[horde] Generell Server setup question - splitting services

Niels Dettenbach nd at syndicat.com
Thu Dec 3 16:35:42 UTC 2009 

On Thursday 03 December 2009 17:02:59 Götz Reinicke - IT-Koordinator wrote:
> What I think off is, to put the webserver-stuff on an other box, putting
> the database on an onther and leaving the mailserver doing the
> mailstuff. So to set up three servers.
Yes,

it is possible to place i.e.:

 1.) the (SQL) database
But even the databases (1.) could be "divided" into clusters. The same might 
hapen for 2. 

 2.) Apache / Horde
There might be some users which are running a cluster of Apache / Horde 
servers behind a load balancer / level 4/7 router (proxy - like squid or 
others).

 3.) Mailsystem
  -> this one could be didided into:
   * IMAP server
   * SMTP server

too to different boxes. This may makes sense if you have a large amount of 
(different) mail users or a huge database.

For performance reasons it is important to held the connections between the 
servers (especially database and Apache / Horde) as fast as possible(!).

But in this scenario - if you do authentication against local (unix) passwd 
authentication - you have to find a suitable way to authenticate Horde / 
Apache against the mail machine. 

One way is to use simple IMAP authentication against the IMAP server (means 
you held all authentication details on the IMAP machine)

If you run i.e. cyrus with saslauthd and/or pam you are flexible in which 
authentication base you are using - i.e. passwd, SQL, LDAP and many others..

Another way is to run another

4.) authentication server
which just holds AAA information and service.


> Is this possible? If so, is there some best practice guide I haven'd
> found yet?
I think this highly depends from your and your users needs, possible hardware 
and the amounts of data to handle - so there might be no real "best practise" 
for such a setup.

Afaik there are many users which are running SQLish databases (MySQL, 
Postgres) for storage. This might be suitable if you have many users on a few 
"levels" (like an typical ISP).

Many "typical" (larger) organisations might better go with an directory 
service like LDAP (or the KOLAB system) as this better fits typical 
hierarchical organisation schemes.

Many decisions here depends highly from what is still there (i.e. LDAP dir, 
Radius, MySQL DBs or other things).

It seems there is no border how many servers could be invited into a Horde 
Groupware systems. How far it makes sense depends highly from what you have 
and what you want. ;)


hth
cheers,


Niels.

-- 

---

  Niels Dettenbach
  ---
  Syndicat IT&Internet
  http://www.syndicat.com
  T.-Muentzer.-Str. 2, 37308 Heilbad Heiligenstadt - DE
  ---
  Kryptoinfo: 
  PGP public key ID 651CA20D
  Fingerprint: 55E0 4DCD B04C 4A49 1586  88AE 54DC 4465 651C A20D
  https://syndicat.com/pub_key.asc
  ---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.horde.org/archives/horde/attachments/20091203/073f91d0/attachment.bin>

More information about the horde mailing list