The Mailman

According to figures released by Open-Xchange (OX) [1], they are the leading international technology supplier for hosted groupware, with more than 24 million users. Customers of Internet provider 1&1, for example, will be familiar with the software under the name of 1&1 Webmail and 1&1 MailXchange. On top of the 2.5 million 1&1 customers, another 1.4 million users with Host Europe, and 40,000 root and vServers at Intergenia AG were recently added. The company is intensifying its international business, and it acquired new customers in North America and Great Britain at the beginning of this year.

These major customers still don't account for the 24 million users that the Open-Xchange managers claim, but widespread use does make the value of the SaaS variant of the product within the company very clear.

Instead of relying on the servers, users can install Open-Xchange themselves, either adding commercial support or running the free community version. In this article, I will focus on deploying and integrating the server/community edition and will look at communication with Outlook. Other articles have looked at the user side of the story, and the excellent user manuals [2] provide additional explanation. In line with this, I will only be looking at the GUI side of the story where it relates to new features in OX 6.20.

Product Family

When choosing a product, administrators can select from three variants. Besides the hosting version, which is mainly intended for providers, you can choose the server or advanced server versions. The community version [3] is similar to the server version and has no restrictions with respect to functional scope, but it does not offer any support. Additionally, all of the interesting interfaces and clients are available only in the commercial product. If you need support, or if you want to avoid the fairly complex process of integrating the OX framework with your own infrastructure, you will probably want to opt for the Advanced Server Edition (ASE).

For an administrator in a small to medium-sized business, the server and community versions are strategically the most interesting variants – if you ignore the question of cost. Installing and configuring the community version has a reputation of being complex and time-consuming; with earlier versions, you actually needed to build from source code. Today, deploying the community version is no longer a major problem, thanks to packages for all major distributions and the installer script and documentation.

One thing that still causes some installation overhead is the integration of Open-Xchange with your own infrastructure. This shouldn't be regarded as a disadvantage, however, because it adds an intentional measure of flexibility, giving the administrator a free choice when it comes to configuring the web server, database, directory service, and mail system. For example, Open-Xchange will cooperate with just about any standards-compliant SMTP server (e.g., Postfix, Exim, Qmail, Sendmail) or SMTP servers provided by external sources (e.g., 1&1, Yahoo, Gmail). The IMAP servers supported by Open-Xchange are Cyrus, Courier, and Dovecot. Besides database-based authentication, user authentication can also use plugins for IMAP, PAM, and LDAP. This means that Open-Xchange will integrate perfectly with an existing environment.

Open-Xchange 6.20

Most changes in version 6.20 relate to the user interface. One of the most interesting changes from an administrator's point of view is that Open-Xchange now also supports Debian 6 (Squeeze), CentOS 5.5, and RHEL 6, in addition to RHEL 5, SLES 10/11, and Debian 5 (Lenny). However, Ubuntu is still out in the cold.

Users will mainly notice the reworked web GUI in version 6.20, which offers a completely revamped welcome page. You can modify the layout quickly using drag and drop. Thus, you can move frequently used modules to the top and position less frequently used modules at the bottom or simply remove them.

Addresses, tasks, appointments, and documents are now edited in a pop-up window or, optionally, in a separate tab in the Open-Xchange user interface. This level of functionality is reflected in the parameters for displaying the window as an embedded window, pop-up, compact panel, or tab-based panel below Configuration | Options. For example, you can completely disable pop-up functionality (Figure 1).

The Compact panel setting offers users of netbooks and tablet PCs a new, space-saving layout. And, the developers have simplified the process of creating email filters to support sorting of messages in different folders based on the sender, recipient, or selected terms from the subject line. Adding or removing new team members to or from your personal calendar is now a single-click operation, and users of a team calendar can now easily see when team members are available for meetings.

The web-based user interface now supports Italian, Japanese, and Simplified Chinese. Additionally, the developers have implemented an OAuth service for centralized authentication with social networks like LinkedIn, Twitter, and Facebook.

The makers of Open-Xchange are looking to extend the Social OX [4] functions in the next release to make Open-Xchange the centralized platform for all of a user's business and private communication, including automated synchronization of contact data between LinkedIn and Facebook. For more details of the new features in Open-Xchange 6.20, check out the information at the Open-Xchange website [5].

