You are on page 1of 68


FSTC Bachelor in Computer Science

Comparing Microsoft Exchange Server
2013 to Zarafa 7.0 and Zimbra
Collaboration 8.0
Student number : 010078751D
A thesis submitted in partial fulllment for the
degree of Bachelor in Computer Science
Academic responsible : Dr. WAGNER Cynthia, University of
Luxemburg, RESTENA Foundation
Local responsible : TOMPERS Claude, RESTENA Foundation
May 2014
Academic Year 2013-2014
Declaration of Authorship
I, DAVID MORILLO, declare that this thesis titled, Comparing Microsoft Exchange
Server 2013 to Zarafa 7.0 and Zimbra Collaboration 8.0 and the work presented in it
are my own. I conrm that:
This work was done wholly or mainly while in candidature for a Bachelor in Com-
puter Science degree at the University of Luxembourg.
Where any part of this thesis has previously been submitted for a degree or any
other qualication at this University or any other institution, this has been clearly
Where I have consulted the published work of others, this is always clearly at-
Where I have quoted from the work of others, the source is always given. With
the exception of such quotations, this thesis is entirely my own work.
I have acknowledged all main sources of help.
Where the thesis is based on work done by myself jointly with others, I have made
clear exactly what was done by others and what I have contributed myself.
Our greatest weakness lies in giving up. The most certain way to succeed is always to
try just one more time.
Thomas A. Edison
School administrations these days are looking for a better solution in the world of mail
servers. Most school administrations only store mailboxes, but they need more features.
They are asking for functions like calendars and address books, the possibility to have
a shared calendar and shared address books.
In the framework of this Bachelor Thesis my task was to compare dierent mail solutions
and to identify their main features, but also to detect major issues, to meet the new
requirements for the educational environment (such as mail, calendar and address book).
Therefore, three solutions were tested.
The main purpose of this document is to analyse and explain which of these solutions
has the best suited features and tools for school administration problems. I will describe
in detail about how the testing was done and present a recommendation based on the
analysis. I will write about the deployment plan as well as the migration process to
elaborate the recommended solution.
Les administrations scolaires ces jours cherchent une meilleure solution dans le monde
des serveurs de messagerie. La plupart des administrations scolaires stockent seulement
des botes aux lettres electroniques, mais ils ont besoin de plus de fonctionnalites. Ils
demandent des caracteristiques telles que des calendriers et des carnets dadresses. La
possibilite davoir un calendrier partage et carnet dadresses partages, cest dont les
administrations scolaires ont besoin.
Dans le cadre de cette th`ese baccalaureat, ma tache etait de comparer les dierentes
solutions de messagerie electronique et didentier leurs fonctionnalites principales, mais
aussi de detecter les probl`emes majeurs pour repondre aux nouvelles exigences de
lenvironnement de leducation (comme messagerie electronique, calendrier et carnet
dadresses). Trois solutions ont ete testees.
Le but principal de ce document est danalyser et expliquer laquelle de ces solutions a les
caracteristiques les plus adaptees ainsi que les outils face aux probl`emes de ladministration
scolaire. Jecrirais sur le plan de deploiement aussi bien que le processus de migration
des donnees pour elaborer la solution recommandee.
I would like to thank director of RESTENA Foundation Mr. DUHAUTPAS Theo
for giving me the opportunity to perform this internship at RESTENA Foundation. I
especially thank my local responsible Mr. TOMPERS Claude for helping me each time
when I needed support. He helped me by advising me on, how to solve problems and
how to deal with them.
I would like to thank Mr. STIEFER Marc who helped me a lot in this project, to
understand the world of email and DNS(Domain Name System). He was a great help to
my project, without him, I would not have understood the real world of mail servers and
how they work. I would like to thank Mr. WINTER Stefan for helping me in complex
situations, by advising and explaining me aspects on rewalls. I would like to thank Mr

EMONT Bruno for giving me advice in Java language, that I needed for testing a
feature in Zimbra. I would also like to thank Dr. WAGNER Cynthia and Ms. BALIC
Anne for helping me writing this thesis.
Thanks to the whole team at the RESTENA Foundation, they are great people. They
made me feel good and happy while working there. It was very comfortable being in
this internship with this team. They are all kind people and were always willing to help
me. It was a pleasure working at the RESTENA Foundation.
Thank you.
Declaration of Authorship i
Abstract in English iii
Abstract in French iv
Acknowledgements v
List of Figures ix
List of Tables x
Abbreviations xi
1 Introduction 1
1.1 Denition of the project . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Environment 2
2.1 Mail concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.2 Existing mail solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.3 Test network and conguration . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Microsoft Exchange Server 2013 5
3.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3.2 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2.1 Sharing calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.2 Shared mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.3 Shared address book . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.4 External authentication . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2.5 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.2.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.3 Advantages & Drawbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.3.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4 Zimbra Collaboration 8.0 11
4.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
4.1.1 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Contents vii
4.2 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2.1 Sharing calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.2.2 Shared mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.2.3 Shared address book . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.2.4 External authentication . . . . . . . . . . . . . . . . . . . . . . . . 14
4.2.5 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.3 Advantages & Drawbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
4.3.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5 Zarafa 7.0 20
5.1 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.2 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5.2.1 Sharing calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2.2 Shared mailbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.2.3 Shared address book . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.2.4 External authentication . . . . . . . . . . . . . . . . . . . . . . . . 23
5.2.5 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.2.6 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3 Advantages & Drawbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.3.1 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6 Comparison & Recommended solution 27
6.1 Comparison of the installations . . . . . . . . . . . . . . . . . . . . . . . . 27
6.2 Comparison of the features . . . . . . . . . . . . . . . . . . . . . . . . . . 28
6.2.1 Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.2.2 Stability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
6.2.3 Remote Administration . . . . . . . . . . . . . . . . . . . . . . . . 31
6.2.4 Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
6.2.5 Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
6.2.6 Pricing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
6.3 Support Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
6.4 Recommended solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
7 Data migration & Deployment plan 38
7.1 Migration process and roll back procedure . . . . . . . . . . . . . . . . . . 38
7.2 Deployment plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
7.3 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
8 Conclusion 43
8.1 Global conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.2 Personal Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
A Appendix 45
A.1 TRAVAIL DE FIN DETUDES . . . . . . . . . . . . . . . . . . . . . . . . 45
A.2 CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Contents viii
B Zimbra Custom Authentication 46
B.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Bibliography 52
List of Figures
2.1 Mail concept[59] . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4.1 Zimbra Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
4.2 Zimbra web interface share calendar . . . . . . . . . . . . . . . . . . . . . 13
5.1 Zarafa shared folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.2 Zarafa shared folder window . . . . . . . . . . . . . . . . . . . . . . . . . . 22
List of Tables
6.1 Compare - Hardware requirements . . . . . . . . . . . . . . . . . . . . . . 27
6.2 Comparison of administration features . . . . . . . . . . . . . . . . . . . . 28
6.3 Comparison of user features . . . . . . . . . . . . . . . . . . . . . . . . . . 29
6.4 License price comparison per mailbox . . . . . . . . . . . . . . . . . . . . 34
6.5 Pricing comparison of the three suites . . . . . . . . . . . . . . . . . . . . 35
MS Microsoft
OS Operating System
IP Internet Protocol
AD Active Directory
AD DS Active Directory Domain Service
DC Domain Controller
LDAP Lightweight Directory Access Protocol
DB Data Base
DNS Domain Name System
MX Records Mail EXchanger Records
SMTP Simple Mail Transfer Protocol
SSL Secure Sockets Layer
TLS Transport Layer Security
RADIUS Remote Authentication Dial In User Service
TCP Transmission Control Protocol
IMAP Internet Message Access Protocol
POP Post Oce Protocol
SSH Secure SHell
ESXi Elastic Sky X integrated
GAL Global Address List
MTA Mail Transfer Agent
MUA Mail User Agent
FQDN Fully Qualied Domain Name
Chapter 1
1.1 Denition of the project
The aim of this bachelor thesis is to compare Microsoft Exchange collaboration suite to
Zimbra and Zarafa.
RESTENA Foundation wants to implement a new solution for their stored mailboxes,
to meet the new school administration requirements. At the moment only mailboxes are
stored on the servers. My project is to identify which one of those three solutions ts the
best in their actual environment and meets all requirements, such as shared mailboxes,
shared calendars and shared address books. Besides these general requirements the
collaboration suite shall additionally fully support Microsoft Outlook [36]. The used
approach to identify the best solution out of the three suites is to test them, which
means, I will install each collaboration suite and verify if they work properly and if the
main features are supported. After testing the solutions, I point out the advantages and
drawbacks and after comparing them. A recommendation will be drawn by analysing
features like performance, stability, pricing, etc. The migration procedure is to move
the old mailboxes into the new solution and to have a roll back procedure in place to
migrate back, taking into account the data integrity of the mailboxes. At last I present
a deployment plan for the recommended solution with the technical specications of
the servers such as quantity of the servers, the size of the servers, the fail-over and the
backup techniques, as well as the licensing model.
Chapter 2 will contain information and details about the environment I worked in and
give a description of the mail concept. Chapter 3 describes the Microsoft Exchange
Server 2013 installation process, how it was tested, its features, the problems that
occurred while testing and its advantages and drawbacks. The same is done in chapter
4 for Zimbra Collaboration 8.0 and in chapter 5 for Zarafa 7.0. Chapter 6 describes the
feature comparison of the three solutions. Chapter 7 describes the data migration and
deployment plan for the recommended solution. Chapter 8 presents a global conclusion
and presents some personal comments.
Chapter 2
This chapter will explain the basic concept of emailing, the currently existing mail
solution and the environment in which the tests of the three suites have been made.
2.1 Mail concept
A Mail Transfer Agent(MTA) is an SMTP [17] server, in other words, a mail transfer
agent is like the Mailman, without a Mailman we can not deliver any mails therefore
we need a mail transfer agent to successfully send mails when the mail is delivered, it
is stored in a mailbox server which uses the POP [57] or IMAP [7] protocol. The next
gure explains the mail concept:
Figure 2.1: Mail concept[59]
Chapter 2. Environment 3
We have two users, user A and user B and we have two MTAs. Both users A and B are
using an email client like Outlook [36] or Thunderbird [11] to manage their mailboxes.
An email client can be called a Mail User Agent(MUA). To explain the process of sending
and receiving an email we take A is going to send an email to B. The user A logs in into
his email client, and writes a new email which he will send to B. The transmission of the
email is done with the SMTP protocol to the mail transfer agent of A. SMTP stands for
Simple Mail Transfer Protocol. Every email message has a sender, a recipient, a title
and a text body. The protocol will take all these informations of the email message and
put it all together in one text. The MTA gets the email message over the Simple Mail
Transfer Protocol. The email will be forwarded to another mail transfer agent, still by
using the same protocol. It arrives at the mail transfer agent of B. The email is then
delivered into the mailbox of B. In order that B can read the new email message, he has
to log in into his email client to open his mailbox. Depending on how B congured his
email client, it will either use the protocol POP or IMAP. If B congured his email client
to retrieve his mailbox with the IMAP then the mailbox of B will be left on the server.
Every change that is made in the mailbox will directly be made on the mailbox server.
For example if B deletes an email in his mailbox it will be deleted on the mailbox server.
Using the IMAP protocol is good because B can use any device to read the mailbox and
will always see the same settings of his mailbox. The POP is dierent in a way that
the mailbox is always downloaded from the mailbox server and is stored locally in the
email client of B, every action that is made in the mailbox will only be made locally and
not on the mailbox server, deleting a message from the mailbox while using Post Oce
Protocol will not delete the message from the mailbox server. The POP and IMAP
protocol are only used for retrieving mailboxes and SMTP is used only for delivery of
mails as you can see on the gure 2.1.
