Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: jmersh on October 12, 2012, 12:42:47 AM
-
SME Server looks great but I have a question what are the limitations of it? Meaning why only small to medium businesses are recommended for usage?
-
Everything by design has limits, doesn't mean you can't load SME up with more and more users and I/O loads, also doesn't mean it will be able to service its tasks effectively at those load. Memory limits, drive limits, processor, network hardware all combine to create limits.
-
well i understand that there are limits based on hardware but why would raw centos be ok but sme server not ok for large installations? was there something changed within the code to create this limit?
-
please, define "limits"
I know people running SME with hundreds of active users..
-
Features I've seen requested over the years that i do not feel are well supported in SME Server:
- "high availability" mode with auto-failover
- Multiple (load balanced, redundant, or route-based) WAN connections
- Multiple WAN IPs
- Multiple LAN connections - either for DMZ or Guests
- Multiple LAN IPs
- ISP-like support for multiple domains (all user accounts result in email addresses "@..." all domains)
- Real-time status screen for monitoring LAN and WAN traffic
- Bulk user-management tools that scale to hundreds or thousands of frequently-changing users *
- CalDAV support **
- Push / mobile email support **
- Multi-site support (one user database shared between multiple sites, possibly including local storage of each user's IMAP and profile data at his/her local site).
* http://wiki.contribs.org/Lazy_Admin_Tools may help
** http://wiki.contribs.org/Sogo may help
SME is built from the ground up by a very security conscious group of developers. I've used SME since before v6.0.1 (2004 or earlier); by installing the available updates in a timely manner I have had no security issues due to core SME Server components in that time.
As you say, since SME is based on Centos, you may find programs that can be installed on SME to address any frustrations you encounter. However, each non-core component you install adds a potential attack vector or stability weakness that is not being monitored by the SME devels -- which adds to your work load as the system administrator.
On a customized SME Server, you need to: and
- Install core SME updates as they become available
- Monitor all installed non-SME custom packages for available updates, and install them as and when appropriate
- Deal with potential conflicts between SME updates and custom add-on updates
Additionally, if your customizations include changes to *any* linux configuration file (either directly or through the use of SME custom template fragments), you need to:
- Understand Linux security well enough to understand the implications of any customizations you make to any of the linux configuration files on your server
- Be well enough informed on Linux to know when a vulnerability exposed in any component (SME Core or otherwise) on your server requires changes to any of your customized configuration settings.
(...which is no more than you have to do with a straight Centos server)
-
- "high availability" mode with auto-failover
I agree
- Multiple (load balanced, redundant, or route-based) WAN connections
- Multiple WAN IPs
- Multiple LAN connections - either for DMZ or Guests
- Multiple LAN IPs
IMHO, SME is not aimed to work as a fully/granular firewall.. if you need such features, you should use different tools (pfsense, m0n0wall, endian, ecc)
- ISP-like support for multiple domains (all user accounts result in email addresses "@..." all domains)
I don't think so.. we are talinkg about something for small and medium enterprises, so, basically, a firm.. and, in any case, I can't really see the problem to use different usernames
- Real-time status screen for monitoring LAN and WAN traffic
see above.. and, you should know, there are contribs to monitor server's activity
- Bulk user-management tools that scale to hundreds or thousands of frequently-changing users *
hundreds or thousands frequently-changing users -> schools, I guess..
- CalDAV support **
- Push / mobile email support **
I agree, IMHO SOGo should replace horde framework and become the default groupware application
- Multi-site support (one user database shared between multiple sites, possibly including local storage of each user's IMAP and profile data at his/her local site).
why?
-
I was just trying to list the things I've seen requested in the forums that SME doesn't do "out of the box", in hopes of answering the original poster's question.
Multi-site support:
I first started using SME at a govt contractor's office that had 8 offices nationwide, mostly connected to the 'net over dialup... we used subdomains, but it was useful to have each office's email on a local server, rather than at HQ.
...and of course, the obvious answer: because Windows Server & Exchange can do it ;-)
-
changing subject to make it easier for search
-
SME is otherwise known of, in business or governmental
circles, as an abbreviation of 'Small to Medium Enterprises'.
-
that's a shame that there were implementations implemented to limit the use of the server.
if i understand this correctly if I have multiple domains I cannot use SME Server?
-
that's a shame that there were implementations implemented to limit the use of the server.
if i understand this correctly if I have multiple domains I cannot use SME Server?
SME can and will host multiple domains, and much more...
Please read the manual.
-
jmersh
that's a shame that there were implementations implemented to limit the use of the server.
That's unlikely to be a correct statement, as most probably any design limitations were not deliberately implemented but are a result of the simplification & ease of use design concept.
Many functional aspects make it easier to use SME server, compared to other similar systems built only on the underlying operating system, CentOS 5.8
Any limitations in sme server will usually be the same as those of the underlying OS.
The design of the sme system means that some "add on" higher level requirements beyond those of a simple server can be difficult to implement, not impossible, just difficult eg sharing & updating user & account & system configuration databases between sme servers, as that (user etc) information is contained in multiple database files, and so on.
The development of LDAP in sme8.0 is addressing some of those issues.
I think this thread would be a more productive discussion for you, if you specify what you want the sme server to do, and ask if that is achievable, rather than jump to incorrect conclusions based on lists of perceived limitations that end users believe exists.
if i understand this correctly if I have multiple domains I cannot use SME Server?
It is a shame that you now have received a false impression that sme server cannot handle multiple domains.
In fact in can handle many domains.
The comment was related to ISP like handling of domains, where the same user set can apply to all domains but be unique.
SME server has only one "user set" so cannot support multiple occurrences of users.
By using Pseudonyms that point a specific username@domain to a user, you can workaround this "limitation".
Please read the manual & informative wiki articles, all linked at the top of this Forum.
-
that's a shame that there were implementations implemented to limit the use of the server.
... I would add to mary's comment about ease-of-use that effective network security also implies restricted functionality. Just ask Microsoft what happens when you let any person/computer/application do whatever it wants to do (hint: think viruses, spambots, 12 years and counting of emergency software patches, etc).
If you have the knowledge, skill set, and time to safely configure and manage a CentOS, Ubuntu, RedHat or other linux server, then perhaps SME server is not the right choice for your situation (or, if you don't understand the intricacies of server administration, or if you understand them and want to learn how to deal with security intrusions on your servers, or if you are convinced "it just won't happen to me"...)
If you are exploring Linux, or only manage 4 - 5 linux systems and don't consider yourself an expert in linux server administration, then SME server is a very useful tool that allows you to setup a server that you can rely on to be simple and secure, and comes with a (mostly :-) ) friendly user community.
Finally, from a purely philosophical perspective, every choice or decision effectively restricts your future options (just ask you wife...). So: The SME devs made a collection of choices designed to produce a server that is both secure and simple to administer. If you choose to build a linux server from scratch using a different distro, by the time you are done you will have made many choices that will effectively restrict your future options.
if i understand this correctly if I have multiple domains I cannot use SME Server?
From the FAQ:
http://wiki.contribs.org/SME_Server:Documentation:FAQ#Multiple_users_with_the_same_name_on_different_domains
I do it a bit differently, by establishing a standard abbreviation for each domain, creating user accounts that include the domain abbreviation, then using the domain abbreviation for all users, even those that do not occur in multiple domains:
dom1-joe
dom2-joe
dom2-ozymandias
dom3-joe
etc.
-
that's a shame that there were implementations implemented to limit the use of the server.
before talking about "shame", tell us what are you referring to, thank you