A Web Based Solution to Replace Exchange?

benthemeek asks: "A friend of mine works for a company that has more than 6k users connecting to a Outlook exchange server instance through VPN from various homes all across the country. The executives at his company would like to move to Active Directory and a web based solution for these users. When Outlook Web Access was priced out, it was judged very expensive and they opened the floor to other options. They want a LDAP enabled, web based email and calendar that could hopefully plug in or replace Exchange, and if the solution can be load balanced between more than one server to ensure reliability and uptime, that would be even better. Slashdot readers come from many walks of life and I am sure some of you have gone through a similar experience and could give some insight to this problem. The fan boy in me would like to see a complete Open Source to meet this need, but that may not be possible. Have any of you done similar migrations, and to what solution did you go to?"

Are you sure what you're asking for?

[CXI]

Is the purpose just to get rid of the VPN? Outlook can be setup to connect via HTTPS to an Exchange server with fully functionality, using NTLM authentication, so no VPN required. Also, Exchange can be configured to serve email via IMAP if you don't want to get everyone Outlook (except they already have it according to your question).

Have you considered the fact that web based services are not necessarily going to provide the event notifications or other features users are used to getting? Guess who will be blamed when everyone starts missing meetings or showing up late? As an example, in Exchange's web based Outlook you can't set your delegation settings through it or view multiple calendars at the same time or do a lot of other things. You really need to know the feature set that's required by the users before you could even consider any kind of a move. Have you thought about archive files? If you go web based you'll have to keep all that data on the server and you'll probably have to migrate it there from each user's PC one at a time.

Saying you want to move from Exchange to something Active Directory integrated with the ability to load balance is also a little weird given that Exchange already does all this.

I'd tell your friend to go on record that any major change is probably a bad idea, and instead he should research how to make the existing system work the way they want it to. Your question really doesn't indicate WHY they want to move, which is critical to the choices to be made. Open Source isn't the proper solution to every problem, and yes, you might actually have to spend some money to get the functionality you need! (Ok, send in the slashdot shock troops to mod me into oblivion for not following the party line...)

RPC Over SSL?

[Plake]

What about RPC over HTTPS, we just set that up for a large remote office and it works great. We just needed to change 1 part of their Outlook account to use the new Exchange server. The main cost would be getting the SSL cert and say some frontend Exchange head servers (which can support clustering), I'm a fan of OSS projects but if it's for 6k+ users are you willing to deal with any support problems yourself or groups that already do support the currently infrastructure?

If you already have Exchange it might be worth looking at. Also, if they're all already using a VPN I'm assuming they have Outlook installed? If so this would be a really simple change with supporting them from what they already use.

Re:More expensive, but more functional

[Forgery]

LOL If they think Exchange is expensive...wait until they get a load of Citrix.

Re:More expensive, but more functional

[dasheel]

Nice post Mark Templeton.
But why pay for your solution twice when M$ already gives you all the session level support you'll need.

Bill G.

Exchange 2003 or Postfix/Imapd

[lucm]

From your post I understand that these people are using Exchange 5.5, which is the last relase not integrated in Active Directory.

Here are my suggestions:

1) Since they must already have an Outlook license, they could use Exchange 2003 in RPC/SSL. This is 100% Active Directory integrated, and they don't need a web client since Outlook can connect directly. Exchange itself is not so expensive, however they must also upgrade the CALs, which can boost the bill for 6k users.

2) A more reliable solution: Postfix and imapd. I strongly suggest Cyrus Imap as it saves each email as a separate file, which is incredibly efficient for backups and archives. For the frontend, most webmail are fine (Horde, SquirrelMail, Neomail) and includes the calendar stuff; https can be setup easily. This kind of setup can use Active Directory for the users authentication and can run on multiple servers (clustered or not). Note: in this setup the users could still use Outlook for which they paid a shitload of money.

A few notes:
-Users will complain if they have to move from Outlook to whatever web interface.

-Antispam and antivirus software are much cheaper and much more efficient if they go with the Postfix scenario.

-6k remote users is a lot, especially if they use this email as a primary business address. Therefore the IT dept must act as a small ISP. Why not calling a few ISP in the area and see what is their setup?

-If they go with the Postfix scenario, if they use x86 hardware I would suggest Linux with a recent kernel. However, if they have the opportunity to purchase hardware, I would strongly suggest Solaris 10 and a sparc machine (possibly two for a better uptime). At the present moment, I can't think of a better os/hardware match for a mail server.