This was a basic explanation of the mail concept, for more information check the refer-
ence of SMTP [17],POP [57] and IMAP [7].
2.2 Existing mail solution
The existing mail solution at RESTENA Foundation is the mail system called Cyrus[65].
Cyrus is an IMAP Server that only stores mailboxes on the server. No calendar and no
address books are stored in Cyrus. Their actual mailbox server is going to be integrated
in the recommended solution, if it can be integrated, else it will not be used anymore.
RESTENA Foundation has approximately 1000 mailboxes from school administrations.
Chapter 2. Environment 4
2.3 Test network and conguration
I was doing my testing on a separate network at RESTENA Foundation. At rst I had
to install an ESXi [68] server on a desktop computer. ESXi is an operating system that
is used for building and managing a virtualized IT infrastructure. Using this Operating
System for my testing was a very good choice, since I can have multiple virtual machines
with each having their own Operating System running and all this in one server. To test
the three solutions, three virtual machines are created in the ESXi server, this way I
dont have to install three dierent servers with three Operating Systems. One physical
server was enough to test all three solutions. This made my testing easier. As said
before, rst I had congured an ESXi server on a desktop computer but this turned out
to be too slow to handle the virtual machine of Exchange Server 2013, so I was provided
a real server where I could install the ESXi, since Exchange Server 2013 was using too
much memory. I used therefore version of ESXi.
I installed and congured the new server which was easy to congure. I just had to
follow the instructions on the screen of the installation. I named the server with the
name The server was connected to the test network of RESTENA
Foundation. The subnet of the test network is a /28. The Domain Name System(DNS)
server conguration was not made by me. I had to ask RESTENA Foundation to
congure the DNS server to add my server and my three virtual machines. The names
of my three virtual machines are,, and Later in the testing my three virtual machines got their Domain
Name [47],, and The DNS was congured
with A [74] records and MX [75] records, which are needed for the mail system. An A
record is to map a domain name to an IPv4 [60] address and a MX record is to map a
domain name to a mail transfer agent. The server and the three virtual machines were
all connected to the test network. Each of them had an IPv4 and an IPv6 [10] address
on test network.
To summarize this chapter, a mail system always needs a SMTP server and a mailbox
server or have both in one system. An ESXi server is very simple to install and to
congure, it takes less then 10 minutes to set up and it is very helpful for a testing
Chapter 3
Microsoft Exchange Server 2013
The Microsoft Exchange Server 2013[33] is a commercial suite, this is the rst suite
that I tested because I have to compare it against Zimbra and Zarafa which is my main
objective in this project. MS Exchange Server 2013 has a lot of features that meet the
requirements of the school administration. This chapter will describe the installation
of this suite as well as the issues encountered during installation. The test of the suite
which will present all the information and results on how the suite was tested. A list of
features and a section for the advantages and drawbacks.
3.1 Installation
Microsoft Exchange Server 2013 is a software that has to be installed on a Windows
Server. For testing this suite I used the operating system Microsoft Windows Server
2012 [45]. It is installed on the ESXi server on a virtual machine. The installation went
without problem, I just had to follow the instructions. After installing Windows Server
2012 i had to set it as Domain Controller(DC)[29]. A DC is running on a Windows
Server and is used to store users account data in a database and to authenticate the
users. It is combined with the Active Directory(AD)[22]. AD is a database that provides
services to the users, such as security policies, user authentication and is designed for a
large number of read and search operations. The AD is the core function of a Windows
Operating system. A Domain Controller is useful for system administrators because
it allows them to set up permissions to users and to manage the users. It handles
everything that is related to users and grants or denies access to users to some resources
that are on the Domain Controller.
A guide to make a Windows Server a Domain Controller, can be found on
After installing Windows Server 2012, the installation of Microsoft Exchange Server 2013
can start. The installation took approximately 20 minutes and 30 minutes to congure
MS Exchange Server 2013. There were no problems at all during the installation and
the conguration.
Chapter 3. Microsoft Exchange Server 2013 6
3.2 Testing
Microsoft Exchange Server 2013 has an Exchange Management Shell(EMS) [32]. This
Shell is an administrator console, which is used to manage the Exchange Server 2013.
The EMS can do all operation to manage the Exchange Server. For example you can
disable the IMAP function for a given mailbox, such that this mailbox cannot be ac-
cessed by IMAP anymore. Exchange Server 2013 has a web interface for managing the
administration. The web interface is called Exchange Administration Center(EAC) [31].
Its more user friendly than the Exchange Management Shell. The EAC supports at
most the same options as EMS.
EAC can be accessed in most by typing this address into the browser
https://windowss12/ecp, where windowss12 is the name of the Windows Server.
For testing I used the EAC, only rarely EMS for controlling if the settings were applied
correctly. Creating mailboxes was easy by using the EAC. It is straightforward, in EAC.
There is an option to add new mailboxes, add users to the AD with the name of that
mailbox. Sending and receiving worked without problem locally, without additional con-
guration after the default installation of Exchange Server 2013, since it default creates
the send and receive connectors to the domain of the Windows Server. Conguring the
accepted domains is by click & play via the EAC. After successfully conguring the
accepted domains I created an Email Address Policy(EAP) [30] that is used for email
aliases, since my Windows Server has a dierent domain name as the domain name that
I used. By default all my mailbox users have the default domain from the Windows
Server 2012 that I set up. In order to use the domain name that was set in the DNS
server of the RESTENA Foundation with their MX record, I had to create an EAP or
else I could not test the sending and receiving of mails externally. I created the EAP so
that every mailbox has a default domain.
To send mails to an external domain I had to create a Send Connector [40]. A send
connector controls where mail can be send to. By default the send connector is congured
to only accept outgoing mails to be of the same domain as of the Windows Server domain.
In order to send to other domains, the send connector has to be congured.
The test of sending an email to my university mailbox was a success and it was possible
to use the web interface to access the mailbox and to send the email.
Now I will describe the test for managing a mailbox over Outlook. I have to congure
the Exchange Server 2013 option called Outlook Anywhere [37], which can be found in
the EAC web interface, chose the option Servers and there you can modify the Windows
Server for Outlook Anywhere. With this I can now test if I can manage a mailbox on
Outlook. I congured Exchange Server 2013 to use the secure IMAP protocol. In order
to test if the secure IMAP works, I created a self signed certicate to make this work.
The reason why I tested it with the secure IMAP is because I just wanted to see if
Chapter 3. Microsoft Exchange Server 2013 7
it works. The secure IMAP uses Secure Sockets Layer(SSL) [12] to provide a secure
Creating a distribution group [28] is simple and no issues occurred. A distribution group
is a group where you can add users to a group.
3.2.1 Sharing calendar
It is not very complex to share a calendar. In the web interface just have to select the
calendar and to check for an icon named SHARE. This is sharing a calendar while using
the web interface and not Outlook.
In Outlook it is sucient to select in the menu Share to share a calendar and follow the
I did not test any other email client for the sharing of a calendar since a requirement
was that it works with Outlook. Exchange Server 2013, has an option to share calendar
with people via a web address. This way users dont need Outlook, or to be of the same
organisation to access a shared calendar. There is no need to login in order to see the
calendar since it is a public calendar. Only people knowing the web address can access
that shared calendar.
3.2.2 Shared mailbox
A shared mailbox is a mailbox that more user can access and congure permissions for
it. For more information check for shared mailbox [41]. Creating a shared mailbox is
simple by following the instructions in the ocial documentation [25]. I tested it and
worked but only administrators can create shared mailboxes. A shared mailbox can only
be opened by users that have the permission to open it. I could not nd out how to
open a shared mailbox in Outlook and the only way to access it was by using the web
3.2.3 Shared address book
A shared address book in Exchange Server 2013 looks more complicated. You need to
create an Address Book Policy[23](ABP) to make it work. I tested it and it works. Its
not an easy process of creating an ABP, but it is necessary for sharing an address books.
3.2.4 External authentication
The RESTENA Foundation has a freeRADIUS [55] in place therefore I needed to check
for compatibility of Exchange. This is not possible by default. After asking this question
Chapter 3. Microsoft Exchange Server 2013 8
[8] in the serverfault website a reply was that Exchange Server 2013 uses the Active
Directory of the Windows Server, which means that it only accepts Active Directory
and nothing else. It will only be possible to change the authentication in the Windows
Server itself. One possible solution would be to use an external authentication server
called SAMBA4 [58]. Due to time issues I did not try to test, because I still had to test
the two other collaboration suites.
3.2.5 Features
In the following list I give a list of important Exchange server 2013 features, starting
with the administration features.
Anti-malware [35]
Delivery Reports [27]
Queue Viewer [38]
Administrator console
Administrator web interface (Exchange Admin Center)
Email Address Policy
Global Address List(GAL) [34]
Distribution Group & Dynamic Distribution Group
Administrator roles
Permissions for administrator roles and user roles
Multiple domain (Accepted domains)
Multiple Server Role
Hybrid deployment [35]
Shared mailbox
User features:
Web access (
Outlook compatible
Works with any email client that supports POP/IMAP
Chapter 3. Microsoft Exchange Server 2013 9
Address Book
Automatic replies
Text messaging notications (For calendar appointments)
Trusted emails
Inbox rules
Message properties
Auto complete mail addresses
Shared Calendar & Shared Address Book
3.2.6 Problems
There were no problems while testing Exchange Server 2013 because everything is click
& play and follow instructions. The usage of Exchange Server 2013 is very simple. It is
straight forward since it was easy to install and to congure.
3.3 Advantages & Drawbacks
The advantages of Exchange Server 2013 are:
Easy to install and easy to congure
Accepted Domains
Database centralized with the Windows Server DC
User account automatically created when creating a mailbox
The security of user account with the Active Directory of the Windows Server
Multiple administrator roles
Access anywhere your mailbox with the web interface
Easy management of the Exchange Server with the Exchange Admin Center
Monitoring of the Exchange Server 2013 with the Windows Server
Very user friendly
Chapter 3. Microsoft Exchange Server 2013 10
Sharing of calendar works the same on the web application than on Outlook
The drawbacks of Exchange Server 2013 are:
The conguration of an Address Book Policy is complicated
Shared mailbox can only be accessed via the web interface(OWA)
Works only with Windows Server Operating Systems
The Windows Server has to be up to date
Need one or more powerful servers
Not Open Source
External authentication only works with another system that uses Active Directory
High load time after a system restart
No integration with Cyrus
3.3.1 Summary
After testing the Exchange Server 2013, it can said that the testing of this suite went very
good. The only thing that does not work is the shared mailbox on Outlook, which I could
not nd out why I could not access the shared mailbox on Outlook. The authentication
over a freeRAIDUS server that uses the RADIUS [56] protocol does not work, since
Windows only accepts AD databases. It could work with a RADIUS server that uses an
AD as a database.
Chapter 4
Zimbra Collaboration 8.0
The Zimbra Collaboration 8.0[72] is a commercial suite too but which is based on Open
Source. . The chapter will describe the installation of this suite and describe the
problems during the installation. The testing of this suite will give all information and
present results on how the suite was tested. A list of features of Zimbra collaboration
suite will be given and a section regrouping the advantages and drawbacks of this suite
will summarize this part.
4.1 Installation
Zimbra Collaboration 8.0 does not support Windows. It runs Linux. I used Ubuntu
10.04 LTS Server[64], I chose this because I had problems with OpenSUSE [52] and with
SUSE Linux Enterprise Server 11[61], for more details about my problems see section
The installation of Ubuntu 10.04 LTS Server did not show any problems. I only needed
more congurations than Windows Server. I just installed Ubuntu by default, I didnt
add any role to the server. It is not like Exchange Server 2013 where I had to create a
Domain Controller rst. This is not needed in Zimbra.
