Planning for Installation

Required Skills

To install and manage Baruwa Enterprise Edition you need to have basic Linux command line skills such as the ability to login via SSH or console and run commands, interpret command output, check log files etc.

Baruwa Enterprise Edition is RPM based, so you also require working knowledge of Redhat-like specific commands such as rpm, chkconfig, etc.

To configure Baruwa Enterprise Edition, you need to have an understanding of how internet email works, how email is routed and the various protocols in use.

If you do not possess the required skills you can purchase installation support and or ongoing maintanance support, contact Support to do so.

Hardware Compatibility

Hardware compatibility is particularly important if you have an older system or a system that you built yourself. Baruwa Enterprise Edition 6.10.11 should be compatible with most hardware in systems that were factory built within the last two years.

However, hardware specifications change almost daily, so it is difficult to guarantee that your hardware is 100% compatible.

One consistent requirement is your processor. Baruwa Enterprise Edition 6.10.11 supports, at minimum, all 64-bit implementations of Intel micro-architecture from P6 and onwards and AMD 64-bit micro-architecture from Athlon and onwards.

Supported Installation Hardware

For installation of Baruwa Enterprise Edition on AMD64 and Intel 64 systems, The following installation targets are supported:

  • Hard drives connected by a standard internal interface, such as SCSI, SATA, or SAS
  • BIOS/firmware RAID devices
  • Fibre Channel Host Bus Adapters and multipath devices are also supported. This need to be done under expert mode and Vendor-provided drivers may be required for certain hardware.

The following virtualization technologies are supported:

  • Xen block devices on Intel processors in Xen virtual machines.
  • VirtIO block devices on Intel processors in KVM virtual machines.

Warning

Installation on Hyper-V Generation 2 VM’s does not work, Installation on Generation 1 VM’s may work.

RAID and Other Disk Devices

Baruwa Enterprise Edition 6.10.11 uses mdraid instead of dmraid for installation onto Intel BIOS RAID sets. These sets are detected automatically, and devices with Intel ISW metadata are recognized as mdraid instead of dmraid. Note that the device node names of any such devices under mdraid are different from their device node names under dmraid. Therefore, special precautions are necessary when you migrate systems with Intel BIOS RAID sets.

Local modifications to /etc/fstab, /etc/crypttab or other configuration files which refer to devices by their device node names will not work in Baruwa Enterprise Edition 6.10.11. Before migrating these files, you must therefore edit them to replace device node paths with device UUIDs instead. You can find the UUIDs of devices with the blkid command.

Hardware Raid

RAID, or Redundant Array of Independent Disks, allows a group, or array, of drives to act as a single device. Configure any RAID functions provided by the mainboard of your computer, or attached controller cards, before you begin the installation process. Each active RAID array appears as one drive within Baruwa Enterprise Edition.

Software Raid

You can use the Baruwa Enterprise Edition installation program to create Linux software RAID arrays, where RAID functions are controlled by the operating system rather than dedicated hardware.

In order to configure software raid you need to select the Expert install option at the boot screen.

Disk Space

Before you start the installation process, you must:

  • have enough unpartitioned disk space for the installation
  • have one or more partitions that may be deleted

The standard partitioning scheme which is generated when the expert mode is not selected is as follows:

Mount point Size FS Comments
/boot/efi 200MB VFAT EFI Partition
/boot 500MB EXT4 BOOT Partition
/ 10GB EXT4 Root Partition
Swap 3GB   Max size 3GB
/var   XFS Rest of the disk.

If you would like to setup software RAID, LVM or use SAN storage, you should use the expert mode.

Partitioning scheme

Should you choose to run the install in expert mode, please partition the system to provide the bulk of disk space to the /var partition.

It is advisable to have the /var partition on a standalone partition with a file system that does not limit the number of files such as EXT4 and XFS.

Note

There is no need to create a /home partition for this system, as no home directories will be created. The default partition scheme does create a /home partition with the largest allocation, you need to change that by manually partitioning the system.

Network Firewall

Baruwa Enterprise Edition requires the following ports open to allow for proper functioning.

PORT PROTOCOL DIRECTION DESCRIPTION
25 TCP INBOUND/OUTBOUND SMTP TRAFFIC
465 TCP INBOUND TLS SMTP TRAFFIC
587 TCP INBOUND SMTP SUBMISSION
80 TCP INBOUND/OUTBOUND WEB TRAFFIC
443 TCP INBOUND/OUTBOUND WEB TRAFFIC
53 TCP/UDP OUTBOUND DNS TRAFFIC
123 UDP OUTBOUND NTP TRAFFIC
2703 TCP OUTBOUND RAZOR TRAFFIC
24441 TCP/UDP OUTBOUND PYZOR TRAFFIC
6277 UDP OUTBOUND DCC TRAFFIC
873 TCP/UDP OUTBOUND UPDATES TRAFFIC
11211 UDP BETWEEN NODES CACHE SYNC TRAFFIC
3542 UDP BETWEEN NODES CLUSTER TRAFFIC
4369 TCP BETWEEN NODES AMQP TRAFFIC
25672 TCP BETWEEN NODES OTP TRAFFIC
5672 TCP BETWEEN NODES AMQP TRAFFIC
5432 TCP BETWEEN NODES DB TRAFFIC
6432 TCP BETWEEN NODES DB TRAFFIC
9306 TCP BETWEEN NODES SEARCH QUERY TRAFFIC
8300 TCP BETWEEN NODES CLUSTER TRAFFIC
8500 TCP BETWEEN NODES CLUSTER TRAFFIC
8301 TCP/UDP BETWEEN NODES CLUSTER TRAFFIC
8302 TCP/UDP BETWEEN NODES CLUSTER TRAFFIC

DNS

DNS is critical for the operation of any email system, Baruwa Enterprise Edition is no exception.

A local caching server is installed and setup on systems configured using the Standalone System, Web and Mail System and Mail System profiles.

This local caching server is independent of your other DNS systems and resolves from the DNS root. If your DNS zones are not resolvable externally then this local caching system will not be able to resolve those names. To enable you resolve names that are only configured locally on your other DNS systems you need to add forward zones for those domains in the /etc/unbound/conf.d/local.conf file, if you have any private address reverse zones you need to configure entries for these in /etc/unbound/local.d/local.conf and then restart the unbound service.

Baruwa Enterprise Edition is designed to use this local caching server, any changes to the /etc/resolv.conf file to use external DNS servers will be overwritten.

Warning

The use of public DNS servers such as Google, OpenDNS or your ISP’s name servers is not supported as these servers will be blocked/throttled by URIBL and DNSBL servers thus leading to poor performance of your system. Our Datafeeds system only accepts DNS requests from the IP address of the system running Baruwa. Positive responses will be returned for all DNS BL queries sent to our Datafeeds systems from non Baruwa server IP addresses. This may cause all your mail to be marked as spam or rejected at SMTP time.

The use of your own DNS infrastructure is no longer supported, do not forward all queries to your own DNS infrastructure only forward requests for your internal zones. Add the internal zones to be forwarded to /etc/unbound/conf.d/local.conf

Note

After setting up your server ensure that the only entry in /etc/resolv.conf points to 127.0.0.1. You also need to make sure that your firewall or ISP is not redirecting DNS queries to their own infrastructure.

Testing DNS

To test that your server is correctly resolving DNS requries use the following command.

host -t txt 2.0.0.127.test.rbl.baruwa.net.

You should get the following response if it is working correctly.:

2.0.0.127.test.rbl.baruwa.net descriptive text "The DNS checks working correctly"

If you do not get the above response after setup then your DNS is not resolving correctly, you need to fix that before putting the system into production.

Hostnames

When choosing the hostnames for your web and mail services be careful to choose a well established TLD.

It is recommended you not choose the new GTLDs which were recently introduced. Most of these new GTLD’s have a bad reputation and are constantly blocked by spam filters.

Clustering

If you would like to setup a cluster system, please review the Clustering chapter then, review the supported Topologies and the available System Profiles and choose which ones to implement prior to starting the installation.

The recommended installation order for the distributed backend is:

  1. Database Systems
  2. Search Index Systems
  3. Message Queue Systems
  4. Cache Systems [Optional]
  5. Nodes

The recommended installation order for the single Backend is:

  1. Backend Systems
  2. Nodes

The first system that you setup should be configured as a Bootstrap server.

System Profiles

Baruwa Enterprise Edition can be installed on a standalone server or distributed with various components on different servers.

A distributed setup is required if you want to run a cluster. The available system profiles are described below.

Standalone System

This is the default setup and is used for non clustered setups. All the components are installed on one server. Choose this option if you only want to run one server.

Backend System

This setup installs all the backend components on to one server, the backend components that are installed are:

  • Database Server
  • Message Queue Server
  • Search Index Server
  • Cache Server [Optional]

This profile is used in the Single Backend Distributed Frontend and Single Backend Hybrid Frontend topologies.

Servers setup using this profile can be setup as a Bootstrap server.

Web and Mail System

This is a frontend system it provides the mail and web interfaces, mail is delivered to the server and at the same time it serves as the web interface for both administration as well as end user access. This system requires a backend system or distributed backend systems. You can have several of these nodes scaling up or down as demand grows or drops.

This profile is used in the Distributed Backend Hybrid Frontend and Single Backend Hybrid Frontend topologies.

Mail System

This is a front-end system that is dedicated to processing mail, it does not provide a web interface for administration as well as user access. You setup this kind of system if you want dedicated servers processing mail only. You can have several of these nodes scaling up or down as demand grows or drops.

This profile is used in the Distributed Backend Distributed Frontend and Single Backend Distributed Frontend topologies.

Web Interface System

This is a front-end system that is dedicated to providing web interface access for administration as well as user access. You setup this kind of system if you want dedicated servers providing only web access. You can have several of these nodes scaling up or down as demand grows or drops.

This profile is used in the Distributed Backend Distributed Frontend and Single Backend Distributed Frontend topologies.

Search Index System

This is a backend server in a distributed system, it provides the backend indexing functionality. You setup this profile if you want a dedicated server providing search indexing.

This profile is used in the Distributed Backend Distributed Frontend and Distributed Backend Hybrid Frontend topologies.

Database System

This is a backend server in a distributed system, it provides the backend database functionality. You setup this profile if you want a dedicated server providing database functionality.

This profile is used in the Distributed Backend Distributed Frontend and Distributed Backend Hybrid Frontend topologies.

Servers setup using this profile can be setup as a Bootstrap server.

Message Queue System

This is a backend server in a distributed system, it provides the message queue functionality. You setup this profile if you want a dedicated server providing message queue functionality.

This profile is used in the Distributed Backend Distributed Frontend and Distributed Backend Hybrid Frontend topologies.

Cache System

This is a backend server in a distributed system, it provides the cache functionality. You setup this profile if you want a dedicated server providing cache functionality.

This profile is used in the Distributed Backend Distributed Frontend and Distributed Backend Hybrid Frontend topologies.

Expert installation

This profile is for users would would like to setup the system by themselves, only use this if you know what you are doing.