Monday, November 30, 2009

Health-Check Configuration for Sun Suite

For large-scale, high-available deployment of Sun Suite of Products (e.g. Sun Portal Server, Sun Access Manager and Sun Directory Server), there is always a need for a hardware load-balancer to sit in-front of each set of components.

The diagram below illustrates a complicated setup of Sun Portal Solution with Secured Remote Access (SRA):

e.g. HA SRA, HA Portal, HA Access Manager, HA Directory Server

If you have such a setup, a properly configured health-check on the load-balancer is required.

Load balancers use a health-check mechanism to establish if a service instance is properly working and if it can process requests from clients. If the health-checks succeed, the load balancer includes the service instance in the pool of available instances, and requests are routed to the instance based on the existing scheduling rules. However, if the health-checks fail, the instance is removed from the load balancer's scheduling list.

Do take note of the following, in particular:

1. Health-check Timeout
2. Interval Between Checks
3. Consecutive Failed Health-check Threshold

Source here.

PS: The above figures can be used for other large-scale deployment that uses HA Directory Server or HA Access Manager/OpenSSO Server.

Saturday, November 28, 2009

Sun Directory Server - Referrals Feature

I was recently involved in a Sun Directory Servers Multi-Master Replication (MMR) Re-Configuration exercise in the Philippines. After analysis, the problem is not a major. We only need to put in place a NTP server to sync-up the Directory Servers. Finally, we need to initialize the suffix again since they are out-of-sync for quite some time.

The Directory Servers have been in Production for a number of years and there are LIVE applications accessing the Directory service.

If we were to initialize the suffix from Directory Server 2 (the Source) to Directory Server 1, then Application 1 will not be able to access Directory Server 1 during initialization.

We have a problem. This particular suffix hosts around 17 millions entires and it would take us a number of days to complete initialization.

A workaround is to ask:
1. the Network Team to grant Application 1 access to Directory Server 2 directly
2. the Application Team to change their code in Application 1 to point to Directory 2

This is painful!

A better workaround is to make use of the Referral feature in Sun Directory Server.

Referrals can also be used to temporarily point a client application to a different server. For example, you might add a referral to a suffix so that the suffix points to a different server while backing up the contents of the suffix.

Read more here.


Thursday, November 26, 2009

Mail Journaling Solution - Part V

I think Mail Journaling and Mail Archiving can be used interchangeably.

My colleague lead me to another SAAS Mail Archiving Provider - LiveOffice.

This is a Cloud-based solution. However, it does take data security seriously. See here.

Again, it promises Flat Monthly Rate per user, regardless of storage amount or retention period, like Sonian which I mentioned in my earlier post.

Wednesday, November 25, 2009

Content Management Interoperability Services (CMIS)

CMIS is a new standard that uses Web services and Web 2.0 interfaces to enable information sharing across content management repositories from different vendors.

According to TechWorld, this standard will be finalized by early 2010.

Hopefully, we'll be able to enjoy a better integrated ecosystem in the near future. It has really been a nightmare trying to integrate contents from different vendors' CMS.

Something caught my attention when I read the Membership page. LifeRay is not one of the participant; while Sun has one. Hmm... I'm surprised LifeRay has not sent anyone to participate in this open standard.

By the way, you can see which vendor is active from here.

Tuesday, November 24, 2009

Cons of porting to Google Apps

I am a subscriber of the popular iPlanet Messaging Server User Forum. Link here.

There's a discussion to investigate the pros/cons of Sun Java Communications Suite versa Google Apps.

Btw, Google is heading strongly into Education arena these days. Well, who's not interested in the capturing the bigger fish?

I'm pretty interested in following this discussion because we are also in the Corporate Email Hosting business via OpenMail.SG brand. I'm also being asked the same question multiple times. My response's here.

There's a reply:
I talked to someone from XXX last year, they moved to google apps. The issues he talked about were concerns about privacy, high project effort for the transition, and (lack of) support. The provider does not offer things like moving or renaming accounts for instance. And one has to be aware that the users will still contact the university helpdesk if there is a problem, so you still will have to provide support.

XXX ended up providing their users a choice between an institutional email account or google mail.

It ended with the following:

There is a Dutch saying: only the sun rises for free.

Monday, November 23, 2009

Customizable Zimbra WebMail UI

Just read that The University of Texas at Dallas is launching a new communications suite using Zimbra as the backend. Read here.

