Product FAQs

  • Security
  • Performance
  • Archival
  • User Access & Address book
  • Deployment, Setup and Migration
Expand All | Collapse All
  • 1. In our environment, Users sometimes need to share their credit card numbers in the email. At no point this information should be available to anyone working on the server (not even in logs). How does Mithi ensure this content security in Connect Xf?
     

    1. The solution components do not store any part of the message body in any of the logs. This will ensure that no part of the message is visible in the logs. Only the subjects are stored for troubleshooting and reporting.

    2. The only place the mail is delivered in its entirety is to the user's inbox and to the archival system (if configured).

    3. If you plan to host our solution (Connect Xf) on your own servers within your data center, the storage is accessible only to your authorised administrators. This is controlled using role based administration. (refer here for more details)

    More
    Was this answer helpful ? Yes / No
    Viewed 420 Times
  • 2. With Connect Xf, can we delegate a new Web-based multi-mailbox search capability to a specialist user, such as a security compliance officer, to make the e-discovery process easier and more centralized?
     

    Mithi recommends deploying the built in compliance archival solution to help you get quicker access to the archived mail. Easy search interface to find mails based on mail attributes like from, to, subject, etc.

    For further reading:
    Mail Archival for Compliance
    Mail Archival options

    More
    Was this answer helpful ? Yes / No
    Viewed 425 Times
  • 3. Can I get alerts of suspicious activity like sending large mail outside the organisation or to a distribution list?
     

    This is in fact better handled in Connect Xf via the mail policy engine which prevents problems instead of controlling them post mortem.

    Easier mail policy controls via the GUI which allow granular user level or group level controls. The controls are intuitive and reduce the number of policies by a large order. E.g. for a group of users, by default deny all mailing, but allow only these exceptions. These are also easier to manage since they apply entity wise rather than like a large sequence of policies.

    For further reading:
    Demo Videos
    Mail Policies: Wiki , Presentation, Video

    More
    Was this answer helpful ? Yes / No
    Viewed 329 Times
  • 4. What controls are in place to ensure that data transferred is complete, accurate, traceable and recoverable?
     

    Complete data transfer is ensured by the protocols who work on a handshake basis and close the transaction only after receiving an acknowledgement from the recipient server/client.

    Accurate data transfer is ensured by the services who monitor the transaction flow for any errors or warning as reported by the OS or base api. In case of any error the transaction is aborted and the data stays as is, waiting for a retry. The administrator can keep track of this by scanning the logs for errors/warnings/failures.
    Essentially unless the two parties transacting the data, report to each other that the data has moved without any errors/warnings, the transaction is not approved/closed.

    Traceable is ensured by recording each transaction in the relevant logs. The reporting system also records each transaction in a database for quick lookup and generation of MIS reports.
    Recoverability is ensured by daily snap shot backups, and (if configured) mail archival for each user. With mail archival, a copy of each mail sent and received is recorded in a user wise archival, read only, that allows recovery of single mails or the entire mailbox.

    More
    Was this answer helpful ? Yes / No
    Viewed 414 Times
  • 1. Why is Mithi's Mission Critical solution suitable for a large user base?
     

    A large active user base (anything above 7500 users) typically requires the following characteristics from a collaboration solution:

    1. Reliable and Resilient (in case of any downtime or failure, handling queries or escalations from such a large user base could be a major challenge)
      The Mission Critical solution from Mithi provides redundancies at all layers, viz
      - Multiple relay servers in active active configuration
      - Dual load balancer servers in a cluster
      - Multiple stateless mail servers in active active configuration
      - Multiple Centralized Directory servers with service level auto fall back to available directory server.
      - High end NAS storage device with built in redundancies.
    2. High and consistent Performance (Such a large user base could generate variable load at all points. The solution should deliver a consistent and fast experience to the users)
      The redundant servers at each layer, balance the load evenly thus ensuring that each resource is optimally loaded. Provisioning for sufficient head room on each resource ensures that the response to end users is consistent.
      At the application layer ensuring that only clean mail are allowed to enter and leave the system, physically isolating the varying load from the regular consistent load, and using tools and policies (such as max mail size, restricting mail to distribution lists, etc)  to enforce a consistent usage pattern, etc help to provide a consistent high quality end user experience
    3. Easy to maintain (A simple, clean, layered setup will be easy to maintain and manage)
      The clean layering of the flow of data and requests, makes it easy to setup a monitoring practice to ensure uptime. We have observed approx 99.97% uptime on this architecture at customer sites.Using a combination of automatic alerts and a practice of daily monitoring, such a setup is fairly easy to maintain.
    4. Easy to scaleup (Large organisations grow in big increments. The solution should be able to grow easily with the needs)
      At each layer, simply adding or removing resources from the farm will add capacity since the the resources are configured in an active active mode. E.g. adding another mail server under the load balancer, will automatically cause the load to be distributed into the extra server, thereby adding capacity.
    5. Secure (More, diverse and distributed users implies reduced control on the client end. This means that the solution should be able to protect against internal and external security threats)
      The security framework of Connect Xf is very comprehensive
    6. Affordable (Traditionally large scaled up systems are very expensive. The solution to keep the costs in check)
      Mithi's solutions rely on commodity hardware, commodity operating systems, and the open source base platform to have a very low platform cost. A combination of reduced cost components and the ease, reliability and performance of this solution provide the maximum bang for the buck. We are confident that overall, your saving would be to the tune of 80%.
    More
    Was this answer helpful ? Yes / No
    Viewed 406 Times
  • 2. Why is a server load balancer required at the application layer?
     

    The Mission Critical Email solution is based on a high availability architecture, comprising of redundancies at all layers. Users access the mail application via multiple mail servers all of which are connected to a common storage. Any of the mail servers can serve any user's request (made possible since the directories are replicated amongst the mail servers or there is a common directory for the site and the common shared mailstore). This means that if one of the mail server is to fail, the users can transparently access their mailbox from another mail server in the farm.

    The load balancer unifies the mail servers to appear as one to the end user. As a result the end users only use one common URL/IP to access their applications. To make this possible, the load balancer maintains a list of active mail servers in its cache and when a request is made for a certain service like HTTP, SMTP, etc, it passes the request on to the one of the available mail servers (using one of several algorithms like round robin, MRU, etc). The load balancer accepts requests for application protocols and ports such as SMTP, IMAP, POP, etc. It is a critical component to make this architecture possible.

    More
    Was this answer helpful ? Yes / No
    Viewed 495 Times
  • 3. In a Mission Critical setup, can I replace the Load Balancer with a DNS round robin configuration? Will it not achieve the same objective?
     

    To start this discussion, I would like to point you to this link to understand why we need a load balancer in the mission critical architecture of Connect Xf. The load balancer achieves redundancy along with balancing the load by maintaining a list of servers which are "alive" and have an acceptable of "Quality of service" (QOS - read response). Thus if a server is to go down/fail, the load balancer will detect this, remove it from its list so incoming connections are not diverted to that failed server.

    With a DNS round robin, it can at best just load balance. It cannot achieve the redundancy element. This means that if a server is go down, the DNS system will be oblivious of that and will continue to send it requests. The users initiating these requests will receive an error.

    Another reason why a load balancer cannot be replace by a DNS round robin system is that for HTTP requests, we would need a sticky session feature. This feature ensures that connections between a client and a designated server are sticky for a given period of time or that session. This is required since tomcat sessions are not transportable across servers.

    To summarize, these are the downsides of a DNS based architecture for load balancing:

    1. There are typically no heartbeats or failure detection with DNS records, so if a given server in the rotation goes down, its A record must manually be removed from the DNS entries
    2. The time to live (TTL) must necessarily be set quite low for this to work at all, since DNS entries are cached aggressively throughout the internet
    3. DNS systems dont have any support for the sticky session feature.
    4. DNS makes use of caches, and clients can't force caches to refresh. if you regularly switch DNS entries you will observe 80% switch in 5 minutes, but it generally takes more than one week to get close to 100%. So DNS does not provide fail-over.

    References:
    http://serverfault.com/questions/101053/is-round-robin-dns-good-enough-for-load-balancing-static-content

    More
    Was this answer helpful ? Yes / No
    Viewed 456 Times
  • 4. For the Connect Xf applications, what is the typical Read to Write ratio for the I/O to/from storage?
     

