MS Exchange functionality on Linux? Zimbra ties it all together.

The never-ending quest to put a bullet in the Microsoft Exchange server has just chambered another live-round in the form something called Zimbra. To be fair, the Exchange server I manage is very stable, and runs great. I just loath the price of licenses and dread the obscure solutions to seemingly easy tasks.

I don’t know where this product has been hiding, but it caught my eye last week as a result of a Stumble! click. It seems Yahoo! has spent some coin and bought out Zimbra but is continuing to offer the code and binaries under a variety of licensing models. This is all good news for IT departments and service providers everywhere!

There are a number of How-To documents on the Internet that describe implementing various services to support an Exchange’esque environment. I’ve tried it, it works, but it’s ugly and a devil to maintain. Zimbra provides all the necessary technologies in one suite and centralizes the configuration in a uniform interface. The clever folks at Zimbra did it RIGHT. Both the authentication and directory Services are user configurable and 3rd party supported. This means that Zimbra can leverage your existing directory systems such as Active Directory or any other LDAP server for that matter.

I needed to see this in action and judge for myself.

This was a perfect opportunity to use VMWare to stage an image and play around with the basics. I created a 10GB virtual disk and installed Fedora Core 7 x86 while I was downloading the Zimbra 4.5.8GA Binaries for Fedora Core 5 x86 (yes, for FC5). FC7 was installed with minimal options as the Zimbra docs state that services such as httpd, mysqld, slapd, and a few others be either un-installed or disabled. I wasn’t in the mood to fight, so I complied.

Once done, I copied the Zimbra tarball over to the fresh VM, untarred and ran the ./install.sh script. This script does a great job of telling you what you’re missing; in my case I had to add some symlinks for version compatibility in /usr/local for libcurl and libidn. Fetchmail, curl and libstdc++ needed to be installed as well.

I also configured a A and MX record for the DHCP provisioned VM that resolved to private LAN address; all for testing purposes of course. I managed to get Zimbra installed without too much mucking about and went with the default values for the most part. It completed the install and launched the Zimbra services.

Web Client

The web-client is pretty slick, it’s by far the best looking one I’ve yet to see!

It has everything you’d expect in a webclient including a handy search-launch across the top for both internal/Google searches, and built in shared Wiki style document manager. Users can manage multiple identities, POP accounts, Address books… there are lots of variables and settings!

Comparing functionality with that of the Exchange Web client, I don’t notice anything missing, in fact, there’s way more in Zimbra. Even with all the playing around and trying all sorts of options it never hung or crashed my browser; it just plowed through it all.

Web Admin

Like the webclient, the web administration is top-shelf. It offers a ton of configurable items that are often annoying or impossible to do under MS Exchange. For example, under Exchange getting a Resource to auto accept an available booking for something like a meeting room or projector is nuisance; last I checked a Micro$oft DLL was required to hook certain Exchange message and action the resource via script. This functionality is build right into Zimbra.

Spam and AV control; yep. Built right in too.

Separately it would be like managing OpenLDAP, Postfix, Spamassassin, Anomy, ClamAV, stats package, webserver, database, spell-check, CA, and an IMAP server (and more I’m sure)!

Migrating from Exchange seems to be straight-forward. I didn’t get the chance to try, but there are included tools that facilitate the process, mapping MAPI accounts to Zimbra accounts. The tools claim to migrate everything, and based on what I’ve seen so far, there is no reason to doubt this product either.

Given the opportunity (hardware) , I’d love to dedicate an environment to test Zimbra at the office to get an idea of what the day to day operation and maintenance is like and report back on the overall stability and workload.

The system requirements:

Evaluation and Testing
• Intel/AMD 32-bit or 64-bit CPU 1.5 GHz
• 1 GB RAM
• 5 GB free disk space for software and logs
• Temp file space for installs and upgrades*
• Additional disk space for mail storage

Production environments
• Intel/AMD CPU 32-bit 2.0 GHZ+. or large deployments (more than 2000 users), 64-bit OS is recommended.
• Minimum – 2 GB RAM Recommend – 4 GB
• Temp file space for installs and upgrades*
• 10 GB free disk space for software and logs (SATA or SCSI for performance, and RAID / Mirroring for redundancy)
• Additional disk space for mail storage

This is a great product, truly well done, congratulations to all involved!

- Paul

Zend’s Yin and Yang…

Earlier this week I ran into an issue with Eclipse PDT (PHP Development Tools) after upgrading to the latest version (Europa 3.?). My development platform is Windows XP and IIS, 3.2 P4 1GB RAM, IIS, PHP 5 ISAPI, MySQL. We call this the WIMP configuration (Windows IIS MySQl PHP) .

Some of the scripts in our application are quite large and something happened with the PDT; it simply takes forever for Eclipse to parse the script and extract all the classes/variables to render the Outline perspective. This gets really frustrating as it goes through this process on regular intervals as you work through the script. I can’t really complain about Eclipse up until now, its been my development workhorse for the past while and will eventually get fixed in this regard. I have faith. What do you want for free after all?

This lead me down a path where I uncovered things I’d rather not know or have experienced…

About 8-12 months ago (maybe longer now), we need to encode/obfuscate our application for delivery to a client so that they could run it on their own server/intranet. The application is written in PHP and normally all files are in plain-text that obviously offers no copy or tamper protection. Part of selecting PHP for this project included the knowledge that “Zend Technologies” provides Zend Guard/Zend Encoder to suit this requirement.

Some time had past and we were ready to proceed with the order to Zend for the latest and greatest obfuscation gadget.

Having made a contact in sales at Zend during a previous trial of what was called Zend Encoder, I decided to call and pick things up where we left off, which was basically a “I’ll get back to you.” So I rang my sales rep and relayed that we were ready to go and that we needed to purchase Zend Encoder.

The representative proceeded to explain that Zend Encoder was being phased out and being replaced with something called Zend Guard, a whole new product that integrates with the Zend Studio IDE and offers a whole new level of protection through a subscription based service or full all-out purchase of the software. This software was not yet released, and was still being Beta tested. I inquired as to why Encoder was being replaced and that I wasn’t interested in spending money on a commercial beta (Microsoft does a great job of forcing us to buy Beta software in a “Production” wrapper) and could I still buy Zend Encoder.

The rep continued to explain that Zend Encoder had been “cracked”, allowing the source code to be viewed from a previously encoded file. This was obviously a very serious problem for Zend and I did appreciate heads up and that waiting might be worth while.

As promised, when Zend Guard was out of Beta, my rep contacted me and we proceeded with the transaction. As part of the Zend Guard, a license for Zend Studio was bundled as well. If you’re a developer, you no doubt have your favorite “daily-driver” IDEs and probably don’t like to change them up very often; I was happy with Eclipse and saw no reason to change it up to Zend Studio… I’d give it a whirl at some point in the future.

This brings us to some time last week…

Now while this may seem to deviate from the subject of this post, I think its important because it illustrates the general trend (with some exceptions) of software “crumminess” that comes out of Zend Technologies.

Zend Guard

Firstly, it seems that Zend spends more time on their copy protection and licensing schemes than it does trying to make a cohesive piece of software. This became apperent when first installing Zend Guard. It fussed and bitched about the license file that Zend had provided, resulting in a call to Zend where some voodoo was performed and eventually a new license worked.

The user interface on this product really isn’t too hot, the left pane is a tree and the remaining is pretty standard looking application with Tab style UI layouts. You create a project, add/exclude files, choose settings, and make it go. It spits out encoded PHP files out the other end.

