Difference between revisions of "SME Server wishlist"

From SME Server
Jump to navigationJump to search
 
(39 intermediate revisions by 11 users not shown)
Line 7: Line 7:
 
<span style="color: red;">Please append your name at end of your post. Thanks.</span>
 
<span style="color: red;">Please append your name at end of your post. Thanks.</span>
  
 +
== SME Server 9.0 ==
  
== Must have ==
+
SME Server 9.0 is in final productisation, bugfixes and translations only.
* <span style="color: grey;"><strike>a governance of one or more persons as the debian way.....we need a leader (Stephdl)</strike> -> [[The_future_of_SME_Server|The Future of SME Server]]</span>
 
* <span style="color: grey;"><strike>publication of expenses and revenues to determine the needs and provide confidence how the money is spent .... with this I can know if I should give more (Stephdl).</strike></span>
 
** Getting organised on this  -> [[The_future_of_SME_Server|The Future of SME Server]]
 
  
 +
== SME Server 9.1 ==
  
== Nice to have ==
+
SME Server 9.1 is likely to be based on CentOS 6.6 maybe during summer 2014.
{{Note box| SME 9.0 is just moving SME 8.0 onto a CentOS 6 base. No new features are planned.<br>
+
 
SME 9.1 will be open for new features that have a credible development plan.<br>For now the current events and efforts are geared towards a transition from SME8 to SME9 'as is'}}
+
* Webmail
 +
** Webmail is Core
 +
** For SME Server 9.1 Horde 5.x is the default for core. See [[bugzilla:6653|Bug 6653]]
 +
 
 +
* Partial Samba 4 support
 +
** What can be achieved in the next 3 months?
 +
** See See [[bugzilla:8075|Bug 8075]]
 +
 
 +
* Minor improvements to Backup - Restore (Ian)
 +
** My improvements to Backup Restore did not make the 9.0 development freeze.
 +
 
 +
== SME Server 9.X ==
 +
* Add additional secure VPN solution (OpenVPN?). Default PPTP VPN is proven insecure. (waves to NSA)
 +
 
 +
Open. Need to select from the nice-to-have below
  
 +
== SME Server 10.X ==
  
 +
SME Server 10.0 is likely to be based on CentOS 7.0
 
* Move server manager to Mojolicious
 
* Move server manager to Mojolicious
** From Charie on Devinfo 
+
** Background reading [http://en.wikipedia.org/wiki/Mojolicious Mojolicious].  
** Please everybody, go and have a look at [http://en.wikipedia.org/wiki/Mojolicious Mojolicious]. It's what I strongly recommend for new UI developments. Very, very well maintained and tested.
+
** See [[bugzilla:7819|Bug 7819]]
 +
** task queuing would be a must [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
** integrate user-manager and delegation in its design [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
 
 +
* Full Samba 4 support (David Harper)
 +
** Investigate the implications for the SME ecosystem of moving to Samba 4 (e.g. currently UNIX accounts are used for authentication but for Samba 4 all auth would have to be done through Active Directory - e.g. IMAP, webmail, VPN etc.)
 +
** Would likely require BIND 9 instead of dnsmasq
 +
 
 +
 
 +
* Finish LDAP auth, and use as default going forward (mrjhb3)
 +
** having full user and group in LDAP would allow comprehensive management of users over multiple servers [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
  
  
* Webmail (Ian)
+
* Webmail
** Decide if webmail is Core or Contrib  - I vote for Core (mrjhb3) - If you don't want these comments here, then please delete.
+
** Choose the webmail solution that will be in the core for SME Server 10. Alternatives will be contribs.
** Investigate the webmail solutions available, and features such as activesync  (Horde 5.1 is supposed to support MS EAS 14.1, 5.2 adds some additional features - mrjhb3)
 
** Decide which webmail should be in core, if any
 
 
*** Zarafa oh yé [[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]])
 
*** Zarafa oh yé [[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]])
*** Horde 5.x - would make the most sense as a direct upgrade to 8.x and has free sync to Outlook via Funambol (David Harper) I have this working, so after 9 is released, the community can decide if we stay on this path for 9.x.  (mrjhb3)
+
*** Horde 5.x - has free sync to Outlook via Funambol (David Harper) I have this working (mrjhb3)
 
*** eGroupware It will be my choice --[[User:Larieu|Larieu]] ([[User talk:Larieu|talk]]) 03:35, 6 February 2013 (MST) - I think this is a good starting point to compare [http://www.linuxplanet.com/linuxplanet/reviews/7289/1 compare]
 
*** eGroupware It will be my choice --[[User:Larieu|Larieu]] ([[User talk:Larieu|talk]]) 03:35, 6 February 2013 (MST) - I think this is a good starting point to compare [http://www.linuxplanet.com/linuxplanet/reviews/7289/1 compare]
 +
<br />
 +
 +
* ibays
 +
**merge ibays with Shared folders [[Bugzilla:9568]][[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
**The contrib Shared folder offers many new features which enhance a lot the file sharing. We will be winners  if we can have this contrib in the sme core
 +
**finish tmp folder integration [[Bugzilla:9568]] [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
**better integration of php and httpd setting per ibay [[Bugzilla:]] [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
 +
 +
* Cloud awareness (HF)
 +
** Market development and usage of services and software are changing quickly. One of them being 'Cloud' and all xaaS related services
 +
** Being able to deploy SME Server as a Virtual Machine (VPS) in ServerGateway mode with an ISP that only offers 1 Network interface
 +
** Patch available, Proof of concept applied on production servers [[bugzilla:7200|Bug 7200]]
 +
** ease backup to cloud [[Bugzilla:9517]] [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
 +
 +
* New VPN Approach [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
**this should include OpenVPN and IPSec  [[Category:VPN]]
 +
** OpenVPN Bridge (Credit: Daniel)
 +
** [[OpenVPN_Bridge]] is a much wanted feature, and could be considered as a Core feature
 +
** Remote workers, home office, road-worriers is a very common way of working today
 +
***Bravo daniel openvpn-bridge+openvpn-s2s integrated as core system [[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]])
 +
***I subscribe also for any core development which support openVPN client with default user/passfrom LDAP [[User:Larieu|Larieu]] ([[User talk:Larieu|talk]])
 +
 +
 +
*SSL Certificates
 +
** integrate Let'sencrypt certificates [[Bugzilla:8676]]  [[Bugzilla:9196]]  [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
** redesign apache configuration to handle SNI [[Bugzilla:1775]]  [[Bugzilla:8693]] [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
** panel for certificates [[Bugzilla:9196]] [[Bugzilla:8185]] [[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
 +
*Backups
 +
** encrypted backup (for cloud purpose and others)[[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
** Integrate AFFA 3 contrib into core SME for doing remote backups via rsync and migrating SME boxes to new hardware / versions. (I have done many migrations for SME6 -> 7, SME 7 -> 8 and SME 8 -> 9. It just works!) [[User:Svsleuwen|Svsleuwen]] ([[User talk:Svsleuwen|talk]])
 +
 +
 +
*MTA to MTA delivery
 +
** implement encrypted sending of emails [[Bugzilla:9349]][[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
** find a way to adapt to new smarthosts [[Bugzilla:9050]][[User:Unnilennium|Unnilennium]] ([[User talk:Unnilennium|talk]])
 +
 +
== SME Server 11.X ==
 +
SME Server 11.0 is likely to be based on Rocky 8.X
 +
 +
 +
Prerequesite to start
 +
 +
* a koji builder
 +
* moving sources to git
 +
 +
 +
For the server
 +
 +
* finish Mojolicious server-manager integration
 +
* integrate SSL certificate handling in manager
 +
 +
* Finish LDAP auth, and use as default going forward
 +
** having full user and group in LDAP would allow comprehensive management of users over multiple servers
 +
 +
* remove Horde, use roundcube as default
 +
* easing switching between webmail software
 +
* change DNS stack to bind
 +
* change Qmail to Postfix keeping qpsmtpd
 +
* moving service name from httpd-e-smith to httpd
 +
* moving httpd user from www to the standard apache
 +
* rethink the apache auth to make it pluggable (eg: allow adding a geoip filter)
 +
* Support IEEE 802.1Q, which will allow companies to create VLAN (separate business critical LAN from Guest LAN)
 +
 +
== SME Server 12.x ==
  
 +
* IPv6
 +
* new firewall using Shorewall
 +
* multiple network interface
 +
* rethink the backup management
  
 +
== Nice to have ==
  
 
* IPV6 (Ian)
 
* IPV6 (Ian)
Line 38: Line 133:
  
  
 
+
* DNS Block - [[Pihole]] available on SME10
* Samba 4 (David Harper)
+
** Allow more control on what DNS enters in your LAN to protect from malware and adds
** Decide whether Samba 4 is going to be production ready for the SME 9 dev cycle
+
** See also https://wiki.koozali.org/DNS_Block and https://wiki.koozali.org/DNS_Stack
** Investigate the implications for the SME ecosystem of moving to Samba 4 (e.g. currently UNIX accounts are used for authentication but for Samba 4 all auth would have to be done through Active Directory - e.g. IMAP, webmail, VPN etc.)
 
