Can Carbonio work without WAN access?

One of the current requirements for mail servers and collaboration platforms is the ability to work without access to the Internet. This requirement is due to several factors. An isolated system of corporate communications allows you to increase the confidentiality of communication between employees of the enterprise, as well as protect against external cyber attacks. That is why companies with high security requirements often use mail servers isolated from the external Internet. Today we will talk about how Carbonio works without Internet access.

Recall that for the normal operation of Carbonio and Carbonio CE, a server that meets the system requirements, FQDN, as well as correctly configured A and MX records in DNS is required. Accordingly, when working in an isolated network, you will need to configure your own DNS server. We talked about how to properly configure such a network in the article on creating a configuration for testing Carbonio CE. In the case of a real local network, the process of setting up a DNS server will not be different. Once the DNS server is properly configured, Carbonio will be able to function properly even on an isolated local network.

Creating Your Own Carbonio Repository Mirror

Since all the necessary packages are installed from the repositories, installing Carbonio and Carbonio CE without access to the Internet requires a repository mirror on the local network. In the near future, Zextras will create its own repository based on Yandex.Cloud. It will regularly contain all the latest updates for Carbonio and Carbonio CE. Also, this repository will ensure the maximum speed of their download and will be guaranteed to be available.

To create your own repository, you will need a dedicated server connected to the global network with at least 50 gigabytes of free space on it. To create a mirror, Ubuntu 20.04 and the apt-mirror application will be used. You can install it from the standard Ubuntu repository using the command sudo apt-get install apt-mirror.

After that, add the repositories to Ubuntu, according to the instructions received from the official representative of Zextras, or in the letter, after filling out the form on the Zextras website.

echo ‘deb https://***********/rc/ubuntu focal main’ >>/etc/apt/sources.list.d/zextras.list

apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys *************

After executing these commands, move on to configuring apt-mirror. To do this, open the configuration file sudo nano /etc/apt/mirror.list and bring it to the following form:

In addition to Carbonio, you can also add the official Ubuntu repository to the list of mirroring repositories so that you can install various software and updates from it as they become available. In case you decide to mirror more than just the Carbonio repository, you may need additional hard drive space on the dedicated server. Keep this in mind when creating it.

After /etc/apt/mirror.list has been edited and saved, run the command sudo apt-mirror in order to copy the contents of the repositories to the server disk.

The contents of the local repositories after the completion of the copy can be found in the folder /var/spool/apt-mirror/mirror.

Setting up an NGINX server

Let’s set up an NGINX server to publish a local repository. To do this, install the appropriate package sudo apt-get install nginxand after the installation is complete, configure the server by opening the file sudo nano /etc/nginx/sites-enabled/default

Let’s add the following lines to it:

root /var/spool/apt-mirror/mirror/**********/rc/ubuntu;

location / {

try_files $uri $uri/ =404

autoindex on;

}

Restart nginx sudo service nginx restart and check the health of the repository using a browser.

Setting up a repository on the Carbonio server

In order for the local Carbonio server to install and receive updates from the local repository, add the address of your local mirror to it:

sudo su

echo ‘deb http://repo.example.ru focal main’ >>/etc/apt/sources.list.d/zextras.list

apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys *************

apt-get update

apt-get upgrade

Where ************* is the key that comes to you in an email after you fill out a form on the Zextras website.

Installing Carbonio and updating the repository

After the local repository is added to the system, you can install Carbonio or Carbonio CE through the standard package manager using the commands sudo apt-get install carbonio And sudo apt-get install carbonio-ce.

To update the repository mirror, you need to connect the server to the Internet and run the command sudo apt-mirror. The program will independently determine which packages in the repository have been updated and download only them. After updating the packages in the repository, you can update Carbonio with the command sudo apt-get upgradeexecuted on the Carbonio server.

Functionality

Isolated from the external Internet, the Carbonio mail server allows employees to securely exchange emails, documents and schedule various meetings with each other without fear of phishing emails, spam, ransomware, “watering hole attacks” and other cyber attacks.

In an isolated network, almost all Carbonio functions work, including:

  • Create new contacts and appointments

  • Sending emails to users on the same server

  • Role-Based Sharing of Mail Folders, Calendars, and Address Books

  • Delegation of sending emails

  • IMAP, POP3, CalDAV, CardDAV

  • Two-factor authentication

  • SAML support provided the IdP is also on the local network

  • Group text and video chats

  • Text and video chats in 1:1 format

  • Channels, meeting rooms and conference rooms for structured corporate communication

  • Videoconferencing

  • Collaborative editing of documents, spreadsheets and presentations

  • Personal File Storage

  • Sharing files with users on the same server based on roles

  • Real time backup

  • Backup to local network storage

  • Backup to local object storage

  • Synchronization of mobile devices and mail clients located in the local network using the EAS protocol

  • Mobile password

  • MDM

  • ABQ

  • Application passwords

  • Create Delegated Administrators

  • Hierarchical storage management using local storage

  • Compression and deduplication

  • Indexing and Previewing Attachments

Also, in an isolated network, but subject to the availability of a commercial SSL certificate, the following work correctly:

  • Login to mobile applications with login and password

  • Login to Zextras mobile applications by QR code

  • Autodiscover service

  • Address Book Service for Outlook

The following functions do not work in an isolated network environment:

  • Sending emails and meeting invitations to external users

  • Video conferencing with external users

  • Sharing files with external users

  • Sharing Calendars with External Users

  • Off-site backup to cloud object storage

  • Off-site backup to network storage outside the local network

  • Synchronization of mobile devices via EAS outside the local network

  • Login to mobile applications by login and password from devices outside the local network

  • Login to Zextras mobile applications by QR code from devices outside the local network

  • Hierarchical storage management using cloud object storage

  • SAML support provided the IdP is outside the local network

Thus, most of the functions necessary for the normal operation of the mail server remain operational even if the Carbonio server is located in a local network isolated from the external Internet. And by allowing users to create private mirrors of repositories, Carbonio can continue to receive updates.

For all questions related to Zextras Suite and the commercial version of Carbonio, you can contact Zextras Representative Ekaterina Triandafilidi by email ekaterina.triandafilidi@zextras.com.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *