TB/TB-2007-04-MNHOST

From Scalix Wiki
Revision as of 17:47, 25 February 2008 by Ltward (Talk | contribs) (Administration)

Jump to: navigation, search

TB -> TB-2008-04-MNHOST

Overview

The Hosting feature requires a MAILNODE_HOSTING license and is enabled via SAC or command-line command.

The Hosting feature allows a single Scalix server to support the mailboxes of more than one separate company. Each company has:

  • Its own domain
  • Its own set of user mailboxes (not visible to other hosted companies)
  • Its own view of the directory (not visible to other hosted companies)
  • Its own Public folder area (not visible to other hosted companies)

Each hosted company is associated with a different mailnode (OU1).

For example, for the ACME company
    Mailnode:      acme
    Domain:        acme.com
    Public Folder: ACME Shared Info


The Scalix server primary mailnode is reserved for 'super-admin' users (who do not have a restricted view of the system). Administration of hosted companies is via SAC extensions and plug-ins. Three mailnode hosting plug-ins are provided: sxhostcfg, sxhostadd and sxhostdel.

Features

Hosted company linked to mailnode (OU1)

Each hosted company is associated with a different mailnode (OU1).

Associating each hosted company with a different mailnode allows the users of those companies to see a filtered view of the system that is comprised of only the data associated with their company (mailnode).

The primary mailnode is reserved for administration users (who do not have a restricted view of the system). Administration of hosted companies is via SAC extensions and plug-ins.

Full Scalix functionality for users within hosted company

Full support of Scalix features is provided for users of a hosted company for Outlook and SWA clients. Additionally the there is full feature support (eg. Calendaring) between users with the same hosted company.

Each company has its own domain name

The hosted company mailnode (OU1) can be associated with a domain name appropriate to the hosted company. This is the externally visible domain name and is used to construct the internet address of the mailboxes of the hosted company. Note that this requires licenses for the hosted mailnode domain (example: acme.mydomain.net or nova.mydomain.net) to be installed on the Scalix server.

Alternatively, the hosted mailnodes can all be associated with one domain (example: mydomain.net) and each user can manually be given an email address specific to their hosted mailnode and domain:
Fred.Allen@acme.mydomain.net
Mary.Newman@nova.mydomain.net

Each company has its own directory view

Each hosted company has its own view of the Scalix system directory. Any entries in the directory that have the same mailnode (OU1) of the hosted company are visible to the users of the company. By default these entries will be all users of the hosted company.

Directory entries can also be added for non-company recipients. These non-company recipients must be mail addresses external to the system. Additionally, these external recipients can be configured as internet (MIME) users, or 'rich text' (TNEF) users. Generally speaking, most external recipients will be MIME users, and external recipients on an Exchange/Outlook system will be TNEF users.

Each company has its own Public Folder view

Each hosted company has its own view of the Scalix Public Folders (Bulletin Board Area).

When a hosted company is added a Public Folder for that company is added as a top-level Public Folder. The permissions set on this Public Folder ensure that this is only folder visible to the hosted company.

By default any user of a hosted company can create a Public sub-folder under their top-level Public folder and add items to any Public folder within their view.

Administration

Installation - Setup script/SAC plug-in: sxhostcfg

To enable the hosting feature the 'sxhostcfg' script must be run on a Scalix server.

This script is available as a SAC plug-in on any Scalix server that has the MAILNODE_HOSTING license installed. This SAC plug-in can only be run by 'sxadmin'.

The 'switch on' option does the following:

  • Checks that an appropriate MAILNODE_HOSTING license is present on the server
  • Adjusts the folder permissions for the Public folders (Bullentin Board Area)
  • Deploys the sxhostadd and sxhostdel plug-ins for use with SAC
  • Configures ldapmapper to user authenticated bind (user=sxqueryadmin)

There is also a 'restart Scalix' option that should be used to ensure that all Scalix processes pick up the new configuration.

After running sxhostcfg, the authid must be used to log in to IMAP clients, including the SWA. The full user name cannot be used to access IMAP on a system with mailnode hosting configured.

This plug-in can also be used to disable the hosting feature on a server, the 'switch off' option will undo all of the changes desrcibed above.

Please note: great care must be taken not to switch off the hosting feature if the server contains multiple hosted companies and their data should still remain restricted. Turning the hosting feature off will allow any user to see the complete directory and also the contents of all Public Folders.

Mailnode hosting administration via SAC

SAC plug-ins are provided to add (sxhostadd) and delete (sxhostdel) hosted companies. These plug-ins can be run by the 'sxadmin' user and anyone in the ScalixAdmins group.

(All three mailnode hosting plug-ins (sxhostcfg, sxhostadd, sxhostdel) can be run as command-line scripts and have associated MAN pages.)

