Data migration and replication

Given current BlueMind-Outlook stability with the MAPI protocol, migrating data through a PST upload in Outlook is not an option. As a whole, server-side data migration is safer and the result will be more consistent.

• Exchange migration tool

• server-side PST migration

• IMAP synchronization tools with imapsync (see recommendations below)

• Domino migration tool

Replication extracts and stores mail spool information into BlueMind objects that must exist beforehand. For replication to work properly, only data known by BlueMind must be fed into Cyrus: domains and mailboxes must therefore be created in the admin console (or via API), before the mailboxes are filled with data. 

Currently, as admin0 (BlueMind super-administrator), you can migrate BlueMind data without worrying about BlueMind objects and mail storage rules. With admin0 privileges, mail data can be stored on the Cyrus server without undergoing any rights or consistency checks. This is why BlueMind may see the data as inconsistent and may cause the replication to fail. We are therefore advising advise you against importing data through imapsync as the admin0 user.

To avoid this, if you are planning an imapsync transfer of BlueMind data, it is important for that you carry out the imapsync to be carried out with while logged in as the user's login ID. By performing operations as a mail the user themselves, you are can be assured that an account exists, with the correct partition, etc.

To generate an API token for a specific user:

https://forge.bluemind.net/stash/projects/BA/repos/bluemind-samples/browse/python-api-examples/generateUserToken.py

This link shows and an example of data migration which you can adapt depending on the source server and the accounts/data you want to transfer:

https://forge.bluemind.net/stash/projects/BA/repos/bluemind-samples/browse/migration/4.0/kerio

As a whole, and in particular for version 4.0, we strongly recommend that you test data migration on a test server, which will be re-installed or destroyed later. The migration process, once verified, can be done on a blank server (or domain), with no trace of the operations carried out during testing. The LDAP/AD connection, Imapsync imapsync or Exchange data migration, once prototyped successfully, can be replayed on the production server.

Checking that replication works properly

In the bm-tick monitoring console, you can watch the "Mailspool & Replication" dashboard. Two graphs are particularly relevant:

Number of messages replicated per hour:  

Image Removed

Number of active replications:

Image Removed

This number must be 1 per server with the mailbox role and therefore the bm-cyrus-imapd service. If this number drops, this means that replication is no longer working.

On the contrary, if this number is higher than the number of IMAP backends, it usually means that the role has been given one – or several – separate storage server(s) but the service is still running on the main server. In that case you need to force-disable them by creating the following files on the bm-core and then stop the services:

touch /etc/bm/bm-cyrus-imapd.disabled
touch /etc/bm/bm-lmtpd.disabled
systemctl stop bm-cyrus-imapd ; systemctl stop bm-lmtpd

To see if replication is working, you can perform an operation on an email (e.g. change it to unread) and using a tail command, check whether, at the same time, a line looking like the one below is added to the /var/log/bm/replication.log log file:

{{APPLY MAILBOX (.... UserloginID ) }}

Replication progress

We are planning tick improvements in future versions which will allow you to check the replication process's progress.

In the meantime, you can compare the number of messages in the mail spool and archives with the number of entries in the message storage table. They won't match exactly, but it gives a pretty good idea of progress. 

To find out the number of emails to be synchronized:

# Number of messages in the spool:
find /var/spool/cyrus/data/ -type f|wc -l

# Number of messages in the archives:
find /var/spool/bm-hsm/cyrus-archives -type f|wc -l

The sum of the two should be close to the result form the query on the bj-data database:

select count(*) from t_message_body;

BlueMind archiving system redesign

From version 4, message archiving (HSM) is handled natively by Cyrus (see Archivage for more details).

If you installation already used archiving in version 3.5, you must retrieve the 3.5 archives to re-introduce them into Cyrus (which will then manage it autonomously and transparently according to the policy).

This has significant impact on mail storage spaces and typically entails lengthy migration operations, to be organized according to version 4 upgrade operations.