They have customized the default UI.

Isn't it nice?

By the way, Zimbra has newly launced Collaboration Suite 6.0 – Enhanced User Experience and Productivity. What's new here.

Tuesday, November 17, 2009

OpenMail Architecture - Part II

This is going to be an exciting week. We are ready to port all our customers to Sun Java Communications Suite 7.

See our old OpenMail Architecture here.

Below is our new OpenMail Architecture for Comms Suite 7.

The new components are:

1. Calendar Server 7
1. Index and Search Server running on top of Glassfish Enterprise Server
2. MySQL database server for Calendar 7

The layers are getting thicker with every new release of Comms Suite. :)

Monday, November 16, 2009

Microsoft Exchange business is good

I was reading an article in The Microsoft Exchange Team Blog on the Release Candidate of Exchange 2010. Read here.

One interesting paragraph caught my attention.

According to a 2008 Ferris research report, Notes/Domino share has dwindled to a mere 10% in enterprises, while Exchange has grown to 65% market share across all organizations and continues to grow with more than 4.7M starting the switch to Exchange last year. In fact, Exchange is now is approaching $2B in annual revenues. If Exchange were a standalone business, it would be the 9th largest software company in the world. We expect that momentum to accelerate with Exchange 2010, the most compelling version yet.


Sunday, November 15, 2009

What do customers look for when they want a Portal solution?

In my conversations with customers, their requirement for a Portal solution is fairly simple.
(OK, in the Asia-South region. I do not know about other region)


0. Friendly UI
1. Integrated Content Management Server (CMS)
2. Integrated Document Management Server (DMS)
3. Versioning feature
4. Approval Process
5. Search Engine that can index all types of documents (especially Words and PDF)
6. Document Conversion (see here)
7. LDAP authentication (with their existing infrastructure)


1. Integrated Email and Calendar Services
2. Instant Messaging
3. Different theme for different department/branch

Notice that they are not very much into Single Sign-On or integration with other backend applications. This, to me, is not appealing at all. There is no stickiness in this solution.

A good Portal solution should integrate with as many useful backend applications as possible. This will make end-users come back again and again.

A Portal should be a one-stop place for everyone.

Saturday, November 14, 2009

Sun Glassfish Web Space Server Update 6 - Call Add-On

The presentation to a Philippines government-link company was a success yesterday.

They are especially keen on the Call Add-On that comes with Sun Glassfish Web Space Server Update 6.

So here I am ... researching more on this new feature.

It was way too wordy reading Sun GlassFish Web Space Server 10.0 Call Add-On Guide from here. Thus I come up with the diagram below.

Making Call Add-On works with Sun Web Space Server is simple.

A. On Web Space Server, ensure RUON and the Call component are installed.
RUON enables presence functionality in Web Space Server; while Call component comes from Call Add-on

B. On another server, install SailFin which will provide SIP and Call-Registrar component.

The JSR 289 compliant scalable SIP (Session Initiation Protocol) servlets technology on top of a deployment-quality, Java EE based GlassFish. SailFin is an open-source implementation of Sun GlassFish Communications Server; Call-Registrar component comes from Call Add-On

C. On the clients' laptops/desktops, download and install X-Lite from CounterPath.

The flow is as such:

1. Users log into Sun Web Space Server. RUON detects the users' presences.
2. In order to call from one person to the other, each has to initiate SIP via the SailFin server.
3. Once SIP is established, both can talk directly.

Pretty cool!

Friday, November 13, 2009

Sun Glassfish Web Space Server Update 6

Here I am in Philippines ... I am supposed to implement a WAN replication for Sun Directory Servers. But was dragged to help with a pre-sales task.

The customer is interested in Sun Glassfish Web Space Server (aka Portal Server).

Sun Glassfish Web Space Server is now in Update 6. This update has 2 new Add-On features:

1. Call

Call add-on allows portal users to establish voice communication based on SIP protocol

2. IDM Adapter

The IDM Adapter feature provides integration with Sun Identity Manager 8.1. Using this feature, you can provision users on Identity Manager.

Both are pretty exciting!

Read more here.

Thursday, November 12, 2009

Oracle Beehive - Part II

I received the trial accounts from Oracle to test run Beehive.

First impression - I am not very impressed. I'm confused, in fact.

