On 07/07/2015 03:26 PM, Laz C. Peterson wrote: > Cool, thanks Martijn! > > I have tested the initial release quite a bit over the past day or > so. Actually thinking about going live tomorrow or Thursday. With > of course a fallback to the existing CipherMail installation if any > issues arise. > > The architecture goes like this … > > Two sites on two independent networks/datacenters, MySQL 5.5 database > at each location with bidirectional master-master replication for the > back-end. For the mail services, at each location, we have one > primary MX for local delivery and one backup MX for store/forward. > The primary MX delivers to Dovecot at its respective site, which then > synchronizes using dsync (which works very well I might add). Our > users are able to authenticate, send and receive from each site > entirely independent of the other site. > > Now, with CipherMail able to use MySQL as its DB, we can configure > each site's current primary MX as a relay destination, and allow > CipherMail to take over as primary MX duty. CipherMail will be each > site’s gateway in and out for both internal and external domains, > relaying to the Postfix server that lives with Dovecot or sending to > the outside world. > > We have tested sending encrypted email out from one site and having > the external user access the web portal from the second site. > Everything works great so far. Our particular setup is more for > disaster recovery, but the exact same setup could be applied for > failover and load balancing. > > (Of course, a single database using PostgreSQL would be sufficient > for two CipherMail servers to share at a single site. But the > replication process for PostgreSQL was a bit complicated and immature > at this time to apply for WAN.) > > I will upgrade the packages later on today and give it a go. Thanks > again.
Sounds like a nice setup :) A couple of questions, since I'm not familiar with the HA options of MySQL. Reads will be fast since they can be read from the local database. With writes I guess a write is blocked until all databases have finished the transaction? If so the write speed will depend on the latency between the datacenters. The majority of databases access is read only so that should not be a problem. How does the system handle a connection failure? It can happen that the databases get out of sync when a connection between the databases is lost. Should you manually tell which server is the "good" server? Kind regards, Martijn Brinkers -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail -- CipherMail email encryption Open source email encryption gateway with support for S/MIME, OpenPGP and PDF messaging. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.djigzo.com/lists/listinfo/users