The installation took approximately 15 minutes to install Zimbra on Ubuntu. The
guide to install Zimbra is from the ocial documentation [93].
4.1.1 Problems
The problems occurred with the Operating System OpenSUSE and SUSE Linux Enter-
prise Server 11 while installing Zimbra.
On OpenSUSE I was not able to install Zimbra but I kept getting errors which I tried
to x, but I always got more errors after xing one. I tested this Operating System
Chapter 4. Zimbra Collaboration 8.0 12
because the RESTENA Foundation has a pre-installed OpenSUSE system therefore I
was asked to try to install Zimbra on it.
The second time installing Zimbra, I used the OS SUSE Linux Enterprise Server 11.
I installed everything and tested some features but as soon as I turned o the virtual
machine of Zimbra and turned it on again, nothing worked anymore. This was a serious
issue, I tried xing it, with no success. I decided to change to Ubuntu, a free Operating
System. Here I did not encounter any issues.
4.2 Testing
Zimbra has like Exchange an administration console and an administration web interface.
The console has the same function as the web interface to manage Zimbra. I used the
console more often on Zimbra than on Exchange. Zimbra, is the mail server that I
had the most issues with. Here is a screen shot of the web interface of the Zimbra
Figure 4.1: Zimbra Administration
It is pretty simple and straight forward to create a user and its mailbox. There is a
feature that Exchange does not support. It is called Zimlets [90] and allows to add
some applets like Google Translate or social applets to a user mailbox. Zimlets are little
applications that can integrated into Zimbra. You can even create your own Zimlet but
I did not have the time.
To continue the testing of Zimbra for sending and receiving mails from the Internet, I
had to add a domain alias since when I installed Zimbra I did not give it the same name
as the domain name that I used. Adding an alias domain name to Zimbra, was easier
than in Exchange. On the sign in page I observe some dierence to Exchange which
allows to choose in which version of the web mail to sign in. Can choose default,mobile
Chapter 4. Zimbra Collaboration 8.0 13
or tablet version.
This is a nice feature, because most people will check their mailbox with the mobile
phone when they are not at home. I tested the sending and receiving of mails and
worked without a problem. Of course this was tested only locally. Zimbra uses Postx
[53] as an MTA, which is congured by default in the Zimbra installation. You do not
need to congure Postx. Every change on the Zimbra Administration or on the console
automatically changes in the Postx. Zimbra has an integrated anti-virus and anti-spam
It uses AMaViS [2] solution to Scan incoming emails on spam. It has the anti-virus
ClamAV [5] and the anti-spam solution called SpamAssassin [3]. These are installed
with the Zimbra installation by default. Every incoming email is checked with AMaViS,
rst checking for spam and than for virus. For outgoing email only a spam scan is done
and no virus scan.
I tested with Outlook and it is working too. I used the IMAP protocol like in Exchange
but without the secure IMAP, since I did not know how to make a self signed certicate
for Zimbra. Therefore I just used IMAP.
4.2.1 Sharing calendar
The sharing of a calendar is fairly easy as in Exchange, where your calendar in the web
mail has a sharing option.
Figure 4.2: Zimbra web interface share calendar
The share properties are similar to Exchange. You even have the option like in Exchange
for a web address to link to the calendar. Using Outlook to share a calendar is the same
like in Exchange. I tested it and it works properly. An observation is that you can set
an appointment in the calendar to private so that people accessing the shared calendar,
Chapter 4. Zimbra Collaboration 8.0 14
cannot see the private appointments.
When sharing a calendar with a person or a group, the person or group will get an
email to ask, if they want to accept the shared calendar. This function is the same as
in Exchange.
4.2.2 Shared mailbox
The sharing of a mailbox in Zimbra is easier than in Exchange. You just have to create
a user mailbox and than login with that user. When signed in, go to Preferences where
you will have an option Sharing. There you can choose what you want to share in the
mailbox and set permissions. The sharing properties are similar to the sharing properties
of a calendar.
After sharing a mailbox with selected users a new Inbox will show up in their mailbox
or Outlook. It works with Outlook I tested it.
On Exchange I couldnt nd, how to get an Inbox of a shared mailbox. As said before
sharing on Zimbra was easier then on Exchange.
4.2.3 Shared address book
The sharing of an address book in Zimbra is simple and does not require an ABP(Address
Book Policy) like in Exchange. You just have to right click your address book and choose
Share Address Book. Afterwards you will get again the similar preferences like sharing
a calendar or mailbox. In Outlook go to your address book and right click the address
book that you want to share, afterwards choose that address book the Share option. I
tested it and worked without a problem. You can have people in your address book that
are private. Those will not be shared.
4.2.4 External authentication
Like in Exchange I had to test, if it possible to use an external authentication. It is
possible with Zimbra to have an external authentication that works with freeRADIUS2
To add an external authentication in Zimbra you have to create a custom authentication
[94], which means you have to code in Java. I started to search about it, but I could
not nd any help. I later got some help and found that I can use the Application
Programming Interface(API) of JRadius [6]. I needed that API to make the connection
between Zimbra and the freeRADIUS2. But this all lead into additional problems, that
I could not x with the time that I had left. So I opted for another solution in external
authentication, using a SAMBA4 [58] server. It is a server that acts like a Domain
Controller in Windows, it is a free software and it is Open Source. You can store users
Chapter 4. Zimbra Collaboration 8.0 15
in an OpenLDAP [50] database and authenticate the users with SAMBA4. I decided
that I should try with it.
The installation of SAMBA4 was done on a new virtual machine. After setting it up, I
congured Zimbra to use my new SAMBA4 server as an External Active Directory, it
worked after having a few issues with it. I authenticated one of my users from Zimbra
with the SAMBA4 server. I logged in with that user using the web interface and it
was successfully logged in. Afterwards, I tried to login with a user that was not in my
SAMBA4 server, but only in Zimbra, and I could not login because SAMBA4 could not
nd the user in the database of SAMBA4.
Unfortunately, I could not make it work with a freeRADIUS2 server, but it should be
possible with the custom authentication that Zimbra has.
4.2.5 Features
The most important features are listed below. First I give administration features and
then the user features.
Administration features:
Multi-domain administration
Dierent Global Address Lists for each domain
Dierent authentication methods for each domain
Domain Administrator
Global Administrator
Administration console
Search across domains
Messages and messages with attachment(s) that are send to multiple users are only
stored once
Native anti-virus and anti-spam
Automated spam training
Monitoring and status view with graphics
Attachment blocking
Install and Manage Certicates
External LDAP or Active Directory user authentication
Chapter 4. Zimbra Collaboration 8.0 16
Custom authentication
Class of Service [91]
Remote administration
Zimbra Administration web interface
User features:
Web access (
Web access looks similar to Outlook
Version of the web client, can choose from Advanced/Standard(HTML)/Mobile or
Multi-language support
Address Book
Trash folder for Mail/Address Book/Calendar and Tasks
Auto complete email addresses
Spell checker
Retention policies
Send message later
Hover over an attached image, shows a preview of the image
Export/Import messages in zip les
Trusted addresses
Mark as spam
Sort messages by size
Print multiple messages
Export/Import calendar to iCalendar format
Export/Import contacts to CSV(Comma Separated Values) format
Chapter 4. Zimbra Collaboration 8.0 17
Personal distribution lists
Add pictures to contacts
Customize free/busy message
Mark an appointment as private in the calendar
Multi-conditional search function (AND,OR,NOT, etc)
Save search
Attachment content search
Sharing Calendar/Mailbox and Address Book
4.2.6 Problems
I noticed that the Zimbra Administration web interface as some bugs, for example it
shows on the rst page all the services that are running and those that have stopped.
After a system restart the Zimbra Administration web interface will always show some
services as stopped but they are not stopped. This must be some web interface bug.
Custom authentication problem:
I coded for more than one week and searched for help or clues on how to code this
custom authentication. I used Wireshark [76], to nd out where the problem was in
my code, but it did not help. I could not nd anything useful analyzing the packets. I
could not nd any solution as their was no support at all on the web. I tried to ask for
help in the ocial forum of Zimbra, but no one has ever answered. I tried very hard to
make this work, but due to time constraints I had to take the decision to stop coding
without solving the issue. The source code of my custom authentication can be found
in the appendix.
SAMBA4 problem:
When I rst installed SAMBA4, I thought that it did not install any OpenLDAP with
it. LDAP stands for Lightweight Directory Access Protocol. It is a protocol for users to
access organizations and resources in a network. It is similar to an Active Directory.
I installed OpenLDAP, but this lead to conicts and problems. The reason why it
wasnt working, is because Zimbra was not accepting the credentials of the SAMBA4
administrator. It always said invalid credentials even though I was sure that it was
the correct one. So I started to search with Wireshark, but it did not help me a lot.
After analyzing it came up that maybe it does not work because SAMBA4 has installed
an OpenLDAP by default. After checking I realized that it does by default install
OpenLDAP. All this time I had two OpenLDAPs running on one system, which provoke
Chapter 4. Zimbra Collaboration 8.0 18
a conict. I found out about this conict by looking which port was used by SAMBA4
when starting the SAMBA4 services. The port 389 was already used before starting
SAMBA4. That is why it wasnt working correctly. So I recreated a SAMBA4 server by
deleting the old one, this time without installing an OpenLDAP. Afterwards it nally
worked. I now could authenticate Zimbra users with an external authentication while
using a SAMBA4 server.
4.3 Advantages & Drawbacks
The advantages of Zimbra are:
Can be installed on an free Operating system like Ubuntu
Multiple administrator roles
Access anywhere your mailbox with the web interface
Easy management with the Zimbra Administration web interface
Sharing in Zimbra is very easy
Does not need a powerful server to run Zimbra
Native anti-virus/anti-spam
Fast up time after a system restart
Custom authentication
A better web interface for administration than Exchange
The log les are easier to nd than on Exchange
The drawbacks of Zimbra are:
Some bugs with the Zimbra Administration web interface
Installation of Zimbra has more conguration to do than on Exchange
Very hard to congure the custom authentication
Not fully supported on Outlook, need the Zimbra Client to have a fully supported
email client.
Global Address List is not synchronized with Outlook
No integration with Cyrus
Chapter 4. Zimbra Collaboration 8.0 19
4.3.1 Summary
The test of the Zimbra suite did not go as good as Exchange. I had more issues with it
than with Exchange. I learned a lot with Zimbra. It is a very good solution for school
administrations. It has an easy sharing system for calendar and address book, which is
a key feature for school administrations and it works with Outlook. It has the ability
for custom authentication which could make it work with the freeRADIUS2 that the
RESTENA Foundation has in place, but I could not nd any information about this
so I am not sure if it possible or not. The Global Address list is not synchronized in
Outlook with the Zimbra server, I have to congure the Zimbra Connector Outlook [92]
in order to make this work in Outlook. I did not test the Zimbra Connector Outlook
because I found out about this feature too late and I had no time left.
Chapter 5
Zarafa 7.0
Zarafa 7.0 [82] is a suite like Exchange and Zimbra. Zarafa is part Open Source part
commercial like Zimbra. Zarafa supports the Operating System Linux like Zimbra. Since
I had already Ubuntu 10.04 LTS, I used Ubuntu for Zarafa too. This chapter will describe
the installation of this suite and if there were any problem during the installation. The
testing of the suite will present all the information and results. A list of features that
this suite has and also a section for the advantages and drawbacks are given.
5.1 Installation
The installation of Zarafa went pretty smooth compared to Zimbra. Zarafa does not
include a full software package of a mail server. Zarafa leaves it to the administrator
to choose which MTA, webserver to use. For the database I chose a MySQL database,
for the webserver I chose Apache and for the MTA I chose Postx. These have to be
installed before installing Zarafa.