** Would likely require BIND 9 instead of dnsmasq
 
  
  
Line 48: Line 141:
 
** Investigate ways of promulgating network-wide UNIX UID & GID - LDAP or AD based
 
** Investigate ways of promulgating network-wide UNIX UID & GID - LDAP or AD based
 
** Would allow for "roaming profile" like setups for clients like Ubuntu and CentOS Desktop
 
** Would allow for "roaming profile" like setups for clients like Ubuntu and CentOS Desktop
 +
** David, would you be able to work on a smeserver-nfs as a contrib and I would support change to the core where needed to make this work. (Ian)
  
  
Line 57: Line 151:
  
  
* Cloud awareness (HF)
+
 
** Market development and usage of services and software are changing quickly. One of them being 'Cloud' and all xaaS related services
+
* Re-ordered server configuration pages (HF)
** Being able to deploy SME Server as a Virtual Machine (VPS) in ServerGateway mode with an ISP that only offers 1 Network interface
+
** Start with server role, then continue with existing order (POC available)
** Patch available, Proof of concept applied on production servers [[bugzilla:7200|Bug 7200]]
+
** Add new server role 'Hosted virtual server'. If only 1 NIC present, a second dummy will be used, otherwise usual server/gateway mode (POC available)
 +
 
  
 
* Delegation - into core (larieu)
 
* Delegation - into core (larieu)
Line 74: Line 169:
 
*** to be able to delegate access to some panels  
 
*** to be able to delegate access to some panels  
  
* OpenVPN Bridge (Credit: Daniel)
+
 
** [[OpenVPN_Bridge]] is a much wanted feature, and could be considered as a Core feature
 
** Remote workers, home office, road-worriers is a very common way of working today
 
***Bravo daniel openvpn-bridge+openvpn-s2s integrated as core system [[User:Stephdl|Stephdl]] ([[User talk:Stephdl|talk]])
 
***I subscribe also for any core developement which support openVPN client with devault user/passfrom LDAP [[User:Larieu|Larieu]] ([[User talk:Larieu|talk]])
 
  
 
* Git (Marco Hess)
 
* Git (Marco Hess)
Line 91: Line 182:
 
* chpst (wellsi)
 
* chpst (wellsi)
 
** Make a decision on chpst vs softlimit (runit rather than daemontools). See [[bugzilla:509|Bug 509]]
 
** Make a decision on chpst vs softlimit (runit rather than daemontools). See [[bugzilla:509|Bug 509]]
 
 
* Re-ordered server configuration pages (HF)
 
** Start with server role, then continue with existing order (POC available)
 
** Add new server role 'Hosted virtual server'. If only 1 NIC present, a second dummy will be used, otherwise usual server/gateway mode (POC available)
 
  
  
Line 103: Line 189:
 
* 2 WAN + 2 LAN  
 
* 2 WAN + 2 LAN  
 
** 2 WAN - nowadays you have one terrestrial internet connection and for shure good plans from GSM company (Wireless one - but with ETH connection for the whole house) - why to not have 2 WAN
 
** 2 WAN - nowadays you have one terrestrial internet connection and for shure good plans from GSM company (Wireless one - but with ETH connection for the whole house) - why to not have 2 WAN
** 2 LAN - one for "normal" LAN and one for guest / wireless access - or VLAN support - multimple LAN
+
** 2 LAN - one for "normal" LAN and one for guest / wireless access - or VLAN support - multiple LAN
 +
*** Nice to have 2 LAN, but to have VLAN  on a single physical network we need to supporting IEEE 802.1Q. See my request in SME Server 11.X
 +
 
  
 +
* ARM processor support (Mike)
 +
* A Rolling release version of the SME-Server
 +
* JMAP support (JSON Meta Application Protocol Specification)
 +
** For more information on JMAP see http://jmap.io
 +
* Wireguard VPN *in kernel since 3/20 (Seems to be a very professionally scripted new and opensource VPN solution that is a big improvement over OpenVPN and it is also much easier to setup/integrate)
  
  
* Finish LDAP auth, and use as default going forward (mrjhb3)
+
* journaled quota (larieu)
 +
** standard used kernel supports the journaled quota but it seems that the default option is standard non-journaled quota ( even it is recommended to use journaled )
  
== Idea's and suggestions ==
+
== Ideas and suggestions ==
 
* Setup the contribs site with a more prominent download page where after the download the user is prompted for donations or signup to Email newsletters. I just noticed how Eclipse was doing that after you downloaded a Eclipse package. http://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/juno/SR1/eclipse-cpp-juno-SR1-win32-x86_64.zip&mirror_id=1051 (MarcoHess)
 
