Review: Novell’s Openexchange Server is powerful, versatile

122

Author: Preston St. Pierre

A scalable, stable, secure software stack for small and medium-sized business network services is hard to develop in-house or integrate from piecemeal components. To integrate it all with a single sign-on for users requires even more work. Enter Novell’s new SUSE Linux-based OpenExchange, a packaged, full-featured, secure, all-encompassing operating environment.

At SUSE Linux Openexchange Server’s most basic level you’ll find the UnitedLinux 2.4.19-64GB-SMP Linux kernel, which is old but time-tested, stable, scalable, and reliable. It held up under our stress-testing, running four instances of SETI@home while loading four years’ worth of email into IMAP without even slowing down the Web-based interface under load. The system we used for testing was a Dell PowerEdge 2400 (dual 1GHz Pentium III CPUs, 1GB RAM, mirrored 36GB 10,000rpm SCSI-160 drives), a production server in a 50+-node network at a financial services company.

The operating system is a derivative of SUSE Linux and has all of the usual styling and administrative tools. Included in the package are tools for hosting a Web server (via Apache 1.3.26), email server (via Cyrus-IMAP), and user authentication and address book server (via LDAP). This functionality in itself is not revolutionary, but the way the pieces are integrated is. All of the network users can access these services through a beautifully designed Web interface with a single secure sign-on, making the whole operating environment into a valuable tool that reduces management overhead, user training costs, and platform dependence.

Compatibility

While it may not be possible for some companies to switch away from Windows on their desktop machines, it is possible to keep those nodes just as they are and still take advantage of the functionality of Openexchange.

We tested Windows ME, 98, and 2000 desktop machines with Openexchange and had no trouble getting them to work seamlessly with its services. By using Samba as a Windows domain controller, each Windows desktop was able to authenticate to LDAP. Although it’s an added step to the process, the end result is the same sort of authentication that a GNU/Linux, *BSD, or Solaris machine would do by going directly to the LDAP server. In other words, your desktop machines can use Windows or any operating system that is LDAP-aware.

We didn’t test Microsoft Outlook, but we did test Mozilla Mail, Evolution, and Outlook Express. All worked perfectly with email and contacts. In general the email server worked quite well.

Click to enlarge

Client interface and tools

The client interface to SUSE Linux Openexchange Server is elegantly designed and easy to navigate. It’s written in PHP and greatly resembles PHProjekt in terms of interface layout and functionality.

The screen shot says it all — everything is easy to find and use. If you’d like to try it out for yourself, Novell offers an online demo.

Two features of the client interface that aren’t immediately obvious are the Documents and Knowledge sections. A sysadmin can easily turn either one into a FAQ and direct users to it when necessary, saving him the trouble of repeating the same information over and over. The Knowledge section is also useful as a repository for tips and tricks related either to the company or to the sysadmin specifically. For instance, you could store company rules and policies there, or you could save your configuration files and software installation procedures with it. The Documents section can also be used to store form or example letters for employees to use for standardized correspondence on company letterhead.

You don’t need to perform any major configuration at the clients to work with Openexchange. You just have to have your server set up properly to authenticate clients, and each client must have a JavaScript-enabled Web browser installed on it. We tested with Firefox, Mozilla, Internet Explorer, and Opera, and found no rendering errors in the Web portal.

Caveats

Although we felt that Openexchange was a great product overall, there were a few minor things we disliked about it:

  • The installation procedure requires an unusual and nonsensical insertion order for the CDs, and no DVD is offered. This makes an unattended install impossible while making the entire procedure a time- and attention-consuming ordeal.
  • Installation involves putting the base system on first, then going back later and adding ancillary tools and and extras — again, inconvenient.
  • You can’t edit configuration files until the entire system is as you want it; in other words, you must install everything with system defaults and then go back and edit them later.
  • Webmin, our preferred services administration tool, is not installed by default, although it is available on the CD set.
  • By adding LDAP users, YaST can destroy the Python-LDAP package, making the system unbootable.
  • Editing the Samba configuration from the command line also resulted in a broken Python-LDAP package.

It’s also worth noting that the manual is required reading for a proper installation. SUSE Linux has always been intuitive to experienced GNU/Linux users, and generally easy to install, set up, and configure, but there are many “gotchas” that, if you don’t RTFM, you won’t know about until it’s too late.

Openexchange’s old 2.4-series kernel isn’t going to support much P4- or AMD64-era peripheral hardware. While you certainly don’t need to worry about video or sound drivers, you may find yourself digging around in the parts bin for an old network card that will work with the 2.4.18 kernel. Serial ATA hard drives are totally out of the question.

If PostgreSQL and Cyrus are not your favorite tools to use with LDAP and IMAP, you’re going to have to learn to like them if you go with Openexchange. While it’s probably possible to use other databases and email servers, implementing them in place of the existing technologies would be difficult to accomplish and hard to maintain and manage (SUSE’s online update tool won’t recognize third-party packages, so you’ll have to update them by hand).

Exchange this

Most corporate desktop machines are currently running some version of Microsoft Windows, using Exchange and Active Directory as a primary method of achieving similar functionality to what is described above. The trouble is, attempting to make and keep Exchange and Windows secure is a hassle that any Windows sysadmin is all too familiar with.

Microsoft Exchange is “dirtier” than its competitors, requiring constant maintenance in the form of daily garbage collection and frequent security updates. Exchange is tightly integrated with and totally dependent on the proprietary Windows-only Active Directory, and can’t use NIS, LDAP, or Radius to authenticate. In contrast, Openexchange uses LDAP, which is supported by Solaris, GNU/Linux, and Free/Open/NetBSD — the client machines are not limited to one operating system.

After testing this product for six months prior to this review, we believe that OpenExchange is “absolutely!” a replacement for Microsoft Exchange in small/medium businesses, especially those that have Internet-connected networks and those who need Internet email access. Its functionality, security, stability, reliability, and platform-independence trump the shortcomings of Microsoft Exchange.

Aside from being a good Exchange replacement, Openexchange also provides an all-encompassing, easily licensed, inexpensive server software stack for small/medium business networks. Although it does have its annoyances with installation and setup, the functionality and features it offers are unmatched with any single software solution. In other words, it’s not just a replacement for Exchange — it’s a replacement for Windows, Exchange, and Active Directory, while providing Outlook-like functionality and adding in various extras like Web forums, online chat, and other collaborative functions.

Purpose Collaboration/groupware, Web, LDAP, Samba, and email server
Manufacturer Novell
Architectures x86
License GNU General Public License
Market Small/medium businesses
Price (retail) From U.S. $144 to $1,319 or more depending on the level of support and services needed
Previous version 4.0
Product Web site Click here