Unified Messaging Suite (UMS)

RackCorp Product Information for Data Sovereign User Unified Messaging Suite:
- SMTP / IMAP / POP3 protocol access
- Web-based Email / Calendar / Contacts / Tasks
- File Cloud Storage
- User Group and Direct Chat
- Document Collaboration
- Suite Administration

Access Specifications (EN)

SMTP Access

Technology Notes: Postfix SMTP

Option to enabled or disable for each of the following

 

IMAP Access

IMAP (port 143) is disabled by default due to it being unencrypted)

 

Active-Sync Access

 

Web-Access (Webmail, Cloud Storage, Caldav, CardDav, iCal, Chat)

All access to Web services is via load balancer apps which protect inside infrastructure from mis-configured clients, as well as automatically renew SSL certificates every 3 months.

Overview (EN)

Enterprise-Ready Messaging

RackCorp Unified Messaging provides on-premise, enterprise grade services for messaging within a government or business.  This includes:

E-Mail Services
Calendar Services
Organisation Contact Lists
Tasks
Individual Chat and Group Messaging
Private Cloud File Storage

Access from Anywhere

Mobility is important with messaging solutions.  The RackCorp UMS provides easy access using web, desktop, and mobile-app tools, allowing for common access to emails, messaging, and files from anywhere in the world, with the benefit of being able to deploy on-premises, or in datacentres of your choice.

AdobeStock_287801427_Preview.jpeg

Web-based and Desktop access solutions

For a typical office environment and maximum compatibility, web-based access is essential.  RackCorp UMS provides a very user-friendly experience for office desktop, and mobile laptop users, presenting chat, file sharing, and email services in the one, easy-to-use user interface.

kg_rc_nv.PNG

Mobility in Difficult Conditions

When employees are out of an office environment, access to emails, calendars, files, and chat with other employees is essential to achieving a productive environment.  RackCorp UMS provides access via multiple mobile applications

   Screenshot_20221012-082115.pngScreenshot_20221012-082134.png

UMS Cloud FIlesoon mobile (Android)

 

UMS Cloud Files on mobile (Android)

All apps provide very fast, efficient access to services, avoiding the clumsy, inefficient feel of many other mobile applications.

Data Sovereignty - Own Your Data

Large enterprises and Government who find themselves at sovereign risk from having their data stored in public clouds finally have the opportunity to have their data stored securely at datacenters or business premises of their choice.  This suite provides great physical control over everything from primary, secondary, and backup services.  You can chooce to host your services:

User Collaboration

Enterprise-Ready Collaboration

As a team grows, the complexities of interactions involving documents, media, and emails also grows.  RackCorp UMS provides the tools for enterprises to not such collaborate internally, but to do so securely, and efficiently.

Secure Storage

RackCorp is a Infrastructure provider with a significant client-base in the high-security space, dealing with government, banking, and sensitive telecommunications networks.  Our whole DNA is about providing tools to organisations to manage their data safely, avoiding many of the risks of foreign spying:

Collaboration

A significant threat to any organisation is the unauthorised use of third party cloud software for the sharing, editing, and collaboration of sensitive materials.  This can result in significant financial penalties from regulators and governments for allowing employees to get around SOC compliance.  The use of tools such as WhatsApp, DropBox, and Gmail have become significant problems, and regulators have already started issuing penalties in the millions of dollars to companies who continue to allow their employees to have secret hidden chats about business that otherwise needs to be permanently recorded for legal reasons.

Often the use of these apps by employees is not driven through nefarious purposes, but through necessity, caused by the slowness and feature-lacking nature of enterprise systems, or simply the lack of mobility of in-house systems.

RackCorp UMS specifically addresses the use of these third-party apps, but bringing to employees, fast, efficient, and "fun-to-use" applications.  Specifically, the employees are more likely to use an enterprise's communications systems if they feel they're being helped, not slowed down by their use.

Sharing

Sharing of files within an organisation is an important part of enterprise collaboration.  The RackCorp UMS makes sharing of files very easy for users, while maintaining security and ability to control where the data sits physically.  Options exist to share files:

kc_rc_cc_SHAR.PNG

Documents, Spreadsheets, Presentations

With use of the powerful LibreOffice online hosted platform, documents can be edited directly inside a web browser.

kc_rc_cc.PNG

Online editing of documents can be done in real-time, allowing staff to operate on the same files simultaneously:

https://www.youtube.com/watch?v=g7s1WBFSeXs

Document types supported:

Word / Writer, Excel / Calc, Powerpoint / Impress

Features

Export to PDF

kc_rc_cc_pdf.PNG

Deployments, Reliability, Performance and Scalability (EN)

Deployment Options

As communications within any enterprise is critical for day-to-day operations, RackCorp recommends a multi-zone deployment for the RackCorp UMS product.