When it comes to actually encoding files, its a bit disappointing. Our code uses a technique that groups classes of similar functionality into a salable “module”. When a client is sold a module of new functionality, the sale is recorded and the module is activated by adding a row to the “module info” table. The application checks which modules are installed for a particular client and via the architecture dynamically includes and instantiates the related classes into the PHP name space. Due to the way the related class names are stored in database fields grouped to a top-level module, Zend Guard cannot understand class names expressed in strings that are then evaluated. The top-level protection cannot be applied to this type of application, meaning that any encoding applied to the application must be of a reduced quality/crackability; essentially the same level of encoding that was found in the cracked Zend Encoder. Zend’s advice in this regard is for us to change our code so that the obfuscator will work at the maximal protection level and our type of problem is not in the cards for repair. I recall the suggestion was to wrap a test to a special Zend function in an “is_callable” or “method_exists” call, then actually call that function to encode or get the class name. We were in no position to make a bunch of application changes to support a vendor thats supposed to be transparent and seamless.

The Zend Guard licensing seems to foul up every once in a while too; I don’t use Zend Guard everyday, just when we have a release requiring encoding. Last time I used it, go figure, it bitches that my license is invalid. Another call to Zend was placed and of course their e-mail support is as helpful as a hangnail. I ended up canceling my existing license from the Zend Pickup depot and re-issuing another license for Zend Guard once someone at Zend approved the cancellation of the current license. Zend Technologies doesn’t really seem to care that their license scheme sucks large and I feel that venting via this post is the best vehicle to inform potential Zend users of this fact.

Now the friggin icing on the cake with this is what happens next. You copy the encoded files over to the target web server, configure and run… boom. PHP does not natively support Zend Guard encoded pages. You need to download and install Zend Optimizer. Zend Optimizer latches a library onto PHP that enables the decoding/execution of these scripts. This is so lame it boggles the mind. Zend, the company that contributes and is responsible for the core PHP engine won’t or can’t include this library as part of the standard PHP distribution?? Every time I install the encoded application at a clients’ site I need to jump through hoops of fire to get the permission/authority to proceed with changes to production environments. Sometimes it’s IT departments, other times it’s ISP themselves!! Its not so much a technical difficulty as applying willy-nilly changes to production server core software makes IT managers nervous, and rightly so.

Getting back to the original reason for this post, I’m in bad shape with Eclipse, I just can’t run it in PDT mode; its way too damn slow and I’m in a development mode working on a some nifty database binding tools for some form of “database-on-a-database” type of work allowing users to design and define their own forms to supplement our application’s OEM records.

Zend Studio

When we bought Zend Guard, the bundle included a license for Zend Studio. Having tried a demo, and liked it but been put off by the price, I thought it might be wise to give it another go. With the license cost issue out of the way, I had a great feeling when I launched the installer, I was seconds away from what I knew to be a good IDE!

I opted to not install the Zend Platform and its baggage because having read posts that describe the resulting massacre of your PHP and web server installations. I walk this plank a bit later, but first I’d like to finish with Zend Studio.

Zend Studio is a great IDE. It’s a Java app, its fast, and plows through all the scripts that would normally choke Eclipse. It has great code completion features and the code Outline (Eclipse calls it Outline, I’m away from my dev machine right now so I can’t get the right name) is very smart, walking included files and determining class types on the fly. It has a heap of really helpful tools like built in PHPDocumentor, CVS integration, Code Folding and really great contextual/syntax help to name a few.

Zend Studio has debugging capabilities too, I’ve seen them go and they are as good as (dare I say) Microsoft Visual Studio or .NET/ASP debugging with the ability to step lines of code and see and tweak your variables in state. I want(ed) this.

I don’t blame Zend Studio for what happened next.

I’ve been working on something mildly complex and I was having trouble obtaining the desired output as an object I was working with was getting its reference mangled at some point and I needed to see where. I thought this would be the perfect opportunity to use the debugging features included with Zend Studio. Right there, on the toolbar is an option to debug. I opt to try it and see how far off the installation is as I skipped the Zend Platform install. Yep, it wants to have Zend Platform installed first.

Alright, back to the Zend website for the Zend Platform. Unlike the previous Zend Platform, the latest wants something called Zend Core installed. Back to the website, and download Zend Core.

