Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Development Roadmap for the Zimbra Service

This document summarizes Penn's agenda with Zimbra and the ISC Zimbra strategic plan for FY09-FY11.

Feature Description Target Date
Exchange Free/Busy Sharing

Bug report
Penn has deployed both Zimbra 5.0.8 and Microsoft Exchange 2007 services. Many of our customer sites use both services, electing to use Exchange for VIPs or administrators and Zimbra for other users who do not need tight integration with Outlook or BlackBerry. Free/busy sharing for both services was one of our internal goals for December 2008, and Penn has begun implementing this feature in our production environment and will likely turn to Zimbra support with issues. Stanford has similar needs to ours, but a different environment: while Penn's Zimbra and Exchange each have separate GALs and users are, for the most part, unique in each, every user at Stanford has a Zimbra account and some also have Exchange. We believe the most portable solution would be a free/busy proxy between Zimbra and Exchange. That would allow us to flexibly share information between both services, and with other service providers at Penn who may run Zimbra, Exchange, or another service. FY09 3Q/4Q
Kerberos IMAP Proxy This is needed to allow scaling across multiple mailbox servers. Zimbra reports that this works with either a combination of release 5.08 and a manual upgrade from Java 1.5 to 1.6 due to a Kerberos bugfix in Java or in Zimbra 5.0.9. Penn plans to include with it 5.0.11 upgrade. FY09 3Q
BlackBerry Handheld Support

Bug report
Penn has a strong interest in offering the same level of support across both the Zimbra 5 and Exchange 2007 services for mobile devices. Support for ActiveSync and BlackBerry drives customers to Penn's Exchange service, and the same could be said of Zimbra. A full feature set for data push and enterprise management of BlackBerry devices, including remote device wipe and policies, would align Zimbra Mobile more closely with Penn's existing handheld offerings and our PDA security policies. We will be testing this, but will only offer pilot service if it does not go live until Q3/Q4 2009. Zimbra plans to meet General Availability (GA) in Zimbra 6.0. FY10 1Q/2Q
Kerberos Proxy Access for Group Accounts

Bug report
Penn uses Kerberos as a portable mechanism for providing delegate access to mail accounts from third-party mail clients, including Thunderbird. This is particularly important in a VIP/AA scenario, but even more widely used with group accounts or shared accounts used as the basis for communicating as part of a business process. For example, help desks may use a central mail account for problem intake and configure delegated access via Kerberos to open shared mailboxes. While ZWC and Outlook do have mechanisms for delegate access to mailboxes, Kerberos is more portable for Penn across other third-party fat email clients. FY10 1Q
Instant Messaging (IM) Integration

Bug report
Penn operates its own highly available instant messaging service based on a version of Openfire newer than the Wildfire server integrated by Zimbra. For now, we have disabled the IM tab in ZWC. We would like to re-enable this tab, but point to and authenticate against Penn's existing XMPP service implementation at A feature comparison of Zimbra's IM service and Penn's is available. FY10 1Q/2Q
Calendar Access via Kerberos

Bug report
Penn has heavily invested in Kerberos as the preferred authentication solution to provide single sign-on for applications as well as a central credential to use for web applications. Many email clients on the desktop are configured for Kerberos authentication for POP and IMAP. Penn leverages Zimbra's pre-authentication framework to allow the Zimbra Web Client to use Kerberos passwords. The next logical step is to support Kerberos for calendar access. This requires both Kerberos integration in the CalDAV server component of Zimbra, but also Kerberos support in a client program, preferably one that is cross-platform. Apple's Leopard iCal Server and iCal client seem to lead the field so far in terms of Kerberos support for calendar access. Penn has in the past contributed to the effort to include Kerberos support in Eudora and Thunderbird for mail, and would likely be willing to do the same for a third-party calendar client like Mozilla Sunbird. Penn would need Zimbra to build in server code to support Kerberos access for CalDAV clients. FY11 1Q/2Q

Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania