Unified Messaging Suite (UMS)
RackCorp Product Information for Data Sovereign User Unified Messaging Suite:
- SMTP / IMAP / POP3 protocol access
- Web-based Email / Calendar / Contacts / Tasks
- File Cloud Storage
- User Group and Direct Chat
- Document Collaboration
- Suite Administration
- Access Specifications (EN)
- Overview (EN)
- User Collaboration
- Deployments, Reliability, Performance and Scalability (EN)
- Security (EN)
- Backup and Data Recovery (EN)
- Features (EN)
- User Productivity Interface
- Authentication 2FA
- Team Chat
- Administration
- Licensing (EN)
Access Specifications (EN)
SMTP Access
- SMTP / SMTPS / SMTP over TLS (port 25)
- SMTPS (port 465)
- TLS / STARTTLS support
- SUBMISSION (port 587)
- TLS / STARTTLS support
Technology Notes: Postfix SMTP
Option to enabled or disable for each of the following
IMAP Access
- IMAPS (port 993)
IMAP (port 143) is disabled by default due to it being unencrypted)
Active-Sync Access
- HTTPS (port 443)
Web-Access (Webmail, Cloud Storage, Caldav, CardDav, iCal, Chat)
All access to Web services is via load balancer apps which protect inside infrastructure from mis-configured clients, as well as automatically renew SSL certificates every 3 months.
- HTTP redirects traffic to HTTPS
- HTTPS (default configuration has only TLS 1.2 enabled. TLS 1 / TLS 1.1 optionally configurable)
Overview (EN)
Enterprise-Ready Messaging
RackCorp Unified Messaging provides on-premise, enterprise grade services for messaging within a government or business. This includes:
E-Mail Services
Calendar Services
Organisation Contact Lists
Tasks
Individual Chat and Group Messaging
Private Cloud File Storage
Access from Anywhere
Mobility is important with messaging solutions. The RackCorp UMS provides easy access using web, desktop, and mobile-app tools, allowing for common access to emails, messaging, and files from anywhere in the world, with the benefit of being able to deploy on-premises, or in datacentres of your choice.
Web-based and Desktop access solutions
For a typical office environment and maximum compatibility, web-based access is essential. RackCorp UMS provides a very user-friendly experience for office desktop, and mobile laptop users, presenting chat, file sharing, and email services in the one, easy-to-use user interface.
Mobility in Difficult Conditions
When employees are out of an office environment, access to emails, calendars, files, and chat with other employees is essential to achieving a productive environment. RackCorp UMS provides access via multiple mobile applications
UMS Cloud FIlesoon mobile (Android)
UMS Cloud Files on mobile (Android)
All apps provide very fast, efficient access to services, avoiding the clumsy, inefficient feel of many other mobile applications.
Data Sovereignty - Own Your Data
Large enterprises and Government who find themselves at sovereign risk from having their data stored in public clouds finally have the opportunity to have their data stored securely at datacenters or business premises of their choice. This suite provides great physical control over everything from primary, secondary, and backup services. You can chooce to host your services:
- On-Premise
If you already have your own virtualisation platform on-premise, then RackCorp can work with you to both deploy and manage the RackCorp UMP on your own dedicated server or virtualised environment. Contact us for more information on this option.
Pricing is based on a perpetual license model
- At any of RackCorp's datacenters globally including:
Australia, New Zealand, Indonesia, Thailand, Philippines, China, Mongolia, Kazakhstan, Kyrgyzstan, United States, United Kingdom, Germany, Amsterdam, India, Switzerland.
Pricing options for this include per-user, per organisation, and even per-GB storage models.
User Collaboration
Enterprise-Ready Collaboration
As a team grows, the complexities of interactions involving documents, media, and emails also grows. RackCorp UMS provides the tools for enterprises to not such collaborate internally, but to do so securely, and efficiently.
