2

I've been asked to look into adding a mail server at a remote "branch office" (managing director's house). The only real requirement is that I do so without adding any more computers to the site. There is currently one machine running Smoothwall and one PC. The mail server can be anything that supports SMTP and either POP3 or IMAP. Because the PC is only on for about 12 hours a day it would not be appropriate to run the mail server. That leaves the Smoothwall box.

As I don't believe a firewall should be weakened by adding something like a mail server I'm considering whether to replace the existing Smoothwall box with one running Smoothwall and the mail server as virtual machines using VMware ESXi. Incidentally, I've never used bare metal virtualisation before. The plan would be to install 3 NICs. One for the Internet side, one for the LAN and one for ESXi itself, which would be connected to the LAN. The DMZ interface could presumably be handled by a virtual NIC.

Given that the machine would be located about 700KM away (as the crow flies) all management must be done remotely. Is this practical, bearing in mind that if the firewall goes down I would lose access to the host machine as well?

Edit: This mail server is to be completely independent of and in addition to the corporate mail system. I neither know nor understand all the reasons. Regardless, this is the task I've been given.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
  • Sounds like a lot of work. Is there any reason site-to-site vpn won't work? – GregD Nov 13 '09 at 18:36
  • Make sure ESXi will run on the hardware -- it is a bit fussy about such things. Check the Whitebox HCL list as one reference: http://www.vm-help.com/esx40i/esx40_whitebox_HCL.php – Chris_K Nov 13 '09 at 21:43

2 Answers2

1

A couple of questions: How is email handled at the corporate office? Will this scenario cause problems for the director getting corporate email? If email for @company.com goes to the corporate office email server (assuming there is one) how do you propose to get @company.com email to the director? Why the requirement to not add any additional computers to the site? By "site" do you mean the director's house? They want you to add an email server without adding any new computers?

Other than that I think your plan will work and appears to me to be a good course of action. I can't speak to the specifics of using multiple NIC's in ESXi, but using ESXi seems like the right road to go down. Regarding the firewall going down, that would be an issue for any host on any network so it's not specific to your plan and not really something you can do anything about without implementing redundant connections, firewalls, VM's, etc.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • See my edit regarding the corporate mail. This new system will be for a separate domain, so there won't be any clash. Yes, by site I certainly do mean the director's house/home office, which is interstate. He normally works from there almost full time. – John Gardeniers Nov 13 '09 at 22:17
  • OK, got it. In that case I think your plan for using ESXi is a good way to go. – joeqwerty Nov 13 '09 at 22:37
0

The ESXi solution is creative and will work, good idea. As to the practical question, the design requirements aren't very practical so it's hard to make the outcome practical.

This feels like a square peg in a round hole; a cheap hosted server, buying mailboxes at an email host or using a mailing service seem like better alternatives depending on the end need.

Ed Fries
  • 1,619
  • 2
  • 12
  • 14