The UI was not intuitive enough and there are numerous pop-ups when I clicked on the drop-down menu. I was expecting a seamless integrated UI. (May it's just me. I hate pop-ups)

By the way, the WebMail provided by Beehive is a Zimbra wrap.

I'm still trying to figure out the backend - Oracle Beehive Services. Oracle isn't telling much about how the core is been architected. I'll need to spend more effort discovering by myself.

Wednesday, November 11, 2009

Distributed UI Deployment - Sun Access Manager

A Thai Bank customer is looking to further enhance their Sun Access Manager deployment. I have previously deployed Access Manager Policy Agent for them. This Policy Agent will authenticate with the back-end Access Manager directly (by-passing a firewall which sits in-between).

See dotted blue-line for current deployment.

Well, with Sun Access Manager, there is another component which we can plug in-between which will not violate the rule of by-passing the firewall - Distributed Authentication UI Server.

It sits very nicely in the same zone (application zone) where the Policy Agents is. And it can bridge the gap between the user's browser (internet zone) and the Sun Access Manager (database zone) for user's authentication.

Simple idea. Great solution!

See more here.

Tuesday, November 10, 2009

Oracle Beehive

I received a newsletter from Oracle introducing Oracle Beehive On Demand service. In short, it's sort-of SaaS (pay as you use).

Oracle Beehive is pretty interesting. It consolidates many collaboration components into one single platform, making it very sticky.

It's good and it's bad, depending on where you take your stand.

I'hv signed up for a trial and will give my report soon.

Monday, November 9, 2009

Sun vs Microsoft - Messaging Solution

I do not know why customers always like to compare with Microsoft Exchange when they are evaluating Sun Java Messaging Server. I think it has become a norm these days.

From my experience, those looking for a Microsoft solution will never go for a Sun solution. Their selection criteria are almost different. Their user base is also drastically far-apart.

Maybe they only want to get a "shiok" feeling that what they are buying is value-for-$.

Anyway, I was reading Sun Java Communications Suite Total Cost of Ownership, 2005 from The Radicati Group, Inc.

Source here.

Have you notice the figures for "Average # of Servers" and "Average Maximum Users/Server"?

Amazing! I wonder how do Microsoft Exchange 2007 and 2010 fare? Should be better by now.

Legend: FT = Full-time; PT = Part-time

Friday, November 6, 2009

Mail Journaling Solution - Part IV

There is this hosted email archival solution from Sonian.

Sonian claims it is the first hosted archive solution created with grid computing infrastructure technologies. The backend is supported by Amazon Web Services.

What interests me is the following 2 promises Sonian makes:

  • Unlimited Storage
  • All Data Searchable at All Times

That's a big promise. :) I'm very curious what's the cost per mailbox.

Wednesday, November 4, 2009

MailArchiva integration with Sun Java Messaging Server

I mentioned in my 1st post on Mail Journaling that MailArchiva looks interesting and I'm very keen to make it integrate with Sun Java Messaging Server.

So here we go:

Background Information

1. Sun Java Messaging Server 7.0 running on
2. MailArchiva Server running on
3. Archive all emails for domain


1. Go to Listeners tab.
  • a. Change "Exchange/SMTP Port" to 25
  • b. Add IP Address to "Restrict Incoming Connections" (more secured)
  • c. Click Save

2. Restart MailArchiva server

3. Create a host entry in /etc/hosts on the Sun Messaging Server.

# Internet host table
# localhost
# ::1 localhost openmail loghost mailarchiva

4. In the config directory in Sun Messaging Server, create a filter/sieve file "capture.sieve".

require ["envelope"];
if anyof (envelope :matches "from" "*",
envelope :matches "to" "*")
capture :message "";

5. In the config directory in Sun Messaging Server, edit the imta.cnf file.

  • Append sourcefilter file:IMTA_TABLE:capture.sieve to the appropriate channel. e.g. tcp_local, tcp_auth, tcp_intranet

6. Rebuild the configuration file and restart the dispatcher.

7. In the messaging log mail.log_current, you should see something like the following:

04-Nov-2009 0:33:31.11 tcp_auth tcp_local EEA 51 rfc822; *
04-Nov-2009 0:33:31.13 tcp_auth reprocess EEA 51 rfc822; *

Done. Simple!

Sunday, November 1, 2009

Mail Journaling Solution - Part III

I re-looked at the architecture of MailStore Proxy again... Hmm... something missing...

I do not think we can capture mails coming in and going out from WebMail. Can we?