Secure Storage
RackCorp is a Infrastructure provider with a significant client-base in the high-security space, dealing with government, banking, and sensitive telecommunications networks. Our whole DNA is about providing tools to organisations to manage their data safely, avoiding many of the risks of foreign spying:
- Open-source project code
RackCorp makes significant use of Open-source projects in all services that we provide. RackCorp UMS is made up of proven open-source systems that power some of the worlds largest projects including the key products:
- Postfix, Courier, Roundcube, NextCloud, Zulip
RackCorp has made significant investment into auditing changes in these projects for security risks to our most sensitive customers, and makes ongoing investment into making a seamless integration between these products for our clients. - 24x7 Security Operations Center
Based in Sydney, Australia, RackCorp's security NOC is staffed with some of the industry's most experienced security professionals. We also specialise in security event correlation and management, with government-grade tools to protect our customer's communications and assets. - Data-Sovereignty
Unlike the hyperscale cloud providers, RackCorp openly invites our customers to come see our datacenter POPs where we store your data, safely and encrypted at-rest. We also provide on-prem and BYO datacenter options if you wish for RackCorp to deploy our UMS solution into your organisation.
Collaboration
A significant threat to any organisation is the unauthorised use of third party cloud software for the sharing, editing, and collaboration of sensitive materials. This can result in significant financial penalties from regulators and governments for allowing employees to get around SOC compliance. The use of tools such as WhatsApp, DropBox, and Gmail have become significant problems, and regulators have already started issuing penalties in the millions of dollars to companies who continue to allow their employees to have secret hidden chats about business that otherwise needs to be permanently recorded for legal reasons.
Often the use of these apps by employees is not driven through nefarious purposes, but through necessity, caused by the slowness and feature-lacking nature of enterprise systems, or simply the lack of mobility of in-house systems.
RackCorp UMS specifically addresses the use of these third-party apps, but bringing to employees, fast, efficient, and "fun-to-use" applications. Specifically, the employees are more likely to use an enterprise's communications systems if they feel they're being helped, not slowed down by their use.
Sharing
Sharing of files within an organisation is an important part of enterprise collaboration. The RackCorp UMS makes sharing of files very easy for users, while maintaining security and ability to control where the data sits physically. Options exist to share files:
- Internally within an organisation using resource links
- Allows common editing of documents
- Collaborative, change tracked editing of documents
- Single storage of files, saving on underlying infrastructure costs
- Reduction of public network traffic, resulting in significant network savings
- Externally from an organisation using resource links
- Useful because external links can be cancelled, blocking future access to files
Documents, Spreadsheets, Presentations
With use of the powerful LibreOffice online hosted platform, documents can be edited directly inside a web browser.
- No Expensive Office Tools Licensing Required!
- No Third-Party Externally Hosted Providers Required!
- No need to install and support desktop and mobile software applications!
- All document editing done within your secure environment.
Online editing of documents can be done in real-time, allowing staff to operate on the same files simultaneously:
https://www.youtube.com/watch?v=g7s1WBFSeXs
Document types supported:
Word / Writer, Excel / Calc, Powerpoint / Impress
Features
Export to PDF
Deployments, Reliability, Performance and Scalability (EN)
Deployment Options
As communications within any enterprise is critical for day-to-day operations, RackCorp recommends a multi-zone deployment for the RackCorp UMS product.
A typical 2-zone deployment looks like this:
RackCorp UMS is designed to be run in HOT-HOT format, but can also be run in HOT-WARM format between the sites.
The redundancy zones are not restricted geographically, however network latency between the zones is recommended to be under 80ms, especially on large environments. S3 platform is assumed to already be redundant in the above deployment option.
Scalability
The service will scale according to the disk IOPs and network bandwidth/latency between sites. Primarily the disk IOPs of the COURIERIMAPXX servers are critically important to email performance, and S3 performance is critical to the cloud storage services. These tend to be the most significant bottlenecks other than the expected network bandwidth.
Overall great care has been taken to build high-performance into the UMS
"Well-Performing" System Requirement (Examples)
Every enterprise is different in regard to user-activity and media usage. The below serves only as a "typical" ISP-based guideline. RackCorp recommends to have 3x the capacity noted to run a fast user-engaging environment. As speed drops, users tend to use third parties again which may damage the intention of using a data-sovereign solution.
Number of Users (Configured) | Disk IOPs (Single-site) | Average Network Bandwidth |
500 | 800 | 3 Mbit/s |
1000 | 1,000 | 5 Mbit/s |
5000 | 3,000 | 40 Mbit/s |
20000 | 12,000 | 160 Mbit/s |
50000 | 30,000 | 250 Mbit/s |
Storage Tiers
RackCorp UMS supports storage tiering of IMAP data, as well native S3 storage for any cloud files that are uploaded
Security (EN)
Platform Security
RackCorp Organisation
RackCorp is headquartered in Australia with operations based in 16 countries around the world. We have a strong focus on security due to the nature of our customers with sensitive data in government, banking, and high-value sectors such as mining.
RackCorp is ISO27001, PCI-DSS certified by independent third party auditors yearly. We have a significant focus on protecting our customers, and take great care around protecting ourselves as a supply-chain to our sensitive customers.
RackCorp is ISO27001 certified, meaning our processes and change tracking is tightly controlled and externally auditable.
Software / Code Integrity
Great care was taken to choose trusted software for our UMP solution, using battle-hardened applications that we are confident in auditing the code changes that are made, and are able to quickly update and protect our customers from attacks.
System Protection and Logging
Strong protections using selinux and alerting functions have been built into the platforms to detect and report on abnormal system behavior.
SIEM Protection capabilities are available utilising RackCorp's proprietary detection systems.
All systems are Linux-based, and have strong policies in place to prevent Viruses. Sophos Anti-virus is available for customers who have compliance requirements to deploy Anti-Virus on every server where possible (virtual routers are excluded)
Administrator Access
All Administrator actions taken through the administrative portal is logged and is reportable. There are no shared user accounts, so all activity can be traced back to specific users.
User Protection
Anti-Virus options are available using ClamAV or Sophos for scanning of emails and user cloud uploads. These provide a good level of on-site protection without the need for third-party scanning gateways that may be off-site, in foreign jurisdictions.
RackCorp discourages the use of third party mail scanning gateways as this is rightly a large cause of concern for government and large corporations as both a sovereign risk, and government / threat actor security risk. On-site detection may have lower detection rates than third-party gateways, but appropriate rulesets to block or isolate attachments make up for this security difference, and come with the benefit of not having all of your internal and external emails relayed via a third party.
Spam / Anti-Virus Protection and Administration
RackCorp utilises SpamAssassin protection with our own custom databases, rulesets, and policies which are updated daily by our security team to address the latest threats.
Mail Administrators have permission to view held spam / viruses, and view logs of their receipt and optionally release these emails to allow them to progress through to the end customer. Permissions exist that allow specific mail administrators to be locked from reading emails.
EMAIL SPAM MARSHALLING MODULE
Multiple admin users can operate simultaneously on spam queues.
Email holds / releases controllable via the above are also available via the JSON API service:
./rc_acpi.sh '{ "startTime":0 , "endTime":2147483647 ,"fromDomain":"gmail.com", "status":"ONHOLD" }'
Return:
{ "timestamp":1665516666.609 , "status":"ONHOLD", "expiry":1665519800, "fromDomain":"gmail.com", "fromEmail":"rackcorptest345@gmail.com", "toEmail":"salestest@rackcorp.com", "subject":"This is a test email" }
All functionality of the RackCorp UMS administrative portal is controllable by way of JSON API
Authentication Integration (SAML)
The RackCorp UMS provides several third party plugin capabilities for vendors who support SAML authentication. Several 2FA vendors natively support this platform already (anyone with a Roundcube plugin)
Backup and Data Recovery (EN)
Service and Data Backup and Recovery
RackCorp UMS Application
All RackCorp UMS servers are deployable and rebuildable from the API / Portal Controller which makes for fast re-deployment. Base RockyLinux OS needs to be deployed, and a script run to register the server on the RackCorp UMS Administration System. once run, a server will be available for installation:
Once a server finishes installing, it will search for other same-class servers within the same node.
No nodes found (new install or complete loss of data)
Service will be operational, with no data (i.e. no cloud data for users, no email for users etc). Option exists to manually copy ZFS datastore from backup storage to the appropriate location. Other nodes will then pick up on this and commence synchronisation.