I learned a lot more with Zarafa than with the other two suites. I had to setup myself
the MTA server which was very interesting. I chose Postx because the RESTENA
Foundation is using it too.
The installation of Zarafa took me approximately 10 minutes. This is less than for
Zimbra or Exchange. There were no issues during the installation process, everything
went as planned. I just had to do more congurations for Zarafa than for Zimbra and
Exchange, since Zarafa is not shipped as a full software package.
5.2 Testing
Zarafa has like Exchange and Zimbra an administrator console. The installation of
Zarafa does not come with a web interface administration center. It has only a ad-
ministrator console to manage Zarafa, since it does not have like Exchange and Zimbra
Chapter 5. Zarafa 7.0 21
any MTA and anti-virus/anti-spam. It is one reason why you do not need a web in-
terface for administration. You have to use the console to congure Postx and the
The community of Zarafa has created a web application for administration and is called
Z-Admin [63]. I did not try this web application, because I had Zarafa already installed
and the documentation said that it is recommended to rst install the Z-Admin before
installing Zarafa. I did not have the time to congure this Z-Admin and then install
again Zarafa. It has two web applications for the users to manage their mailbox. One
looks exactly the same as an Outlook interface and the second one has a unique interface.
Before I could test, sending and receiving emails I had to congure Postx. I learned
a lot by conguring Postx. The RESTENA Foundation is using Postx for their mail
server at the moment. That is the main reason why I chose Postx and not another
The Zarafa administration is managed with a script, called zarafa-admin. After creating
some users I tested sending a mail locally to another user with my conguration of
Postx, to see if I congured it correctly. The mail was sent and received. I noticed
when I was looking in the address book to choose an user to send the mail to, I saw a
group called Everyone. Zarafa by default creates a group where everyone is in. It is a
dynamic group and will update itself when creating or deleting users. Zarafa does not
create an administrator account, you can create one using the zarafa-admin script. An
administrator account can only have two levels. Level one is an administrator that can
open every mailbox on his domain and the second level is a system administrator, who
can access mailboxes within other domains.
After knowing how to congure Postx, I congured it to be able to send and receive
emails from other domains. I tested to send an email to my university email address and
it worked, I received an email from my university email address too. I did not congure
any anti-virus on my testing Zarafa, I only congured the SpamAssassin. My time to
test Zarafa was not enough to try everything out. This is why I tried to test the most
appropriate features, since anti-virus was not part of the project I did not test it.
5.2.1 Sharing calendar
In Zarafa it is dierent than in both other suites. Sharing a calendar in Zarafa, it may
look a bit less user friendly. You have to right click the calendar that you want to share
and then choose Properties. There you will have the Permission tab, you have to add
the users or groups in the permission list. Only the users in the permission list are able
to see the shared calendar. The permissions that can be set for the shared calendar are
similar to Zimbra. This will still not make the users or groups see the shared calendar
nor get any notication that there is a shared calendar. In order that it appears, the
Chapter 5. Zarafa 7.0 22
users have to sign in into the web application and use either one of the web applications
/webaccess or /webapp. Afterwards to get access to it they have to click on Open shared
Figure 5.1: Zarafa shared folder
A new window will pop up:
Figure 5.2: Zarafa shared folder window
There you have to add the name of the user that shared the calendar. You can click on
Name it will show you your address book. Choose the user that shared the calendar.
After that select which folder type it is. Sharing in Zarafa is way more unfriendly than
in the other both suites. To share in Outlook like in the web application, users need
to install a plugin called Zarafa Client [85]. Users do not need to use the plugin. It
is only needed if you want to have the permissions to share a calendar, that are in the
Zarafa web application. You can share a calendar in Outlook by simply right clicking
Chapter 5. Zarafa 7.0 23
the calendar that you want to share and choose the option Share, but if you use the
plugin you will have the permission tab like in the web application. This is good because
you can have all the same features as in the web application, but also bad that you have
to install this plugin. Zarafa has another option to open shared calendars. Zarafa has
an iCal gateway [79], which enables users to view their Zarafa calendar using clients
like Lightning Calendar [48], Evolution [14] or Mac iCal [4].
I only tested it with Lightning Calendar since I know how to use Thunderbird. I did
not try Evolution nor Mac iCal. You can open .isc les with Outlook too. An .isc
le extension is a Universal calendar format which can be opened by several calendar
Public calendars works too, but they have to be created in the Public Folder. Zarafa
does not have the feature with a web address, for a calendar. Only users that have
access to the shared calendar or public folder can see shared/public calendar. Sharing a
calendar only via a web address isnt supported by Zarafa.
5.2.2 Shared mailbox
Sharing a mailbox works the same way as sharing a calendar. Just right click the mailbox
that should be shared and add the permissions to the users or groups that should have
access to it. Afterwards the users that have permission to it have to add it in their
folder list by adding a shared folder.
To share a mailbox in Outlook you need the Zarafa client plugin else you will not be able
to share it. If you have a shared mailbox that was created with the wep application you
will see it in your Outlook as a folder with the name of it. If users do not want to install
that plugin they can just use the web application and add the shared mailbox with the
web application and afterwards they can use Outlook to access the shared mailbox.
5.2.3 Shared address book
Select the address book that you want to share and add the permission. Users then
add it via the Open shared folder... in their folder list. This does not work in Outlook
without the Zarafa Client plugin. In Outlook you can share an address book by right
clicking on the address book and then Share, but if you want to see the shared address
book as a folder as it is in the web application, this does not work.
5.2.4 External authentication
External authentication [81] on Zarafa works but only for LDAP and Active Directory.
I could not nd any information about a custom authentication to make it work for
freeRADIUS2. I dont know if it could work since at the moment there is no information
Chapter 5. Zarafa 7.0 24
about it on the web nor in the ocial documentation. It would work with my SAMBA4
server. I could not try it because I did not have enough time to test it.
5.2.5 Features
I will not list all the features, I will list only the most important features. I start with
the administration features and then give the user features.
Administration features:
Two web applications, /webaccess and /webapp
/webaccess has the exact same look like Outlook
A plugin for Outlook, Zarafa Client
Public Folders
iCal Gateway
Integration of a MTA of your choice
Integration of an anti-virus/anti-spam of your choice
Multi-language support
Multi-domain administration
Multiple LDAP servers support
External LDAP or Active Directory user authentication
Remote administration
Send delegation (SendAs or Send on Behalf, permissions for users/groups)
Attachment compression
Synchronisation with unix users
Distribution group called Everyone
User features:
Address Book
Chapter 5. Zarafa 7.0 25
Auto complete email addresses
Spell checker
Out of Oce
Customize Out of Oce message
Export/Import calendar to iCalendar format
Personal distribution lists
Add pictures to contacts
Mark an appointment as private in the calendar
Create and access shared Calendar,Mailbox and Address Book
Can book resources with the calendar
More calendar options than Exchange and Zimbra
Multiple calendars per mailbox
Export individual emails (In .eml le)
Automatic move, copy, delete, redirect or forward incoming email with rules
Automatic save emails every several minutes
5.2.6 Problems
I did not have any problems with Zarafa, everything went as planned, even though I
had to congure a lot more than for the other two suites.
5.3 Advantages & Drawbacks
The advantages of Zarafa are:
Full support on Outlook with the Zarafa Client plugin
Can be installed on an free Operating system like Ubuntu
Access anywhere your mailbox with the web interface
Chapter 5. Zarafa 7.0 26
Does not need a robust server to run Zarafa
Full control of Zarafa
Integration of a MTA of your choice
Integration of an anti-virus/anti-spam of your choice
Very fast up time after a system restart
The log les are easier to nd than on Exchange
Shared mailbox is visible on Outlook
Fast installation process
Administration of Zarafa does not need an Graphic User Interface
The drawbacks of Zarafa are:
Does not have an web application for the administration
No white list ( message lters )
Advanced search does not include conditions like in Zimbra
No web link address option for sharing a calendar
No integration with Cyrus
5.3.1 Summary
The test of the Zarafa suite was surprisingly good without any issues. Zarafa does not
have a web application for the administration, which has to be done via the shell using
Zarafa scripts. The installation of Zarafa went very fast. You can customize a lot more
on Zarafa than on Exchange and Zimbra since you can chose which MTA, webserver
and database you want to use, therefore you are free to choose whatever suits you the
best. Zarafa has two web applications. This is good for the users, since they can choose
which web application they like the most. The sharing is dierent than in the other
two suites. A major plus with this sharing system is that it uses the same system for
everything that you want to share. The only thing that I do not like about the sharing
in Zarafa is that users that get the permission to a shared folder, they do not get a
notication email telling them that someone wants to share something.
I am very positive with the test of Zarafa, I did not think that I would not have any
issues with it. I thought I would get a lot of issues because I had to congure Postx.
Now that the three suites have been tested, I will compare all three and will give a
Chapter 6
Comparison & Recommended
From the comparison of the three suites, only one will be recommended as a school
administration solution. The Exchange suite is not Open Source whereas Zimbra and
Zarafa are part Open Source. Exchange does not have a free version whereas the other
two suites have a free version but do not support all the features that are required.
This chapter compares all three suites , by rst comparing the installation process of
those three mail servers, give the comparison of features and then the comparison of
the performance, stability, pricing, etc of the three suites. To nish this chapter, one of
those three mail servers will be recommended.
6.1 Comparison of the installations
All three have been tested on a single server with the Operating System ESXi.
Mail server Processor Memory Disk space Install Time
Exchange Intel x64/ AMD64 8GB 30GB 20m
Zimbra Intel x64 / AMD64 2.0GHz+ 2GB 10GB 15m
Zarafa Dual core 1GB None given 10m
Table 6.1: Compare - Hardware requirements
This table shows the minimal hardware requirements and the timing of how long the
installation took to install. Exchange needs 8 times more memory than Zarafa, that
is a huge dierence and that is only for the minimal requirements. Exchange needs a
more powerful server to run on minimal hardware which is a big drawback. Zarafa needs
half the memory of Zimbra. The install time on Zarafa is lower than Exchange. The
installation of Exchange Server 2013 was the easiest of all three, it was all click & play.
In the contrary Zimbra was the suite where I had the most problems with. The Zarafa
installation was fast even though I had to do more conguration than for Exchange and
Zimbra together. The Zarafa installer is the smallest of all three suites. Exchange has
Chapter 6. Comparison & Recommended solution 28
an installer of over 1.3 GB and Zimbra with more than 650 MB. The Zarafa installer
has only 61 MB because it does not include a full software package like the other two.
From the comparison of the three mail server on hardware and installation aspects, we
can clearly say that Zarafa is much better than Exchange. Exchange Server 2013 needs
a Windows Server which is not free. Zimbra and Zarafa can use an Operating System
which is free and which is Open Source.
6.2 Comparison of the features
For the comparison of Exchange, Zimbra and Zarafa features, I will compare the most
relevant features together in two tables and show, if they work and if they work on
Outlook. The rst table will show the administration features and the second table will
show the user features.
Administration features Exchange 2013 Zimnbra 8.0 Zarafa 7.0
Administration console
Native adminsitration web application X
Administrator roles
Domain aliases
Email Address policy
Global Address List
External LDAP user authentication X
External AD user authentication
Custom authentication X X
Native MTA X
Native anti-virus and anti-spam X
iCal Gateway X X
Native Attachment compression X
Integration with Cyrus X X X
Table 6.2: Comparison of administration features
The administration features regroups only the most appropriate features that can be
used to compare the three suites and that are well-suited for this project.