Architecture

The application server is an OSGi bundle, programmed in Java, that uses an HTTP interface to communicate with the supported front ends/clients. Additionally, servlets for SOAP, WebDAV, WebDAV/XML, iCal, and JSON are available. The original servlet engine was Apache Tomcat; however, the developers departed from the standard servlet container, because Tomcat was too big and cumbersome for Open-Xchange's needs.

Current versions of Open-Xchange use an internally developed servlet engine but still rely on the Apache JServ Protocol (AJP) to allow Apache to be deployed for serving up static content. Additionally, AJP is used for clustering Open-Xchange servers, and – if needed – the application server can also integrate and use Jetty. Local IMAP and SMTP servers can be used as the email server but is just as easy for users to specify their own external mail server.

MySQL acts as a centralized data repository. Open-Xchange manages both the structure and configuration of the groupware server in the form of individual contexts and servers in the configdb database (with a static name) and the users' groupware data in the oxdatabase (standard name, can be modified). At the same time, Open-Xchange creates the document repository in a file store on the filesystem, which can also be managed via the MySQL database. User management is also handled by the MySQL database.

Authentification plugins for IMAP, PAM, and LDAP are optionally available. If you use the latter, OX automatically synchronizes its user data with an LDAP directory. Of course, Open-Xchange also supports SSL and TLS encryption. Although the server side relies entirely on Java, the primary web front end is written in HTML and JavaScript and offers sophisticated Ajax usability, thus making it very hard to distinguish between a browser front end and a native application.

Optionally, native clients such as MS Outlook and Thunderbird can be integrated via IMAP and WebDAV. A MAPI connector [6], co-developed with VIPcom, is now available for Outlook, assuming you have the commercial Oxtender 2.0 in place. Oxtender is also available for Plesk, Business Mobility, and Mac OS X. These three variants are based on the Oxtender developer branch 1.x. The Oxtender for Business Mobility implements Exchange's ActiveSync protocol and thus supports push notification and synchronization of mail, to-dos, and contacts, including address books synchronized with social networks such as Xing and LinkedIn. These data are also available offline on mobile devices (iPhone, Android, Windows Mobile/Phone 7, Nokia S60, iPad, and all Honeycomb tablets).

The Oxtender for Mac OS X synchronizes contacts and appointments with the Address Book and iCal applications. The Plesk Oxtender supports management of Open-Xchange via Plesk. Thanks to the open interfaces, many third-party products have mushroomed around the OX server in recent years – for example, the Benno MailArchive, which was exhibited at CeBIT 2011.

Installing the Community Version

Although the installation of the OX Community Version involves some effort, the OX community offers useful documentation for various target platforms. Thus, I will focus on the key points, closing the gaps in the primary documentation in some cases. Before you install the Open-Xchange Server, Community, or Hosting Edition, you should familiarize yourself with the OX server's architecture and functional approach, understand the individual administration levels, and, in this context, understand the logic behind how the user accounts actually work (Figure 2).

The first thing Open-Xchange needs is an administrative MySQL account named openexchange for the installer and the administrative database operations. You can create this by issuing the initdb command, which gives you administrative access to the central configdb database. You need to issue the password as a parameter with the script. In the remaining course of the installation, you will also encounter the Open-Xchange Admin Master (oxadminmaster user account), which is responsible for configuring the server and managing the individual contexts.

In Open-Xchange terms, a context is a closed user group with a unique file name. In practice, you would create a context for a company or a department. This context-based solution keeps Open-Xchange multiclient capable, which in turn means that you can clearly isolate individual contexts. Open-Xchange provides a defaultcontext schema that you can use as a template for your own contexts.

The oxadmin account, which is created when you create a context, is the context administrator and has advanced privileges to reflect this. As the context administrator, this account has the ability to create new users in its own context and is generally responsible for managing users, groups, and resources within the context. At the same time, an open-xchange system user exists on the Linux/Unix side; this account is created by the installer as part of the installation process and is used to execute all filesystem operations – except those requiring root privileges.

The Open-Xchange community has repositories for all the major distributions, so you can integrate the required Open-Xchange packages easily with the use of your distribution's package management system. I will be using Debian 5 (Lenny) for the installation examples. The Open-Xchange installer drops the entire software into /opt/open-xchange in both cases.

