Dia 1
Advanced Proxying
Good things to know
- Any Zarafa server is an entry point for your multi-server
environment
- All requests are redirected if they not belong to them
- Zarafa does not act as a proxy
- Your store-server has to be able to be reached by the client
directly
Why proxying?
- Scales on the Application-Level, because:
- With round-robin DNS it scales very well and overhead is very
small (redirection). - It can handle sticky sessions (stay on the
same server)
Hardware SSL-Balancers
- Yes, they work
- They are a bit expensive, but if you can afford go for it ;) -
Be aware that they really only balance SSL, nothing else
LVS (Linux Virtual Server)
- Yes, they work as well
- It is indeed a good approach, but requires higher skills and a
special setup to be maintained - keeping systems up to date is a
bit more work
- The combination of pacemaker and this solution outnumbers in
scalability
Balancing with Apache 2.2
- Works out of the box with mostSystems
- Helps you scale to whatever youWant or to
- Fully compatible with any service,
so z-push, webaccess, zarafa,
autoupdater all work
Apache Proxying
- You need SSL, at least only this makes sense
- Sticky sessions by mod_rewrite
Config (I)
### Cookie Handling
RewriteEngine On
# Cookie not set? Well then, here we go...RewriteCond
%{HTTP_COOKIE} !BALANCEMERewriteRule .* -
[CO=BALANCEME:balancer.server1:zarafa.com:15]
# IMPORTANT Renew the cookie!RewriteCond %{HTTP_COOKIE}
BALANCEME=(balancer.server1)RewriteRule .* -
[CO=BALANCEME:balancer.server1:zarafa.com:15]
# Think of failover covered laterInclude
/etc/apache2/vhosts.d/00-zarafa-cookie-failover.inc
Config (II)
### Load-Balancing by the cookie value to internal
zarafa-vhost
ProxyPass / balancer://cluster/ lbmethod=byrequests
stickysession=BALANCEMEProxyPassReverse / balancer://cluster/
BalancerMember http://server1.zarafa.com route=server1
BalancerMember http://server2.zarafa.com route=server2
BalancerMember http://server3.zarafa.com route=server3
BalancerMember http://server4.zarafa.com route=server4
Proven Architecture
Endless Possibilities
- Secure your cluster with Pacemaker (following up)
- Combine with zarafa-msr for direct (non-proxied) access to
store
Recommendations
- Make sure you share your state-dir (z-push) like NFS
- Think of clustered Mail delivery
- Auto-Updater (!)
Contact
- Thank you very much for listening! -
Don't hesitate to contact us for questions or support.
Millenux GmbHLilienthalstr. 2/170825 Korntal/Stuttgart
Tel.+49 711 88770 300Fax+49 711 88770 349
[email protected]
www.zarafa.com
www.zarafa.com
Zarafa Summercamp 2011: Crossing borders
Learning | Networking | Cases |Workshop | Trainings
www.zarafa.com
Zarafa Summercamp 2011
www.millenux.com