    Considering the nature of the apps, email accounts for the maximum I/O on the storage. We have noted that number of Reads are about double the number of writes. This is because once an email lands in the inbox, it is read, accessed and searched multiple times.

    More
    Was this answer helpful ? Yes / No
    Viewed 477 Times
  • 5. What is the Bandwidth usage of Connect Xf Email Server?
     

    Click here to read details.

    More
    Was this answer helpful ? Yes / No
    Viewed 529 Times
  • 1. Can each user have two mailboxes one primary and one archived, to allow users to keep their primary mailboxes organized and uncluttered?
     
    Mithi (from day 1) has had Personal archiving as a feature to allow you to have dual mailbox for the users. The users can refer to this read only archive account for searching older mail, total mailbox retrieval. The primary account is typically managed by quota. Refer this link for further details.
    More
    Was this answer helpful ? Yes / No
    Viewed 428 Times
  • 1. Does Connect Xf support the variety of Smartphones including Apple products, Windows Mobile devices and Blackberry?
     

    Connect Xf now supports more open standards which allow Android phones, tabs, pads, iPhone and iPad mobile devices to access Connect Xf over open protocols (SMTP, POP, IMAP, CalDav-Calendar, LDAP-Address Book, XMPP-Chat) over commodity GPRS connections.

    For further reading:
    On Mobile Devices
    Get More Done with Connect Xf

    More
    Was this answer helpful ? Yes / No
    Viewed 384 Times
  • 2. Does Connect Xf provide an advanced communication platform including Email, Calendars, and Contacts, Meetings and Appointments?
     

    Mithi recommends the use of Thunderbird, which is a free, and reliable client. It supports the open calendar, address book and email protocols seamlessly. It is also tightly integrated with Connect Xf (a plugin allows the Thunderbird user to perform certain property modifications like password reset, vacation reply, etc from the client itself).

    Using open protocols and standards allow you to intermix the use of webmail client, desktop mail client and mobile client on the same mailbox, calendar, chat and address book data.

    For further reading:
    Configuring Thunderbird
    Desktop Accessories

    More
    Was this answer helpful ? Yes / No
    Viewed 396 Times
  • 3. Does Connect Xf support Message Recall?
     

    No, Connect Xf does not.

    Message recall is a proprietary feature specific to the architecture of MS Exchange and its tight integration with MS Outlook. There are several conditions to be met for recall to work even in the Exchange environment. Please refer to this link to know how recall works in MS Exchange.

    For a system based on open standards, which is accessible by any standard compliant client, this facility is not available since the client cannot play the critical role of deleting the message from the Inbox of the user.

    We recommend to all our customers to simply send a mail intimating a recall (no guarantees if the content of the recalled mail was read or not), which at least gives them a legal/policy edge if required.

    More
    Was this answer helpful ? Yes / No
    Viewed 433 Times
  • 4. Does your solution support search within attachment? Will it find mail if we provide the name of the attached file name?
     
    The Baya client (web client) does not support searching within attachments. As for the desktop clients and mobile clients, this depends on the capability of the email clients installed. From some cursory research it appears that there may be plugins to make this possible within the clients. The search however may work on attachment names (again this depends on the plugins installed)
    More
    Was this answer helpful ? Yes / No
    Viewed 390 Times
  • 5. Does Connect Xf support Calendar and tasks with free-busy look up from Outlook? Thunderbird / Baya?
     

    Outlook calendar integration with the Server is not supported since Outlook only works with MAPI (a microsoft propreitary protocol which is supported primarily by Exchange). If Outlok calendar is used, the data stays on the client and is not synced with the server.
    To sync calendar data with the server, Thunderbird or other clients supporting CalDAV have to be used. E.g. Android, IOS, Baya.

    More
    Was this answer helpful ? Yes / No
    Viewed 393 Times
  • 6. Can users who connect to Microsoft Terminal services (now known as Microsoft Remote Desktop services) access the Mithi Connect Xf applications?
     

