2. Introduction

Kopano Groupware Core (KGC) is an open source software suite capable of providing a complete MAPI-based groupware stack with extensive interfacing capabilities. It’s architecture is very modular, makes use of standards wherever possible, and integrates with common open source components.

This document explains how to perform the most common administrative tasks with KGC.

Important

Although we, Kopano, try our best to keep the information in this manual as accurate as possible, we reserve the right to modify this information at any time, without prior notice.

2.1. Intended Audience

This manual is intended for system administrators responsible for installing, maintaining, and supporting the KGC deployment. We assume readers of this manual will a thorough understanding of:

  • Linux system administration concepts and tasks
  • Email communication standards
  • Security concepts
  • Directory services
  • Database management

2.2. Architecture

In accord with the UNIX philosophy, KGC consists of components that each take care of a well defined task. See the KGC Architecture Diagram which describes the relationships between the components and the protocols used. This diagram describes a simple setup as used by most of our customers. Only the most commonly used components are shown in the diagram.

The top part of the diagram shows the clients: software appliances by which users access their data. Some of these appliances are desktop applications, some are mobile applications.

In between “The Internet” and the “Kopano Server”, the infrastructure components of Kopano (blue) and some common infrastructure components (grey) can be found. These components are needed to facilitate communication between the Kopano Server and various clients. Microsoft Outlook does not need any special infrastructure, but communicates directly with the Kopano Server using the ActiveSync protocol via Z-Push.

The Kopano Server is basically serving MAPI calls, while storing data in a MySQL database. For user authentication several methods are available (and discussed in this document), most common are servers that implement LDAP (e.g.: OpenLDAP, Microsoft Active Directory or any other LDAPv3 capable LDAP server).

Kopano Suite Architecture Diagram

Figure 1.1. Kopano Suite Architecture Diagram

2.3. Components

Installations of Kopano Groupware may consist of the following components (list may not be complete):

  • Kopano Server (kopano-server) - The server process accepts connections for all clients through SOAP (HTTP), and stores the data in an SQL database.
  • Kopano WebApp (kopano-webapp) - The next generation collaboration web client, which offers integration with chat, presence and video conferencing.
  • Kopano Delivery Agent and Kopano Spooler (kopano-dagent, kopano-spooler) - The tools which serve the email communication with the outside world. The dagent delivers mail from the Mail Transport Agent (MTA) to a Kopano user. The spooler sends mail waiting in the outgoing queue to the specified MTA.
  • Kopano Admin (kopano-admin) - The command line administration tool is used to manage users, user information and groups (is alreadt replaced by kopano-cli and will be removed from future versions).
  • Kopano CLI (kopano-cli) - The new command line administration tool is used to manage users, user information and groups.
  • Kopano Gateway (kopano-gateway) - Optional service to provide POP3 and IMAP access to Kopano users.
  • Kopano Monitor (kopano-monitor) - Service which monitors user stores for quota exceeds.
  • Kopano Caldav (kopano-caldav) - Optional service that provides iCal and CalDAV support. CalDAV is recommended due to speed and less data transfer.
  • Kopano Backup (kopano-backup) - A brick-level backup tool to create simple backups of users and stores with the ability to (partly) restore it at a later time.
  • Kopano Search - Optional service to provide full text indexing. This offers fast searching through email and attachments.
  • Kopano Presence - Kopano Presence Daemon which provides user presence to WebApp.
  • Webserver - e.g. Apache, serves web pages of the WebApp to the users browser.
  • PHP - The WebApp and Z-Push are written in this programming language.
  • PHP-MAPI extension - Module for PHP to enable use of the MAPI layer. Through this module, MAPI functions are made accessible for PHP developers. This effectively means that MAPI web clients can be written. The WebApp is such a client.
  • Python-MAPI extension - Module for Python to enable use of the MAPI layer. Through this module, MAPI functions are made accessible for Python developers.

For connectivity with mobile devices and Microsoft Outlook we recommend using Z-Push (see Configure Z-Push (ActiveSync for Mobile Devices)), an open-source implementation of the ActiveSync protocol.

2.4. Protocols and Connections

All applications which directly connect to the Kopano Server use MAPI in SOAP to do so (see the Architecture Diagram). Even the WebApp uses MAPI in SOAP (provided by the PHP-MAPI extension) to connect to the Kopano Server.

2.4.1. SOAP

SOAP is an abbreviation of Simple Object Access Protocol. It is a protocol to exchange data and make Remote Procedure Calls between applications over a network or Internet for that matter.

SOAP is based on XML and HTTP 1.1 (port 80, or port 443 in case of HTTPS). Because of these standards, it is possible to connect transparently through proxies, allowing connectivity over most networks without modifications.

2.4.2. Secure HTTP (HTTPS)

All Kopano clients using the SOAP protocol have the possibility to connect to the server over HTTP secured with SSL (HTTPS). All connections over the network will then be encrypted, making eavesdropping virtually impossible.

The Kopano Server must be configured to also accept SSL connections. By default, this is disabled, because it requires the creation of SSL certificates. When the server certificate is created, SSL connections can be directly accepted from a client. As an extra option, other Kopano components (like the Kopano Delivery Agent and the Kopano Spooler) can also connect over HTTPS to the server and authenticate using the Kopano Server’s private key.