The main objective of this project is to show and explain a detailed, robust, secure and monitored configuration of the deployment of a Zentyal 7.0 server on the Amazon AWS cloud provider for a production environment.
NOTE: It is important to note that everything explained in the project is a real example of implementation, which can be used as a basis or guide for the design of your environment.
The functions that this server will have will be to act as a mail server for the organization and additionally, as a shared resource server for the different departments.
Finally, it should be mentioned that multiple additional configurations will also be made, such as securing through SPF, DKIM, and DMARC for the mail service, password policies for the domain controller, or even improvements at the CLI level.
NOTE: The translation of the whole documentation was automatically generated by ChatGPT.
As explained, AWS will be used to host the Zentyal server. This server will have a monthly cost, which will depend on various factors such as:
- Type of server.
- Type and number of EBS volumes.
- Traffic received by the server.
- Backup policies.
- Monitoring system.
For this particular project, the following available AWS services will be used:
The Zentyal server will use the latest stable version available, which as of today is 7.0. In addition, a commercial license will not be used, although it is recommended due to the additional features it offers as well as the possibility of contacting support in case of an incident or doubt.
The modules that will be installed and configured are:
- Network
- Logs
- Firewall
- Software
- NTP
- DNS
- Controlador de dominio
- Correo
- Webmail
- Antivirus
- Mailfilter
- CA
- OpenVPN
Additionally, the following additional configurations will be made:
- Creation of a partition for the SWAP.
- Use of several EBS volumes to store different types of information there.
- Generation of certificates with Let's Encrypt.
- Implementation of: SPF, DKIM and DMARC to increase the security of the mail service.
- Security policies and password rotation for the domain.