    Applications from Connect Xf run within a browser or can be accessed from desktop client software like Thunderbird, MS Outlook, Pidgin, etc. Once a user connects to MS Terminal server or a MS remote desktop from a PC/laptop, his session is running on the remote server or PC. In this remote session the user is able to use all the applications available within the terminal. If the remote session allows the use of a browser and/or Thunderbird, MS Outlook and other compatible applications, the user can connect and use the services from Connect Xf.

    More
    Was this answer helpful ? Yes / No
    Viewed 459 Times
  • 7. Can the users see their Distribution List expanded (in other words can they see the members of a DL)?
     

    Yes. Users will be able to see the members of a DL via Baya the web client. Desktop clients and mobile clients access the Address book on the server over LDAP and using their native in built address book applications present the data to the users. In these clients, the members of the DLs cannot be viewed.

    More
    Was this answer helpful ? Yes / No
    Viewed 357 Times
  • 1. We would like to host multiple domains on Connect Xf/Mithi SkyConnect Setup, would we get a Global Address Book which has contacts from across our domains?
     

    Yes this is possible using the flexible address book configurations. The solution allows you to configure custom address books which source contacts from different sources. So you can compose a named address book composed of contacts from 1 or more domains. The address book is virtual and presents the latest contact details if the user/administrator is to modify any of the contacts.

    More
    Was this answer helpful ? Yes / No
    Viewed 422 Times
  • 2. Can we use an alternate port for IMAP, POP and Chat instead of the standard ports specified by you?
     

    Yes. Connect Xf allows you to modify the ports of access for the various services.

    More
    Was this answer helpful ? Yes / No
    Viewed 385 Times
  • 3. Can we install any of the servers in this architecture as VMs (Virtual Machines)?
     

    Yes, any or all of the servers in the setup can be based on VMs. However, it may be noted that, one physical hardware can host multiple VMs and so its quite important to ensure redundancy at that level too and ensure that VMs are spread across multiple hardware E.g. mail server VMs may be hosted across different host servers. A benefit of using VM is easy scale out since simply cloning an existing server will quickly add capacity, without having to provision a server, install the OS, install, configure and test the application, etc.

    The only exception to this is when you would like to deploy an Active Passive setup based on DRBD. In this setup the two servers are kept in sync using block level replication based on the DRBD component and this setup necessarily needs two physical servers of identical configurations.

    More
    Was this answer helpful ? Yes / No
    Viewed 400 Times
  • 4. Can you suggest the IOPs specification of the storage required?
     

    The below table provides our calculation of IOPs required from the application perspective. These are based on an analysis of all the IO activity which happens on a particular type of server. The IOPs calculated for an application as well as those observed using OS tools like iostats are way higher than those experienced by the disk. This is because the OS caches the filesystem in the memory and only page faults may results in disk IOPs. The RED HAT document explains this behaviour. It also recommends using blktrace to collect disk IOPS information. The data collected using blktrace can be processed using seekwatcher.

    Please note that the IOPS on the storage will be different, as the OS will cache the read/write requests.

    IOPS for Master and Cascaded provider

    [su_table]

    IOPS Per User
    Server/ Partition / /mailstore /archive
    FE 0.07 0.01 0.01
    Mail Server 0.39 0.2 0.1
    Mail Router 0.25 0.02 0.04
    Master 0.19 0.01 0.01
    Cascaded Provider 0.05 0 0
    IOPS Per Server
    Server/ Partition / /mailstore /archive
    FE 350 50 50
    Mail Server 1950 1000 500
    Mail Router 4375 350 700
    Master 950 0 0
    Cascaded Provider 250 0 0
    More
    Was this answer helpful ? Yes / No
    Viewed 399 Times
  • 5. We will deploy two Leased lines for our setup. Can we add two DNS records such that and if one link fails, access can continue on the second link?
     

    a. Incoming: You can have 2 parallel active active MX pointers for your domain. Each MX pointer IP address is serviced by separate links. The IPs are natted to the relay servers. Mail will come in via both links (load balanced). If one fails, the other will continue functioning.
    b. Access: For access from out side, your users will access mail.domain.com (which points to leased line 1). In case leased line 1 fails, you would need to make a change to the DNS record of mail.domain.com and change the IP to the leased line 2.
    c. Outgoing: Depending on the firewall you are using, the outbound traffic can be automatically balanced amongst multiple links (this is a feature of the firewall)

    More
    Was this answer helpful ? Yes / No
    Viewed 391 Times
  • 6. What is the stepwise Migration Plan?
     

