ISPMan Infrastructure Implementaion
This document outlines the procedure of ISPMan based ISP implementation as a professional service.
Author | Atif Ghaffar |
Change Authority | Atif Ghaffar |
Status | Basic Example |
Version: | V1.0 |
Scope
Installation and integration of softwares together to provide a scalable and distributed ISP services infrastructure with a central information repository for managing mail, DNS and web hosting system for multiple domains.
The system should provide delegated administration per domain with which it should be possible to manage mail accounts, website settings, mailing groups and dns for the domain.
The system should also provide SMTP/POP3/IMAP and webmail services.
The webmail service should be tightly integrated into the management soution and should provide the following services in addition to regular email.
- Managing of mail filters
- Spam control per domain/user
- Virus control per domain/user
- Changing of mailaccount password
- Blacklisting by email addresses or subject
- Whitelisting by email addresses
- Mail forwarding per user
- Auto responding per user (Out of office reply)
The administration interface should provide the following services.
- Provisioning of domains data (DNS information, home directory etc)
- Provisioning of mail accounts per domain.
- Provisioning of web site per domain. (N/A)
- Management of Mailing Groups
Introduction
ISPMan gives you the possiblity to delegate administration of the system to various entities.
-
End-User:
Read mails, setup forwarding, filtering, auto-responding etc. -
Domain Admin:
Manager Domain users, DNS, Vhosts, Mailing lists, Access control. -
Client Admin:
A client is a person who is an owner of one or more domain.
This client can manage his/her domains with the rights of the Domain Admin. -
Reseller Admin:
A reseller is the mini-isp who sells your service to his clients. He can add/remove his clients and can manage thier objects
(domains, users, groups, etc) with the rights of the Client. -
ISP Admin:
This admin can setup ISPMan, lock domains, and can do everything that a reseller, client or domain admin can do.
System Requirements
Most unix flavours and Linux is supported as the host OS.
The recommended operating systems for the ISP are:
Sun Solaris 8/9 (sparc platform)
Redhat Enterprise Linux 2.1 or 3.
SuSE Linux Enterprise Server 8 sp2.
Mac OS X 10.2+
* These are only recommendation and not requirements.
Software Requirements
The softwares that typically need installation to work with ISPMan are
Service | System | Quantity* |
DNS | Bind 9 | 2 |
SMTP | Postfix 2.x | 2 |
Cyrus IMAP Server | IMAP/POP3 | 1 |
Webhosting services | Apache 2 | 1 |
ISPMan Customer Panel | Apache 2 | 1 |
ISPMan Admin Panel | Apache 2 | 1 |
Directory Services | Openldap | 2 |
Database services | Mysql | 1 |
Webmail | Horde/IMP | 1 |
FTP | Pureftpd | 1 |
IMAP/POP3 Proxy | Perdition | 2 |
* Quantity does not represent a physical machine requirement. You can have more than one service running on one phyiscal system.
The proposed work includes installing and configuring all of these softwares.
The softwares may be installed from the distribution or in some cased may have to be built from source.
Software Add ons
Setting up Spam/Virus firewall. This package can be integrated tightly with the mail server and the webmail frontend so that the users can decide the level of SPAM/Virus that they want to block.
Hardware Recommendation
We propose the following architecture for a minimum requirements. This architecture includes scalability option for future.
This architecture assumes that you will be running DNS, Email and Webservices.
2 x Front end hosts (1 or 2 1.5GHZ processor , 2 GB RAM, standard SCSI storage)
2 x Backend hosts (1 or 2 1.5GHZ processor, 4 GB RAM, RAID 5 storage)
1 x SPAM/Virus filtering host (1 or 2 1.5GHZ processor , 2 GB RAM, standard SCSI storage)
1 x Management host (This host will run the management software and is advisable to be kept separate than all other services for security reasons)
The front end hosts will provide the following services.
- Load balanced Web mail interface for the domains.
- Load balanced SMTP services: Mail relaying, SMTP authentication
- Load balanced IMAP/POP3 proxy to the mailstores.
- DNS information for the domains
- Web sites for the domains
The frontend hosts are directly accessed by the end users. These hosts requests some data from the backend and present it to the end user.
The backend hosts will provide the following services
- Mysql Database backend for webmail.
- LDAP repository for the central domains/users informations and authentication.
- Cyrus imap mailstore (This will be accessed only via the webmail or the imap proxy)
The backend hosts are not reachable directly by the end users and should be in a secured environment.
Time estimates
A typical installation takes around 5 working days which includes installing softwares and configuring them on 3 - 5 machines to set up a distributed ISP.
Assumptions
This installation will assume a new installation for an ISP without any migration work.
Migration of old accounts takes more time that can be estimated only after a study of the current installation.
Handover
For a general installs the installation goes very smoothly and once all our tests are ok, the system is handed over to you with documentation
and build instructions about all softwares related to ISP that was installed.
Estimated Costs
All of the software used in this configuration are opensource softwares so there is no licensing costs.
The following are the service costs for the installation, configuration and customization of the software per client specification.
The cost is calculated at US$ 1200 per day. The number of days should be agreed upon by the customer before the start of the project.
Changes in specification by the customer will require changes in the time frame.
Installation and configuration of softwares.
5 days -- Note: The operating system should already be installed according to agreed specifications.
Customizing and testing
1 day - This will prepare the system for the client specific setup and prepare an acceptance document. This acceptance document will contain the tests for acceptance. The client should run these tests to see if the system works as specified.
Documentation of the configurations and customizations
2 days - This assumes that the specifications have not changed during the project. The documentation will detail the configuration of sofwares involved so that they can be managed by your team and can be kept updated as need arises.
Support contracts
The support contract can be discussed on a yearly or per incident basis.
The yearly support contract will provide you with quaterly updates of the softwares and help in updating the system along with all the migration of the data if necessary.
The per incident contract will give you support by email and you will be charged per hour depending on the incident.