Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Several questions from a possible new user of KMS (Questions about several topics... please see if you can help with some of it)
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
Hi,

This is a huge post, but please scan the questions and just reply to whatever you can help with...

I'm currently evalutating KMS which would eventually replace our Small Business Server 2003. We're a mixed platform company which are going to move together with a another company in a few months and are growing out of our SBS.

I have several questions because I'm completely new to KMS. First I will explain a little about our needs.

We are going to be around 25 Mac clients and 65 Windows clients, but those numbers will grow. The Windows (currently 90% XP and 10% Win2k) clients are going to use Microsoft Office (currently 2003, but eventually also 2007) and use Outlook as their mail client and the Mac clients (all 10.5) will use Apple Mail, Address Book and iCal. They are currenly using Microsoft Office 2004 with Entourage, but since we have upgraded all to Intel-based Mac Pro's we would like to get rid of the PowerPC based Office 2004 and save the costs for Office 2008.

Currently all users have a mailbox of at least 1GB but some has more, and 1GB is really the minimum since we're a commercial printer and often send and receive quite big PDF files for proofing. I would like to offer them something like 4 GB per user, which would result in a mailstore of more than 300 GB. Currently we can't do that because of limitations in our Exchange and the amount of data that we're able to backup.

The idea was to install KMS on a brand new Xserve with dual Quad-core 2,8 GHz Xeon processors and a Eonstore RAID array with 14 SATA drives connected with Fibre Channel. Will that be suitable for our needs? We need top performance and the possibility for growth, but on the other hand we're quite pleased with the performance of our current Exchange in SBS and it's running on much more humble hardware (but also serving fewer users). I have discovered that NTLM authentification isn't available unless KMS is installed on a Windows machine and that might lead us to install it on a Dell PowerEdge 2900 III with dual Quad-core 2,8 GHz Xeon processors, 16 GB RAM and 12 SAS drives in an internal RAID connected to a PERC 6/i RAID controller. This server will be unused when we move together because the other company has one with the exact same specifications (they're running MS SQL Server). I guess that it will be powerfull enough?

I have tested KMS for some days now and some questions have come up:

1. Is there no support for Kerberos authentification? The users in KMS are coming from our Active Directory and all Windows and Mac clients are bound to AD.

On the Windows side there's NTLM which will take the Windows login credentials and use that for Outlook (as long as KMS is running on a Windows machine).

On the Mac I think it's a much greater problem. The users has to enter their username and password in Apple Mail, iCal, Address Book, Kerio Sync Connector and also in Directory Utility to enable LDAP lookup. Since our users are not administrators on their computers then they can't change settings in Directory Utility. If this was a onetime thing, then so be it, but we use rotating passwords and I simply can't tell the users to enter their new password 5 times whenever it's changed; that's not going to work! If Kerberos was supported, then it wouldn't be necessary.

I can enter a default user in Directory Utility and have the same username for all LDAP lookups and then that's taken care of, but is there any downside to that?

Is there any easy solution to this? If I used the built-in services in Mac OS X Server, then I could just use Kerberos but I don't believe that it's mature enough as a groupware solution.

2. Address Book synchronization in Mac OS X is not perfect.

I have discovered that if I sync the address book to KMS then any custom field names will be renamed to some default value. Let's say that a user has 4 phone numbers and they are called "Home, Office, Car & Beach house", then they would be renamed whenever a sync occurs. Can that be avoided?

3. Duplicate LDAP entries appear in Address Book and Directory.app.

For some reason a LDAP lookup returns two entries per user and resource. This only happens in Address Book and Directory.app, and not in Mail and iCal. I'm not sure that it was like that in the beginning but I can't figure our what has changed. I have entered the KMS server as a LDAP server in Directory Utility (actually it was the Kerio iCal Config Tool that did it) and it's not entered anywhere else. How can this be?

4. Calendar invites and edits appears in Mail as well as in iCal.

This will quite surely confuse the users and if they click the .ics file, then it will add the event to their local calendar, and not their KMS calendar. Is there any way to avoid this? If they spot the invitation in iCal first, then it works perfectly and it disappears from Mail.

I have configured the account in Apple Mail as an Exchange account since the documentation apparently states that it's the best setting. Would it help to set it as plain IMAP? Is there a better IMAP client for Mac OS X that is more suited for KMS? Preferably free or cheap.

5. Subfolders to the Inbox are not available in Apple Mail!

I have discovered that subfolders to the Inbox are not available in Apple Mail! They show just fine in the webmail, Entourage and Outlook. Is this a limitation in Apple Mail or something with how KMS talks to Apple Mail?

This is quite serious since this prevents a user to switch to a Mac if he/she has created subfolders to their Inbox. I think most of our users has!

Is there a workaround?

6. How well does a migration from Exchange to KMS work?

Our situation is a little special since we are two companies with two Exchange servers that will merge into one KMS server. A KMS expert that I talked to said that the eaisest solution was to install KMS in both locations and migrate from Exchange and then merge the two KMS databases. Is that right? Will a migration take everything to KMS like calendars, to do's, contacts, etc.?

7. How does KMS handle attachments?

When a user send a 20 MB PDF to all other users, then Exchange is smart enough to only store the file once (I've been told) and then just link it to all the mailboxes. I guess that it can do this because it uses a database. KMS is all about single files, so will it store the attachment 80 times for 80 users? That could lead to a huge waste of space since a file can be sent to many users in our company.

8. How does KMS scale? Is it stable?

I know that our company is not that big by worldwide scale, but in Denmark it's not a small company and especially not in our line of work . Mail and calendars are crucial to our work, and if it was down or slowed down, then it could cost us serious money.