Zarafa does not have an administration web application and it does not have a native
MTA, anti-virus and anti-spam. A web application for administration is visually good
and easier to understand but most actions to manage a system are faster while using
the console. In the case of the Zarafa, it does not need to be a powerful server, since it
does not need any graphical interface for administration. In contrary Exchange needs
an Operating System that uses a graphical interface which asks a more powerful server
than Zarafa only because it has a graphical interface.
Chapter 6. Comparison & Recommended solution 29
Not having a native mail transfer agent, anti-virus and anti-spam is not a problem at
all, it is even better because administrators can freely choose which MTA, anti-virus
and anti-spam they want to use. In my opinion this is one of the best features of all
three suites, because the administrator has more control over the system. The Zimbra
suite is the only suite that supports custom authentication. This is a good feature, but
it is complex to set up. None of the three suites can integrate the actual IMAP server
of RESTENA Foundation called Cyrus, they have not been designed to integrate in the
backend an IMAP server.
In the next table I will show the user features of the dierent mail servers. The most
relevant features will only be shown.
User features Exchange 2013 Zimnbra 8.0 Zarafa 7.0
Web access
Spell checker
Outlook compatible
Away message
Auto complete addresses
White list addresses X
Export/Import messages X X
Multiple identities X X
Request read receipt
Sort messages by size X
Advanced search X
Search mailbox with conditions
Export/Import Calendar
Share Calendar
Calendar synchronized with Outlook
Mark appointments in calendar as private
Address Book
Share Address Book
Global Address List synchronized with Outlook X
Mark a contact in the address book as private
Shared mailbox
Shared mailbox is visible in Outlook X X
Notify user(s) when shared a calendar or address book X
Automatic replies with Outlook X
Table 6.3: Comparison of user features
They all have a web access and are compatible with Outlook. The Exchange suite has
no problem with Outlook since it is made for Exchange, but for Zimbra and Zarafa this
is dierent. The feature like the Global Address List is not synchronized in Outlook
with Zimbra because it needs the Zimbra Connector for Outlook, otherwise the Global
Address List will not be synchronized and the connector has to be congured in the
administration. For Zarafa, to have a synchronized Global Address List with Outlook
you just have to install a plugin into the Outlook client that enables all features of the
Zarafa web application in Outlook.
Chapter 6. Comparison & Recommended solution 30
The shared mailbox option in Outlook for Exchange and Zimbra is not visible in the
users mailbox, only with Zarafa the shared mailbox is visible in Outlook because it uses
folders for the sharing tool. This makes it easier for sharing but the only problem with
Zarafa sharing is that when you share something with users or groups, they will not get
a notication email about the share. Comparing the three suites together with the user
features, I say that Zarafa has all the requirements that are needed, even though you
have to install a little plugin into the Outlook to have all the features like in the web
application. Exchange has all the features too and they work with Outlook by default.
So in terms of user features Exchange and Zarafa are clearly the better choice.
I will now go a bit more in detail about technical aspects of those three mail collaboration
6.2.1 Performance
The performance cannot be really tested in this project since I was using virtual machines
to test those three mail servers, but in general, the performance of mail servers always
has to be in balance with the processors, memory and disk space. I used one ESXi server
to test the three suites which has 32GB of RAM and 280GB of disk space and 6 cores. I
cannot really control the performance in my testing since I dont have the real database
of 1000 mailboxes for each suite.
Exchange needs 8GB of memory for minimal hardware requirements. This amount of
memory for a mail sever is to much in my opinion and scales even higher to handle the
1000 mailboxes, whereas Zimbra needs 2GB of RAM and Zarafa the half of Zimbra. I
did not have any performance issues with Exchange nor Zimbra and Zarafa they were
all running perfectly without problem.
Something that has to be taken into account in performance is the used Operating
System to manage those suites. The performance also depends on the Operating System.
Zimbra and Zarafa perform very good with poor memory and processor. Exchange needs
a lot more processor power than the others. The memory of a server can always be
upgraded but the processor power is much more delicate that is why Exchange needs
two servers because it needs a lot of processor power to be able to handle the 1000
mailboxes whereas Zimbra and Zarafa can handle 1000 mailboxes in one server since
they do not need that much of processor power. I do not have any proof to give for
why Exchange needs more processor power, I asked in RESTENA Foundation for some
advice because I know that they used an Exchange server before. Exchange needs at
least two servers to handle over 500 mailboxes. Their actual mailbox server is handling
over 4000 mailboxes on one server using the OpenSUSE as an Operating System. This
shows that Linux uses a lot less of processor power than Windows. I did nd some sizing
for Exchange 2013 [42]. Exchange 2013 needs approximately 48GB RAM or more to
handle 1000 mailboxes. I did not nd any sizing for Zarafa but I found some for Zimbra
Chapter 6. Comparison & Recommended solution 31
[73]. There as an administrator who handles 1000 mailboxes with a server hardware
that has a dual-processors and 8GB of RAM. I could not nd for Zarafa but it should be
similar to Zimbra. After reading some sizing from administrator of Zimbra I can say that
Zimbra and Zarafa would be ne with one classic server that RESTENA Foundation are
using. Their classic server are Fujitsu Server RX200 S8, they can have up to 12 core
processors and up to 1536 GB of RAM. I am sure that with such hardware Zimbra and
Zarafa will have no problem to handle the 1000 mailboxes after reading those Zimbra
sizing. For Exchange you need at least 2 servers because of the processor power that
it needs whereas Zimbra and Zarafa only need one server. The performance of Zimbra
and Zarafa are then much better than Exchange. For the scalability of the three suites
I could not nd any information I only found that they are all designed for scalability.
I did not nd any numbers or graphics to write about it.
Zimbra and Zarafa have a better performance than Exchange.
6.2.2 Stability
The stability of the three mail servers, I can not really test since I was in a test environ-
ment. All three suites have some stability issues especially when upgrading to a newer
version there will always be issues. Exchange is very bad when it comes to upgrading it
(I asked RESTENA Foundation since they had already used one Exchange server). It
will have huge downtime because most upgrades on Exchange has data integrity issues
and most of the time the system has to go back to the previous version because the data
integrity could not be kept. In my point of view the stability of Exchange is very bad.
I dont know for Zimbra and Zarafa but after reading on the web they have issues too
with upgrading but less than Exchange. Doing an upgrade is easier on Exchange than
on Zimbra and Zarafa since on Exchange you just have to follow instructions on the
screen whereas both others you have to use the console and a lot more of congurations.
I did not have any software stability issues with Exchange and Zarafa but with Zimbra
I did have. Using the Operating System SUSE Linux Enterprise Server 11 on Zimbra.
After a system reboot it was not working anymore and each Zimbra service was down.
I never found out why. In my opinion Zarafa has the best stability.
6.2.3 Remote Administration
For Exchange as I am using a Windows Server 2012, there I have rst to activate the
remote function which is Disabled by default. The Windows Server 2012 is now activated
for remote access and to access it and then I install the Remote Server Administration
Tools [39] on the computer that will be used for remote administration. Afterwards I
can connect to the Exchange server with that tool. One drawback about the remote
administration in Windows is that if you dont have a good Internet connection then it
Chapter 6. Comparison & Recommended solution 32
may take some time to register the actions that you are doing and even have a long load
time or even fail and lose the connection.
Zimbra and Zarafa have both the same set up for remote administration, they both are
running Linux as an Operating System. I used for both Ubuntu and it has by default
OpenSSH [51] installed. SSH [77] stands for Secure SHell, SSH is a protocol that is used
to connect a computer A to another computer B over the Internet, it creates a secure
connection between both computers and is mostly used by administrators to access a
server remotely.
I additionally needed PuTTY [62] on the computer to remotely administrated the suite.
I use PuTTY because I am familiar with this SSH client. I used it previously and it
is easy and does not need to be installed on the computer, just run the executable.
For Zimbra you can use the web application Zimbra Administration to administrate
remotely. Zimbra and Zarafa remote administration are faster to set up than Exchange
because you only need PuTTY.
Both Zimbra and Zarafa have a better remote administration since they do not need a
graphical interface to administrate over remote and can perfom well with a poor internet
6.2.4 Failover
A failover is a function that is used when a server hardware, a software failure or in this
case one of the suites fails and stops it services for some reasons, such as hardware or
software fails than the failover function activates and helps the system to start another
server, which was congured for the failover task and takes over the job of the failed one
without losing any saved data. It is an automatic function and it does not need a human
interaction to function, if a mail server fails and stops working then all the services will
stop working and users cannot use the mail server until it is restored again therefore
having a good failover system is very important because users do not want to lose any
data. One reason for having a good stability is to avoid this failovers, but as nothing is
100% secure we can not always rely on the stability of a server.
The Exchange Server 2013 uses Database Availability Groups(DAG) [26] which is build-
A DAG is a group of up to 16 Mailbox servers that hosts a set of databases and pro-
vides automatic database-level recovery from failures that aect individual servers or
databases. (Taken from the ocial documentation of a DAG[26])
The Exchange suite has a fairly good failover function in place. After deploying Ex-
change 2013 you need to create a DAG, add one or more mailbox server(s) to it and
congure the DAG to replicate the database between all the members. I will not go
more into details because I did not test it myself but with a DAG everything is handled
Chapter 6. Comparison & Recommended solution 33
automatically and it is integrated into Exchange by default, so you just have to activate
it and congure it.
The Zimbra suite failover function looks more complex than the one from Exchange.
The Zimbra 8.0 suite uses the VMware HA[67] which stands for High Availabilty, if I
understood correctly then the failover system for Zimbra 8.0 only works if Zimbra is
installed on an ESX or ESXi server else it would not be possible to use the VMware
HA. The failover of Zimbra is solid and good but you need an ESX or ESXi server to
make it work. This is a good failover system since RESTENA Foundation has already
an ESXi in place. I did not nd any other failover system for Zimbra 8.0.
The Zarafa suite has the Linux High Availability, called Heartbeat [21]. This program
runs in the background and provides cluster infrastructure. Clustering is when two
or more computer are connected together and act like one computer. In order that
Heartbeat works, it needs a Cluster Resource Manager(CRM), like Pacemaker [18].
Both Heartbeat and Pacemaker are Open Source and free. I found a guide on how to
congure it with an MySQL database, from the ocial Zarafa wiki [86] page. Without
the MySQL database there would be no data integrity since Heartbeat does not handle
the data integrity it only restarts failed servers.
In my opinion the best failover of all three suites would be the one from Zimbra because
it is handled by the VMware which is easier to congure then the other two suites.
6.2.5 Backup
Backup is a function for archiving/saving data from loss. Backups help to restore lost
data. Backups should normally be executed every day to prevent data loss.
The backup on Exchange is very simple because it uses the Windows Server Backup [46]
which is integrated in Windows Server 2012. It only must be activated and is simple to
The backup for Zimbra is by using scripts [20] that run on the Zimbra machine. Scripts
can be written by the administrator to reect their active environment. Those scripts
will be executed every time a backup should be made.
The backup on Zarafa uses the Brick-level backups [83] which is a very interesting
back up function. This backup system will save/record and the second time it backs
up only stores the changed or new data. The backup looks more complicated than
Exchange and Zimbra, but has some interesting features. The easiest back up of all
three would be Exchange in my opinion since you only have to congure the Windows
Server Backup. The best backup function in my opinion would be Zarafa, because you
do more conguration for it than for Exchange and therefore you know better what the
backup is really doing. Exchange you just have to follow instructions and congure a
little bit.
Chapter 6. Comparison & Recommended solution 34
6.2.6 Pricing
The Exchange Server 2013 Standard Edition costs 880 Euro for the license, without
taking into account the Client Access License(CAL). The CAL is needed for every user
that is going to use Exchange and RESTENA Foundation needs to have about 1000
mailboxes that means 1000 CALs. One Client Access License for Exchange Server 2013
costs around 50 Euro. That gives about 50.880 Euro for the licenses of Exchange
Server 2013. 51.000 Euro for only the license of Exchange without taking into account
the Operating System Windows Server 2012.
