining & Modifying a Class of Service (COS) (SLIDE)

Class of Service (COS) determines what default attributes a Zimbra Web Client email accounthas and which features are enabled or disabled. COS are used to group users that shouldreceive similar features and service levels. You can have multiple classes of service.

In the COS, you configure the following: Features that are enabled

Preferences that are enabled

Themes that can be selected from an account

Zimlets that are available

Server pools for creation of new accounts

Mobile access options

Advanced options, including attachment settings, mailbox quotas, password policies, etc.

Retention and disposal policies

ACL options: Used for delegated administration configuration. Access Control List (ACL) is a

set of access control entries (ACE). ACE specifies who has the right to act on this object. The

table in the tab allows for adding and removing ACEs for the target that is being edited.

Note: When attachment settings are configured in Global Settings, the global rules take

precedence over the COS settings.

To access COS information in the admin console, on the Home screen, click Configure in theoverview pane. A COS list is displayed.

To create a new COS, open the Options menu (gear icon) and click New.


61/331


Zimbra, Inc. 5 - 53

To view details about a COS, double-click the name of the COS. The defaultCOS is shownbelow.

Overview

A default COS is automatically created during the installation of ZC. A COS is global and is notrestricted to a particular domain or set of domains. You can assign a COS to a domain.

Each account is assigned one COS.

If the domain is configured with a COS, an account is assigned that COS when it is created.

If the domain does not have a COS, the ZC default COS is automatically assigned.

You can assign any COS to the account.

Note: If you delete a COS that accounts are currently assigned to, the accounts are

automatically assigned the default COS.

Some COS settings can be overridden either by global settings or by user settings. For example:

Whether outgoing messages are saved to the Sent folder can be changed in the user

Preferences tab.

Attachment blocking set as a global setting can override the COS setting.

Note: COS settings assigned to an account are not enforced for IMAP clients.

COS preferences are adjustable by users and admins. COS features are adjustable only byadmins. There are many elements to a COS, and some of these elements are explained in thefollowing pages.


62/331

5-54 Zimbra, Inc.

Server Pool

In an environment with multiple mail servers, the COS can be used to assign the next account toa mailbox server, or you can specify a specific server when you create the account. The ServerPool lists the available mailbox servers, and you select which servers should be available. Whena COS is assigned to a new account, a mail server is randomly chosen for the new account from

the server pool associated with that COS.

Themes

The appearance of the Zimbra Web Client user interface can be changed using Zimbra themes.A number of Zimbra themes are included with ZC, and you can create others.

The following theme usage options can be configured:

Limit users to a set of themes: On the Themes page, the theme that should be the Current UI

theme is selected. On the Features page, the Change UI Themes checkbox is marked.

Let users access any of the installed Zimbra themes: If the Change UI Themes in the Features

page is checked, and the Do not limit themes radio button is checked, users can access anyof the themes listed in the Available UI themes list.


63/331


Zimbra, Inc. 5 - 55

Zimlets

Zimlets are a mechanism for integrating the ZC with third-party information systems and content.When a Zimlet is added to the ZC, users can look at information and interact with the third-partyapplication from within their mailbox.

Several pre-defined Zimlets are included with ZC, and you can create other Zimlets so users caninteract with your company resources or other defined applications from the Zimbra Web Client.Some of the pre-defined Zimlets are:

Dates: users can see their calendar schedule for that date. Email addresses/names: users can see complete contact information, if available.

URLs: users can see a thumbnail of the website.

Phone numbers: users can quickly place a call. VOIP software such as Skype or Cisco VOIP

phone must be installed on the users computer.


64/331

5-56 Zimbra, Inc.

The