    Click here to read details

    More
    Was this answer helpful ? Yes / No
    Viewed 410 Times
  • 7. Can we use SAN or IP SAN in place of NAS box, so that it can be utilized for other application also? If not, then can you explain why the mission critical solution will work only with a NAS?
     

    Mithi's Mission Critical Email solution will work only with a NAS since the core idea to achieve mail server redundancy is to be able to serve any user's access request (POP/SMTP/IMAP/HTTP/LDAP) from any mail server. Using this capability in combination with a load balancer allows the solution to offer a single URL/IP for users to access the application interfaces/services. Most requests by end users, will obviously access the mail store of that user.

    This implies that each mail server should be able to access (read and write) the mail store of each user. This is only possible if the mail store volume on the shared storage can be simultaneously mounted on all the mail servers (hosts) for read/write. This is possible only with a NAS over NFS protocol. The SAN device can mount a single partition as read/write only on a single host, while the same partition can be mounted as read only on other hosts.

    More
    Was this answer helpful ? Yes / No
    Viewed 402 Times
  • 8. How do I choose a NAS for my Mission Critical setup?
     

    NAS solutions have various applications ranging from being a simple back up device, to being a file server, to being used as a store for transactional data like a mail store or a database store.

    Depending on the application, the performance and reliability of the NAS device has appropriate relevance. E.g. for a simple backup application, the usage is typically in a batch mode, offline and not impacting the end users directly, and hence the performance is not so critical. However for transactional applications, which are sensitive to time, the performance and reliability become critical.

    Performance Benchmarks

    For a mission critical application like email & collaboration to work with acceptable performance, it is important for the NAS device to respond within an acceptable time to read/write requests.

    To check if the performance of a NAS device is acceptable for an email system, you could run the following test on the device. It’s a standard write test for a 256 MB file to check IO speeds of a device.

    Write benchmark: The response of this should be less then 5 seconds for the Real component of the time.
    time dd if=/dev/zero of=/data/testfile bs=16k count=16384
    Read benchmark: The response of this should be less then 0.2 seconds for the Real component of the time.
    time dd if=/data/testfile of=/dev/zero bs=16k count=16384
    The test assumes you are mounting the NAS partition on to a Red Hat Linux server over NFS.

    Functional Testing

    • Mount using the following settings in /etc/fstab should work
      10.118.6.68:/data1      /mnt/data                nfsd     rw,bg,vers=3,tcp,timeo=600,rsize=32768,wsize=32768,hard,intr,noatime,nodiratime   0 0
      Note: Please replace the IP, volume name and mount point appropriately
    • It should allow creation, modification and deletion of files and folders in the mounted partition
    • It should allow changing permissions and ownership rights on the files and folders in the mounted partition
    • If a new file is created in the folder, it should inherit the folders ownership rights.
      5. Should be compatible with Linux file systems and file names E.g. ':' and other such characters are allowed characters in the file names.

    Impact of poor NAS performance on an Email and Collaboration system

    Since the NAS is used as the mail store, its critical to have the performance of the I/O within the limits as described above. Using a device with a slower performance will impact:

    • Mail flow rate: Since it takes longer to write the mail to the store, the queues will take longer to clear.
    • End user experience: Since the clients (POP or IMAP) would be reading from the mail store continuously, any delay here will result in a slower experience.
    • System functions: Operations like backups, archival, storage auto management etc would perform much slower.

    NAS Technologies

    The technology used for NAS devices can be classified broadly as follows (this note does not provide any information on the hardware and other appliance configurations):

    NAS solutions based on configured NFS servers:
    Typically these solutions are configured on dedicated servers using the Windows or Linux operating system with NFS server configured. The main drawback here is the use of a general operating system not highly optimised for performance. Also some of the operating systems used are prone to virus attacks and performance bottlenecks if used extensively and exclusively for file I/O.
    These solutions are typically suitable for applications where performance is not so critical like the backup or a file server.

