Zarafa Quickstart Training

Who is Zarafa ?

• Zarafa B.V. [Delft / Niederlande]
• Founded in 1999 in Delft/NL
• Headquarter with development, QA, international sales and support
• Zarafa Deutschland GmbH [Hannover/Germany]
• Founded in 2006 in Hannover/Germany
• Sales and support for sales and support for Germany, Austria and Switzerland

What is Zarafa ?

• Open
• Open Source Software under AGPL since 2006
• Open design = free choice of its components
• Free choice - house or Cloud Installation
• Compatible
• Full MAPI implementation
• Best integration into Microsoft Outlook (2003-2013)
• Z-Push (ActiveSync protocol) for Mobile Devices
• HTML5 WebApp with the familiar features
• Enterprise
• Subscription includes Maintainance and Support
• Simple and rapid scaling
• High Availability with standard Linux tools
• Full virtualization capability

Technical background of Zarafa

In this chapter you will learn the complete technical background of Zarafa.

Please proceed "down" to see the individual slides

Technical background (1)

• Zarafa is a Linux-based groupware server


• Zarafa used as data model MAPI - like MS-Exchange
• Data is stored in a MySQL database and e-mail attachments in the file system


• Providing access to Outlook with zarafaclient.msi package which implement a MAPI driver in Outlook for native connectivity
• Outlook can be used online and offline

Technical background (2)

• Zarafa WebApp is a Web client with ExtJS and HTML 5 technology and is installed on an Apache web server with PHP
• Use the Zarafa PHPMAPI library for a native connection to the server
• WebApp has a plugin interface for the expansion of features and the integration of 3rd party software


• Z-Push is the Open Source implementation of Microsoft ActiveSync protocol
• It is developed in PHP, can be installed on web server with PHP and offers identical features, such as an Exchange server

Technical background (3)

• E-mail clients can be connected via the Zarafa Gateway via the standard IMAP and POP3 protocols
• Calendar clients use the Zarafa Gateway via the CalDAV standard protocol to share iCal files
• Task of the gateway is the translation of the MAPI information in the appropriate standards and provision of standard protocols


• Future (from Zarafa 7.2.0) is the XML-based protocol "Zarafa Webservices" (ZWS) as a replacement for the Exchange web service protocol (EWS) for the native link of MacOS clients (including Outlook for MacOS)

Technical background (4)

• Zarafa comes without an own e-mail server. Almost every e-mail server (MTA) (eg Postfix, Sendmail, ...) can be used as previously configured
• MTA send after configured filters for antivirus/SPAM the incoming e-mail to the Zarafa DAgent that converts the e-mail into MAPI object and store it in correct mailbox.
• Sending e-mails is done by the Zarafa Spooler. It converts the MAPI object (sended e-mail) to a standard SMTP mail and send it to the MTA
• A virus protection is so also guaranteed for internal e-mails.

Technical background (5)

• User management can be used in the MySQL database.
• Recommended is the usage of a directory service like OpenLDAP, Active Directory, eDirectory or any other LDAP-based directory service.
• By a schema extension, the information required by Zarafa be harnessed.
• Zarafa has only read access to the directory.
• LDAP connection is individualized by mapping file, ie existing directories can largely be reused (without change)

Technical background (6)

• Weitere Zarafa Komponenten sind:
• Zarafa-monitor: Monitoring and warning of quota limits
• Zarafa Admin: Administration Tool for user and group management
• Zarafa Licensed: License daemon for monitoring Zarafa subscriptions
• Zarafa Backup: Brick Level Backup allows restoration of individual elements
• Zarafa Search: indexing the data (including e-mail attachments.

Zarafa Archiver

Zarafa Archiver is an additional product which can be used with Professional or Enterprise subscriptions and is there included for 20 users.

The aim of the Archiver is load distribution for older emails (period may be defined). The old emails are automatically stored to the archive server. So the production database from the size remains predictable. The archive server can be fitted with less favorable hardware because it does not rather on performance.

Technical background (7)

Dependencies (1)

• MySQL - Server
• Can be on Zarafa server or seperate database server
• With usage of a separate database server on the Zarafa system, the MySQL client library is required
• From Zarafa 7.1.10 is MariaDB officially supported
• E-Mailserver (MTA)
• Almost every MTA useable
• Recommended and tested are Postfix, Sendmail, Exim and Qmail
• Apache Webserver + PHP
• libicu - is required for UTF-8 support
• English language packages

Dependencies (2)

If Zarafa is installed out of RPM/DEB packages, in the download packages following packages are included:

• libvmime + libvmime devel-
• libical + libical devel-

Please make sure, that without exception this supplied packages are installed.