To nd out the price of Zimbra Collaboration 8.0 I used a website with price indications
since the ocial website of Zimbra does not give the price of a license. Agilemail [1]
website, Zimbra would cost around 38 Euro per mailbox, this would cost 38.000 Euro
for the Standard Edition which does not include the Outlook connector for Zimbra. The
Professional Edition of Zimbra with the Outlook connector costs 58 Euro per mailbox,
that would leave us with 58.000 Euro. It costs more than Exchange, but the Exchange
license does not include the price of the Operating System. The Operating System for
Zimbra is free. For Zimbra you only pay per mailbox, the software itself is for free.
The price of Zarafa can be found on the ocial website [88]. Zarafa Small Business
edition would cost 16 Euro per mailbox which is 16.000 Euro for the 1000 mailboxes.
The Zarafa Professional edition cost 28 Euro per mailbox which is 28.000 Euro in total.
The professional edition would be used because we need the High Availability features
for the failover. This is still far less expensive than Exchange and Zimbra.
Exchange 2013 Zimbra 8.0 Professional Zarafa 7.0 Professional
Price per mailbox 50 Euro 58 Euro 28 Euro
Total 50.000 Euro 58.000 Euro 28.000 Euro
Table 6.4: License price comparison per mailbox
To nd out the total price to deploy a suite I will base the price on a Fujitsu RX200 S8 [13]
server which costs around 6.000 Euro. I chose Fujitsu because RESTENA Foundation
are using those too. This are classic servers for the RESTENA Foundation therefore I
will base my price on this server hardware.
For Exchange I need three Fujitsu servers, two for handling Exchange with the 1000
mailboxes and one for the failover system. Afterwards I need the price of the Operating
System that Exchange needs, I have to buy it three times because I have to install it on
the three servers. At last I add the license price for Exchange.
For Exchange the total cost to deploy it:
3 x 6.000 Euro (One server) + 3 x 1.000 Euro (Windows Server 2012 Standard license)
+ 50.880 Euro (Exchange license and 1000 CALs) = 71.880 Euro.
For Zimbra I need to have a server with an ESXi Operating System or else Zimbra will
not have any failover system in place. Zimbra needs two servers one for Zimbra and the
Chapter 6. Comparison & Recommended solution 35
other for the failover. Zimbra does not need two server to handle the 1000 mailbox. To
have the VMware High Availability feature you need the VMware vSphere Enterprise
Plus [70] license for the ESXi.
For Zimbra the total cost to deploy it:
2 x 6.000 Euro (One server) + 3.145 Euro (ESXi license) + 58.000 Euro (Zimbra license
for 1000 mailboxes) = 73.145 Euro.
For Zarafa I need two servers like Zimbra. One for Zarafa and the other one for the
failover. Zarafa can handle 1000 mailboxes on one server. It can use the free Operating
System Ubuntu LTS like Zimbra.
For Zarafa the total cost to deploy it:
2 x 6.000 Euro (One server) + 28.000 Euro (Zarafa license for 1000 mailboxes) = 40.000
Comparing the pricing for the three suites:
Exchange 2013 Zimbra 8.0 Professional Zarafa 7.0 Professional
Total 71.880 Euro 73.145 Euro 40.000 Euro
Table 6.5: Pricing comparison of the three suites
Zarafa is clearly the cheapest.
6.3 Support Contracts
Exchange does not have any support contracts, you have to pay per incident [43].
Zimbra has support packages [89] that depend on which Zimbra license you have. For
the professional version of Zimbra you have the support package called Premium. This
support package gives you support for unlimited incidents and phone support 24x7.
Zarafa has the same system like Zimbra with support packages [80] but Zarafa does
not include phone support 24x7 for the Professional version. Zarafa does include in the
Professional package remote support which Zimbre does not.
6.4 Recommended solution
I take for example the installation of the three suites, what bothered me the most was
Zimbra because I had a lot of issues with the Zimbra installation. Taking this into
account I can say that Zimbra is not well suited. The fact is, when I was testing Zimbra
I had the problem that all services stopped working, while Exchange and Zarafa did not
have any of these issues. Exchange was very easy to install compared to Zarafa, but
took longer to install. I mean Zarafa is easy to install when you know a bit of Linux.
Chapter 6. Comparison & Recommended solution 36
Exchange and Zimbra have both a native mail transfer agent whereas Zarafa does not.
On Zarafa you are given the possibility to choose which mail transfer agent you want
to use. This is very interesting because this choice is better and provides more control
over the suite. Exchange and Zimbra install everything what is needed to make the
suite work without leaving much choice to the administrator but not Zarafa. This is
what I like about Zarafa. Another point for the installation is that Exchange needs an
Operating system that is not Open Source and not for free, whereas for Zimbra and
Zarafa they use Open Source and are free. A drawback about Exchange is that it needs
at least 8 GB of RAM for the minimal requirements and at least two servers to handle
1000 mailboxes.
Coming to the administration of the three suites, Exchange and Zimbra have both an
administration web interface which Zarafa does not have. This makes Exchange and
Zimbra more user friendly than Zarafa. Zarafa may have a web interface too but is not
included in the installation of Zarafa. In my opinion this is not that negative, in contrary
it can be better since the Operating System which is running with Zarafa does not need
to have a graphical user interface. Exchange and Zimbra have a native anti-virus and
anti-spam. Zarafa leaves again the option to choose which anti-virus and anti-spam
to integrate. Conguring Exchange for the testing was easier than the other two only
because of the web interface. Even though I had no web interface on Zarafa I found
it easier to congure than Zimbra. Zarafa was the only one that had no issues while
Concerning the compatibility with Outlook, Exchange is the best because Outlook is
from Microsoft but what I did not like is that I could not see the shared mailbox using
Outlook. Everything else on Outlook was working without problem on Exchange. Zim-
bra and Zarafa are Outlook compatible but on Zimbra the synchronisation with Outlook
was not working properly for example the Global Address List was not synchronized, to
make this work you need to install a Zimbra connector on Outlook and then an admin-
istrator has to congure the connector on the Zimbra administration. Not to forget the
connector is not compatible with Outlook 2013. This is a very big drawback for Zimbra
since it has to work with Outlook. On Zarafa you only need to install a connector into
Outlook and then everything is synchronized with Outlook. The sharing on Zarafa is a
bit dierent than the other two. In Zarafa everything is shared with folders and therefore
it is easier to share after knowing how to share something and shared mailboxes can be
seen with Zarafa on Outlook.
On Zarafa users have the possibility to use two dierent web applications. One that
looks like Outlook interface and the other one is an unique interface. Here again leaving
more choices than the other two. If I had to choose now one of the the suite for the
most appropriate functions for the school administrations it would be Zarafa because
with Zarafa everything works for what the school administration needs, even if you have
to install some connector before on Outlook, but afterwards everything works like on
Chapter 6. Comparison & Recommended solution 37
the web application and it is synchronized. It is very easy to install the connector you
just have to launch an executable le and follow the instructions.
Resuming the previous sections from performance to pricing you could see that Zarafa
was always one of the best ones. The price of Zarafa is nearly half the price of Exchange
and Zimbra. Zarafa has all the features that Exchange has to oer, plus it is more ex-
ible than Exchange. Another good reason for recommending Zarafa over Exchange is
simply because you have more freedom of choice and more control over the system. Ex-
change only accepts authentication and databases that are Active Directory but Zarafa
accepts Active Directory and LDAP. Zarafa can be installed on a free Operating System,
Exchange not. Zarafa needs less server hardware than Exchange.
Every test that I have done on Zarafa was a success and worked as intended. The
reason why I do not mention Zimbra anymore is because it is not suited for RESTENA
Foundation since it needs to be installed on an ESXi. Without the ESXi Zimbra can not
have a failover system. RESTENA Foundation does not want to virtualize their mail
servers and a big drawback for Zimbra is that the connector for Outlook is not compatible
on Outlook 2013. Zarafa has a failover function that is completely for free. One more
reason to choose Zarafa is that it starts all the services in less then 30 seconds whereas
in Exchange and Zimbra it takes more time. Zarafa is the best choice for this solution
because the biggest reason is every required feature is integrated. Administrators have
the option to choose what to integrate into Zarafa from MTA to anti-virus. Zarafa can
handle over 1000 mailbox on a single server and the Zarafa connector for Outlook is
compatible with Outlook 2013 and lastly it does not need to run on an ESXi server.
One last reason for me is the price, it is cheaper than Exchange and Zimbra.
Having said all this I would recommend Zarafa 7.0 for this project after testing it. Zarafa
is the best choice for RESTENA Foundation even if you need an Outlook connector, it
is still the most appropriate for this solution.
Chapter 7
Data migration & Deployment
The data migration is used to transfer data between two systems which is generally the
key function for changing from the current system to the new system. This will keep
the data integrity. I need a roll back process which is needed in case if something goes
wrong at or after the data migration to be able to move the data back.
This chapter will describe which data migration method I used to move the mailboxes
to the new system and describe the roll back process and a deployment plan to know
exactly what is needed to deploy this recommended solution for RESTENA Foundation.
7.1 Migration process and roll back procedure
I rst searched how I could migrate the old mailboxes to Zarafa because I did not know
at rst how to migrate mailboxes. After searching for a while I found a migration tool
that migrates mailboxes over the IMAP protocol. I chose this migration method over
IMAP because with the mailbox and its properties are moved with it, including mail
message status and ags like deleted and seen. I searched for more information about
this migration tool since I know that Cyrus is an IMAP server this migration tool would
be a good choice and it is a free migration tool.
The migration tool that I will use is called imapsync [19]. The tool will help me to move
the old mailboxes from the Cyrus server to the Zarafa suite while still keeping the data
integrity of all the mailboxes. I did not test to migrate the real mailboxes from Cyrus
since I was only there to test if it would work. the RESTENA Foundation created a test
mailbox in their Cyrus server in order that I can test. The test mailbox information was
given to me and with this I could start the testing of the data migration. I had to create
a copy of an existing test mailbox on my Zarafa suite having same name and password.
The test mailbox was created on the Cyrus server with some folders and messages, such
that I only had to create an empty mail and insert the information. After creating
Chapter 7. Data migration & Deployment plan 39
the empty mailbox on my Zarafa suite I installed the imapsync package on the same
machine. I have now everything what is needed to make the migration but as I have
never used this migration tool I had rst to read the man page of the tool to nd out
how to use it.
To start the migration with rst a test. I have to run imapsync with some parameters:
$ sudo imapsync --subscribe --syncinternaldates --fast
--host1 --user1 USER --password1 PASSWORD
--host2 --user2 USER --password2 PASSWORD
This was enough to migrate the mailbox of USER from the Cyrus server to my Zarafa
suite. I added the parameter noauthmd5 otherwise the migration would not work. The
reason why it does not work is because the CRAM-MD5[16] encryption is not supported
on Cyrus and Zarafa. By default CRAM-MD5 is used to encrypt passwords of the user
but since Cyrus and Zarafa do not have this encryption activated I can not use CRAM-
MD5. I have to use the migration tool without using any encryption for the password.
They have to be in clear text. After executing it, the data migration was a success, no
issues were encountered. The entire mailbox was successfully migrated to Zarafa with
all the properties of the messages, with all the folders and sub-folders. I searched on how
to migrate without knowing the passwords of the mailbox, but instead to authenticate
as an administrator this way I just need to know the name of the mailboxes and the
password of the administrators because we cannot know the passwords of the users,
that is why the rst method that I used would not be a solution.
sudo imapsync --subscribe --syncinternaldates --fast
--host1 --user1 USER --authuser1 admin
--password1 PASSWORD --host2
--user2 USER --authuser2 admin --password2 PASSWORD
--authmech1 plain --authmech2 plain --noauthmd5
--delete2 --expunge2
This is how to migrate a mailbox without knowing the password of the mailbox, using
only the administrator account of the Cyrus server and the administrator account of my
Zarafa suite.
