By Kevin
Erickson
Technical Support Team Leader
Noridian Mutual Insurance Company
[ The opinions expressed by authors on Linux Today are their
own. They speak only for themselves and not for Linux Today.
]
(lt ed — The following article is the winner of
the grand price for Best Business Case Study in the First Annual
Linux Solutions Awards.Criteria for winning entries included 1) Creativity; 2)
Ability to replicate the solutions; and 3) Practical applicability
to business, education or other professional endeavor.The First Annual Linux Solutions Awards was sponsored by the
Linux Consultants’ Support and Resource Center, Linux Today,
VARBusiness and Macmillan Publishing Company.The sponsors organized the contest to further the adoption
of Linux in Business.
I work for a growing company of about
1800 employees. Over a year ago we were faced with a decision on an
e-mail system for our corporation. At the time, we used Lotus
cc:Mail for electronic mail and Lotus Organizer for group
scheduling.
There were several reasons why we needed to consider a change.
First, Lotus had announced that cc:Mail was a dying product, and
would be replaced by Lotus Notes. Second, we had fallen behind in
some of our upgrades, possibly contributing to the fact that we
were experiencing more and more down time, and that users were
expressing frustration over the lack of reliability in our cc:Mail
system. In addition, the version of cc:Mail that we were using was
not Y2K compliant. Third, maintenance, support and upgrade charges
continued to grow along with our user base.
At this time we began to evaluate several solutions. We looked
at Lotus Notes, Microsoft Exchange, Novell GroupWise, and an open
system approach based on POP3 and IMAP protocols.
End users were accustomed to several features in the current
system. We felt we needed to make as many of those features
available as possible. Some of them were: ability to store mail on
the server; ability to share public “bulletin boards”; centralized
address book; public and private mailing lists; ability to use rich
text in e-mail; ability to schedule meetings based on other users’
schedules; and ability to delegate maintenance of a calendar. Other
features we were looking for included high uptime and reliability,
the ability to scale to our growing user base, and the ability to
recover deleted mail or recover from a failure. Ease of conversion
from the old system, and end user training were also factors.
End users evaluated front-end applications and determined that
Microsoft Outlook had the usability and features that they wanted.
IT staff evaluated back end solutions. We determined that we wanted
to avoid proprietary architectures, so a solution that at least
supported POP3 and IMAP protocols was essential. Integrated SMTP
support was also a requirement, eliminating the need for
proprietary gateways. I determined that for a fraction of the cost,
we could implement an open solution based on Linux that would have
85% to 90% of the features of the other solutions.
Going forward with my recommendation, we entered into a pilot
phase. The pilot was implemented for a small group using Outlook97
accessing a small Linux server. The pilot, for the most part, was a
success. We went through some growing pains as we expanded the
usage of the system, leading us to the configuration we have
today.
Our main mail server today is a Compaq Proliant 1600R, Pentium
II 450MHz, with 256Meg RAM, with a DPT RAID controller managing a
16Gig RAID5 volume. The server is running Red Hat Linux 5.2, and
services between 1500 and 1700 users. The primary software products
used in the solution are:
- Red Hat Linux 5.2 (http://www.redhat.com)
- Cyrus IMAP server (http://andrew2.andrew.cmu.edu/cyrus/imapd/)
- Sendmail SMTP server (http://www.sendmail.org)
- OpenLDAP server (http://www.openldap.org)
- SmartList mailing list processor (http://www.procmail.org)
- Apache Web server (http://www.apache.org/httpd.html)
- WU-FTPD FTP server (http://www.wuftpd.org)
- PERL (http://www.perl.com)
- ADSM (http://www.storage.ibm.com/software/adsm/)
Client desktops range from Pentium 100 to Pentium II 400, and
are all running Windows95 or Windows NT Workstation using Microsoft
Outlook 98 in an “Internet Only” configuration. The clients are
also equipped with Microsoft Internet Explorer 4.
I’ll describe the features of my solution, and how each software
product is configured to meet each requirement.
The ability to store mail on and retrieve mail from the server
is provided by the Cyrus IMAP server. Outlook98 supports access to
that mail via IMAP and POP3 accounts set up in Outlook 98. The IMAP
account also allows access to shared IMAP folders set up with Cyrus
IMAP and used as a bulletin board for sharing information with many
other users. The Outlook98 client supports e-mail in HTML format
allowing for rich text to be embedded in messages.
To allow for a centralized address book, I implemented the
OpenLDAP server. It is populated with our corporate directory, and
provides such information about employees as email address, phone
number, employee number, department number, division, department,
building, and other internal information. With the LDAP support in
the Internet-Only version of Outlook98, a client can type a name or
partial name, resulting in an LDAP query that returns that person’s
e-mail address. In addition, I wrote a Perl/CGI-based web interface
to the LDAP directory, which has replaced the monthly printing of
hundreds of internal telephone books. A user can search by name,
phone number, or any other field, resulting in a full display of
user information including a JPEG photo.
The Addressbook within Outlook 98 supports private mailing
lists. Public mailing lists are supported the Smartlist mail
processor based on Perl and Procmail. Users can subscribe or
unsubscribe from mailing lists via e-mail. In addition, lists are
generated based on department, division, etc from the LDAP server
and placed in Smartlists.
Group scheduling is supported by the integration of vcalendar
support in Outlook 98. I set up an anonymous FTP server using
WU-FTPD, which allows for the publishing of free/busy times
(vcalendar files) to the FTP server. An Apache server on the
machine hosts a virtual web site, which serves up those same files.
As changes are made to the Outlook 98 calendar, the information is
automatically published to a specified URL, in my case, the address
of the anonymous FTP server. When a user wants to schedule a
meeting with someone, they type the name into a meeting request, an
LDAP query is automatically done, and the resulting information is
used to access the users free/busy vcalendar information via an
HTTP URL pointing to the same location. This feature makes
scheduling a meeting with many people very easy.
Delegation of calendar maintenance was a feature required by
those management personnel with secretaries. My solution supports
this requirement using a feature of Outlook 98 called Net Folders.
This feature basically allows one to share your calendar (or any
other folder, e.g., Contacts) with other users via e-mail. As
updates are done to the shared folder, e-mails are generated that
automatically populate that folder on the recipients’ client.
Uptime and reliability for the solution has been excellent. The
current uptime for the main server is 152 days, with downtime being
caused by the need to tune various parameters to support the
growing user base. We are using IBM’s Adstar Distributed Storage
Manager (ADSM) for backup and recovery. This allows us to easily
recover individual e-mails that users may inadvertently delete, and
positions us to easily recover the system in the event of a
disaster.
There are several other features currently being planned or
partially implemented. Since the Cyrus IMAP server does not require
a Unix account to be created, one of our sites has been converted
to use PAM_LDAP so that authentication of the account is done via
LDAP to the OpenLDAP server rather than to the /etc/passwd file.
This allows for centralized usercode / password administration
across several mail servers and the elimination of the need for
root access to the mail server for account administration. We also
plan to modify our Sendmail configuration so that incoming mail
will generate an LDAP query to find the location of a user mailbox,
eliminating the need for a separately maintained Sendmail alias
file. Another feature to be investigated is integration of mailing
lists via the LDAP mailgroup object.
In conclusion, our Linux-based solution for e-mail has been a
tremendous success. It is difficult to determine an exact dollar
figure saved compared to the other solutions considered. The amount
saved on client licenses alone has more than paid for our solution.
We are distributing mail servers based on this configuration to all
of our offices throughout the U.S., and are continually looking for
ways to improve.