Multiple-appliance TRITON AP-EMAIL deployments

Deployment and Installation Center | Email Protection Solutions | v8.3.x

Multiple-appliance deployments can be implemented when message volume warrants having greater processing capacity. When the deployed appliances are all in standalone mode, the appliances can be a mix of V-Series machines and virtual appliances. An appliance cluster usually cannot contain a mix of appliance platforms. Contact Technical Support for more information.

An X-Series modular chassis may include multiple blade servers running TRITON AP-EMAIL.

Email appliance cluster with Email Hybrid Module

Multiple V-Series appliances are configured in a cluster for this deployment scenario. You may also consider multiple virtual appliances or X10G blade servers for this scenario. This email protection environment includes the Email Hybrid Module in-the-cloud analysis. See Single email appliance with Email Hybrid Module for information about the email hybrid service.

You may want to use a third-party load balancer with an appliance cluster, to distribute email traffic among your appliances. Appliances in a cluster all have the same configuration settings, which can streamline a load balancing implementation.

Personal Email Manager traffic load balancing may be accomplished via cluster configuration. After a cluster is created, designate the Personal Email Manager access point in Settings > Personal Email > Notification Message, in the Personal Email Manager Portal section. Personal Email Manager traffic is routed to this designated IP address. This appliance then passes the traffic on to other appliances in the cluster via the round robin forwarding mechanism.

To create a cluster, add an appliance to the email appliances list on the Settings > General > Email Appliances page, then configure these appliances in a cluster on the Settings > General > Cluster Mode page. See the Administrator Help for TRITON AP-EMAIL for details.

A primary appliance in a cluster may have up to 7 secondary (or auxiliary) appliances. Configuration settings for any cluster appliance are managed only on the primary appliance Email Appliances page (Settings > General > Email Appliances).

Cluster appliances must all be running in the same security mode. The TRITON Manager and all cluster appliance versions must all match for cluster communication to work properly.

In order to protect the messages stored in the email message queues, appliances added to a cluster must have the same message queue configuration as the other cluster appliances. For example, an administrator-created queue on appliance B must be configured on primary cluster appliance A before appliance B is added to the cluster. Message queue records may be lost if this step is not performed before cluster creation.

Multiple standalone email appliances

A multiple standalone V-Series or virtual appliance or X-Series blade server deployment might be useful if each appliance must have different configuration settings. Two standalone scenarios are described in this section:

Using domain-based routing

Using DNS round robin

These environments include the Email Hybrid Module in-the-cloud filtering. See Single email appliance with Email Hybrid Module for information about the email hybrid service.

Using domain-based routing

You can configure domain-based delivery routes so that messages sent to recipients in specified domains are delivered to a particular appliance. Configuring a delivery preference for each SMTP server facilitates message routing.

Configure the domain groups for which you want to define delivery routes in the Settings > Users > Domain Groups > Add Domain Groups page. See the Administrator Help for TRITON AP-EMAIL for information about adding or editing domain groups:

Managing domain groups

Configuring delivery routes

To set up a domain-based delivery route on the Settings > Inbound/Outbound > Mail Routing page:

Click Add in the Domain-based Routes section to open the Add Domain-based Route page.

Enter a name for your route in the Name field.

Select an order number from the Route order drop-down list to determine the route's scanning order.

Select a destination domain from the pre-defined domains in the Domain group drop-down list. Default is Protected Domain. Information about the selected domain group appears in the Domain details box.

If you want to add a new domain group to the list, navigate to Settings > Users > Domain Groups and click Add.

If you want to edit your selected domain group, click Edit to open the Edit Domain Group page.


	Important The Protected Domain group defined in the Settings > Users > Domain Groups page should not be used to configure email delivery routes if you need to define domain-based delivery routes via multiple SMTP servers. Create domain groups that contain subsets of the Protected Domain group for mail routing purposes.

Select the SMTP server IP address delivery option to open the SMTP Server List:

Click Add to open the Add SMTP Server dialog box.

Enter the SMTP server IP address or hostname and port.

Mark the Enable MX lookup check box to enable the MX lookup function.

Important

If you entered an IP address in the previous step, the MX lookup option is not available.

If you entered a hostname in the previous step, this option is available.

Mark the Enable MX lookup check box for message delivery based on the hostname MX record.

If you do not mark this check box, message delivery is based on the hostname A record.

Enter a preference number for this server (from 1 - 65535; default value is 5).

If a single route has multiple defined server addresses, mail delivery is attempted in order of server preference. When multiple routes have the same preference, round robin delivery is used.

You may enter no more than 16 addresses in the SMTP Server List.

Select any desired security delivery options.

Select Use Transport Layer Security (TLS) if you want email traffic to use opportunistic TLS protocol.

Select Require authentication when you want users to supply credentials. Enter the appropriate user name and password in the Authentication Information box. You must use the SMTP server IP address delivery method when you want users to authenticate.

Using DNS round robin

Email traffic distribution among multiple standalone appliances can be accomplished by using the domain name system (DNS) round robin method for distributing load.

With the email hybrid service configured and running, set up the round robin system as follows:

Enter the SMTP server domain in the Delivery Route page of the email hybrid service configuration wizard used for registering the email protection system with the email hybrid service (Settings > Hybrid Service > Hybrid Configuration).

If email hybrid service is not enabled, you need to modify your MX records to allow round robin load balancing. Ask your DNS manager (usually your Internet service provider) to replace your current MX records with new ones for load balancing that have a preference value equal to your current records.