A typical 2-zone deployment looks like this:

RackCorp UMS is designed to be run in HOT-HOT format, but can also be run in HOT-WARM format between the sites.

RackCorpUMPDeployment.png

The redundancy zones are not restricted geographically, however network latency between the zones is recommended to be under 80ms, especially on large environments.  S3 platform is assumed to already be redundant in the above deployment option.

Scalability

The service will scale according to the disk IOPs and network bandwidth/latency between sites.  Primarily the disk IOPs of the COURIERIMAPXX servers are critically important to email performance, and S3 performance is critical to the cloud storage services.  These tend to be the most significant bottlenecks other than the expected network bandwidth.

Overall great care has been taken to build high-performance into the UMS

"Well-Performing" System Requirement (Examples)

Every enterprise is different in regard to user-activity and media usage.  The below serves only as a "typical" ISP-based guideline.  RackCorp recommends to have 3x the capacity noted to run a fast user-engaging environment.  As speed drops, users tend to use third parties again which may damage the intention of using a data-sovereign solution.

Number of Users (Configured) Disk IOPs (Single-site) Average Network Bandwidth
500 800 3 Mbit/s
1000 1,000 5 Mbit/s
5000 3,000 40 Mbit/s
20000 12,000 160 Mbit/s
50000 30,000 250 Mbit/s

 

Storage Tiers

RackCorp UMS supports storage tiering of IMAP data, as well native S3 storage for any cloud files that are uploaded

imapservers(1).png

Security (EN)

Platform Security

RackCorp Organisation

RackCorp is headquartered in Australia with operations based in 16 countries around the world.  We have a strong focus on security due to the nature of our customers with sensitive data in government, banking, and high-value sectors such as mining.

RackCorp is ISO27001, PCI-DSS certified by independent third party auditors yearly.  We have a significant focus on protecting our customers, and take great care around protecting ourselves as a supply-chain to our sensitive customers.

RackCorp is ISO27001 certified, meaning our processes and change tracking is tightly controlled and externally auditable.

Software / Code Integrity

Great care was taken to choose trusted software for our UMP solution, using battle-hardened applications that we are confident in auditing the code changes that are made, and are able to quickly update and protect our customers from attacks.

System Protection and Logging

Strong protections using selinux and alerting  functions have been built into the platforms to detect and report on abnormal system behavior.

SIEM Protection capabilities are available utilising RackCorp's proprietary detection systems.

All systems are Linux-based, and have strong policies in place to prevent Viruses.  Sophos Anti-virus is available for customers who have compliance requirements to deploy Anti-Virus on every server where possible (virtual routers are excluded)

Administrator Access

All Administrator actions taken through the administrative portal is logged and is reportable.  There are no shared user accounts, so all activity can be traced back to specific users.

User Protection

Anti-Virus options are available using ClamAV or Sophos for scanning of emails and user cloud uploads.  These provide a good level of on-site protection without the need for third-party scanning gateways that may be off-site, in foreign jurisdictions.

RackCorp discourages the use of third party mail scanning gateways as this is rightly a large cause of concern for government and large corporations as both a sovereign risk, and government / threat actor security risk.  On-site detection may have lower detection rates than third-party gateways, but appropriate rulesets to block or isolate attachments make up for this security difference, and come with the benefit of not having all of your internal and external emails relayed via a third party.

Spam / Anti-Virus Protection and Administration

RackCorp utilises SpamAssassin protection with our own custom databases, rulesets, and policies which are updated daily by our security team to address the latest threats.

Mail Administrators have permission to view held spam / viruses, and view logs of their receipt and optionally release these emails to allow them to progress through to the end customer.  Permissions exist that allow specific mail administrators to be locked from reading emails.

EMAIL SPAM MARSHALLING MODULE

RC_SPAM.png

Multiple admin users can operate simultaneously on spam queues.

Email holds / releases controllable via the above are also available via the JSON API service:

./rc_acpi.sh '{ "startTime":0 , "endTime":2147483647 ,"fromDomain":"gmail.com", "status":"ONHOLD"  }'

Return:
{ "timestamp":1665516666.609 , "status":"ONHOLD", "expiry":1665519800, "fromDomain":"gmail.com", "fromEmail":"rackcorptest345@gmail.com", "toEmail":"salestest@rackcorp.com", "subject":"This is a test email"  }

All functionality of the RackCorp UMS administrative portal is controllable by way of JSON API

Authentication Integration (SAML)

The RackCorp UMS provides several third party plugin capabilities for vendors who support SAML authentication.  Several 2FA vendors natively support this platform already (anyone with a Roundcube plugin)

Backup and Data Recovery (EN)

Service and Data Backup and Recovery

RackCorp UMS Application

All RackCorp UMS servers are deployable and rebuildable from the API / Portal Controller which makes for fast re-deployment.  Base RockyLinux OS needs to be deployed, and a script run to register the server on the RackCorp UMS Administration System.  once run, a server will be available for installation:

k_os-install.png

Once a server finishes installing, it will search for other same-class servers within the same node.

