1
Azure Servers
Question asked by John Marx - 7/5/2015 at 7:34 PM
Unanswered
We are evaluating moving to Azure Server for our SmarterMail. We plan on having two dedicated VM's (primary and backup). Has anyone had experience, suggestions, etc.? I've read everything related to Azure but nothing answer this question and am certain we are not the only one considering this.

7 Replies

Reply to Thread
1
Yannick Guerdat Replied
We have a SmarterTrack instance over Azure. It's work nice except that the internal IP address is changing frequently by Microsoft due to the nature of the cloud solution and Smartertools didn't catch correctly that. That means that we need to register again and again our serial number over this server.
Else all is fine :-)
Artionet.Group - Digital Transformation, eGovernment Solutions
2
Bruce Barnes Replied
Because of the "random IP address assignments" used in Azure servers, they are not nearly as secure as servers which have a static IP address assignment.
 
This has been cited by both US CERT and several other security agencies on multiple occasions.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
2
Robbie Wright Replied
John, both of those previous responses are partially true. We run a primary and backup mail server in two different Azure locations with their "D" series VM's, which gets you SSD storage and is plenty fast for webmail, spam scanning, etc.
 
While it is true that you Azure provides dynamic IP addresses by default, you can configure them to have static IP addy's for both internal and external interfaces, as well as proper reverse DNS, meeting the common IP requirements for mail servers. A complete royal pain in the rear to setup as it isn't in the web gui and you have to use the Azure PowerShell (EC2 makes it much easier) but it is very doable and has been a great experience (after the initial setup) for us.
0
Yannick Guerdat Replied
Thanks for your feedback Robbie
Artionet.Group - Digital Transformation, eGovernment Solutions
0
John Marx Replied
Thanks everyone. We're looking at adding the D series servers and saw a few articles on PowerShell and static configurations. I will definitely look more into that. Right now everything we have is on 7 VM's on a powerful dedicated machine and would rather not have to support our own hardware and this seems like the way to go for us,
0
John Marx Replied
Okay, this took some time and a lot of research. First this is possible. Secondly, we had a server that was bought in 2012. It had no SSD, 1TB of hard drive, 32Gig of memory and two processors (8 cores) so it wasn't a bad machine. In fact, we are now using this as our test development machine. We decided to move to an infrastructure where we didn't have to maintain the hardware but wanted to still have control of the operating system, updates, etc. After looking at Azure, AWS and other offerings we went with Azure. One because we could easily upgrade (a few clicks) to better hardware. The cost for the server is around $250/month (Today) for a D2. A D2 has a dual core Xeon, 3.5Gig of memory and a 100Gig C drive SSD for the operating system. We added a 1TB drive and set SmarterMail to store everything on this drive. They don't "guarantee" a static IP which is the biggest fear. We have been assured and have confirmed on multiple channels that the IP we have we will not lose as long as we stay in the data center and don't shut the machine off. We can upgrade to a faster machine if needed (don't think we will as we only use 1.5Gig of memory) and can always add more drive space in a matter of minutes. We have been able to easily setup SSL certfificates as well.
 
Now for the transfer. This was the ultimate scare as we wanted as close to zero downtime as possible and with 500Gig of data that's a lot. What we did was set a daily sync that we started manually a week before and let it run (inbound data doesn't cost anything). We contacted our clients and scheduled times (1 hour per domain so that we had room to debug, etc.). As of this email 29 of 40 on this server have been completed. We copied and manually edited the domains.xml as outlined in the SmarterTools documentation and it worked perfectly. The key I think for migrating is "slow and steady". 
 
So with all that said Azure is a great way to go at least for us and now we don't have to worry about having outdated hardware and can easily upgrade as client demands change.
0
Robbie Wright Replied
John, you can get static, reserved public and private IP's in Azure. You request the static public and give it a name. You then assign that public to your resource, for instance when building a new VM:

New-AzureVM -Location 'Central US' -ServiceName 'mx1' -ReservedIPName 'mx1' | New-AzureVM -ServiceName mx1 –ReverseDnsFqdn “mx1.domain.net.”

This gets you a static public and valid reverse DNS. Same applies for a static private address, just different commands. You will eventually need to stop the server, restart it, whatever. I'd highly, highly recommend you get statics on both private and public.

Reply to Thread