[pmg-docs.git] / pmg-planning-deployment.adoc

[[chapter_deployment]]
Planning for Deployment
=======================

Easy integration into existing e-mail server architecture
---------------------------------------------------------

In this sample configuration, your e-mail traffic (SMTP) arrives on
the firewall and will be directly forwarded to your e-mail server.

image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[]

By using the {pmg}, all your e-mail traffic is forwarded to the
Proxmox Mail Gateway, which filters the whole e-mail traffic and
removes unwanted e-mails. You can manage incoming and outgoing mail
traffic.

image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[]


Filtering outgoing e-mails
--------------------------

Many e-mail filter solutions do not scan outgoing mails. Opposed to
that {pmg} is designed to scan both incoming and outgoing
e-mails. This has two major advantages:

. {pmg} is able to detect viruses sent from an internal host. In many
countries you are liable for sending viruses to other
people. The {pmg} outgoing e-mail scanning feature is an additional
protection to avoid that.

. {pmg} can gather statistics about outgoing e-mails too. Statistics
about incoming e-mails looks nice, but they are quite
useless. Consider two users, user-1 receives 10 e-mails from news
portals and wrote 1 e-mail to a person you never heard from. While
user-2 receives 5 e-mails from a customer and sent 5 e-mails
back. Which user do you consider more active? I am sure it's user-2,
because he communicates with your customers. {pmg} advanced address
statistics can show you this important information. A solution which
does not scan outgoing e-mail cannot do that.

To enable outgoing e-mail filtering you just need to send all outgoing
e-mails through your {png} (usually by specifying Proxmox as
"smarthost" on your e-mail server.

[[firewall_settings]]
Firewall settings
-----------------

In order to pass e-mail traffic to the {pmg} you need to allow traffic
on the SMTP the port. Our servers use the Network Time Protocol (NTP)
for time synchronization, RAZOR, DNS, SSH, HTTP and port 8006 for the web
based management interface.

[options="header"]
|======
|Service |Port    |Protocol |From       |To
|SMTP    |25      |TCP      |Proxmox    |Internet
|SMTP    |25      |TCP      |Internet   |Proxmox
|SMTP    |26      |TCP      |Mailserver |Proxmox
|NTP     |123     |TCP/UDP  |Proxmox    |Internet
|RAZOR   |2703    |TCP      |Proxmox    |Internet
|DNS     |53      |TCP/UDP  |Proxmox    |DNS Server
|HTTP    |80      |TCP      |Proxmox    |Internet
|GUI/API |8006    |TCP      |Intranet   |Proxmox
|======

CAUTION: It is advisable to restrict access to the GUI/API port as far
as possible.

The outgoing HTTP connection is mainly used by virus pattern updates,
and can be configured to use a proxy instead of a direct internet
connection.

You can use the 'nmap' utility to test your firewall settings (see
section xref:nmap[port scans]).


[[system_requirements]]
System Requirements
-------------------

The {pmg} can run on dedicated server hardware or inside a virtual machine on
any of the following plattforms:

* Proxmox VE (KVM)

* VMWare vSphere&trade; (open-vm tools are integrated in the ISO)

* Hyper-V&trade; (Hyper-V Linux integration tools are integrated in the ISO)

* KVM (virtio drivers are integrated, great performance)

* Virtual box&trade;

* Citrix Hypervisor&trade; (former XenServer&trade;)

* LXC container

* and others supporting Debian Linux as guest OS

Please see http://www.proxmox.com for details.

In order to get a benchmark from your hardware, just run 'pmgperf'
after installation.


