Plobbes-Higher-Availability
Toward Higher Availability
When considering High Availability (HA) there are a number of trade-offs that need to be considered. The trade-offs are not all technical, in fact, two critical factors are cost and complexity. One can install architect a system to be able to survive a number of different failure modes if one understands the risks to keeping the system up and available. Below is some random information on making a "generic" multi-server ZCS install more highly available.
Example Network: Server Perspective
[Router] | +--- Public Vlan | [FWall] | +-+--+----+----+-----+----+-----+----+----+-----+----+--- Service VLAN | | | | | | | | | | | +---++---++---++---+ +---++---+ +---++---++---+ +---++---+ |FE1||FE2||FE3||FE4| |LBa||LBb| |CH1||CH2||CH3| |LDm||LDr| +---++---++---++---+ +---++---+ +---++---++---+ +---++---+ | | | | | | | | | | | +----+----+----+-----+----+-----+----+----+-----+----+--- Admin VLAN | | | +----+----+--- Private Cluster VLAN
Example Network: Logical Service Perspective
[Router] | | [FE-lb] (Public services) | | +-----+--- Public VLAN | [FWall] | | [LDAP-lb] [SMTP-lb] [CS-lb] (Internal access only) | | | | --+-----+---------+---------+--- Service VLAN
Load Blancing Method
- round robin | least connections | ...
[FE-lb]:
- vip: <public ip> - ports: (tcp) smtp(s) 25/465, http(s) 80/443, pop3(s) 110/995, imap(s) 143/993 - hosts: fe1, fe2, fe3, fe4 - balance method: <pick> - persistance: Yes by client IP - health check: port accessible - accessed by: Public/Internet
[SMTP-lb]:
- vip: <internal ip> - ports: (tcp) smtp(s) 25 - hosts: fe1, fe2, fe3, fe4 - balance method: <pick> - persistance: Yes by client IP - health check: port accessible - accessed by: (Internal Only)
[LDAP-lb]:
- vip: <internal ip> - ports: (tcp) ldap 389 - hosts: ld1, ld2 - balance method: round-robin - persistance: No - health check: port accessible - accessed by: (Internal Only)
[CS-lb]
- vip: <internal ip> - ports: (tcp) 7071 (admin/saslauth), 7072 (nginx auth) - hosts: cs1, cs2 - balance method: least connections - persistance: Yes by client IP - health check: port accessible - accessed by: (Internal Only)
Notes:
- FE == "MTA-Proxy", CH == "Cluster Host", LD == "LDAP", LB == "Load Balancer"
- Use aggregate/bonded interfaces
- Redundant HV/AC
- Redundant Power and Power Sources
- Related services necessary for availability:
- DNS
Load Balancer Specific Settings
Host/Grp zmlocalconfig key (zmlocalconfig <key>) -------- ----------------------------------- cs,fe ldap_host = ldap-lb.my.domain ld ldap_host = ld01.my.domain cs,fe ldap_url = ldap://ldap-lb.my.domain:389 ldap://ld01.my.domain:389 ld01 ldap_url = ldap://ld01.my.domain:389 ld02 ldap_url = ldap://ld02.mh.domain:389 ldap://ld01.my.domain:389 ld ldap_bind_url = ldap://`zmhostname`:389 ldap://ldap-lb.my.domain:389 fe,ld zimbra_zmprov_default_soap_server = cs-lb.my.domain cs zimbra_zmprov_default_soap_server = localhost fe,cs zimbra_zmprov_default_to_ldap = false ld zimbra_zmprov_default_to_ldap = true
Host/Grp LDAP configuration key (zmprov gacf <key> | zmprov gs <svr> <key>) -------- ----------------------------------- *global* zimbraSmtpHostname: smtp-lb.my.domain cs,fe,ld zimbraSmtpHostname: smtp-lb.my.domain *global* zimbraMtaAuthTarget: FALSE cs zimbraMtaAuthTarget: TRUE fe,ld zimbraMtaAuthTarget: FALSE [NO]cs-lb zimbraMtaAuthTarget: TRUE (DO NOT USE)
*global* zimbraReverseProxyLookupTarget: FALSE cs zimbraReverseProxyLookupTarget: TRUE cs,fe,ld zimbraReverseProxyLookupTarget: FALSE [NO]cs-lb zimbraReverseProxyLookupTarget: TRUE (DO NOT USE)