Introduction

Kolab Groupware is a scalable, flexible and made-to-measure collaboration suite and groupware solution, designed with security, privacy and integrity in mind.

Kolab Groupware is Free Software, uses other Free Software, and stores and accesses information using Open Standards.

The design of Kolab distinguishes the following functional components to make up the groupware environment:

1. An Authentication and Authorization database, preferrably centralized,

2. A Mail Exchanger for the exchange of messages.

3. A Data Storage Layer & Primary Access Protocol.

4. One or more (additional) Storage Layer Access Protocols.

5. One or more Desktop Clients.

6. One or more Mobile Clients.

7. One or more Web Interfaces.

8. Multiple means for users to collaborate, such as via;

   1. Instant Messaging

   2. Voice (over IP) & Voice Conferencing

   3. Video & Video Conferencing

   4. Collaborative Document Editing

Furthermore, the Kolab Groupware environment offers functionality beyond the exchange of regular email messages, such as calendaring, maintaining address books, task management, journaling, and more.

All of this must remain secure [1], scalable [2] and flexible [3]. It must also use Open Standards for protocols and storage formats to provide the user the freedom to walk away with their data, respect the privacy of its users, meanwhile protect organizations’ interests.

Welcome to Kolab Groupware!

Authentication and Authorization

Kolab Groupware uses LDAP for authentication and authorization of users, while it also includes user and group membership information.

The use of LDAP allows the structuring of information in such a way that it enables the delegation of authority over its entries, can prevent users from accessing certain attributes or entries, and allows the groupware solution to scale to over several millions of users – ideal for groupware environments.

Please note that at the very core of the Kolab Groupware design is that Kolab consumes information in LDAP, but does not ship its own version of LDAP. As such, any LDAP server implementation could be used, albeit Kolab Groupware supports those LDAP server implementations that ship either of the following supported controls, or alternatively falls back to regular searches – which incur significant performance penalties and require significantly more resources:

• Persistent Search (Draft 03)

• LDAP Content Synchronization (RFC 4533)

• Simple Paged Search Results (RFC 2696)

• Virtual List View Control (Draft 09)

A default installation of Kolab Groupware includes LDAP schema extensions that provide additional functionality such as delegation and mandatory SMTP Access Policy enforcement, among other things, but Kolab does not strictly require these extensions be loaded.

It should also be noted that Kolab, in principle, runs on a sealed system. That is to say that users that are Kolab users are usually not system users.

See also

For more information on LDAP integration in Kolab Groupware, please refer to:

• Kolab Groupware and LDAP

Mail Exchanger

Integrated with the Authentication and Authorization database, the mail exchanger in Kolab Groupware is in charge of exchanging messages between Kolab Groupware users, mailing lists and distribution groups, third party groupware environments and the internet.

The mail exchanger component is also responsible for anti-spam and anti-virus measures, protecting your environment against ill-intended distractions.

Kolab Groupware integrates Postfix by default, and provides it with additional security and integrity checks, such as the Postfix & the Kolab SMTP Access Policy.

Kolab’s default configuration of the mail exchanger includes the use of lookup ables against the Authentication and Authorization database.

See also

• Postfix

• Postfix & the Kolab SMTP Access Policy

Data Storage Layer & Primary Access Protocol

A data storage layer for groupware environments must be fast, efficient, scalable and secure.

A single system can only scale up as far as its local resources allow it to – called vertical scaling – not unlike physical matter, there can only be a finite amount of resources in one place at any given one point in time.

It is therefore a pre-requisite the storage layer can be spread out over multiple individual systems, while maintaining a transparent access methodology for users - whom do not know what data is where, and even if they did, tend to forget about it.

The data storage layer must also be accessible remotely. For this purpose, you require a well defined, widely implemented network protocol that can deliver fast synchronization of large amounts of data with its clients, understands the concepts of folders and folder hierarchies, access control, quota, and can handle parallel access.

In Kolab Groupware, this data storage layer is the IMAP spool, accessible by any client software that speaks the IMAP protocol.

Kolab Groupware ships Cyrus IMAP by default, which, with its so-called murder topology, provides the aforementioned transparent access to IMAP spools spread out over multiple individual systems.

This optional murder topology allows users of an environment to share groupware content amongst themselves, even though the content may reside on different backend systems.

See also

• Cyrus IMAP Murder Topologies

Desktop Clients

Although the Kolab web client is powerful and fast, some users might want to use native Desktop clients. There is a variety of Desktop clients compatible with the Kolab Groupware solution. They include:

• The Kolab Client Kontact

  • Available for Microsoft Windows, GNU/Linux and Apple Mac OS X

  • With full Off-line support

  • Automatic Configuration

  • Thousands of features

  • Mobile edition for touchscreen devices available

• Thunderbird with Lightning

  • Available for Microsoft Windows, Apple Mac OS X and GNU/Linux

New in version Kolab: 3.1

• Apple Mail, Address book and Apple Calendar (previously iCal)

• Microsoft Outlook

New in version Kolab: 3.0

• using the connector from Bynari

New in version Kolab: 3.1, Outlook 2013

• ActiveSync

• Evolution

Mobile Clients

All ActiveSync capable devices can be used to connect to Kolab and retrieve groupware data. This includes Android and Apple as well as the latest Blackberry devices.

Special security features for mobile clients such as policy enforcement, credential separation and remote wipe can be implemented with Kolab using ActiveSync.

If for some reason ActiveSync is not supported on the device, the CalDAV and CardDAV protocols can be used instead as a fall back.

Storage Layer Access Protocols

The following protocols provide access to the groupware data in a Kolab Groupware environment:

• POP3

• IMAP4

New in version Kolab: 3.0

• ActiveSync

New in version Kolab: 3.1

• CalDAV

• CardDAV

• WebDAV

Web Interfaces

• Kolab Web Administration Panel and API

• Kolab Web Client

• Hosted Kolab Customer Control Panel

• Chwala File Management

• Mobile Device Synchronization

Instant Messaging

Voice (over IP) & Voice Conferencing

Video & Video Conferencing

Collaborative Document Editing

Overview of Functional Components

The following diagram provides a high-level overview of functional components and their connections and interactions with one another. For a fully detailed picture, we’ll need to zoom in to the level of functional components themselves, and their individual interactions with other functional components.

Legend:

• The Red circles indicate components provided exclusively as part of Kolab Groupware.

• Components in a Dark Green font color are server-side components.

Note

The web client – Roundcube, to which Kolab Systems contributes substantially – provides Kolab Groupware capabilities in addition to the Roundcube core capabilities through plugins.

Note

Desktop clients that Kolab Systems actively contributes to and supports include Kontact (KDE PIM).

Footnotes

[1]

Security

Beware of snake-oil vendors, whom may tempt you to choose for a model that encrypts data on the server using a fundamentally flawed model, sometimes called “the averting eyes promise”, more clearly explained on this arstechnica.com article.

[2]

Scalability

Both vertical as well as horizontal scalability are features of an elastic computing environment – whether automatic (aka “cloud”) or manual.

The scaling of a deployed solution is best applied to each individual functional component separately, for the number of web servers your deployment needs at any given point does not directly correspond with the amount of mail exchangers your deployment needs (at that point or otherwise).

[3]

Flexibility

While, contrary to popular belief, most environments could run the majority of their infrastructure on standard systems and with standard applications, in contradiction not even two such standard environments are alike.

A solution that is capable of adapting to the new environment is clearly much more flexible – this does require a good understanding of the intended architecture of the solution, and a well-defined deployment use-case to adapt to.