Plobbes-Higher-Availability


Toward Higher Availability

When considering High Availability (HA) there are a number of trade-offs that need to be considered. The trade-offs are not all technical, in fact, two critical factors are cost and complexity. One can install architect a system to be able to survive a number of different failure modes if one understands the risks to keeping the system up and available. Below is some random information on making a "generic" multi-server ZCS install more highly available.

Example Network: Server Perspective

  [Router]
     |
     +--- Public Vlan
     |
  [FWall]
     |
   +-+--+----+----+-----+----+-----+----+----+-----+----+--- Service VLAN
   |    |    |    |     |    |     |    |    |     |    |
 +---++---++---++---+ +---++---+ +---++---++---+ +---++---+
 |FE1||FE2||FE3||FE4| |LBa||LBb| |CH1||CH2||CH3| |LDm||LDr|
 +---++---++---++---+ +---++---+ +---++---++---+ +---++---+
   |    |    |    |     |    |     |    |    |     |    |
   +----+----+----+-----+----+-----+----+----+-----+----+--- Admin VLAN
                                   |    |    |
                                   +----+----+--- Private Cluster VLAN

Example Network: Logical Service Perspective

 [Router]
    |
    |  [FE-lb]  (Public services)
    |     |
    +-----+--- Public VLAN
    |
 [FWall]
    |
    |  [LDAP-lb] [SMTP-lb] [CS-lb] (Internal access only)
    |     |         |         |
  --+-----+---------+---------+---  Service VLAN

Load Balancing Method

 - round robin | least connections | ...

[FE-lb]:

 - vip: <public ip>
 - ports: (tcp) smtp(s) 25/465, http(s) 80/443, pop3(s) 110/995, imap(s) 143/993
 - hosts: fe1, fe2, fe3, fe4
 - balance method: <pick>
 - persistance: Yes by client IP
 - health check: port accessible
 - accessed by: Public/Internet

[SMTP-lb]:

 - vip: <internal ip>
 - ports: (tcp) smtp(s) 25
 - hosts: fe1, fe2, fe3, fe4
 - balance method: <pick>
 - persistance: Yes by client IP
 - health check: port accessible
 - accessed by: (Internal Only)

[LDAP-lb]:

 - vip: <internal ip>
 - ports: (tcp) ldap 389
 - hosts: ld1, ld2
 - balance method: round-robin
 - persistance: No
 - health check: port accessible
 - accessed by: (Internal Only)

[CS-lb]

 - vip: <internal ip>
 - ports: (tcp) 7071 (admin/saslauth), 7072 (nginx auth)
 - hosts: cs1, cs2
 - balance method: least connections
 - persistance: Yes by client IP
 - health check: port accessible
 - accessed by: (Internal Only)

Notes:

  • FE == "MTA-Proxy", CH == "Cluster Host", LD == "LDAP", LB == "Load Balancer"
  • Use aggregate/bonded interfaces
  • Redundant HV/AC
  • Redundant Power and Power Sources
  • Related services necessary for availability:
 - DNS

Load Balancer Specific Settings

 Host/Grp zmlocalconfig key (zmlocalconfig <key>)
 -------- -----------------------------------
 cs,fe    ldap_host = ldap-lb.my.domain
 ld       ldap_host = ld01.my.domain
 
 cs,fe    ldap_url = ldap://ldap-lb.my.domain:389 ldap://ld01.my.domain:389
 ld01     ldap_url = ldap://ld01.my.domain:389
 ld02     ldap_url = ldap://ld02.mh.domain:389 ldap://ld01.my.domain:389
 
 ld       ldap_bind_url = ldap://`zmhostname`:389 ldap://ldap-lb.my.domain:389
 
 fe,ld    zimbra_zmprov_default_soap_server = cs-lb.my.domain
 cs       zimbra_zmprov_default_soap_server = localhost
 
 fe,cs    zimbra_zmprov_default_to_ldap = false
 ld       zimbra_zmprov_default_to_ldap = true
 Host/Grp LDAP configuration key (zmprov gacf <key> | zmprov gs <svr> <key>)
 -------- -----------------------------------
 *global* zimbraSmtpHostname: smtp-lb.my.domain
 cs,fe,ld zimbraSmtpHostname: smtp-lb.my.domain
 
 *global* zimbraMtaAuthTarget: FALSE
 cs       zimbraMtaAuthTarget: TRUE
 fe,ld    zimbraMtaAuthTarget: FALSE
 [NO]cs-lb    zimbraMtaAuthTarget: TRUE (DO NOT USE)
 *global* zimbraReverseProxyLookupTarget: FALSE
 cs       zimbraReverseProxyLookupTarget: TRUE
 cs,fe,ld zimbraReverseProxyLookupTarget: FALSE
 [NO]cs-lb    zimbraReverseProxyLookupTarget: TRUE (DO NOT USE)
Jump to: navigation, search