If your server update automatically, take care that those packages are excluded.

Start the VM

The VM is based on the Univention UCS 3.2 and contains the most recent version of Zarafa as an Exchange replacement and Z-Push for the connection of mobile devices using the Active Sync protocol.

The VM stores the user / group information in an LDAP system / can be used with Samba 4 domain controller. The e-mail server is preconfigured. With the graphical interface, you can customize but the VM.

In the following steps you will learn how to take the VM running and then how they can be integrated for a productive test in your environment.

Import Virtual Machine

First, unzip the package downlaoding.

VMware - Open to import the vmx file Virtual Machine - About file.

other solutions - Create a new VM (Debian 64bit) and import the vmdk as a virtual disk.

Configuring the VM

By default, the VM in VMware imported with the following values, which are sufficient for test purposes in many cases.

Just the memory can be increased depending on the number of users and amount of data. Possibly is to add a second network card and to access from the local network / Internet.

• Memory: 1 GB [Recommended: 2GB]
• 1 CPU core
• 1 network interface / DHCP

After import and possibly hardware adjustments, the VM can be started.

Individualization (1)

The VM is pre-configured for operation. However, some parameters such as language, domain, ROOT password, etc. still need to be adjusted during the first start.

First, a welcome screen appears. Top right language can be changed to german, default is English.

Individualization (2)

First, you can do the language settings for the system and the keyboard.

Individualization (3)

A domain is proposed from the entered computer name. This can be varied.

Individualization (4)

Here the network setting can be adjusted.

Individualization (5)

Here the information for the SSL certificates to verify / change.

Individualization (6)

Here various components can be installed. Samba4 AD provides a complete Active Directory clone.

Individualization (7)

This step may take up to 30 minutes. The system is being prepared.

Individualization (8)

Note on the conclusion of the configuration.

Personalisation (9)

Fully started system without a graphical interface

First Start

Calling the IP address of the VM in the browser [second tab here Administration].

Login system configuration

Login to the system and domain setting.
Use of the User Administrator has the same password as ROOT.

E-mail address for AppCenter

Leave an email address for communication for apps.

Integration into existing environment

The VM has a pre-configured for local use e-mail server.

The following subject areas are then treated.

• Customize E-mail Server
• Import license
• Language configuration
• Indexing (Zarafa Search)
• Tuning MySQL database + Zarafa
• Install updates

Customize e-mail server

Add Domain (1)

From the Administration Dashboard from the menu e-mail.

Add Domain (2)

Here you see all e-mail domains and mailing lists. Click on Add to add a new domain.

Add Domain (3)

Select the default object type maildomain.

Add Domain (4)

Enter the new domain name to be managed. This is then immediately available and configured system-wide.

Pick up mail from mail server

To use this function you first have to install via the UCS AppCenter service Fetchmail. The first time the AppCenter this notice appears.

Fetchmail (1)

After installing Fetchmail is on the list of installed applications. This application is not called up individually. The configuration takes place at the individual users.

Fetchmail (2)

In the User under the tab Advanced Settings and then get mail from external servers, the configuration can be stored per user.

Mail shipping externally (1)

If you do not want to see directly into the Internet E-mail, you can configure via Univention Configuration Registry a relay host.

Search by key word by relay

Mail shipping externally (2)

The entry relayhost edit, and please give the FQDN of the mail server.

Mail shipping externally (3)

If the e-mail server requires authentication, please refer to the notes in the entry of relayauth.

Import license

Editions

• Open Source Edition
  Unlimited access my WebApp, IMAP, POP3 and Z-Push possible
  license service (zarafa-licensed) is not running
• Free Edition
  additional to unlimited access from Open Source Edition you can connect with 3 Outlook
  operating license service without or an incorrect license key
• Supported mode
  access to all open source and commercial features
  need a running license daemon with a valid license
  per user a subscription necessary - no distinction according to client access

Import license

• First subscription of a customer is the base subscription
  this subscription has to be in the file /etc/zarafa/license/base
• More Benutzersubskriptionen expand as additional Cal the base
  they are written to /etc/zarafa/license/
  cal1., The number 1 is for the first expansion and must be increased for each extension.
• At present it is not yet possible to use the UCS interface for license key management. This must be done at the command line.
• Examplekey: Zarafa 7.1 - 25 users - valid for 30 days
  Z0ZX0068ZX07Z86FFTKJ5B09K

Language configuration

Language setting

• During the first start you have selected the default language for VM.
• For Zarafa the first specified language is crucial.
• You can change at basic settings the language configuration.
• For the mailbox folder language take care configuration in the file /etc/default/zarafa.
• The language for the folder in the public folder is set in the variable ZARAFA_LOCALE.
• The language for the user mailboxes is specified in the variable ZARAFA_USERSCRIPT_LOCALE.
• Changes will only be used for new users.