There is a problem with this method, the mailbox was not migrated to the right users
mailbox instead it was migrated into the mailbox of the administrator of my Zarafa. I
could not make it work with this method even after asking in the Zarafa forum [9], one
person answered me to just use the normal method without administrator authentica-
tion. I thought that maybe it was because of the administrator level that I was using so
I change the administrator level and tried again but did not change either. I had to nd
Chapter 7. Data migration & Deployment plan 40
another solution. I did nd another solution. Using the rst method without adminis-
trator authentication but this time the users password would be a one-time password
that is valid for a period of time. This method was introduced to me by RESTENA
Foundation since I did not know how to migrate mailboxes without knowing the pass-
word of the users. They are using this method to migrate their mailboxes. This means
that every user that will get a migration of their mailbox will get a one time password,
this way I can migrate the mailboxes without any problem. Without this solution I do
not know if it would be possible to migrate with imapsync since the support of Zarafa
did not really answer me but I found a solution.
For the roll back procedure I only have to use the same tool again but change the order
from Zarafa to Cyrus. It worked. One thing that you have to keep in mind is if you have
to roll back after for example one month and users have calenders and address books
stored they will not be migrated with the imapsync tool. To migrate the calendars and
address book you need to use the migration tool of Zarafa or else calendars and address
book will be lost. I did not have the time to test the Zarafa migration tool so I do not
know how to set it up with it and if it works.
The time that it would take to migrate all the 1000 mailboxes depends on the size and
numbers of messages in the mailboxes and the performance of the machine where the
tool is executed. I would not migrate all 1000 mailboxes at once because imapsync
consumes a lot of CPU resources, it is written in the man page. I myself could not
test to migrate real mailboxes with real data in it but I asked RESTENA Foundation
how long it would take to migrate a mailbox. The average mailbox size in RESTENA
Foundation is 650MB. A mailbox with 1.600 messages and 1.2GB in size takes around
6 minutes to migrate on a server hardware of 32GB RAM. This would then take 4 days
to migrate all the mailboxes.
The data migration testing was positive. In general there should not be any problem to
migrate the mailboxes from Cyrus to Zarafa.
7.2 Deployment plan
The deployment plan for Zarafa is rst to have two servers one that will run Zarafa and
the second will be used for the failover. The server hardware is the same as the one
that RESTENA Foundation are using which costs around 6.000 Euro which is largely
enough to handle 1000 mailboxes. This is based on the experience and the knowledge
of RESTENA Foundation and from the ocial documentation of Zarafa Hardware re-
quirements [87]. Two server of each that is 12.000 Euro in server hardware and then I
add the price for the license of Zarafa which is around 28.000 Euro. The total price to
deploy Zarafa is about 40.000 Euro.
Chapter 7. Data migration & Deployment plan 41
I set up the two servers in the server room and then install Ubuntu LTS 10.04 on both
servers and update to the latest available updates. Afterwards I install Postx ,Apache
and the MySQL database, then I congure the DNS server with the appropriate A and
MX records. After installing those I can safely install Zarafa.
Zarafa is installed, congured and tested the sending/receiving of mails was successful.
Of course to deploy this I cannot deploy the 1000 mailboxes at a time. The mailboxes
will be migrated in batches of 25 or more, depending on how many mailboxes an in-
stitution has, because the 1000 mailboxes are not from one institution. In those 1000
mailboxes there are more than one institution. So if one institution has around 25 mail-
boxes then only does mailboxes will be migrated and not the rest. With this said I will
describe the migration process for one institution that wants to migrate 25 mailboxes.
I will regroup my migration process in two phases one where I migrate all the 25 mail-
boxes at once without notifying the users and the second phase would be the nal phase
where the users will be notied that for a short time the mail service is not going to be
I will then start the migration process with phase one using the imapsync tool. First
create a one time password for the users. The one-time password for the users is a
password that is parallel to the users password, which means that the user is still using
his password to login and access his mailbox. The one-time password has to be created
for the users. The users them self will never know about this one-time password it will
only be created for this data migration and when the data migration process is done the
one-time password will be removed. This way by using this method the administrator
does not need to know the password of the users. After creating the one-time password
then I can migrate two mailboxes to see if the migration is going as planned, if both
mailboxes are successfully moved then I will migrate the rest.
Migrating all the 25 mailboxes takes approximately 3 hours. The phase one is now
complete, I chose to do it like this because this way I have already migrated most of the
mailboxes data without that the users know about because they are still accessing the
actual mail server and not the new one. Now that phase one is done I can start phase
two. This phase I will rst notify the users by telling them that for a short period of time
the mail server is not going to be accessible. I will then use the migration tool again but
I will execute the imapsync separately for each mailbox in order to control if everything
is getting moved correctly and no issues occur. It will not take 3 hours to migrate all
the 25 mailboxes like in phase one since with phase one I already have migrated the
biggest part of the mailboxes. My phase two will only migrate the changes that were
made between the 3 hours and now, that is why this process will not take that long.
After migrating and being sure that every mailbox is now up to date I can redirect the
mail ow to Zarafa. To make sure that every mailbox is 100% up to date I start again
the imapsync which will take only minutes. Now I am sure that every mailbox is up to
date. Phase one and two are now complete, the data migration was a success. Some
Chapter 7. Data migration & Deployment plan 42
nal test with the sending and receiving of mails and the system is ready to be used
by the users. Users will now access their mailbox of the Zarafa suite and not anymore
over the Cyrus mailbox server. Dont forget to remove the one-time passwords.
It would be good after deploying to create a tutorial for the users on how to use this
new system.
7.3 Summary
The test of the data migration over IMAP went as planned even after having some
trouble with the data migration testing, a solution was found and proven to work. The
roll back was a success, without problems.
The deployment of Zarafa would cost in total around 40.000 Euro. The data migration
process is handled in two phases. Phase one, migrating the mailboxes without notifying
the users in order to migrate the biggest part of the mailboxes. Phase two, which will
notify the users that the mail system is going to be unavailable for a period of time
but which will take less time than the phase one since in phase one the biggest part
was already migrated. Phase two will only migrate the changes that were made between
the time from phase one and two. After both phases are done then the data migration
process is nally nished and the users can then use the new mail system.
It does not take a long time to install and congure Zarafa maybe 1 hour and then 4 to
8 hours for the migration process. This will then take around 10 hours in my opinion to
successfully deploy Zarafa.
Chapter 8
8.1 Global conclusion
I had to compare the three suites on a test environment to nd out which one of those
suites would be the most appropriate for the RESTENA Foundation. I tested them
all individually, so that I could better focus on each suite and test all the features
like sharing a calendar and sharing an address book. After having tested all three
suites I compared them and analysed which one would t the best for this project. I
recommended one solution, based on the analysis. After the recommendation I described
the data migration process for the recommended solution and to nish I described how
to successfully deploy this solution, with details like the price and the time that it would
take to deploy it.
The recommended solution will help RESTENA Foundation to have a better mail server
which meets the school administration requirements and which ts best in the their
An advice do not try to use the Operating System OpenSUSE, its not supported by
Zimbra and either by Zarafa.
I had some problems with the SUSE Linux Enterprise 11 which is supported by Zimbra
but I could not install Zimbra on it. I had too many issues with it, that I could not x
due to time constraints but I did try to x them. The other problem that I had was
to create a custom authentication on Zimbra to authenticate users over the RADIUS
protocol. I could not create a custom authentication since there was no documentation
for it and there was no help on the web. I tried to nd out by myself on how to create
such a custom authentication but because of time constraints I had to stop and so I could
not prove if the authentication over the RADIUS protocol works. I did however nd
another solution for an external authentication since I could not nd one with RADIUS.
I found a solution with an external AD authentication using SAMBA4. I had some
problems with the data migration, I could not nd a solution to migrate the data while
using an administrator account but later I found a solution for it. Data migration is a
Chapter 8. Conclusion 44
very important part of this project, I could not have recommended Zarafa if the data
migration would not work.
8.2 Personal Experience
The rst time when I read the project denition I immediately knew that this project
was something for me. The fact that I had to test three dierent mailing suites has
made me have more motivation to accept this project. I knew that I would learn a lot
by accepting this project. It was a cheerful environment and people that work here are
all kind people and willing to help each others out.
At rst I did not think that I would gather so many new experiences. This project was
a total success for me. I learned how to control better my time because I had three
months for this project and I had to test three suites and compare them. I thought at
rst that I would have time to test everything out but I was wrong. I had to organize
my time to be able to nish my project in time and I did. I only have positive thoughts
about this project, there was nothing negative in my point of view.
I learned a lot with the suites that are using Linux Operating System, it is thanks to
them that I learned so much because I had to do so much more congurations with
Linux than with Exchange. I got fast used in using the console. I always had in my
mind that Linux is not for me but after this internship I started to like a lot Linux. I
could feel that I was learning so many new things that I wouldnt have learned with
Of course I did many mistakes but I learned by my mistakes. Try and error is the best
key to understanding in my opinion, if I dont try it, how could I know if it works or
not? I even learned to think ahead before doing something so that I could anticipate
what may happen if I do something. I even wrote a notebook of everything that I was
doing, this is my rst time writing a notebook. I am very thankful to have written this
notebook because without it I would have forgotten many things.
I know that I am not a talkative person, I was a shy person before coming to this
internship but now I am a more open person and a lot less shy. I could not be more
happy about this internship. I had a great time working for RESTENA Foundation.
I will never forget this internship. I am going to miss this place. There is simply
nothing else that I could say about this place, I had a great time with the whole team
of RESTENA Foundation. I am very grateful to have been a part of this project.
Appendix A
A.2 CD
Appendix B
Zimbra Custom Authentication
package lu.restena.zimbra;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.auth.ZimbraCustomAuth;
import com.zimbra.cs.extension.ExtensionException;
import com.zimbra.cs.extension.ZimbraExtension;
import java.util.List;
import java.util.Map;
import net.sf.jradius.client.RadiusClient;
import net.sf.jradius.client.auth.MSCHAPv2Authenticator;
import net.sf.jradius.dictionary.Attr_AcctSessionId;
import net.sf.jradius.dictionary.Attr_AcctStatusType;
import net.sf.jradius.dictionary.Attr_AcctTerminateCause;
import net.sf.jradius.dictionary.Attr_ReplyMessage;
import net.sf.jradius.dictionary.Attr_UserName;
import net.sf.jradius.dictionary.Attr_UserPassword;
import net.sf.jradius.exception.RadiusException;
import net.sf.jradius.packet.AccessAccept;
import net.sf.jradius.packet.AccessRequest;
import net.sf.jradius.packet.AccountingRequest;
import net.sf.jradius.packet.RadiusPacket;
import net.sf.jradius.packet.attribute.AttributeList;
Chapter 8. Conclusion 47
import net.sf.jradius.util.RadiusRandom;
* @author David Intern
public class RestenaAuthenticator extends ZimbraCustomAuth
implements ZimbraExtension {
protected InetAddress remoteInetAddress;
protected String sharedSecret;
protected RadiusClient radiusClient;
private static String username , password;
private boolean isAuthenticated;
private static final String M_MSCHAPV2 = "mschapv2";
private AttributeList attributeList;
private RestenaAuthenticator () {
// logger = Logger.getLogger(this.getClass ().getName ());
//" RadiusCustomAuth created ");
* The account object for the principal to be authenticated
* the clear -text password entered by user are passed to the
* ZimbraCustomAuth.authenticate () method.