Add hosted company via SAC plug-in (sxhostadd)

After the 'sxhostcfg' setup script has been run the 'sxhostadd' plug-in is visible within SAC. This plug-in is run to add a new hosted company, and the following information needs to be supplied:

The company name (mandatory)
    - This is restricted to 64 alphanumeric characters (this becomes the mailnode)
The Public folder name (optional)
    - if not supplied then the company name is used
The associated domain name (optional)
    - if not supplied then the domain name is set to <company-name>.com

When the plug-in is run the following 'back-end' Scalix commands are executed:

/opt/scalix/bin/omaddmn -m <company-name> -D <domain-name> -N
/opt/scalix/bin/omaddrt -m <company-name>,mime -q unix -i mime
/opt/scalix/bin/omaddrt -m <company-name>,tnef -q unix -i tnef
/opt/scalix/bin/omaddbb -s <public-folder-name>
/opt/scalix/bin/omdelacln -t b -l :<public-folder-name> -g admin
/opt/scalix/bin/omdelacln -t b -l :<public-folder-name> -g local
/opt/scalix/bin/omdelacln -t b -l :<public-folder-name> -g default
/opt/scalix/bin/omaddacln -t b -l :<public-folder-name> -g admin -c visible
/opt/scalix/bin/omaddacln -t b -l :<public-folder-name> \
  -n */<company-name>,*,*,* -c create read subfolder editown deleteall contact visible

Delete hosted company via SAC plug-in (sxhostdel)

After the 'sxhostcfg' setup script has been run the 'sxhostdel' plug-in is visible within SAC. This plug-in is run to remove a hosted company, and the following information needs to be supplied to run the plug-in:

The company name (mandatory)
    - This is restricted to 64 printable string characters
The Public folder name
    - only needs to be supplied if different from the company name
Auto-delete users/group
    - tick this box if the hosted company users and group are to be removed

When the plug-in is run the following 'back-end' Scalix commands are executed:

/opt/scalix/bin/omdelpdl -l <company-pdls>  # if auto-delete selected
/opt/scalix/bin/omdelu -n <company-users>   # if auto-delete selected
/opt/scalix/bin/omdelbb -m <public-folder-name>
/opt/scalix/bin/omdelrt -m <company-name>,mime
/opt/scalix/bin/omdelrt -m <company-name>,tnef
/opt/scalix/bin/omdelmn -m <company-name>

Add/modify/delete company user via SAC (mailnode filter)

Each hosted company is associated with a different mailnode (OU1). The Users screen in SAC allows filtering of users based on mailnode. Therefore to view the users of a particular hosted company enable filtering by mailnode (Edit Filter) and then select the company name from the drop-down Mailnode list.

Selecting an existing user from the company user list will allow modification/deletion of the selected user.

To create a new user of a hosted company the Create User(s) button in the Users screen will launch the Create New User screen. The company mailnode must be selected from the drop-down Mailnode list to associate the new user with the correct company.

Add/modify/delete company 'internet' directory entry (mailnode filter)

To add the names of external recipients (i.e. recipients who are not users in the hosted company) user the Create User(s) screen and select the Internet mail user button.

Then in a similar fashion to added a hosted Company user use the Mailnode drop-down list to select either the 'mime' or 'tnef' version of the company mailnode. The 'mime' version will produce a MIME format message for the user added, whereas the 'tnef' version will produce Outlook 'rich text' format message for the user added. (TNEF is the format used to carry Outlook 'Rich text' data and retains all the Outlook attributes, flags, categories, calendaring info, task info, etc., and would be used if the recipient is another Outlook user.)

For example, for the 'Acme' company the mailnode used for an company user, an (external) MIME internet user and an (external) Outlook Rich Text user would be:

Acme                 # company user
Acme,mime            # internet user (MIME)
Acme,tnef            # internet user (TNEF Outlook 'rich text')

The OU1 of 'Acme' means that all these user will be visible in the Acme view of the system directory (address book).

Sending Emails to a Hosted Public Folder

Company relocation - moving to a different server

sxmboxexp -u for each user...

sxmboxexp -p -f -s for Public Folders...

Restrictions

A hosted company cannot span multiple servers

A hosted company must be configured entirely on a single Scalix server - there is no support for the mailboxes of a individual hosted company being split over 2 or more Scalix servers.

No directory sync between multiple servers

Directory synchronization between Scalix servers running mailbox hosting is not supported.

No global cross-server single-console SAC management capability

Each Scalix running mailnode hosting must be administered by SAC running on that server. The ability to manage a Scalix hosting server from SAC running on a different Scalix server is not supported.

3rd-party client LDAP access requires authenticated bind

When mailnode hosting ia enabled for a Scalix server LDAP access to the Scalix directory requires an authenticated bind.

Therefore 3rd-party IMAP clients will need to be configured to perform an authenticated bind on behalf of the mail user (username, password) if directory access is required.

Internet directory entries cannot be shared by hosted companies

The Internet Address of a user must be unique in the Scalix directory. This has 2 consequences:

  • If an external internet user has been added for one hosted company it cannot be added again for a 2nd hosted company (because the Internet Address has been used in the 1st external internet user entry).
  • An internet user cannot be added for a user in a different hosted company on the same Scalix server (because the Interet Address is already present associated with that user).

There are several workarounds for this restriction:

  • Use personal Contacts
  • Use a company Contacts Public Folder
  • Use SAC (or command-line) to 'wrap' the entry in a company visible PDL

Upgrading existing Scalix servers is not supported

Although it is possible to enable mailnode hosting on a server that has been upgraded to the hosting release this is not recommended as existing mailboxes will not have the correct hosting environment set-up.