Project Information¶

The main objective of this project is to show and explain a detailed, robust, secure and monitored configuration of the deployment of a Zentyal 7.0 server on the Amazon AWS cloud provider for a production environment.

The functions that this server will have will be to act as a mail server for the organization and additionally, as a shared resource server for the different departments.

Finally, it should be mentioned that multiple additional configurations will also be made, such as securing through SPF, DKIM, and DMARC for the mail service, password policies for the domain controller, or even improvements at the CLI level.

AWS¶

As explained, AWS will be used to host the Zentyal server. This server will have a monthly cost, which will depend on various factors such as:

• Type of server.
• Type and number of EBS volumes.
• Traffic received by the server.
• Backup policies.
• Monitoring system.

For this particular project, the following available AWS services will be used:

• Route53
• VPC
• KMS
• EC2
• CloudWatch
• SNS

Zentyal¶

The Zentyal server will use the latest stable version available, which as of today is 7.0. In addition, a commercial license will not be used, although it is recommended due to the additional features it offers as well as the possibility of contacting support in case of an incident or doubt.

The modules that will be installed and configured are:

• Network
• Logs
• Firewall
• Software
• NTP
• DNS
• Controlador de dominio
• Correo
• Webmail
• Antivirus
• Mailfilter
• CA
• OpenVPN

Additionally, the following additional configurations will be made:

• Creation of a partition for the SWAP.
• Use of several EBS volumes to store different types of information there.
• Generation of certificates with Let's Encrypt.
• Implementation of: SPF, DKIM and DMARC to increase the security of the mail service.
• Security policies and password rotation for the domain.

Requirements¶

To be able to implement or test the steps described in this project, the following will be required:

1. Knowledge of the administration of Linux operating systems, specifically in Ubuntu operating systems.
2. Knowledge in handling the CLI (command-line interface).
3. Administrator privileges over the server.
4. In case of wanting to use AWS, an account with sufficient permissions for the services mentioned in the 'AWS' section will be required.
5. anting to use AWS, an account with sufficient permissions for the services mentioned in the 'AWS' section will be required.

Considerations¶

The following are some considerations to keep in mind if you want to implement or test the project:

1. Although the steps are explained, it is highly recommended to have some minimum knowledge of Linux, as the terminal is used extensively.
2. If you want to implement it in production, it is highly recommended to use the commercial version, as it usually comes with access to support, which can be very useful in case of 3. incidents or version updates to higher versions of Zentyal.
3. The project has been tested on the AWS cloud provider; however, it should be able to work on other cloud providers.
4. In case a cloud provider is used, it is very likely that the deployment will have a monthly economic cost.
5. The network module is the most critical module in case you want to implement this project on a cloud provider, so you must have the configuration well analyzed and defined before proceeding with its configuration.
6. Due to the modules installed in Zentyal, the server will require a minimum of 4GB of RAM for testing purposes. However, if you want to use it in production, more RAM will need to be added.

Index¶

The index of the project for implementation would be:

1. AWS
2. Installation
3. Configuration
4. Certificates
5. Hardening
6. Backup
7. Monitoring

In case you want to implement or test the project on an on-premise server or another cloud provider, steps 1, part of 6 and 7 would not be applicable.