All of the Open-Xchange binaries are then located below /opt/open-xchange/sbin, whereas the critical configuration files are in the directory /opt/openxchange/etc/groupware. The initial start scripts, such as open-change-groupware, are dropped into /etc/init.d by the OX installer. For the remaining course of the installation, and for administrative work later on, it is a good idea to add /opt/open-xchange/sbin to your system path:

echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc

Debian users can do

deb http://software.open-xchange.com/OX6/stable/DebianLenny/ /

to add the package source to the /etc/apt/sources.list.d/debian.list configuration file.

You can also import the keys for the package source with

wget http://software.open-xchange.com/oxbuildkey.pub
apt-key add oxbuildkey.pub

and you can take a look at the package repository like this:

sudo apt-cache search open-xchange

In Synaptic, this command shows a large number of packages. Don't worry; the Open-Xchange developers have created a number of meta-packages to help non-experts complete the installation. You can filter the search results for open-exchange-meta to get a clearer picture (Figure 3).

To install a single server, you can just install MySQL (mysql-server-5.1) and the open-xchange-meta-singleserver meta-package. You can commission the connectors (Outlook Extender) and mobile and messaging clients later without any trouble. Additionally, an application server like Open-Xchange absolutely requires Java. But, if you don't have Java, you can install it by selecting the meta-packages. The following command line will handle the install:

apt-get install mysql-server open-xchange-meta-singleserver open-xchange-authentication-database open-xchange-spamhandler-default

Or, you can use Synaptic on a server with a GUI. Incidentally, you can choose various alternatives for the authentication and spam handler packages, depending on the host system. On an Ubuntu 10.10 system with default package sources and a full set of current patches, you can choose from the open-xchange-authentication-database (default), open-xchange-authentication-ldap, and open-xchange-authentication-imap. Installing these gives you plugins for authenticating against an IMAP account or LDAP server. The IMAP plugin handles the login process for an IMAP account but does not handle user management. Thus, users can access the Open-Xchange groupware if they can log in to the configured IMAP account. It does not replace the database package. Alternatively, authentication via LDAP is supported. Administrators on Ubuntu can choose between the default package and open-xchange-spamhandler-spamassassin for the spam handler.

The remaining configuration requires a functional MySQL database. The initconfigdb command initializes the Open-Xchange database:

/opt/open-xchange/sbin/initconfigdb --configdb-pass=DB-Password -a

The -a creates an administrative account called openexchange in the MySQL database, which is mandatory to be able to register OX databases. If a password for the MySQL root account was assigned when installing MySQL, the initconfigdb command will fail. In this case, you should remove the MySQL root password up front. The easiest way is to use phpMyAdmin (Figure 4). Experienced administrators can also use the MySQL command line.

If you enter initconfigdb without options, you are shown the usernames that exist in the MySQL context for ease of orientation. Incidentally, this is true of all administrative OX commands. For example, /opt/open-xchange/sbin/oxinstaller without any parameters gives you all the defaults.

Once you have completed all the preparations to an extent that the oxinstaller script that comes with the distribution will run without complaint, you still need to define a couple of parameters. Besides the Open-Xchange target server name, these include the password for the Admin Master account referred to earlier and the Configdb database password you just set up. The Admin Master is created by the script itself. The --add-license option expects you to type the license key after purchasing a license from Open-Xchange. If you are installing the community version rather than a commercial license, you can use the --no-license option here:

/opt/open-xchange/sbin/oxinstaller --no-license -servername=Server --configdb-pass=DB-Password --master-pass=Master-Password --ajp-bind-port=localhost

You can use localhost as the --ajp-bind-port parameter for a single server scenario; this is only required for cluster setups. After initializing the configuration, the following command starts the administrative back end:

/etc/init.d/open-xchange-admin start

Then, the following command logs the OX server (<my-oxserver>) into the configdb database:

/opt/open-xchange/sbin/registerserver -n Oxmaster -A oxadminmaster -P Master-Password

Make sure the server names match for the calls to oxinstaller and registerserver. Incidentally, oxinstaller also writes the server name to the /opt/open-xchange/etc/groupware/system.properties configuration file, thus supporting a quick compliance check (see also Figure 5).