The detailed upgrade to version 4 procedure describes the operations required for archive migration. It is available in our Partner Space:  Procédure de mise à jour depuis BlueMind 3.5 vers BlueMind 4. Please make sure that you read it carefully. 

Storage space sizing

Several architecture reorganization and changes to how BlueMind works affects BlueMind server storage space sizing. You must be extremely careful to avoid "full disks" which can interfere, block or cause the upgrade to fail. These are the storage changes that can impact your BlueMind install:

• /var/spool/bm-replication: anticipate a significant increase in used space. Your space available must be equal to 25% of /var/spool/cyrus/data

• /var/spool/bm-elasticsearch: 20 to 25% of the mail volume in two folders /var/spool/cyrus/data  and  /var/spool/bm-hsm

• /var/lib/postgresql: the database must be able to grow by 10% of mail volume (/var/spool/cyrus/data  et  /var/spool/bm-hsm)

• /var/log/bm/replication.log can also grow significantly. The corresponding partition must have at least 1Gb of available space.

In terms of memory resources, to allow the ElasticSearch service to work during the upgrade, it must be allocated an additional 1.5Go.

These extra storage space needs are laid out in:  Procédure de mise à jour depuis BlueMind 3.5 vers BlueMind 4.

BlueMind without MAPI

This option has limitations BlueMind isn't able to override. This is why BlueMind has developed a native connection with Outlook, which provides a better implementation of Outlook features.

If your users are used to the Outlook connector and happy with it, it can be left as is. Otherwise, we recommend that you progressively move to Outlook via MAPI.

Outlook

Without the MAPI service, Outlook continues to work with the connector like in version 3.5. Administrators must carry out the same provisioning procedure for the Outlook connector so that users can download and install it on their machines.

Outlook doesn't understand or translate folder mapping . Default folders such as Inbox, Sent, etc. are shown in English because they are picked up via the IMAP protocol without being translated. This doesn't interfere with syncing from a technical point of view but may be disturbing for some users. You should note that MAPI handles mapping correctly.

Cyrus

From version 4.1, the Cyrus folder structure is checked on BlueMind startup and an alert – a warning in logs – is sent if an inconsistency is found.

BlueMind with MAPI

Autodiscover

From version 4.1, an autodiscover check is carried out on all installation domains and aliases. If no autodiscover works, then MAPI service will not start. If at least one autodiscover works, then the service starts in order to serve accessible domains.

As a result, for each domain and alias, the MAPI server attempts a query to domain.loc/autodiscover and autodiscover.domain.loc/autodiscover and checks that itself receives the query. 

A test is also carried out on the DNS server to check the recording service _autodiscover._tcp.domain.loc and _autodiscover.<all aliases>.

Cyrus

From version 4.1, the

To start the replication on idle (unused) mailboxes, you must place them in the replication queue using the following command – after having cleaned some Cyrus logs:

#cleaning cyrus
service bm-cyrus-imapd stop
rm /var/lib/cyrus/sync/core/log*
service bm-cyrus-imapd start
#running the replication
bm-cli maintenance repair --ops replication.parentUid $DOMAIN_UID$

$DOMAIN_UID$ being the domain name, e.g.: bluemind.net

BlueMind without MAPI

Outlook

Without the MAPI service, Outlook continues to work with the connector like in version 3.5. Administrators must carry out the same provisioning procedure for the Outlook connector so that users can download and install it on their machines.

Cyrus

From version 4.1, the Cyrus folder structure is checked on BlueMind startup and an alert – a warning in logs – is sent if an inconsistency is found.

BlueMind avec MAPI

Autodiscover

From version 4.1, an autodiscover check is carried out on all installation domains and aliases. If no autodiscover works, then the MAPI doesn't start. If at least one autodiscover works, then the service starts in order to serve accessible domains.

As a result, for each domain and alias, the MAPI server attempts a query to domain.loc/autodiscover et autodiscover.domain.loc/autodiscover and checks that itself receives the query. 

