At the company that I work for I have a domain with 25 computers and SBS Server 2000. From the SBS I am using ISA and Exchange. No need for SQL. Also we are using SourceSafe. Because most of the users in the domain are smart and know how they can defend themselves against the some time self destroying users, they are Administrators on their own computers, so no need for tight policies.
The only policy in place is the one which forces them to change the password every 60 days.
The original plan was that during the previous weekend to finalize the migration but not always everything goes as planned. Details below 
I am happy enough with the setup but I have some complains about it:
- All the services on one computer. No good for my health . Adds a lot of stress because no matter how good your backup procedures are sooner or later I will have to spend a weekend at work trying to recover after a disaster.
- I have to pay extra for antispam and antivirus software for Exchange
- I have to pay extra for tools which allows me to control what kind of sites are available. This is for ISA
- Exchange limits of only 16 + 16 GB for storage. I am using the Public Folders extensively but I still can’t offer to my employees a big inbox. Usually I have to limit the inbox at .5 GB which takes away some of the benefits of having an email server inhouse.
- SourceSafe. I read a lot recently about a lot of issues with Sourcesafe. From horror stories like corrupted repositories which so far I did not encounter to problems relating to branching and merging the branches back which we encounter a lot recently. On a side note I think the problems with merging the branches are also related to bad policies being in place in the company, but I am still searching for the right answer to this question.
There are other minor annoyances which are windows and microsoft related such as, server restart after a security update which is happening monthly in the best of cases, or the fact that you need to still have a floppy because you bought pack of 5 licenses for the client access to the server.
For you to have the entire picture you need to know that I was an windows network administrator, and I still remember how things are working and I had around me a wannabe *nix guru. He still has a lot to learn, but is more knowledgeable than me on *nix platforms.
The requirement was to have the transition as smooth as possible for the rest of the company, and also to minimize the down time of different services.
So after around 1 month of searching the net we started the transition around 2 weeks ago.
1. We installed OpenFiler on a computer with lots of storage space. This software transforms any good computer into a NAS appliance. Supports hardware and software RAID. Also knows about volumes. Basically you can add space as you need it. Is very good for a windows network because it integrates well with Active Directory. It has a web based interface for administration, which has some quirks but is usable. The only downsize it does not allow the volumes to be made smaller. It allows you to grow the volume as needed. We used version 2.0 beta. You download the ISO, burn the CD, and then follow the steps. It is easy. One thing that delayed us for 2 minutes was the fact that is using https on port 446. And the network here is configured that all traffic goes through ISA which knows that https is on port 443 (I think). The easy way out is to just add the ip to the local area network and then your browser will bypass the server.
So now I have a lot of storage space at my disposal. I transffered a lot of files from the server to this computer. I still maintained the sourcesafe “repository” on the server.
2. Then we installed on another computer which has a public IP a FreeBSD 6 with LAMP (or should I say BAMP ) and Jabber. Now we can connect to the instant messanger in the company from anywhere in the world. Also on LAMP I installed a modified version of ActiveCollab , MODx and SugarCRM . BTW did I mention that the wannabe *nix guru is a very good php programmer? You should see how fast is able to change things on other people source code. He did a lot of changes to the active collab. We added time tracking and issue management (something like Mantis)
Point 2 took most part of the 2 weeks.
3. In the mean time we installed on a spare computer FedoraCore4 with Zimbra and Subversion. Subversion is keeping the files on the computer from the point 1. I discovered that is easy enough to migrate from Exchange to Zimbra and from Source Safe to Subversion. Zimbra is coming with his own migrate wizard which I think the receptionist in our company can use it to migrate the users away from Exchange. Was so nice when I saw that my inbox was withouht quota at last. I am limited only by the size of the hard drive (or so I was thinking at that stage). To migrate from SourceSafe to Subversion we used a tool called vss2svn (I know lack of imagination probably). I successfully migrate all projects. Then I asked a programmer to install TortoiseSVN and start playing with some old projects to see that we can still compile the code. After 2-3 hours the programmer was happy with the tool. (Now I am thinking maybe I choose the wrong programmer)
So at this stage the only thing left was to put the Zimbra server live and shutdown the domain.
4. We came to work on saturday morning thinking well we have a 50 / 50 chance to do everything right from the first time. So we are replacing the hard drives on the production server with the hard drive from the spare computer. Fedora starts, and recognizes everything except a network card. After some tinkering with the seetings in ipconfig, both interfaces were up and running. Now we made the Zimbra software working, but because of lack of experience and knowledge we weren’t able to play properly with the settings in IPTables which will allow us to have the right ports opened. (Shame on us)
After 8 hours of trying I took a step back and reinstall the old hard drives in the production server.
Lessons learned:
- Do not install zimbra on a gateway, I think it easier just to add another computer as a firewall in front of zimbra.
- Try to think better about the single sign on concept. I am sure now that is going to be hard to modify the LDAP server that comes with Zimbra and make it work with SAMBA to create a domain without a Windows Server.
- Try to acquire more knowledge. Maybe by simulating the concepts using VMWare server (which I am doing it now) or get a more knowledgeable wannabe *nix guru. Would be great if I would found a real guru
So for the time being we are still using Exchange 2000, and SourceSafe. Now I am back in the simulation stage and I am planning that some time in the next month to try to finalize the transition.
Well, we got stuck actually with the zimbra installation.
IPTables configuration went fine. It took a little bit of time, but i managed to figure it out.
The problem was with the zimbra configuration. After installing it, it worked ok and seemed to be fine. When shutting down the server, the mbx service seemed to halt. We waited around the server for some time for it to get back but it did not show any signs.
The bad move was to do a reboot on the server when that service was shutting down. It was done by command, not by pushing reset or something, but i’m thinking it was kind of like a reboot in case of a power failure when the UPS could not take it anymore.
After rebooting, the zimbra services seemed to start ok, but when accessing the site, it gave errors like “the page cannot be displayed”…
We’ve searched the web for solutions, and it seemed that rerunning the configuration would have been the best solution. We did that, but the error was still there.
It was already a little bit late and we decided to call it a day.
I’m still wondering what the best solution would have been for this to be solved properly. We didn’t take any hazardous actions when installing and it looked very well. I’m thinking that it was a little bit of a problem waiting to happen in case of a power failure.
If you have any solutions to this, i would be very happy to put them to the test.
Instead of Fedora Core 4, you might want to try CentOS 4 – it is a free clone of RedHat Enterprise Linux 4 and therefore it is more stable (i.e. less bleeding edge software) and will be supported for 8 more years… plus, lots of packages designed for RHEL4 (such as Oracle) install very easily on CentOS 4…
I used Zimbra for about six months but eventually got annoyed with some of its shortcomings. Last week I migrated to Scalix (which also offers free Outlook Connectors) and I am very pleased with it. So much in fact I ended up writing quite a bit about it here:
http://www.stress-free.co.nz/content/view/289/2/
Get in touch if you need any free advice/help.
It’s always better to have your mail server behind a firewall or router/firewall box. While it’s possible to use iptables to get the right config we recommend that admins close off the server with a real or separate firewall and just open the SSL and MTA ports so mail can flow.
Sorry to hear you ran into trouble. We’ve got lots of folks who could help you out on the forums. http://www.zimbra.com/forums
-KevinH
Zimbra
great blog and very attractif