Minimum System Requirements
~~~~~~~~~~~~~~~~~~~~~~~~~~~

* CPU: 64bit (Intel EMT64 or AMD64)

* 2 GB RAM

* bootable CD-ROM-drive or USB boot support

* Monitor with a resolution of 1024x768 for the installation

* Hard disk with at least 8 GB of disk space

* Ethernet network interface card


Recommended System Requirements
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Multicore CPU: 64bit (Intel EMT64 or AMD64), +
  for use as virtual machine activate Intel VT/AMD-V CPU flag

* 4 GB RAM

* bootable CD-ROM-drive or USB boot support

* Monitor with a resolution of 1024x768 for the installation

* 1 Gbps Ethernet network interface card

* Storage: at least 8 GB free disk space, best setup with redundancy,
  use hardware RAID controller with battery backed write cache (``BBU'') or
  ZFS. ZFS is not compatible with a hardware RAID controller. For best
  performance use Enterprise class SSD with power loss protection.
Commit	Line	Data
b2d388d4	1	[[chapter_deployment]]
5c735ebd DM	2	Planning for Deployment
	3	=======================
	4
	5	Easy integration into existing e-mail server architecture
	6	---------------------------------------------------------
	7
	8	In this sample configuration, your e-mail traffic (SMTP) arrives on
	9	the firewall and will be directly forwarded to your e-mail server.
	10
95f2ea5b	11	image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[]
5c735ebd DM	12
	13	By using the {pmg}, all your e-mail traffic is forwarded to the
	14	Proxmox Mail Gateway, which filters the whole e-mail traffic and
	15	removes unwanted e-mails. You can manage incoming and outgoing mail
	16	traffic.
	17
95f2ea5b	18	image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[]
5c735ebd DM	19
	20
	21	Filtering outgoing e-mails
	22	--------------------------
	23
	24	Many e-mail filter solutions do not scan outgoing mails. Opposed to
	25	that {pmg} is designed to scan both incoming and outgoing
	26	e-mails. This has two major advantages:
	27
	28	. {pmg} is able to detect viruses sent from an internal host. In many
7748e808	29	countries you are liable for sending viruses to other
f6c7468d	30	people. The {pmg} outgoing e-mail scanning feature is an additional
5c735ebd DM	31	protection to avoid that.
	32
	33	. {pmg} can gather statistics about outgoing e-mails too. Statistics
	34	about incoming e-mails looks nice, but they are quite
	35	useless. Consider two users, user-1 receives 10 e-mails from news
	36	portals and wrote 1 e-mail to a person you never heard from. While
	37	user-2 receives 5 e-mails from a customer and sent 5 e-mails
f6c7468d	38	back. Which user do you consider more active? I am sure it's user-2,
5c735ebd	39	because he communicates with your customers. {pmg} advanced address
f6c7468d	40	statistics can show you this important information. A solution which
5c735ebd DM	41	does not scan outgoing e-mail cannot do that.
	42
	43	To enable outgoing e-mail filtering you just need to send all outgoing
	44	e-mails through your {png} (usually by specifying Proxmox as
303ee757	45	"smarthost" on your e-mail server.
5c735ebd	46
90facef4	47	[[firewall_settings]]
5c735ebd DM	48	Firewall settings
	49	-----------------
	50
	51	In order to pass e-mail traffic to the {pmg} you need to allow traffic
	52	on the SMTP the port. Our servers use the Network Time Protocol (NTP)
	53	for time synchronization, RAZOR, DNS, SSH, HTTP and port 8006 for the web
	54	based management interface.
	55
	56	[options="header"]
	57	\|======
	58	\|Service \|Port \|Protocol \|From \|To
	59	\|SMTP \|25 \|TCP \|Proxmox \|Internet
	60	\|SMTP \|25 \|TCP \|Internet \|Proxmox
	61	\|SMTP \|26 \|TCP \|Mailserver \|Proxmox
	62	\|NTP \|123 \|TCP/UDP \|Proxmox \|Internet
	63	\|RAZOR \|2703 \|TCP \|Proxmox \|Internet
	64	\|DNS \|53 \|TCP/UDP \|Proxmox \|DNS Server
	65	\|HTTP \|80 \|TCP \|Proxmox \|Internet
	66	\|GUI/API \|8006 \|TCP \|Intranet \|Proxmox
	67	\|======
	68
	69	CAUTION: It is advisable to restrict access to the GUI/API port as far
	70	as possible.
	71
	72	The outgoing HTTP connection is mainly used by virus pattern updates,
	73	and can be configured to use a proxy instead of a direct internet
	74	connection.
	75
	76	You can use the 'nmap' utility to test your firewall settings (see
	77	section xref:nmap[port scans]).
	78
	79
	80	[[system_requirements]]
	81	System Requirements
	82	-------------------
	83
95d4fc6c AA	84	The {pmg} can run on dedicated server hardware or inside a virtual machine on
95d4fc6c AA	85	any of the following plattforms:
5c735ebd DM	86
	87	* Proxmox VE (KVM)
	88
	89	* VMWare vSphere™ (open-vm tools are integrated in the ISO)
	90
	91	* Hyper-V™ (Hyper-V Linux integration tools are integrated in the ISO)
	92
	93	* KVM (virtio drivers are integrated, great performance)
	94
	95	* Virtual box™
	96
95d4fc6c AA	97	* Citrix Hypervisor™ (former XenServer™)
	98
	99	* LXC container
	100
	101	* and others supporting Debian Linux as guest OS
5c735ebd DM	102
	103	Please see http://www.proxmox.com for details.
	104
	105	In order to get a benchmark from your hardware, just run 'pmgperf'
	106	after installation.
	107
	108
	109	Minimum System Requirements
	110	~~~~~~~~~~~~~~~~~~~~~~~~~~~
	111
	112	* CPU: 64bit (Intel EMT64 or AMD64)
	113
0527a7a5	114	* 2 GB RAM
5c735ebd DM	115
	116	* bootable CD-ROM-drive or USB boot support
	117
95d4fc6c	118	* Monitor with a resolution of 1024x768 for the installation
5c735ebd	119
95d4fc6c	120	* Hard disk with at least 8 GB of disk space
5c735ebd	121
95d4fc6c	122	* Ethernet network interface card
5c735ebd DM	123
	124
	125	Recommended System Requirements
	126	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	127
95d4fc6c AA	128	* Multicore CPU: 64bit (Intel EMT64 or AMD64), +
95d4fc6c AA	129	for use as virtual machine activate Intel VT/AMD-V CPU flag
5c735ebd DM	130
	131	* 4 GB RAM
	132
	133	* bootable CD-ROM-drive or USB boot support
	134
95d4fc6c	135	* Monitor with a resolution of 1024x768 for the installation
5c735ebd	136
95d4fc6c	137	* 1 Gbps Ethernet network interface card
5c735ebd	138
937c6a22	139	* Storage: at least 8 GB free disk space, best setup with redundancy,
95d4fc6c AA	140	use hardware RAID controller with battery backed write cache (``BBU'') or
	141	ZFS. ZFS is not compatible with a hardware RAID controller. For best
	142	performance use Enterprise class SSD with power loss protection.