Another node found (IMAP role)
Download of data will automatically begin to synchronise the IMAP stores
Another node found (CloudDB role)
Download of data will automatically begin to synchronise the CloudFIle DB stores (meta data).
Load Balancers, Firewalls, UMS API, UMS Portal applications all generate daily dumps which are copied to any available S3 / CIFS/NFS storage. These services contain data that typically does not change frequently.
Bootstrap:
# After base OS is installed, execute the following as root:
cd /tmp
wget https://api.XXXXXXXXXXXXXXXXXX.com/install/bootstrapcore.sh
sh bootstrapcore.sh
# This may take about 30 seconds to register in the portal. Node personality can
# then be changed to its purpose (i.e. SMTP, IMAP, LoadBalancer, etc)
# Portal can then be used to deploy application to this server
Features (EN)
RackCorp UMS is feature-rich, made for multi-tenanted environments such as ISPs, Managed Service Providers, Governments, and multinationals who need to run multiple tenancies within a hosted environment.
Feature | Available / Description |
Multi-domain | Unlimited domains allowed |
Contacts | Unlimited Contacts allowed |
Calendar | Unlimited Calendars allowed |
Tasks | Unlimited Tasks allowed |
Full-Text Search (including attachments) | Yes (v 1.3+) |
Attachment Preview | Yes (Text, Images, some other) |
POP/IMAP/SMTP Support | Yes (Encrypted versions of these protocols, optional to turn on unencrypted) |
Deleted Items / Trash | Yes (default 30 days) |
Granular account access control |
Disable deleting / sending emails vs read-only access |
Auto-responder |
Yes |
Server-side mail sort |
Yes, using sieve mail filters (configurable from web) |
Scalable |
Active-active topology allows massive scaling |
Fault Tolerance |
Node auto-sync, multi-site, load balanced |
Delivery notifications |
Yes (where supported by recipient) |
Global Address Book |
Yes |
CardDAV, CalDav, iCal Support |
Yes, Yes, Yes! |
LDAPS integration |
Yes |
Attachment / Spam Filtering
-
Block attachments based on extension / type
-
Anti-Spam
-
Anti-Virus
-
Greylisting
-
Powerful admin spam hold / release functionality for large volumes of emails
Language Support
-
English (EN)
-
Russian (RU)
-
Mongolian (MN)
Smart Storage
- Reduce your storage costs for unified messaging and emails by using tiers of storage
- IMAP Emails and Attachments can be stored on CIFS/NFS/S3 after idle accesses to them.
- Cloud Files can be stored on CIFS/NFS/S3
Calendar Sharing
Rich Calendar functionality, ability to create events, share events, and share calendar information between users
Collaboration between employees is made easy:
Task Management
Task lists can be created and managed via the same interface
Cloud Storage Save / Upload
The RackCorp UMS has a very useful cloud storage capability built-in the the web interface, and includes mobile apps for IOS and Android. Using this interface, a user can very quickly and easily access their stored cloud files, while also having powerful tools available for synchronising their cloud storage to personal laptops / desktops.
Viewing Cloud Storage
Saving Email Attachments Directly to Cloud Storage
Uploading Attachments Directly From Cloud Storage
Creating Documents Directly in Cloud Storage
Sharing Documents with internal users
Mobile Apps For Easy File Access
Windows Desktop Sync App
User Productivity Interface
Web-based GUI
The web-based GUI is designed for maximum browser compatibility, while providing a smooth flow for typical business day interactions.
From this one GUI, access via icons on the left give access directly to:
Calendar
Contacts
Creating custom contact groups for distributions
Tasks
Cloud File Storage and sharing
Collaboration
Collaboration and change tracking
Example of collaboration in action:
https://www.youtube.com/watch?v=g7s1WBFSeXs
Document Editing
Word Documents
Spreadsheets
Authentication 2FA
Natively, the web-based access supports 2-factor authentication using a variety of technologies including TOTP Applications such as Google Auth, as well as Yubikey.
