Subject: [NYCGA Internet] Fwd: Zimbra vs Google Apps - Research Results
From: Todd Grayson
Date: Mon, 10 Oct 2011 00:57:42 -0600
To: Internet Working Group

per team request, submitting to the Internet working group list.

Begin forwarded message:

From: Todd Grayson <>
Date: October 9, 2011 11:15:46 PM MDT
Subject: Zimbra vs Google Apps - Research Results

Earlier today I offered to review messaging / collaboration platforms. I'm remote to the NYC working groups (Denver, co) so I cant make it in to the meetings to discuss this face to face.


ZIMBRA, is a mail calendaring suite that can be run on a dedicated system or hosted by a provider, such as  

I did a test installation over an ubuntu 10.0.4 VM, the install took about 3.5 hours to complete, including the VM OS installation and updating of the required packages. Using an external LDAP repository will add time to that.  Make sure to review the recommended platforms here as well (I would not vary from this to avoid issues).

Zimbra requires a dedicated system, must be installed as root.  You will be hard pressed to be able to run anything else on the zimbra server (per their own documentation).   It is not a lightweight application, its a set of applications.  It installs an configures a "private openldap" instance as well, we can review if extending the schema of this self-installed openldap instance is feasible.  I'm not sure if you even need to extend the LDAP schema, we can talk about that as we review the LDAP requirements that were mentioned previously and re-schedule the discussion.

The considerations with managing/administration of zimbra is one of maintaining the system, having administration available to deal with outage/issues etc.  If trusted systems administrators are available to the team (at least a couple) managing and maintaining should not be to bad after the admin's train themselves up on the  software.  If there are not going to be committed resources available for learning and maintaining this solution, build vs rent becomes a serious consideration. 

Failed e mail infrastructure is difficult to deal with, let alone for an inexperienced admin.  It might very well be that we can solicit zimbra administration skills from the volunteers coming in, but it is a rare skillset. It is more likely to find generic linux/unix admins with SMTP/MTA experience.  Ongoing backup will need to be in place with this type of system as well.  Bottom line, you have to ask yourself:
This will probably be a 5-10 hour a week commitment across admin/helpdesk resources between system and user issues per 1000 active users.

The following document provides an overview of zimbra scaling/capacity planning, it performs well on reasonably small system configuration, but requires fast disk (not internal disk, SAN) if its going to scale to a large capacity (10,000+ users).

The concept of "protection of the data" on a dedicated host should be scrutinized as well. Depending on where the host is it can just become evidence and be seized whole with a warrent; while no one is walking into google apps and seizing a server, because its services are spread out over 1000's of servers.

Also the "security" of the stand alone host will be weaker than the hosted offerings (inherently).  You will have to apply linux hardening to the server to have any shot of preventing a break in (SELINUX Redhat for example, or a really really good security admin to harden the system for you).  Bottom line, nothing is safe online, operate with that in mind at all times. 


Google apps for non-profit organizations
requires that the organization have 501(c)(3) status with the IRS.  I'm not sure if this has taken place or is in progress through the legal working group. If there is a 501(c)(3) that is working with the OWS movement, it probably would be possible to leverage that relationship to get things started quickly.  You also pick up the benefit of the other apps within the suite as well. It provides for up to 3,000 user accounts within the nonprofit organization free, or discounting if the number is greater than that.

I would also review google app's discussion of "secure e-mail services" here.

If the 501(c)(3) is not in place/feasible to leverage from a supporting group,  it might be worth actually soliciting donations to establish this service for the working groups.  IMHO this would be one of the more secure offerings while avoiding the headaches/overhead of "trying to build and maintain" yourselves.


SMTP:     Simple Mail Transfer Protocol
MTA:      Message Transfer Agent
SAN:     Storage Area Network
LDAP:     Lightweight Directory Access Protocol
IMHO:     In my honest opinion

I'm available weekdays up until about noon eastern to discuss further / demo the installed zimbra instance.

PS greetings from OWS Denver!