Indexing

Zarafa Search

• By default, the indexing is turned on. This can be turned on or off in the /etc/zarafa/server.cfg about the variable search_enabledIn addition, the service zarafa-search must be running.
• The configuration of the indexing takes place in the /etc/zarafa/search.cfg file.
• It is possible to index also e-mail attachments. For this purpose, the variable must be index_attachments turned on.
• The variable index_attachment_max_size you can set the maximum size of file attachments.

Tuning MySQL database and Zarafa server

MySQL database (1)

• The virtual machine is imported by default with 2 GB RAM. For this RAM size the MySQL database is already optimized.
• Zarafa uses the InnoDB database engine. The InnoDB cache is Zarafa installation adapt in any of the hardware.
• The size of the cache should be 50% (min. 25%) of the available memory.
• InnoDB uses next to the data file also an associated log file, which should have 50% of the cache size, 4GB maximum.

MySQL database (2)

• The configuration takes place in the /etc/my.cnf file.
• The following variables are grounds to adapt: ​​innodb_buffer_pool_size = 1024M 1GB cache size innodb_log_file_size = 512M 512MB log file size
• If the Log_file_size is adapted you have to save the MySQL server log files (var/lib/mysql/*iblog* before restarting. Then If not start, copy logfile back, reset value and start database with old configuration.
• Read more tuning options for the MySQL documentation.

Zarafa cache

• The Zarafa cache stores views (such as a list of e-mail folder or Schedule an indicated period) in table form and supportive to ensure the database cache for fast response times even for large environments.
• The configuration takes place in the /etc/zarafa/server.cfg file.
• The following three variables are to be adapted for each installation: cache_cell_size = 512M cache size should be 25% of the RAM cache_object_size = [100k / user] contains folder hierarchy cache_indexed_object_size = [512k / User] contains all IDs

Updating Zarafa

Major / minor updates

• The version number 7.1.10 has the following structure
  7.1 => major release number
  10 => minor release number
• Major releases (7.0.x, 7.1.x, 7.2.x) contain bug fixes and a number of new features and technologies.
• Minor releases (7.1.9, 7.1.10, 7.1.11) contain mainly bug fixes and security updates.
• For a major update a valid subscription is required. Each major release has its own license key. With a major update and the license is in addition to the software to be updated.
• Minor releases can always be recorded. In addition to the software update, no further change is necessary.
• In UCS systems, the updates will rule recorded via the AppCenter.

User management in UCS system

UCS basically uses a OpenLDAP / Samba 4 LDAP server to manage users and groups.

In the demo VM no demo users are similar applied.

This chapter draws attention to the graphical management of the OpenLDAP server.

UCS-user (1)

• Click at UCS management interface to User.
• Here is a list of all already created users. New users can be created by clicking on Add

UCS-user (2)

• Select the user template between Zarafa, Zarafa account or Shared Store.
• Shared stores are resources or functional mailboxes. Account means a normal user.

UCS-user (3)

• Here the user's personal data can be collected.
• Click Advanced settings to see all fields.

UCS-user (4)

• In Shared stores the password check can be ignored, but you have to store a password. This password is ignored.
• Click to manage Zarafa settings at the tab Zarafa.

UCS-user (5)

• Zarafa role defines the type of the user.
• Administrators note no permissions and thus make settings and permissions for functional mailboxes and resources.
• The alternate may send on behalf of e-mails.
• User Quota override the global settings.

Shared Stores

• As a shared store apply to both functional mailboxes (to be edited by multiple people at the same time eg sales @, accounting @ ...) and resources (rooms, equipment ...).
• In the User Manager, the automatic behavior can be set at appointment requests.
• To send e-mail with the sender address of the shared Stores, the Send-As permission must be set on the command line.
• Um E-Mail mit der Absendeadresse des Shared Stores zu versenden, muß auf der Kommandozeile die Send-As Berechtigung gesetzt werden.
• provide: zarafa-admin -u [sharedstore] --add-sendas [username]
• delete: zarafa-admin -u [sharedstore] --del-sendas [username]
• view: zarafa-admin --list-sendas [sharedstore]

Groups (1)

• On the UCS Managementoberlfäche Groups.
• Here you can see a list of all existing. New you can create by clicking on Add.

