Vielen Dank, Herr Prof. Schefczyk! This is an infrastructure very similar to what I'd create myself. With your feedback I'm sure, I'll give this setup a try.
Immer für Sie da Ihr Thomas Bahn -- Thomas Bahn Diplom-Mathematiker Geschäftsführer Tel.: 04307 900-401 Fax: 04307 900-409 Mobil: 0173 935 79 16 E-Mail: [email protected] https://www.assono.de https://www.assono.de/blog assono GmbH Lise-Meitner-Straße 1-7 24223 Schwentinental Geschäftsführer: Lydia Bahn, Thomas Bahn Amtsgericht Kiel, HRB 8202 KI Hauptsitz des Unternehmens: Schwentinental Profitieren Sie von Künstlicher Intelligenz mit individuellen, intelligenten Chatbots von assono. Supportkosten senken - Kundenzufriedenheit steigern - Umsätze erhöhen - Prozesse beschleunigen - Mehr Zeit für das Wesentliche Von: "Prof. Dr. Michael Schefczyk via Users" <[email protected]> An: "[email protected]" <[email protected]> Kopie: "[email protected]" <[email protected]>, "Prof. Dr. Michael Schefczyk" <[email protected]> Datum: 03.06.2021 09:26 Betreff: [CipherMail User] Re: Two sites, two CipherMail servers, two database servers - what's the simple(st) solution? Dear All, I can confirm that a MariaDB Galera cluster does work well. My own experience is from being a two location SOHO user. I run mailservers on both premises. My outbound mail is 50:50 from both locations and my inbound mail is ca. 95:5. My setup from an outside perspective is an ASSP server first, then a ChipherMail server and then a Kopano Mailserver. I have a three node MariaDB Galera cluster based on standard Debian 10 packages on three virtual machines, two in my primary location and one in the secondary location. The OpenVPN connection is performing sufficiently well for the cluster. Regards, Michael Schefczyk -----Ursprüngliche Nachricht----- Von: Martijn Brinkers via Users <[email protected]> Gesendet: Mittwoch 2 Juni 2021 10:51 An: [email protected] CC: [email protected]; Martijn Brinkers <[email protected]> Betreff: [CipherMail User] Re: Two sites, two CipherMail servers, two database servers - what's the simple(st) solution? On Tue, 2021-06-01 at 05:24 +0000, tbahn--- via Users wrote: > We have two sites each with an MTA and MX record. We think about > introducing CipherMail into our infrastructure. > > Obviously, there is a way using MariaSQL/MySQL and Galera Cluster, > HAproxy, ... to create a "real" cluster. With at least three nodes > and a lot of overhead, this seems to be a little too much for our use > case. > > I thought of a solution with PostgreSQL, backup, transfer backup to > the other site, restore there, automated as a cron job. > Configuration would only be possible on the "master" site, but that's > okay. > The database on the "slave" site would be overwritten regularly. > > In your opinion, what do you think would be a simple solution for my > use case? > Would my idea even work? The best setup is to use a master/master database like Galera. If you use a primary and secondary server, you need to make sure you never write data to the secondary server because that will be overwritten when the primary server syncs to the secondary server. The secondary server will add or update the database in various cases. For example if you receive digitally signed email, the certificate will be extracted and added to the database. Or, if you send a PDF encrypted email with the password auto-generated, a user object for the recipient will be added. If this happens on the secondary server, those changes will be overwritten. The best setup is therefore to use a master/master database. If you use a primary/secondary database, make sure all database changes are applied to the primary database. This requires that a fail-over is done to the secondary when the primary fails. If you can be certain that changes are only applied to one database (primary), then you can periodically sync the primary to the secondary database without fail-over. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF Messenger and Webmail Messenger