The next step is to create a local directory on the server where Open-Xchange will store all of its groupware and infostore documents. Then, the open-xchange system user will need corresponding access to this directory:

mkdir /var/opt/filestore
chown open-xchange /var/opt/filestore

Again, you need to register this directory as the file store with both the database and the Open-Xchange server. The /opt/open-xchange/sbin/registerfilestore command handles this part of the process:

/opt/open-xchange/sbin/registerfilestore -A oxadminmaster -P Admin-Master-Password -t file:/var/opt/filestore

Then, the admin can log on to the groupware database:

/opt/open-xchange/sbin/registerdatabase -A oxadminmaster -P Admin-Master-Password -n OX-database -p DB-Password -m true

Once you have the Open-Xchange server and database running, you need to configure the Apache web server, especially the mod-proxy-ajp module. You will not be able to access the server via the web interface until you have done so.

The original documentation also recommends the mod_expires and mode_default modules, which are said to boost the performance substantially. You can load and enable the modules in Apache 2 in the normal way with a2enmod.

a2enmod proxy proxy_ajp proxy_balancer expires deflate headers rewrite

Then, restart the web server.

To configure the Apache proxy_ajp module, you first need to create the matching /etc/apache2/conf.d/proxy_ajp.conf configuration file. To display the Open-Xchange web interface, you need to modify the default VHost settings. Especially if you are installing Open-Xchange on a web or root server, you must make sure that the Open-Xchange GUI binds to the correct domain address (Name-Based Virtual Hosts).

After restarting the web server, you should be able to start the Open-Xchange groupware as follows:

sudo /etc/init.de/open-xchange-groupware start

From now on, you should see the Open-Xchange login screen when you go to the server's standard address (Figure 6).

Of course, you still can't log in because the admin still needs to create the required contexts and groupware users. When you execute the createcontext program to create a context, the context id (-c) parameter always has to be unique.

The --access-combination-name parameter lets you assign Open-Xchange modules and functions to the individual user's context; this also can be done with all (Listing 1).

01 /opt/open-xchange/sbin/createcontext -A oxadminmaster -P Admin-Master-Password -c 1 -u oxadmin -d displayed_username -g first_name -s family_name -p Admin-Password -L defaultcontext -e oxadmin@example.com -q 1024 --access-combination-name=all

The username of the context administrator here is oxadmin. All you need to do now is create the required groupware user or users in the new context. The context administrator account, which you just created, is responsible for this (Listing 2). The context ID relates to the context, all contexts, created using createcontext; this is normally 1.

01 sudo /opt/open-xchange/sbin/createuser -c 1 -A oxadmin -P Admin-Password<I> -u Username -d displayed_username -g first_name -s family_name<I> -p User-Password -e username@example.com --imaplogin Username --imapserver 127.0.0.1 --smtpserver 127.0.0.1

The user you just created can now log in via the web interface. One special thing about creating users is that the context administrator can assign an external or local (127.0.0.1) mail server to the user by setting the --imaplogin, --imapserver, and --smtpserver parameters.

Oxtender 2.0 and MAPI

The Open-Xchange Oxtender supports access to much of the information managed by the Open-Xchange server by various native clients. Currently, Oxtenders are available for MS Outlook, Mac OS, Parallels Plesk, and Business Mobility. The latter supports Microsoft Exchange ActiveSync for iPhone, Windows Mobile, and Android, or Blackberry with optional add-on software. The Outlook Oxtender in particular supports the use of Microsoft Outlook as a client. From Open-Xchange's point of view, this makes sense because it's easier for users who are familiar with Outlook to grow accustomed to Open-Xchange, thus fostering more support for the collaboration server platform.

Open-Xchange server also offers functions that MS Exchange does not, and vice versa. Although you can easily synchronize mailboxes belonging to Open-Xchange users via the IMAP protocol, the Oxtender for Outlook has, up to now, supported fast synchronization of calendars, contacts, and tasks. This is implemented as an intelligent push mechanism in collaboration with the OX server and applies to all of the Outlook Oxtenders in the 1.x developer series.

In contrast, Microsoft Exchange Server uses Remote Procedure Calls (RPCs) to communicate with Outlook and supports active connections to the Exchange Server (online mode) as well as replication. The sequence and function of communication between MS Exchange and its supporting clients are described in Microsoft's MAPI interface, a proprietary RPC protocol. Although the functional scope of MAPI is described in Microsoft's MAPI documentation [7], emulating the interface in the way that the OpenMAPI project attempts to do is not a trivial matter. For example, Open-Xchange's competitor Zarafa has worked for many years on what is now a stable MAPI implementation on Linux servers. However, Zarafa's groupware concept and product family all rely on a scalable MAPI store based on MySQL (Zarafa Server). The intention is to let Zarafa look like an Exchange server from Outlook's viewpoint. Zarafa's potential customers are thus Microsoft users who mainly want to save money.