No nodes found (new install or complete loss of data)
Service will be operational, with no data (i.e. no cloud data for users, no email for users etc).  Option exists to manually copy ZFS datastore from backup storage to the appropriate location.  Other nodes will then pick up on this and commence synchronisation.

Another node found (IMAP role)
Download of data will automatically begin to synchronise the IMAP stores

Another node found (CloudDB role)
Download of data will automatically begin to synchronise the CloudFIle DB stores (meta data).

Load Balancers, Firewalls, UMS API, UMS Portal applications all generate daily dumps which are copied to any available S3 / CIFS/NFS storage.  These services contain data that typically does not change frequently.

Bootstrap:

# After base OS is installed, execute the following as root:
cd /tmp
wget https://api.XXXXXXXXXXXXXXXXXX.com/install/bootstrapcore.sh
sh bootstrapcore.sh

# This may take about 30 seconds to register in the portal.  Node personality can
# then be changed to its purpose (i.e. SMTP, IMAP, LoadBalancer, etc)
# Portal can then be used to deploy application to this server

Features (EN)

RackCorp UMS is feature-rich, made for multi-tenanted environments such as ISPs, Managed Service Providers, Governments, and multinationals who need to run multiple tenancies within a hosted environment.

Feature Available / Description
Multi-domain Unlimited domains allowed
Contacts Unlimited Contacts allowed
Calendar Unlimited Calendars allowed
Tasks Unlimited Tasks allowed
Full-Text Search (including attachments) Yes (v 1.3+)
Attachment Preview Yes (Text, Images, some other)
POP/IMAP/SMTP Support Yes (Encrypted versions of these protocols, optional to turn on unencrypted)
Deleted Items / Trash Yes (default 30 days)
Granular account access control

Disable deleting / sending emails vs read-only access
Auto-responder

Yes
Server-side mail sort

Yes, using sieve mail filters (configurable from web)
Scalable

Active-active topology allows massive scaling
Fault Tolerance

Node auto-sync, multi-site, load balanced
Delivery notifications

Yes (where supported by recipient)
Global Address Book

Yes
CardDAV, CalDav, iCal Support

Yes, Yes, Yes!
LDAPS integration

Yes

Attachment / Spam Filtering

Language Support

Smart Storage

Calendar Sharing

Rich Calendar functionality, ability to create events, share events, and share calendar information between users

kk_share3.PNG

Collaboration between employees is made easy:

rc_doc_collab.PNG

Task Management

Task lists can be created and managed via the same interface

kk_tasks.PNG

Cloud Storage Save / Upload

The RackCorp UMS has a very useful cloud storage capability built-in the the web interface, and includes mobile apps for IOS and Android.  Using this interface, a user can very quickly and easily access their stored cloud files, while also having powerful tools available for synchronising their cloud storage to personal laptops / desktops.

Viewing Cloud Storage

kk_cloud_view1.PNG

kk_cloud_view2.PNG

Saving Email Attachments Directly to Cloud Storage
Uploading Attachments Directly From Cloud Storage

kk-double-cloud.png

Creating Documents Directly in Cloud Storage

kk_cloud_newfile.PNG

Sharing Documents with internal users

kk_photos_share.PNG

Mobile Apps For Easy File Access

Screenshot_20221012-082134.pngiPhoneX.png

Windows Desktop Sync App

rc_nextcloud_desktop.png

User Productivity Interface

Web-based GUI

The web-based GUI is designed for maximum browser compatibility, while providing a smooth flow for typical business day interactions.

From this one GUI, access via icons on the left give access directly to:

Email

kk_email.PNG

Calendar

kk_cal.PNG

Contacts

kk_contacts.PNG

Creating custom contact groups for distributions

KK_EMAIL_GROUP.PNG

Tasks

KK_TASK1`.PNG

Cloud File Storage and sharing

KK_CLOUD.PNG

KK_CLOUD2.PNG

Collaboration

Collaboration and change tracking

rc_doc_collab.PNG

Example of collaboration in action:
https://www.youtube.com/watch?v=g7s1WBFSeXs

Document Editing

Word Documents

kc_rc_cc.PNG

Spreadsheets

kk_cloud_ss.PNG

Presentations
rc_ppt.PNG

Authentication 2FA

Natively, the web-based access supports 2-factor authentication using a variety of technologies including TOTP Applications such as Google Auth, as well as Yubikey.