Is KMS "mature" enough? It appears to me like a really nice product and I'm really impressed, but because it's so easy to install and configure I'm a bit sceptical if it's "big" enough to handle our needs. Maybe I'm just to used to the unnessecary complexity of Microsoft products Razz

That's it!

These were my questions for now. I hope that this long post hasn't scared everyone away and that some experienced users can contribute with something usefull.

Regards,
René Frej Nielsen

Regards,
Rene Frej Nielsen
  •  
RHarmsen.nl

Messages: 189

Karma: 0
Send a private message to this user
The only thing I can recommend is contacting Kerio support
http://www.kerio.eu/support.html

They should be able to help you out with a lot of your questions
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
Hi,

Maybe I should just email it all to support as well then? I'm not sure how active this foum is, but it would be nice to hear some real-world reports from active users and not just the official words from Kerio.

But thanks.

Regards,
René Frej Nielsen

Regards,
Rene Frej Nielsen
  •  
ccjwells

Messages: 192
Karma: 0
Send a private message to this user
I'd love to help you more, but being that I don't deal with Macs much, I can only help with a few of your questions. Yes, Kerio does support kerberos authentication against Active Directory. There are Active Directory extensions you need to install on the Windows AD server, but once that is done, configuring Kerio to authenticate against it is pretty simple.

The hardware you propose looks to be pretty hefty and should support your needs well. The processor and CPU are pretty much overkill for KMS. As a point of reference, I work in a prepress shop and we commonly move around large emails and files so have a fairly similar setup (almost all of our clients are windows and we don't have as many users) and we are running on an older Poweredge 2600.

On the attachments, I want to say that the attachment would be stored multiple times, but you really should ask support that question. I've never honestly went looking to check on how they are stored.
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
Hi,

Thank you for your input. You mention that Kerberos is supported but as I see it it's only between KMS and AD. I need the clients to use their Kerberos ticket that they obtain from AD to authenticate with KMS. Is that supported? I guess that NTLM does that on the Windows side, but I can't get i to work on the Mac side.

The AD extensions that needs to be installed are that the Kerio AD schema extensions? I have already installed those to be able to import the users into KMS.

I will email support as well, but it's very nice to hear from users!

Regards,
Rene Frej Nielsen
  •  
ccjwells

Messages: 192
Karma: 0
Send a private message to this user
Yes, the AD extesions I mentioned are the ones you have installed. I honestly don't know much about how it works on the Mac side of things so I can't answer the question. All our Mac users in this office use the webmail client and the while the Mac users in our Chicago office use Apple Mail, I don't know anything about how it is setup.
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
OK, I have now written to support and hope that they can answer the remaining questions.

Regards,
Rene Frej Nielsen
  •  
freakinvibe

Messages: 1542
Karma: 62
Send a private message to this user
With so many questions for the new project (I think you have a challenging and exciting environment), you should probably contact a Kerio partner to work on the project with you.

This forum is more for technical questions to specific problems. Even if you get answers here, there is no guarantee that they are correct, and how would you answer your boss, if something goes wrong?

"Someone in a forum said that our server is powerful enough...".

Your boss would probably fire you. You should have those answers written down by a Kerio consultant to cover your a...

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
renefn

Messages: 158
Karma: 0
Send a private message to this user
You're probably right... Though it might be difficult to get all the details without making a commitment to buy a solution from them.

Regards,
Rene Frej Nielsen
  •  
dejf

Messages: 11
Karma: 0
Send a private message to this user
I'd also ask how easy is it to migrate from KErio. As once you are locked in, there is no easy way out...
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Use any IMAP copy or migration utility. There is plenty of them on the Internet. What kind of lock do you mean?
  •  
dejf

Messages: 11
Karma: 0
Send a private message to this user
Migrate mails is not enough. I need to migrate users with passwords and that seem not possible to me right now as their format is specific.
If you change the environment for hundreds of users, you do not wish to bother them with password changes. As simple as this.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Well, that's the advantage of using directory services (ActiveDirectory, OpenDirectory, even OpenLDAP with Kerberos) - you don't need to migrate users or passwords.

When migrating to Kerio you also need to know user passwords or use on of these directory services. It is not an artificial lock from Kerio to "lock" customers. It is a standard situation with every product (even opensource).
  •  
dejf

Messages: 11
Karma: 0
Send a private message to this user
You may move password hashes between most opensource products without any hassle. The fact, that there is no way of using them in kerio is sad, but in this very moment irrelevant to me.
I know that it would have been great if my company had used some of the mentioned services in those years when it started using kerio. But I need to move on anyway. Kerio is able to change the format from DE3 to SHA, so there is a way to get password from kerio DE3 format in which most of passwords in our system are stored.
hbianchi

Messages: 121
Karma: 8
Send a private message to this user
Harware you are thnking seems to much for the number of users you say. I'm running a 680 users installation over Red Hat linux 5.3 using a Dual processor (Quad Xein) machine with a 160 GB SATA RAID 1 for O.S. and Kerio Directory, and 3 TB SATA RAID 5 for mail.

I have some Outlook (about 50) and MAC Mail (about 50) users, but I push everybody to user webmail becuase it works always ok.

We use import users from Active directory, but we keep them out of Kerio AD sync. interface. We import and delete them manually. For autentication we use Kerberos.

We give users aboput 1GB without problem. Backup is in background and you don't even notice.

Only concern with attachments is when somebody posts a big attachment in a "public" folder. In that case, when may users are connected, system became slow, until everybody clients (webmail) discovers the new post.

Previous Topic: Individual User Problem, KMS 6.7.2 build 7821
Next Topic: Thunderbird + Lightning
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 00:38:15 CEST 2017

Total time taken to generate the page: 0.00545 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.