Google Authentication Instructions
Google Auth is easy to use and setup within the UMS:
Once setup within the UMS, the user can scan the QR Code with their phone using the mobile Google Authenticator app and a new rotating code is automatically setup for the user account.
Upon next login to the UMS, the user is presented with two factor challenge screen after they enter their username and password.
Team Chat
The RackCorp UMS provides very powerful chat features, allowing organisations to have logically segmented chat sessions, while also providing user-to-user chat capabilities.
Chats are segmented into "streams". Another representation of a 'channel'. Users can enjoy full rich chat functionality within the team chat for these streams across multiple platforms and devices.. They may subscribe to ones interesting to them and configure notifications to their liking to these streams.
All chat content is saved on the server side. Users do not need to worry about device synchronisation, disappearing messages or limited chat history. In addition users may check the status of their discussions via the read receipts function
Administration
Multi-Tenancy / Multiple Domains
The RackCorp platform provides a powerful ability both at the portal and API layers to create “virtual customer hierarchy” in our system. This allows you to logically group services together in a hierarchy-like manner This allows access to be segmented to specific services, which can be advantageous for a permissions model, an ease-of-access model, as well as usage tracking as reports can be created at any levels throughout the hierarchy.
Virtual Customers may represent government departments, projects, regions, etc. Administrative users can then be created / assigned to be able to manage any point in the hierarchy and below.
In a case where a government has multiple departments / email domains, a new virtual customer for each department/domain can be created, and that department's own IT staff assigned to that virtual customer which gives them access to all services located at that tenancy and below.
Administrative INTERFACE OF ADDING A CUSTOMER
Reviewing Administrator Logs
All administrative activity within the system is logged and recorded. An online reporting interface is available, allowing fast searching of administrative interactions
Creating new Administrators
Administrators can be created and assigned to their own virtual customer in the hierarchy. This will mean they can only access their services and anything in virtual customers below them. They cannot see above themselves in the hierarchy or sideways.
Administrative INTERFACE OF ADDING A USER - Administrator
Setting up Email Domains
Email Domains can be added by an administrative user
New Email Accounts can then be created under this domain, with assigned quotas
Administering Servers
All servers used by the solution show up in the RackCorp UMS Portal, providing valuable information around CPU, memory, and Disk consumption. Administrative functionality including restarting servers, startup/shutdown of storage volume servers is included and interoperates. via the UMS Portal.
Mail Cluster Administration
Some options around compression, backups. and offloading to tertiary storage such as S3 are configurable per mail-store.
Cluster Storage Features
Feature | Availability |
Compression | YES (Mail store compression) |
Deduplication |
YES (Mail store compression if over 256GB RAM available) |
Export Functionality | Maildir exports available for interoperability |
Snapshots / Backup Exports | Snapshot per-domain or per mailbox |
Snapshots / Restore Backups | Restore per-domain or per mailbox snaps |
Restore / Backup Exclusion Policies | YES |
Permanent, non-recoverable deletion | YES with command-line |
Licensing (EN)
Программное обеспечения |
Лицензия |
URL-адрес лицензирования |
NextCloud |
Открытый исходный код |
https://nextcloud.com/blog/how-nextcloud-protects-your-business-from-license-uncertainty/ |
MariaDB |
Открытый исходный код |
|
ClamAV |
Открытый исходный код |
https://github.com/Cisco-Talos/clamav (GNU GPLv2 license) |
SpamAssassin |
Открытый исходный код |
https://spamassassin.apache.org/ |
Courier-IMAP |
Открытый исходный код |
https://www.courier-mta.org/imap/ (main site) |
Courier-Authlib |
Открытый исходный код |
https://www.courier-mta.org/authlib/documentation.html |
Rocky-Linux |
Открытый исходный код |
|
Debian-Linux |
Открытый исходный код |
|
NGINX |
Открытый исходный код |
|
Zulip |
Открытый исходный код |
|
LibreOffice Online |
Открытый источник (публичная лицензия Mozilla 2.0) |
|
RackCorp Management API/Portal |
Собственность RackCorp Лицензия Предоставляется на 1 год |