Google Authentication Instructions

Google Auth is easy to use and setup within the UMS:

kg_2af.PNG

Once setup within the UMS, the user can scan the QR Code with their phone using the mobile Google Authenticator app and a new rotating code is automatically setup for the user account.

Upon next login to the UMS, the user is presented with two factor challenge screen after they enter their username and password.

kg2_af2.PNG

 

 

Team Chat

The RackCorp UMS provides very powerful chat features, allowing organisations to have logically segmented chat sessions, while also providing user-to-user chat capabilities.

kg_zulip1.PNG


Chats are segmented into "streams". Another representation of a 'channel'. Users can enjoy full rich chat functionality within the team chat for these streams across multiple platforms and devices.. They may subscribe to ones interesting to them and configure notifications to their liking to these streams.

All chat content is saved on the server side. Users do not need to worry about device synchronisation, disappearing messages  or limited chat history. In addition users may check the status of their discussions via the read receipts function
 kg_zulip2.PNG

kg_zulip3.PNG

Administration

Multi-Tenancy / Multiple Domains

The RackCorp platform provides a powerful ability both at the portal and API layers to create “virtual customer hierarchy” in our system. This allows you to logically group services together in a hierarchy-like manner  This allows access to be segmented to specific services, which can be advantageous for a permissions model, an ease-of-access model, as well as usage tracking as reports can be created at any levels throughout the hierarchy.

image-1665520762708.png

Virtual Customers may represent government departments, projects, regions, etc.  Administrative users can then be created / assigned to be able to manage any point in the hierarchy and below.

In a case where a government has multiple departments / email domains, a new virtual customer for each department/domain can be created, and that department's own IT staff assigned to that virtual customer which gives them access to all services located at that tenancy and below.

Administrative INTERFACE OF ADDING A CUSTOMER

rc_client.PNG

Reviewing Administrator Logs

All administrative activity within the system is logged and recorded.  An online reporting interface is available, allowing fast searching of administrative interactions

rc_logs.PNG

Creating new Administrators

Administrators can be created and assigned to their own virtual customer in the hierarchy.  This will mean they can only access their services and anything in virtual customers below them.  They cannot see above themselves in the hierarchy or sideways.

Administrative INTERFACE OF ADDING A USER - Administrator

RC_USER.png

Setting up Email Domains

Email Domains can be added by an administrative user

rc_addemaildomain.PNG

New Email Accounts can then be created under this domain, with assigned quotas

rc_addemail.PNG

rc_email2.PNG

Administering Servers

All servers used by the solution show up in the RackCorp UMS Portal, providing valuable information around CPU, memory, and Disk consumption.  Administrative functionality including restarting servers, startup/shutdown of storage volume servers is included and interoperates. via the UMS Portal.

rc-Diskstats.PNG

Mail Cluster Administration

Some options around compression, backups. and offloading to tertiary storage such as S3 are configurable per mail-store.

rc-mail_nsp.PNG

Cluster Storage Features

Feature Availability
Compression YES (Mail store compression)
Deduplication

YES (Mail store compression if over 256GB RAM available)
Export Functionality Maildir exports available for interoperability
Snapshots / Backup Exports Snapshot per-domain or per mailbox
Snapshots / Restore Backups Restore per-domain or per mailbox snaps
Restore / Backup Exclusion Policies YES
Permanent, non-recoverable deletion YES with command-line
   

Licensing (EN)

Программное обеспечения

Лицензия

URL-адрес лицензирования

NextCloud

Открытый исходный код

https://nextcloud.com/blog/how-nextcloud-protects-your-business-from-license-uncertainty/

MariaDB

Открытый исходный код

https://mariadb.com/kb/en/licensing-faq/

ClamAV

Открытый исходный код

https://docs.clamav.net/

https://github.com/Cisco-Talos/clamav (GNU GPLv2 license)

SpamAssassin

Открытый исходный код

https://spamassassin.apache.org/
https://www.apache.org/licenses/

Courier-IMAP

Открытый исходный код

https://www.courier-mta.org/imap/ (main site)
https://github.com/svarshavchik/courier
(GNU GPL license and most recent releases)

Courier-Authlib

Открытый исходный код

https://www.courier-mta.org/authlib/documentation.html
(open source GNU GPL)

Rocky-Linux

Открытый исходный код

https://rockylinux.org/licensing/

Debian-Linux

Открытый исходный код

https://www.debian.org/legal/licenses/

NGINX

Открытый исходный код

https://nginx.org/LICENSE

Zulip

Открытый исходный код

https://github.com/zulip/zulip/blob/main/LICENSE

LibreOffice Online

Открытый источник (публичная лицензия Mozilla 2.0)

https://www.libreoffice.org/about-us/licenses

RackCorp Management API/Portal

Собственность RackCorp Лицензия Предоставляется на 1 год

https://www.rackcorp.kg/termsconditions