pmg-planning-deployment.adoc

   1 [[chapter_deployment]]
   2 Planning for Deployment
   3 =======================
   4
   5 Easy integration into existing e-mail server architecture
   6 ---------------------------------------------------------
   7
   8 In this sample configuration, your e-mail traffic (SMTP) arrives on
   9 the firewall and will be directly forwarded to your e-mail server.
  10
  11 image::images/2018_IT_infrastructure_without_Proxmox_Mail_Gateway_final_1024.png[]
  12
  13 By using the {pmg}, all your e-mail traffic is forwarded to the
  14 Proxmox Mail Gateway, which filters the whole e-mail traffic and
  15 removes unwanted e-mails. You can manage incoming and outgoing mail
  16 traffic.
  17
  18 image::images/2018_IT_infrastructure_with_Proxmox_Mail_Gateway_final_1024.png[]
  19
  20
  21 Filtering outgoing e-mails
  22 --------------------------
  23
  24 Many e-mail filter solutions do not scan outgoing mails. Opposed to
  25 that {pmg} is designed to scan both incoming and outgoing
  26 e-mails. This has two major advantages:
  27
  28 . {pmg} is able to detect viruses sent from an internal host. In many
  29 countries you are liable for sending viruses to other
  30 people. The {pmg} outgoing e-mail scanning feature is an additional
  31 protection to avoid that.
  32
  33 . {pmg} can gather statistics about outgoing e-mails too. Statistics
  34 about incoming e-mails looks nice, but they are quite
  35 useless. Consider two users, user-1 receives 10 e-mails from news
  36 portals and wrote 1 e-mail to a person you never heard from. While
  37 user-2 receives 5 e-mails from a customer and sent 5 e-mails
  38 back. Which user do you consider more active? I am sure it's user-2,
  39 because he communicates with your customers. {pmg} advanced address
  40 statistics can show you this important information. A solution which
  41 does not scan outgoing e-mail cannot do that.
  42
  43 To enable outgoing e-mail filtering you just need to send all outgoing
  44 e-mails through your {png} (usually by specifying Proxmox as
  45 "smarthost" on your e-mail server.
  46
  47 [[firewall_settings]]
  48 Firewall settings
  49 -----------------
  50
  51 In order to pass e-mail traffic to the {pmg} you need to allow traffic
  52 on the SMTP the port. Our servers use the Network Time Protocol (NTP)
  53 for time synchronization, RAZOR, DNS, SSH, HTTP and port 8006 for the web
  54 based management interface.
  55
  56 [options="header"]
  57 |======
  58 |Service |Port    |Protocol |From       |To
  59 |SMTP    |25      |TCP      |Proxmox    |Internet
  60 |SMTP    |25      |TCP      |Internet   |Proxmox
  61 |SMTP    |26      |TCP      |Mailserver |Proxmox
  62 |NTP     |123     |TCP/UDP  |Proxmox    |Internet
  63 |RAZOR   |2703    |TCP      |Proxmox    |Internet
  64 |DNS     |53      |TCP/UDP  |Proxmox    |DNS Server
  65 |HTTP    |80      |TCP      |Proxmox    |Internet
  66 |GUI/API |8006    |TCP      |Intranet   |Proxmox
  67 |======
  68
  69 CAUTION: It is advisable to restrict access to the GUI/API port as far
  70 as possible.
  71
  72 The outgoing HTTP connection is mainly used by virus pattern updates,
  73 and can be configured to use a proxy instead of a direct internet
  74 connection.
  75
  76 You can use the 'nmap' utility to test your firewall settings (see
  77 section xref:nmap[port scans]).
  78
  79
  80 [[system_requirements]]
  81 System Requirements
  82 -------------------
  83
  84 The {pmg} can run on dedicated server hardware or inside a virtual machine on
  85 any of the following plattforms:
  86
  87 * Proxmox VE (KVM)
  88
  89 * VMWare vSphere&trade; (open-vm tools are integrated in the ISO)
  90
  91 * Hyper-V&trade; (Hyper-V Linux integration tools are integrated in the ISO)
  92
  93 * KVM (virtio drivers are integrated, great performance)
  94
  95 * Virtual box&trade;
  96
  97 * Citrix Hypervisor&trade; (former XenServer&trade;)
  98
  99 * LXC container
 100
 101 * and others supporting Debian Linux as guest OS
 102
 103 Please see http://www.proxmox.com for details.
 104
 105 In order to get a benchmark from your hardware, just run 'pmgperf'
 106 after installation.
 107
 108
 109 Minimum System Requirements
 110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 111
 112 * CPU: 64bit (Intel EMT64 or AMD64)
 113
 114 * 2 GB RAM
 115
 116 * bootable CD-ROM-drive or USB boot support
 117
 118 * Monitor with a resolution of 1024x768 for the installation
 119
 120 * Hard disk with at least 8 GB of disk space
 121
 122 * Ethernet network interface card
 123
 124
 125 Recommended System Requirements
 126 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 127
 128 * Multicore CPU: 64bit (Intel EMT64 or AMD64), +
 129   for use as virtual machine activate Intel VT/AMD-V CPU flag
 130
 131 * 4 GB RAM
 132
 133 * bootable CD-ROM-drive or USB boot support
 134
 135 * Monitor with a resolution of 1024x768 for the installation
 136
 137 * 1 Gbps Ethernet network interface card
 138
 139 * Storage: at least 8 GB free disk space, best setup with redundancy,
 140   use hardware RAID controller with battery backed write cache (``BBU'') or
 141   ZFS. ZFS is not compatible with a hardware RAID controller. For best
 142   performance use Enterprise class SSD with power loss protection.