    Dedicated NAS devices

    This solution are typically housed in appliances, with redundant storage drives, and run a dedicated File operating system and NFS server, optimized for reads and writes to reduce latency. Typically in these devices, the performance can be given a boost by using faster and higher performance drives like SAS.

    These kinds of solutions are suitable for mission critical transaction environments.

    The Recommendation

    Mithi recommends the use of a dedicated NAS device for the suggested high availability configuration of Mithi Connect Server. The higher initial cost of such a device is easily offset by the gains encountered in the ease of management, higher throughput and high reliability of the high availability configuration of Connect Server.

    More
    Was this answer helpful ? Yes / No
    Viewed 355 Times
  • 9. How do I choose a Load Balancer for the Mission Critical Solution?
     

    For Connect Xf to be deployed in a mission critical (HA) environment, a load balancer is a critical component in the architecture. The load balancer should satisfy the following specifications/requirements to be able to work in this solution configuration.

    • Should support HTTP, HTTPS, SMTP, POP, POPS, IMAP, IMAPS, LDAP
    • Should support these load balancing algorithms - Round Robin, Sticky Session, Least Connect
    • Should have built in redundancies to handle self failure.
    • Should support Quality of service checks to detect server failures and remove them from the pool
    • Ability to dedicate traffic for a protocol to a specified server pool.
    • Provide detailed logs and analysis for audit and troubleshooting.

    While choosing a load balancer solution, you may want to consider the following:

    • Will this load balancer be used only for the collaboration solution based on Connect Xf or will you be using it for other applications as well.
    • Will you need to balance other protocols operative in the company like network bandwidth balancing/control.

    Unless you plan to deploy the load balancer for other applications or protocols, you may want to consider the simple and cost effective open source based Load Balancer application, which is deployed on 2 commodity entry level servers in a cluster and is quite effective in the mission critical solution.

    If not you may consider deploying a high end specialised appliance, which offers greater flexibility to manage different protocols, more controls and policies and is essentially multipurpose. These however are quite expensive.

    More
    Was this answer helpful ? Yes / No
    Viewed 379 Times
  • 10. What are your recommendations when choosing a Storage system for my Mail Store?
     

    If you choose a NAS, please consider the following

    1. In an Active Passive availability setup, a common store will be used by both the primary and secondary server. Replication of mail store will thus be avoided. This will improve reliability and quality of service.
    2. It can scale to a Component balanced setup (mail services on a server and front end services on another) or a Active - Active load balanced setup.
    3. Please choose high performing SAS drives with the highest rpm since i/o is most critical to functioning.

    If you choose an external attached storage or a SAN, please consider the following:

    1. Choose high performing SAS drives with max rpm since i/o is most critical to functioning.
    2. In an Active Passive availability setup, we will need two sets of volumes one each for the Primary and the Secondary store. Replication based on DRBD will run between the two volumes.
    3. This will not scale up to support an Active-Active load balanced setup.

    If you choose to deploy a server internal storage, please consider the following.

    1. Choose high performing SAS drives with max rpm since i/o is most critical to functioning.
    2. In an Active Passive availability setup, we will need two sets of disks one each for the Primary and the Secondary store. Replication based on DRBD will run between the two servers.
    3. This will not scale up to support an Active-Active load balanced setup.
    More
    Was this answer helpful ? Yes / No
    Viewed 372 Times
  • 11. What is the ration of Hot data v/s cold data in % or GB/TB w.r.t customer data size?
     

    Hot data = Hot data is data that needs to be accessed frequently. It is typically business-critical information that needs to be accessed quickly and is often used by a company for quick decision making. At present we see the entire mailstore as hot data, since we allow for search and change over the entire mailstore.

    More
    Was this answer helpful ? Yes / No
    Viewed 388 Times
  • 12. What is the recommended Block size , while configuring the storage?
     

    This is can be configured as per requirements of the storage - commonly used are 8KB or 16KB

    More
    Was this answer helpful ? Yes / No
    Viewed 367 Times