* @param acnt
* @param string
* @param map
* @param list
* @throws Exception
public void authenticate(Account acnt , String string ,
Map <String , Object > map , List <String > list) throws
Exception {
// TODO call jradius to check username/password
- auth succeeded: return
If the method returns , it indicates the authentication has
Chapter 8. Conclusion 48
- auth failed: throw Exception
If an Exception is thrown , it indicates the authtication
has failed.
(1) if the Exception is an instance of
com.zimbra.common.service.ServiceException , the same
exception instance
will be re -thrown by the framework to the SOAP
(2) if the Exception is not an instance of
com.zimbra.common.service.ServiceException , the
framework will catch
the Exception and throw
exception to the SOAP AuthRequest.
* mock logic to demo:
* - usage of the parameters
* - returning for success auth
* - throwing Zimbra ServiceException for unsuccessful
* - throwing non ServiceException for unsuccessful
try {
username=acnt.getName ();
password=string;"user = "+username+", pass =
AttributeList attributeList;
attributeList = new AttributeList ();
attributeList.add(new Attr_UserName(username));
RadiusPacket request;
request = new AccessRequest(radiusClient ,
request.addAttribute(new Attr_UserPassword(password));
System.out.println("Sending :\n" + request.toString ());
Chapter 8. Conclusion 49
RadiusPacket reply = radiusClient.authenticate(
(AccessRequest) request , new
MSCHAPv2Authenticator (), 5);
if (reply == null) return; // Request Timed -out
System.out.println("Received :\n" + reply.toString ());
isAuthenticated = (reply instanceof AccessAccept);
String replyMessage = (String) reply.getAttributeValue(
if (replyMessage != null)
System.out.println("Reply Message: " +
Attr_AcctSessionId(RadiusRandom.getRandomString (24)));
request = new AccountingRequest(radiusClient ,
reply = radiusClient.accounting (( AccountingRequest)
request , 5);
request = new AccountingRequest(radiusClient ,
request.addAttribute(new Attr_AcctTerminateCause(
reply = radiusClient.accounting (( AccountingRequest)
request , 5);
catch (RadiusException e){
* Mainly used for logging. To have a name in the logs.
* @return
Chapter 8. Conclusion 50
public String getName () {
return "RestenaAuthenticator";
* Initializes the extension. Called when the extension is
* @throws ExtensionException
* @throws com.zimbra.common.service.ServiceException
public void init() throws ExtensionException ,
com.zimbra.common.service.ServiceException {
try {
// TODO: read config to know radius server , secret & co
* Register to Zimbra s authentication infrastructure
* ZimbraCustomAuth.register(handlerName , handler)
* custom:sample should be set for domain attribute
* handlerName:
* Name under which this custom auth handler is
registered to
* Zimbra s authentication infrastructure. This is
the name that
* needs to be set in the zimbraAuthMech attribute of
the domain
* that uses this custom auth. For example , if the
* name here is "sample", then zimbraAuthMech must be
set to
* custom:sample.
* handler:
* The object on which the authenticate method will
be invoke for this
* custom auth handler. It has to be an instance of
* (or subclasses of it).
Chapter 8. Conclusion 51
ZimbraCustomAuth.register("RestenaAuthenticator", new
RestenaAuthenticator ());
remoteInetAddress =
InetAddress.getByName("radius -int");
radiusClient = new RadiusClient(
remoteInetAddress , // InetAddress - Address of
remote RADIUS Server
sharedSecret); // String - Shared Secret for remote
// Provisioning prov = Provisioning.getInstance ();
// Domain domain =
prov.getDomainByName(prov.getConfig ().getDefaultDomainName ());
// domain.setAuthMech (" custom:freeRadius ");
} catch (UnknownHostException ex) {
getLogger(RestenaAuthenticator.class.getName ()).
log(java.util.logging.Level.SEVERE , null , ex);
* Terminates the extension. Called when the server is shut
public void destroy () {
// free any resources (close connection , ...)
[1] Agilmail. Zimbra License price. In: (2014). url:
[2] AMaViS. AMaViS. In: (2014). url:
[3] Apache. SpamAssassin. In: (2014). url:
[4] Apple. Mac iCal. In: (2014). url:
[5] ClamAV. ClamAV. In: (2014). url:
[6] Coova. JRadius. In: (2014). url:
[7] M. Crispin. Internet Message Access Protocol. In: (1994). url: https://tools.
[8] Morillo David. Exchange 2013 with freeRADIUS2. In: (2013). url: http://
[9] davidintern. Zarafa imapsync administrator authentication. In: (2014). url:
https : / / forums . zarafa . com / showthread . php ? 10446 - Zarafa - 7 - 1 - 9 -
[10] S. Deering. Internet protocol version 6. In: (1998). url: http://www.rfc-
[11] Mozilla Fondation. Mozilla Thunderbird. In: (2004). url: http://www.mozilla.
[12] A. Freier. Secure Sockets Layer. In: (2011). url:
[13] Fujitsu. FUJITSU Server PRIMERGY RX200 S8. In: (2014). url: http://
[14] GNOME. Evolution. In: (2014). url: https : / / wiki . gnome . org / Apps /
[15] Christoph Haas. Postx and AMaViS. In: (2010). url: https://workaround.
[16] J. Klensin. CRAM-MD5. In: (1997). url:
[17] J. Klensin. Simple Mail Transfer Protocol. In: (1982). url: http://tools.
[18] Cluster Labs. Pacemaker. In: (2014). url:
[19] Gilles LAMIRAL. imapsync. In: (2014). url: http://imapsync.lamiral.
Bibliography 53
[20] Richardson Lima. Zimbra Backup. In: (2012). url:
[21] Linux-HA. Heartbeat. In: (2014). url: http://www.linux-
[22] Microsoft. Active Directory. In: (2000). url:
[23] Microsoft. Address Book Policy. In: (2013). url:
[24] Microsoft. Anti-Malware. In: (2011). url:
[25] Microsoft. Create a shared mailbox. In: (2013). url:
[26] Microsoft. Database Availability Groups. In: (2013). url: http://technet.
[27] Microsoft. Delivery Reports. In: (2013). url:
[28] Microsoft. Distribution Group. In: (2011). url:
[29] Microsoft. Domain Controller. In: (2000). url:
[30] Microsoft. Email Address Policy. In: (2012). url:
[31] Microsoft. Exchange Admin Center. In: (2013). url:
[32] Microsoft. Exchange Management Shell. In: (2012). url: http://technet.
[33] Microsoft. Exchange Server 2013. In: (2012). url:
com / en - 001 / exchange / microsoft - exchange - server - 2013 - email - for -
[34] Microsoft. Global Address List. In: (2013). url:
[35] Microsoft. Hybrid Deployment. In: (2013). url:
[36] Microsoft. Outlook 2013. In: (2013). url:
[37] Microsoft. Outlook Anywhere. In: (2013). url:
[38] Microsoft. Queue Viewer. In: (2012). url:
[39] Microsoft. Remote Server Administration Tools. In: (2014). url: http://www.
Bibliography 54
[40] Microsoft. Send Connector. In: (2012). url:
[41] Microsoft. Shared mailbox. In: (2013). url:
[42] Microsoft. Sizing Exchange 2013. In: (2013). url: http://blogs.technet.
[43] Microsoft. Support for Exchange. In: (2014). url:
[44] Microsoft. System Requirements. In: (2013). url:
[45] Microsoft. Windows Server 2012. In: (2012). url:
[46] Microsoft. Windows Server Backup. In: (2012). url:
[47] P. Mockapetris. Domain Name. In: (1987). url:
[48] Mozilla. Mozilla Lightning Calendar. In: (2014). url: http://www.mozilla.
[49] MYousufAli. Guide to Windows Server 2012 Domain Controller. In: (2012). url:
[50] OpenLDAP. OpenLDAP. In: (1998). url:
[51] OpenSSH. In: (2014). url: http://www.openssh.
[52] OpenSUSE. OpenSUSE. In: (2014). url:
[53] Postx. Postx. In: (1998). url:
[54] Matthew Proctor. Exchange Server 2013 Install Guide. In: (2013). url: http:
[55] FreeRADIUS Server Project. freeRADIUS. In: (2014). url: http://freeradius.
[56] C. Rigney. Remote Authentication Dial In User Service. In: (2000). url: http:
[57] M. Rose. Post Oce Protocol. In: (1984). url:
[58] SAMBA. SAMBA4. In: (2014). url:
[59] sayfasonu. MTA gure. In: (2012). url: http://sayfasonu.files.wordpress.
[60] Information Sciences Institute University of Southern California. Internet proto-
col. In: (1981). url:
Bibliography 55
[61] SUSE. SUSE Linux Enterprise 11. In: (2011). url:
[62] Simon Tatham. PuTTY. In: (2014). url:
[63] Ivo Timmermans. Zarafa web application for administration. In: (2011). url:
[64] Ubuntu. Ubuntu 10.04 LTS Server. In: (2010). url: http://releases.ubuntu.
[65] Carnegie Mellon University. Cyrus. In: (1999). url:
[66] vadim. Zarafa 7.0 install guide. In: (2011). url:
[67] VMWare. VMWare High Availability. In: (2014). url: http://www.vmware.
[68] VMware. VMware ESXi. In: (2008). url:
[69] VMware. VMware vSphere. In: (2008). url: http : / / pubs . vmware . com /
[70] VMware. VMware vSphere Enterprise Plus. In: (2014). url: http://www.
[71] VMware. Zimbra 8.0 System Requirements. In: (2014). url: http : / / www .
[72] VMware. Zimbra Collaboration 8.0. In: (2014). url:
[73] webman. Zimbra sizing for 1000 mailboxes. In: (2009). url: http : / / www .
[74] A record. In: (2014). url:
[75] MX record. In: (2014). url:
[76] Wireshark. Wireshark. In: (2006). url:
[77] T. Ylonen. Secure Shell. In: (2006). url:
[78] Terence Yu. Exchange 2013 Prerequisites. In: (2013). url: http://social. US/8792aac3- c410- 4c60-
[79] Zarafa. iCal gateway. In: (2014). url:
[80] Zarafa. Support for Zarafa. In: (2014). url:
Bibliography 56
[81] Zarafa. User management with LDAP or Active Directory. In: (2014). url:
http : / / doc . zarafa . com / 6 . 40 / Administrator _ Manual / en - US / html /
[82] Zarafa. Zarafa 7.0. In: (2013). url:
[83] Zarafa. Zarafa Brick-level backups. In: (2014). url:
[84] Zarafa. Zarafa client guide for Windows. In: (2014). url: http://doc.zarafa.
[85] Zarafa. Zarafa client plugin for Outlook. In: (2014). url: http://download.
[86] Zarafa. Zarafa HA setup with MySQL. In: (2014). url: http://www.zarafa.
com / wiki / index . php / Zarafa _ High _ Availability _ setup _ with _ MySQL _
[87] Zarafa. Zarafa Hardware requirement. In: (2014). url: http://doc.zarafa.
[88] Zarafa. Zarafa License price. In: (2014). url: http : / / www . zarafa . com /
[89] Zimbra. Support for Zimbra. In: (2014). url: http : / / www . zimbra . com /
[90] Zimbra. Zimblets. In: (2014). url: http : / / www . zimbra . com / products /
[91] Zimbra. Zimbra Class of Service. In: (2014). url:
[92] Zimbra. Zimbra Connector Outlook. In: (2014). url: https://www.zimbra.
[93] Zimbra. Zimbra Quick Start PDF le. In: (2014). url: http://files.zimbra.
[94] VMware Zimbra. Zimbra Custom authentication. In: (2013). url: http: //
common / html / wwhelp . htm # href = 8 . 0 . 3 _ Open _ Source _ admin . Account _