Zend Core gets installed, then everything goes to hell. My ISAPI PHP installation is now broken, but the web server is still answering PHP calls…. very slowly. Looking in the Task Manager reveals 5 to 10 “php-cgi.exe” processes. Trying to restart the IIS is a waste of time; it stalls and stops responding altogether. Reboots take forever, resulting in a big-red-button shutdown after 20 minutes of waiting.

Very little information exists about what exactly Zend Core does and what one should do to fix it when it goes wrong and I wasn’t really in the mood to start in on a support email conversation that would most likely drag on for weeks.

This is signals the end of my Zend debugging escapades, I don’t have the time or energy to devote in figuring out how Zend wants its fancy “cgi” PHP to be installed and why I should bother. I mean this PHP installation DOES work, but its the slowest thing ever, pages that would render in 0.05 seconds are now well past the 45 second mark which by even the worst standards is unacceptable. I’ve gone back to my PHP 5.2 in ISAPI mode on IIS for development purposes using Zend Studio as my daily-driver IDE and do my debugging using test-points and debug output from our home-brew inline debugger.

Zend, nobody outside your organization understands your product lines. They seem to make perfect sense to you but in my opinion the rest of the world does not really care nor do you try to make us care.

Zend, unify your products already. Get the Zend Optimizer in the PHP core… I mean it is you that wrote the PHP engine right? It’s not like you charge for it! Did someone screw up so bad that you need a separate product to optimize it? Have you deliberately added some inefficiencies that the Optimizer fixes? If so, SHAME and shenanigans on you. Zend Core, and Zend Platform … what’s next? Zend Framework? Uh! Oops! You beat me to it.

Zend, you need to fix the licensing scheme/software/mechanism on Zend Guard. You have to realize that this software is run by developers on development machines that are often changed, reformatted or have their partitions changed. I dread opening Zend Guard for fear that its license is invalid and I’ll have to deal with your support website.

Zend, your website is one of the slowest around. If your intent is to showcase Zend products for speed and efficiency then your website is not doing you any favors. Why do I need to login 2 or 3 times each visit? Have you not figured out how to pass authenticated sessions on between servers? I’d be more than happy to assess, explain and/or fix this for you under a consulting engagement.

Zend, Zend Studio is the best development IDE for PHP out there. If you really care about PHP, you need to cater to your developers. $299 is a bitter pill for many to swallow, don’t be so greedy with the tools that enable the people that keep you around. Microsoft is GIVING away its Express versions of it’s .NET IDE’s and they are quite good; too bad the language and OS aren’t my cup of tea.

I have a hard time being very critical of Zend as they are responsible for PHP and I make a good living as a PHP developer and application architect. Beyond the core Zend Engine and a debuggerless Zend Studio, Zend Technologies has done an excellent job of taking my money and killing my inner child. I’d love to get on-board with all this stuff, but just one thing after another leads to a certain reputation after awhile and it drives me bonkers!

- Paul

Fedora Core 7: Distro Review

My first ever WordPress blog entry… goodbye cherry!

Starting off with a few notes and observations of Fedora Core 7 seems appropriate as it (used to, I moved to WordPress.com) powers this site and some supporting elements for my home network.

Someone looking in might think I’m crazy, but my job and interests keep my stables quite full of computers. My wife and I each have our desktops, as well as one older HP NetServer 2U server as a firewall/ LAMP install and finally a PIII-800 with about 200GB of disk space that serves as my file dumpster and SAMBA NT domain controller.

Eco-concerns being what they are, it makes sense on a few fronts to combine the best of left over parts and build something to replace the HP and the PIII clone.

The target machine is my old desktop: (only the hydro company would reboot it)

• an AMD XP Athlon 3200+,
• 512 MB RAM and
• 140GB of IDE disks on an Adaptec 2400 RAID controller
• 8x DVD Burner
• Nvidia GeForce2 TI 64MB AGP
• Intel E1000 NIC

The obvious challenge in this configuration is an install kernel thats aware of the Adaptec 2400. Trustix 3.1.x supports this and if it was a lesser machine I’d certainly have gone with it; however I found it wasteful to dedicate such hardware to the menial task of packet forwarding. This naturally lead me down the path of an X based distro and my previous experiences with Fedora Core 6 being quite good I opted to try FC version 7.

The ISO was downloaded from ibiblio in record time and committed it to DVD.

The installation was seamless. It detected all the hardware! A Web Server configuration with a GNOME desktop was selected and the install was invoked. The format took a little while, but the disk array had not fully synced; not that it hurts anything, it just slows things down. The installer went about its business and rebooted.

The GUI came up in an optimal 1600×1200 resolution and I logged in as root.

Strangely, eth0 (e1000) would not get an IP address from my current DHCP server. After reviewing the message log, I discovered that the onboard 1394 controller was being aliased as eth0 during boot up. You’d have to own a 1394 device in order to need a 1394 adapter, so I took the coward’s way out and disabled it in the BIOS. Surprise, surprise, eth0 came right up and got an IP.

Once the YUM update manager did its thing and if memory serves me correctly, there were a 104 updates. The server was left to update the software and the installation continued the next day.

Next article we’ll look at FC7’s OpenPBX package and why it should be avoided.

All in all, this is a good distribution.  It hasn’t given me much grief and I’ve been able to accomplish everything I needed it to do.  Nothing new really seems to jump up at you, and everything is where you’d expect it to be found.

Fedora Core 7: OpenPBX

Following the theme of my previous post on Fedora Core 7, I really wanted to touch on my experience with OpenPBX.

Just for a bit of background, we’ve opted out of traditional telephone in favour of a SIP based VoIP, provided by a Montreal area re-seller named BabyTel. I had figured out and configured BabyTel to run under Asterisk 1.2 on my HP NetServ machine where it was happily doing its job answering the phone and taking messages etc… However, with all this swapping and upgrading, the HP NetServ is being retired.

So, looking through the FC7 package manager I see a listing for OpenPBX; I dig a bit deeper. OpenPBX is built on Asterisk and is somewhat different. Here’s what the authors claim make it different.

• OpenPBX.org has built-in STUN support for SIP NAT traversal
• OpenPBX.org uses SpanDSP which means better codecs and full T.38 fax over IP support
• OpenPBX.org uses Sqlite instead of Berkeley DB as its internal database
• OpenPBX.org has a universal jitterbuffer for use with any channel type
• OpenPBX.org uses POSIX timers which means there are no Zaptel timing dependencies
• OpenPBX.org has much faster and more efficient dialplan execution because it uses hashing
• OpenPBX.org evaluates correctness and integrity of configuration data (work in progress)
• OpenPBX.org runs well under a virtual machine such as Xen or VMware

Looking at this list, one assumes that the basics work and the folks at OpenPBX are diligently working on icing and candy. Sounds pretty good right? Prepackaged solution, easy to install, standard Asterisk config? What could go wrong?

So I embarked on the journey; OpenPBX installed via the FC7 Package Manager and then configuration began…

Having working extension.conf, sip.conf and voicemail.conf files, the theory is you should be able to drop these files in and basically start OpenPBX and life should go on. So, I grabbed the files off the old Asterisk server and copied them to /etc/openpbx.org/ on the new rig.

The copy was immediately followed by a service openpbx start.

Lo and behold, OpenPBX did start and did register the SIP channel with BabyTel. So I proceeded with a test call to the local talking clock (613-745-1576); great success! The call was answered and I was told the time.

Next and finally I moved onto voicemail. My callplan has the * key linked with VoiceMailMain; so to access any voicemail that was left, one would simply dial * and follow the prompts.

As soon as I tried the * key from a desktop phone; “click” the call was dropped. Looking through the logs the problem seems obvious; OpenPBX doesn’t ship with sound files.