Groups (2)

• Each group needs a name and an email address.
• It allows users and groups are added as members.

Groups (3)

• Under the Zarafa tab, you must define a group as Zarafa group, otherwise it is not available.
• Groups can be hidden from the global address, but can then be used anyway.

Connecting clients to Zarafa

In this chapter, the following clients are described in more detail:

• Microsoft Outlook
• Smartphones (iPhone, Android, ...)
• Zarafa WebApp

Microsoft Outlook

Installation Zarafaclient

The Zarafaclient is not included in the VM, but can be easily downloaded and installed from the Windows desktop via a web browser

Zarafaclient must be installed on the desktop before any further steps. To do this, select ideally from the full installation.

Create MAPI profile

It is not possible Zarafa profile to an existing Outlook add profile. To establish a connection, a new profile via the control panel must always first be created.

Go to using the Control / E-mail (32bit) / profile ...

Create a Profile (1)

With Add ... to add a new profile and select a name.

Create a Profile (2)

Choose from manual configuration.

Create a Profile (3)

In service, select the Other from the Zarafa server log.

Create a Profile (4)

Now enter the credentials of the VM. You can choose between unencrypted or encrypted SSL connection. Finally, select either Online or Offline profile.

Create a Profile (5)

If you received multiple profiles that the new profile is loaded directly. Alternatively, select the question of the profile when Outlook starts.

Configuring the Offline profile

In an offline profile, you can optimize the synchronization on network connection by obrige settings. New information is then synchronized immediately.

Smartphones

Installation of Z-Push

By using the ActiveSync protocol can complete all current mobile devices such as iPhone, Android, Windows Mobile, etc., are connected natively

Zarafa Z-Push is the open source version of Active Sync.

Unfortunately, Z-Push is not preinstalled on the DemoVM. It can be easily installed from the UCS AppCenter.

Installation on Smartphones (1)

Zarafa Z-Push supports all Active Sync functions may not support the applications on your device all the functions.

The configuration is similar to a connection to an Exchange server.

• Add in the settings, add a new Exchange profile.
• Select the manual configuration
• The web server in the virtual machine accepts both encrypted (SSL) and unencrypted connections.

Zarafa WebApp

Access to WebApp

In a browser (Firefox, Internet Explorer, Google Chrome, etc.) you open the URL http: // [ip-address] / webapp the WebApp.



After the first login, a basic configuration dialog appears where you can select the language for example.

Operation WebApp (1)

In the top row, you get access to the different areas (e-mail, calendar, etc.) and settings.

The point Zarafa will take you to a summary screen. There are various plugins can be added, such as unread emails, current events, etc. It is similar to the Today screen of MS-Outlook.

Operation WebApp (2)

Right under Logout plugin you can display a bar over the two arrows to the left. There can be added to installed plugins similar to the Zarafa page.

Operation WebApp (3)

New elements (email, etc.) are opened in Tab's. For example, can also be changed via keyboard shortcut between the Tab's. The controls must be switched with Tasturshortcuts in the settings.

Groupware features

Here the use of the following groupware features will be described in more detail:

• Permissions
• Delegation and Send-As (sending e-mails in the order)
• Automatic "book" of resources

Permissions

Permissions (1)

Click with the right mouse button on any folder (eg Inbox, Calendar, etc.). Click Properties to achieve the permissions dialog.

Permissions (2)

Both in Outlook and in the WebApp the same settings are available. The profiles (such as secretary (in)) are identical.

Permissions (3)

Permissions are inherited down. If you want to share a subfolder, must at least for the top. "No rights" will be awarded. Then "folders" is selected, only so the subfolders are accessible.

Delegation and Send-As

Delegation / Send-As

To send in his name E-mails are 2 different ways.

• Delegation = receiver sees the author of the e-mail by [author] on behalf of [delegating] as the sender
• Send-As = recipient sees only the delegator as the sender

The Send-As configuration is mostly for collecting mailboxes (info @, support @, etc.) so that the actual source is not visible.

Delegation (1)

To define an alternate opening in the WebApp under Settings / deputy and in MS-Outlook Zarafa tab under the corresponding dialog deputy.

Delegation (2)

Look for them in the global address the appropriate user and then define min. Inbox under a corresponding Berechtungsstufe. Enough is Secretary (in). Look in the WebApp out the configuration using the button to save Apply.