Open-Xchange's functional scope and targets look somewhat different. Given that MS Outlook 2003 and newer can use a secure HTTP/HTTPS connection between client and server to handle RPC calls, Open-Xchange and VIPcom developers implemented a client-side MAPI interface in Oxtender. The Open-Xchange server thus uses USM-JSON to communicate with the MAPI connector in Oxtender, which in turn talks to Outlook.

Bottom line, the new Oxtender supports real-time operation of Microsoft Outlook as a client for Open-Xchange. Although Open-Xchange's objectives and target group are different from those of Microsoft Exchange or Zarafa, Oxtender supports many elementary MAPI operations.

The installation of Oxtender 2.0 for Outlook is supported by a Windows-style wizard, in which the administrator enters the desired profile name followed by the URL of the Open-Xchange server (HTTPS), the interface to use (USM-JSON), and the desired user. The wizard creates an Outlook profile based on this information. The next time Outlook is launched, Oxtender sets up a connection to the Open-Xchange server, after selecting the Oxtender-2.0 profile, and serves up the login dialog shown in Figure 7.

Oxtender 2.0 for Microsoft Outlook also supports the replication of email, calendars, contacts, and tasks with Open-Xchange server. Journal and notice folders are not covered by this process. Thanks to MAPI, folder synchronization occurs in real time; any changes the user makes via the web interface are thus immediately available in Microsoft Outlook, and vice versa. Additionally, Oxtender 2.0 synchronizes the two special Open-Xchange folders: Public Folder (where users save data they want to share with others) and Shared Folder (where the groupware user sees folders shared by other people).

Note that when logging in via the Oxtender profile, Oxtender asks if you want to give Outlook or the server priority for synchronization. Under normal circumstances, users will want to give the server priority – anything else could cause loss of data. During synchronization, Oxtender successively retrieves 50 objects per folder and synchronizes them. It makes its way through all of the folders and then starts again with the first folder. Any changes that the user makes offline in Outlook are automatically synchronized at the next login. Oxtender will continually resynchronize a folder in real-time Outlook operation if the folder is enabled. For details of supported functional scope of the MAPI implementation in Oxtender 2.0, check out the documentation for Oxtender 2.0 [8]. For additional information on mail servers, see the "Mail Servers" box.

Conclusions

As progress continues to be made in the development of Open-Xchange, the project no longer sees its role as a mere groupware solution on a departmental intranet, but as a central information hub on the overall enterprise network.

And, if you consider that more than 90% of all mail sent today consists of spam, and most of the rest is misused to transport documents and file attachments, the question of whether one could find a more meaningful solution for handling information is very relevant. By offering an attractive GUI, Open-Xchange more or less forces users to think about and document their approach to planning their own activities and handling information.

Of course, the vision of getting rid of local hard disks, external hard disks, SD cards, and the like as repositories of enterprise-related documents is very much worth pursuing, even if this is only for reasons of facilitating versioning. Developments in recent years in the collaboration sector have also shown that users of this kind of technology are far from understanding the technology's potential in a holistic manner, and far from effectively using the potential that a central information management system offers.

The current hype concerning moving data and activities into the cloud does actually favor a climate of more acceptance for collaboration solutions on a par with Open-Xchange. Additionally, integration of social networks goes far beyond what other manufacturers currently consider to be useful. In this context, some administrators rightly ask themselves if the benefits of a groupware solution like Open-Xchange are not cancelled out by security risks.

Open-Xchange's web desktop takes the project another step closer to the cloud; however, when Google introduced Chrome OS, they had to accept the fact that users are not currently willing to use an operating system and applications that run entirely in the browser. For administrators and users, however, Open-Xchange 6.20, in combination with Oxtender 2.0 and the Business Mobility extender, offers unequivocal administrative benefits. Real-time Outlook operations are now finally possible with Open-Xchange, and the ability to synchronize addresses, contacts, and email with smartphones of any brand guarantees a standardized solution in the enterprise.