ActiveSync credential separation and disabled users

[Jeroen van Meeuwen (Kolab Systems)]

On 2013-02-09 14:10, Axel wrote:
> I'm interested, too. I want to use nginx as web and also as SMTP and
> imap proxy in front of my kolab server. I would like to get some more
> informations about  dis-advantages of this solution.
> 

It's one of those things that, outside of advantages and disadvantages, 
is definitely subject to organization and deployment (use-case) specific 
requirements, the different technologies and their implementations 
administrators have positive or negative experiences with, if any at 
all, as sometimes the choice for a particular implementation is also 
*because* of the lack of experience with an alternative option.

I suppose the fun starts with articulating the use-case for the 
deployment you're after, and then also, considering where it might grow 
from there as well. To illustrate, let us deliberate on the 
implementation of just IMAP as a service provided as part of the Kolab 
Groupware solution, ignoring for a moment there's also Roundcube, 
ActiveSync, Web Administration and Free/Busy web-services, LDAP, 
MTAs/MSAs, virtualization platforms, network topologies, storage and 
corporate policy or hosted plans (personal w/o ActiveSync, professional 
w/ ActiveSync, the design implications and impact on security of hosting 
business customers) to consider;

If the use-case is a hosted environment where individuals only get 
their own basic @hotmail.com-style mailbox (and no sharing folders 
between users is required), then an NGINX proxy in front of a bunch of 
standalone IMAP servers would do the trick.

If the use-case is to host all employee's mailboxes for a large 
organization, it is clear that one Cyrus IMAP server may not suffice. 
But, since one employee should be able to share its folders with any 
other employee, and since that other employee very likely has its 
mailbox on a different Cyrus IMAP server, one would need to run a Cyrus 
IMAP Murder (of any kind of topology) in order to make sure that the 
client IMAP connection is proxied to the IMAP server that the targeted 
folder resides on (and not merely the IMAP server the user's INBOX 
resides on).

The latter is not mutually exclusive with putting NGINX in front of it 
all, but the Cyrus IMAP Murder topology chosen does mandate particular 
choices in configuring the deployment of NGINX as an IMAP proxy.

Then there's the hosted environment that takes on complete 
organizations (with long lists of employees -> individual users), which 
can be approached as a mixture of both the former types of deployments.

Similarly, as I'm sure you'll understand, the configuration and 
deployment of high-availability, load-balancing and data redundancy (for 
the sake of either high-availability or disaster recovery (site local? 
site failover?)) are impacted, and significantly so, same as your 
Standard Operating Procedures.

All in all, the Kolab Groupware solution is *the* perfect solution to 
fit in precisely with the requirements you have at your home, or within 
your SOHO, SME, LE, hosted business or holding company, as it is 
made-to-measure and not commercial-off-the-shelf.

The inherent challenge is also to make the right choices out of all the 
option value you, all of us, are provided with.

The completion of the Free[1] and published[2] Deployment[3] and 
Administrator[4] Guides in full detail notwithstanding, which I hope 
will some day include your notes, thoughts, use-case and deployment 
considerations, I'm tempted to argue that somebody could build a 
business around it ;-)

Kind regards,

Jeroen van Meeuwen

[1] http://git.kolab.org/kolab-docs/tree/
[2] http://docs.kolab.org
[3] 
http://docs.kolab.org/en-US/Kolab_Groupware/3.0/html/Deployment_Guide/index.html
[4] 
http://docs.kolab.org/en-US/Kolab_Groupware/3.0/html/Administrator_Guide/index.html

-- 
Systems Architect, Kolab Systems AG

e: vanmeeuwen at kolabsys.com
m: +44 74 2516 3817
w: http://www.kolabsys.com

pgp: 9342 BF08