Delegation (3)

In order to write on behalf of an e-mail / answer, you have to first open the inbox of the delegator.

When you reply to an e-mail, the e-mail address of the delegator is automatically in the "From:" field inserted.

If you want to write a new e-mail in the order, please add the "From:" field of view even add and define the e-mail address manually.

Send-As (1)

The configuration of Send-As must be done by an administrator on the command line.

Please note that set delegate permissions override the Send-As configuration for security reasons.

While at the alternate configuration, the read / write permissions on the folder (eg Inbox) are set automatically, this must be done manually with Send-As.

Send-As (2)

The zarafa-admin command -u [resource] --add-sendas [user] adds the [Users] Send-As permission on the [resource] added.

With zarafa-admin --list sendas [resource] You can view the authorized users.

Send-As (3)

For now, on behalf of (a resource) to write an e-mail / answer, you have to first open the Inbox of the resource.

When you reply to an e-mail, the e-mail address of the resource is automatically in the "From:" field inserted.

If you want to write a new e-mail, please add the "From:" field of view even add and define the e-mail address manually.

Automatic "book" of resources

Appointment requests (1)

Resources can automatically respond to meeting requests. The following options are possible:

• Automatically accept all requests
• Cancel at schedule conflicts
• Do not accept recurring appointments

The configuration is done in the UCS user administration in the Zarafa tab.

Data Migration

There are several methods for retrieving data from other groupware servers or just e-mail servers to migrate.

In the following slides, the migration of Exchange servers / PST files is described in more detail.

To perform another solution of (groupware or e-mail server) data migration, there are the following other notes Wiki

Migration Tool

Zarafa provides with a migration script. This tool is used for automated migration of

• Exchange Server [completely or only single users]
• PST file (s)
• Scalix Server

The migration tool can be downloaded from the Internet from the Windows desktop via a web browser.

Exchange Migration (1)

• To migrate with the migration tool, you need the following information:
• Administrator User Information Exchange server
• Zarafa System user information of a user with administrator permissions
• Mapping file
• In the next slide you can see on the Exchange server, the mapping file can be prepared if you must migrate files from PST file, follow the mapping to be prepared. PST-filename, zarafalogin

Exchange Migration (2)

• On the Windows command line (cmd) can use the following command the necessary information from the AD is written to a csv file
• csvde-f C: \ User \ Demo admin \ Desktop \ zarafa-migrator.csv-d "DC = demo company, DC = local" r objectCategory = user -l "legacyExchangeDN, sAMAccountName"
• It must be the path behind-f and the domain name be adjusted behind d
• The csv file contains all users from AD in order DN, login name, legacyExchangeDN
• Important for the mapping file is the legacyExchangeDN which should look like this:
exchange, zarafalogin
/ o = TESTER / ou = firstadministrativegroup / cn = Recipients / cn = Demo1, Demo1

Migration Tool (1)

Choice whether to migrate from Exchange, PST files or Zarafa after PST.

Migration Tool (2)

Possibility to change the LOG settings.

Migration Tool (3)

Credentials for Exchange Server with administrator account.

Migration Tool (4)

Access for Zarafa administrator account. Demo1 with password Demo1 is pre-configured as Administrator.

Migration Tool (5)

Selecting the Create earlier mapping file.

Migration Tool (6)

Start the migration process.

Migration Tool (7)

Final Report on migrated data.

Migration Tool (8)

Settings can be saved for another call.

Backup

• For a complete and rapid disaster recovery following backups are set up:
• MySQL database
• Attachment directory
• Configuration directory / etc / zarafa /
• Configuration directory / etc / postfix /
• OpenLDAP for use
• Essential is to make a backup of the database and the attachments

Zarafa secure data

• The database is ideally backed up with a dump.
• mysqldump command must be executed with the mandatory --single-transaction option.
  
• It can also be used to secure the following methods:
• File System Snapshot
• Database Replication
• Mysql completely wegsichern folder / var / lib /
• In addition, eg with rsync, a commercial backup tool or other configuration wegzusichern the attachment directory

• Zarafa subscriptions provide access on the Zarafa Backup. It is a brick level backup tool that allows the administrator to create individual entgültig deleted items again.
• There are two commands:
• zarafa-backup
• zarafa-restore
• When backing (zarafa-backup backs up all user -a + public folder) is created for each user a data file and an index file
• With a helper script readable-index.pl (located in / usr / share / zarafa-backup /) you have an easier way to evaluate the index file.