Subject: [NYCGA Internet] Re: Fwd: Zimbra vs Google Apps - Research Results
From: Jakedeg
Date: Mon, 10 Oct 2011 00:22:24 -0700 (PDT)
To: internet working group


Thank you! This breakdown (in addition to our phone call today) is
very helpful. As we discussed. I think that at this point, GAFYD for
Non-Profits sounds like the way to go. Now we just need to find out if
we can make it happen. I am going to be at the coordination meeting
tomorrow morning, so I will try to connect with legal if someone from
legal is there. Hopefully they have the right answers and can get me
all the info we need to submit the application to Google and make it

Is there anyone here on the ground that can help facilitate this? As-
in talking to legal (or following up if I see them in the morning),
filing the application with Google, seeing it all through? We could
definitely use someone who could focus on this while we finish trying
to build the website.


On Oct 10, 2:57 am, Todd Grayson <> wrote:
per team request, submitting to the Internet working group list.

Begin forwarded message:

From: Todd Grayson <>
Date: October 9, 2011 11:15:46 PM MDT
Subject: Zimbra vs Google Apps - Research Results

Earlier today I offered to review messaging / collaboration platforms. I'm remote to the NYC working groups (Denver, co) so I cant make it in to the meetings to discuss this face to face.


ZIMBRA, is a mail calendaring suite that can be run on a dedicated system or hosted by a provider, such as  

I did a test installation over an ubuntu 10.0.4 VM, the install took about 3.5 hours to complete, including the VM OS installation and updating of the required packages. Using an external LDAP repository will add time to that.  Make sure to review the recommended platforms here as well (I would not vary from this to avoid issues).

Zimbra requires a dedicated system, must be installed as root.  You will be hard pressed to be able to run anything else on the zimbra server (per their own documentation).   It is not a lightweight application, its a set of applications.  It installs an configures a "private openldap" instance as well, we can review if extending the schema of this self-installed openldap instance is feasible.  I'm not sure if you even need to extend the LDAP schema, we can talk about that as we review the LDAP requirements that were mentioned previously and re-schedule the discussion.

The considerations with managing/administration of zimbra is one of maintaining the system, having administration available to deal with outage/issues etc.  If trusted systems administrators are available to the team (at least a couple) managing and maintaining should not be to bad after the admin's train themselves up on the  software.  If there are not going to be committed resources available for learning and maintaining this solution, build vs rent becomes a serious consideration.  

Failed e mail infrastructure is difficult to deal with, let alone for an inexperienced admin.  It might very well be that we can solicit zimbra administration skills from the volunteers coming in, but it is a rare skillset. It is more likely to find generic linux/unix admins with SMTP/MTA experience.  Ongoing backup will need to be in place with this type of system as well.  Bottom line, you have to ask yourself:
who is going to be managing/maintaining these services,
do they have time to dedicate to learning and adminstrating
are they going to be able to remain an available resource for the life of the movement, or at least be kind enough to make sure they thoroughly transition the role before leaving.
This will probably be a 5-10 hour a week commitment across admin/helpdesk resources between system and user issues per 1000 active users.

The following document provides an overview of zimbra scaling/capacity planning, it performs well on reasonably small system configuration, but requires fast disk (not internal disk, SAN) if its going to scale to a large capacity (10,000+ users).

The concept of "protection of the data" on a dedicated host should be scrutinized as well. Depending on where the host is it can just become evidence and be seized whole with a warrent; while no one is walking into google apps and seizing a server, because its services are spread out over 1000's of servers.

Also the "security" of the stand alone host will be weaker than the hosted offerings (inherently).  You will have to apply linux hardening to the server to have any shot of preventing a break in (SELINUX Redhat for example, or a really really good security admin to harden the system for you).  Bottom line, nothing is safe online, operate with that in mind at all times.  


Google apps for non-profit organizations requires that the organization have 501(c)(3) status with the IRS.  I'm not sure if this has taken place or is in progress through the legal working group. If there is a 501(c)(3) that is working with the OWS movement, it probably would be possible to leverage that relationship to get things started quickly.  You also pick up the benefit of the other apps within the suite as well. It provides for up to 3,000 user accounts within the nonprofit organization free, or discounting if the number is greater than that.

I would also review google app's discussion of "secure e-mail services" here.

If the 501(c)(3) is not in place/feasible to leverage from a supporting group,  it might be worth actually soliciting donations to establish this service for the working groups.  IMHO this would be one of the more secure offerings while avoiding the headaches/overhead of "trying to build and maintain" yourselves.


SMTP:     Simple Mail Transfer Protocol
MTA:      Message Transfer Agent
SAN:     Storage Area Network
LDAP:     Lightweight Directory Access Protocol
IMHO:     In my honest opinion

I'm available weekdays up until about noon eastern to discuss further / demo the installed zimbra instance.

PS greetings from OWS Denver!