A check is also carried out on the DNS server to check the recording service _autodiscover._tcp.domain.loc and _autodiscover.<all aliases>.

Cyrus

From version 4.1, the Cyrus folder structure is checked on BlueMind startup and an alert – a warning in logs – is sent if an inconsistency is found.

Outlook

Creating a blank Outlook profile

To enable connector-free Outlook, first make sure you follow the server-side implementation steps described in our documentation:

Implementing MAPI for Outlook

In particular, make sure you read the section about server communications prerequisites: autodiscover must work properly for Outlook to be able to communicate with BlueMind.

Then, for each workstation, follow our instructions on creating an Outlook profile:

Synchronisation avec Outlook

In this case, make sure you first ensure url accessibility from the workstation.

Outlook with BlueMind limitations

Known limitations with Outlook are listed in our page on BlueMind's compatibility with client software and devices.

Known limitations

Outlook

Recommendations and best practice

To work in its current version, Outlook must not be polluted by "objects" that do not come from BlueMind. This is why a blank Outlook profile must be created and no other Exchange/Office365 should be configured on the same profile.

In addition, registry keys must be applied, among other things to avoid network configuration conflicts (DNS, ActiveDirectory). Registry keys can be found here: XXXXXXXXX

Creating a blank Outlook profile

To enable connector-free Outlook, first make sure you follow the server-side implementation steps described in our documentation:

Implementing MAPI for Outlook

In particular, make sure you read the section about server communications prerequisites: autodiscover must work properly for Outlook to be able to communicate with BlueMind.

Then, for each workstation, follow our instructions on creating an Outlook profile:

Synchronization with Outlook

In this case, make sure you first confirm url accessibility from the workstation.

Limitations of Outlook with BlueMind

Known limitations with Outlook are listed in our page on BlueMind's compatibility with client software and devices.

If you encounter issues

Versions 4.0, 4.1, 4.2, 4.3 and 4.4

Many improvements have been made to BlueMind since version 4.0. All BlueMind versions earlier than 4.5 must be updated quickly to benefit from all the latest updates.

Checking that replication works properly

In the bm-tick monitoring console, you can watch the "Mailspool & Replication" dashboard. Two graphs are particularly relevant:

Number of messages replicated per hour:  

Image Added

Number of active replications:

Image Added

This number must be 1 per server with the mailbox role and therefore with the bm-cyrus-imapd service. If this number drops, this means that replication is no longer working.

On the contrary, if this number is higher than the number of IMAP backends, it usually means that the role has been given one – or several – separate storage server(s) but the service is still running on the main server. In that case you need to force-disable them by creating the following files on the bm-core and then stop the services:

To check if replication is working, you can perform an operation on an email (e.g. change it to unread) and using a tail command, check whether, at the same time, a line looking like the one below is added to the /var/log/bm/replication.log log file:

Replication progress

We are planning tick improvements in future versions which will allow you to check the replication process's progress.

In the meantime, you can compare the number of messages in the mail spool and archives with the number of entries in the message storage table. They won't match exactly, but it gives a pretty good idea of progress. 

To find out the number of emails to be synchronized:

The sum of the two should be close to the result from the query on the bj-data database:

Note that the standard replication flow only watches "live" mailboxes. This means that if the replication delta is significant, then the replication has almost stopped, all active users have been properly replicated and have access to related features (webmail search, EAS, etc.). Also note that the count is approximate: if an email is sent to N users, it will be counted once in t_message_body but it will be present N times in the spool.

To start the replication on idle (unused) mailboxes, you must place them in the replication queue using the following command – after having cleaned some Cyrus logs:

$DOMAIN_UID$ being the domain name, e.g.: bluemind.net

Known limitations

You can find a list of You can find known limitations in our page on BlueMind compatibility.

Updating from BlueMind 4.0 to 4.x

Inbox subfolders

In BlueMind versions 4.0.x, folders created in the inbox by Outlook are not mailbox folders but virtual folders.

BlueMind 4.1 brings inbox subfolder support.