Right around here is where OpenPBX begins to resemble a jet engine, in that it concurrently sucks and blows. I begin to search of a tarball of sound files for OpenPBX. OpenPBX seems to be a product without a real identity; searching for OpenPBX yields a sparse wiki and something much worse called CallWeaver. It would seem that OpenPBX is now something called CallWeaver. Take your pick, documentation for both packages is just plain terrible.

After searching and following countless 404’s the sound files were eventually fished out of svn://svn.openpbx.org/openpbx-sounds/trunk/sounds/ using svn. These files included a Make that ran each WAV through SOX for formatting presumably. Once complete the files were copied to the sound path specified in OpenPBX’s config files.

So, I try again. Dial voicemail using “*”. Click… hangup.

In the log again, this time its bemoaning the fact that it cannot find a codec to handle the translation of ulaw to g729. Which I suppose is fine as there is no g729 codec installed under OpenPBX. I deal with this by removing all references to g729 from SIP.conf to see if that helps.

Reloaded OpenPBX and tried again… A similar error this time; Unable to find a codec translation path.

mmmmkay. So now its bitching about codec paths that aren’t even configured. I figured a “reload” was enough, so I stopped and started OpenPBX. During the subsequent start-up it complained about the g729 codec. Loader.c: /usr/lib/openpbx.org/modules/codec_g729.so: undefined symbol: ast_log.

Assuming that an Asterisk compatible module would work in OpenPBX was a mistake. Based on the error one can only assume that in the process of “making” OpenPBX the authors did a wholesale “Find and Replace” on certain “asterisk” like words that resulted in breaking binary compatibility all over the place.

With a sour mouthful of OpenPBX tainting my palette, enoughs enough. YUM was called in to remove OpenPBX with extreme prejudice. I visited the Asterisk home page, downloaded the latest version of Asterisk and the supporting files and rolled-my-own build of Asterisk. I copied my configuration and g729 codec over and rigged up an init.d script based on the stock proftpd script.

First try, the talking clock worked.

Second try, the voicemail worked.

Given the 5 minutes of effort it took to download, compile, install and configure it took to get Asterisk going, I feel I’m way ahead of the 2 hours I’ve been tooling around with OpenPBX.

Why I can’t recommend OpenPBX to anyone:

1. Its a package looking for an identity. Not very clear what it is… or who is in charge of it.
2. The name change from OpenPBX to Callweaver further skews this identity.
3. Documentation is piss-poor. You might as well look up Asterisk how-to docs or use voip.info.org .
4. Binary compatibility with Asterisk is broken
5. Doesn’t seem to persist SIP registration between shutdowns. All the devices need to re-register. There may be a setting for this… but Asterisk does this out-of-the-box
6. Uses SQLite… but it doesn’t work nor is there any documentation to help.
7. Installation does not work out-of-the-box. There are a number of obscure downloads and builds required.

What does it have going for it?

1. Its a FC7 package. Maybe the worst one, but its easy to install but easy stops there!

Recommendation? Stay away. Get the real-deal from Asterisk. It works and has a future.

LightScribe Impressions

Having recently replaced my desktop PC with an Intel E6600 based rig, I’m finally getting around to trying out all the new toys. Yes, I have been hiding under a rock, having only ever heard about LightScribe, this is really my first exposure to this feature.

As part of the upgrade kit, I had requested a new DVD burner. The order wasn’t very specific but my contact at Elco system did his best call to fill the order. A Samsung Model SH-S182 was selected.

I opted against the bundled Samsung Nero software and went with my Nero version. Using the Cover Page designer I was able to Copy and Paste some FC7 logos and a screen shot of the Gnome desktop to the layout and “print” to the label side of the LightScribe discs. Yeah, you need special LightScribe discs too.

The process took 17 minutes to complete but the resulting label is really pretty neat. This particular label was somewhat complex which is presumably why it took so long to process.

Label Close-Up

Features like this are great for me… my Sharpies are constantly being stolen or lost leading to my evil stack of unlabeled media. I guess I’m a slave to LightScribe media now!

Its gonna take some getting used to, but I can really see this being useful. Way to go HP!