* Setup the contribs site with a more prominent download page where after the download the user is prompted for donations or signup to Email newsletters. I just noticed how Eclipse was doing that after you downloaded a Eclipse package. http://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/juno/SR1/eclipse-cpp-juno-SR1-win32-x86_64.zip&mirror_id=1051 (MarcoHess)
* Figure out whether the Dungog tools are abandonware and if so whether they can be released under an open source licence (David Harper)
+
 
** We simply need to ask Stephen [[User:RequestedDeletion|RequestedDeletion]] ([[User talk:RequestedDeletion|talk]]) 22:28, 4 February 2013 (MST)
+
---
** Just emailed him as I have had recent communications [[User:ReetP|ReetP]] ([[User talk:ReetP|talk]]) 10.30, 5 Feb 2012 (CET)
+
[[Category:Categorisation]]
<noinclude>[[Category:SME9-Development]]</noinclude>
+
[[Category:SME10-Development]]
 +
[[Category:SME11-Development]]

Latest revision as of 07:21, 25 October 2024

This page tries to catch all ideas and serves as a centralised overview of user submitted new or enhanced SME Server features suggestions.

Please note down your thoughts in a simple 1 liner. Further in depth discussions can be done on the devinfo mailinglist and the discussion mailing list.

This 'wishlist' is what it is, a list of wishes. Nothing more, nothing less. Which ones are 'in' or 'out' should be decided by the community on the mailing lists. All suggestions are about SME Server in general and not targeted specifically towards any one version of SME Server. A feature or suggestion that has been decided on to be included in a version will be logged in our Bug Tracker. Please join in.

Please append your name at end of your post. Thanks.

SME Server 9.0

SME Server 9.0 is in final productisation, bugfixes and translations only.

SME Server 9.1

SME Server 9.1 is likely to be based on CentOS 6.6 maybe during summer 2014.

  • Webmail
    • Webmail is Core
    • For SME Server 9.1 Horde 5.x is the default for core. See Bug 6653
  • Partial Samba 4 support
    • What can be achieved in the next 3 months?
    • See See Bug 8075
  • Minor improvements to Backup - Restore (Ian)
    • My improvements to Backup Restore did not make the 9.0 development freeze.

SME Server 9.X

  • Add additional secure VPN solution (OpenVPN?). Default PPTP VPN is proven insecure. (waves to NSA)

Open. Need to select from the nice-to-have below

SME Server 10.X

SME Server 10.0 is likely to be based on CentOS 7.0

  • Full Samba 4 support (David Harper)
    • Investigate the implications for the SME ecosystem of moving to Samba 4 (e.g. currently UNIX accounts are used for authentication but for Samba 4 all auth would have to be done through Active Directory - e.g. IMAP, webmail, VPN etc.)
    • Would likely require BIND 9 instead of dnsmasq


  • Finish LDAP auth, and use as default going forward (mrjhb3)
    • having full user and group in LDAP would allow comprehensive management of users over multiple servers Unnilennium (talk)


  • Webmail
    • Choose the webmail solution that will be in the core for SME Server 10. Alternatives will be contribs.
      • Zarafa oh yé Stephdl (talk)
      • Horde 5.x - has free sync to Outlook via Funambol (David Harper) I have this working (mrjhb3)
      • eGroupware It will be my choice --Larieu (talk) 03:35, 6 February 2013 (MST) - I think this is a good starting point to compare compare



  • Cloud awareness (HF)
    • Market development and usage of services and software are changing quickly. One of them being 'Cloud' and all xaaS related services
    • Being able to deploy SME Server as a Virtual Machine (VPS) in ServerGateway mode with an ISP that only offers 1 Network interface
    • Patch available, Proof of concept applied on production servers Bug 7200
    • ease backup to cloud Bugzilla:9517 Unnilennium (talk)


  • New VPN Approach Unnilennium (talk)
    • this should include OpenVPN and IPSec
    • OpenVPN Bridge (Credit: Daniel)
    • OpenVPN_Bridge is a much wanted feature, and could be considered as a Core feature
    • Remote workers, home office, road-worriers is a very common way of working today
      • Bravo daniel openvpn-bridge+openvpn-s2s integrated as core system Stephdl (talk)
      • I subscribe also for any core development which support openVPN client with default user/passfrom LDAP Larieu (talk)


  • Backups
    • encrypted backup (for cloud purpose and others)Unnilennium (talk)
    • Integrate AFFA 3 contrib into core SME for doing remote backups via rsync and migrating SME boxes to new hardware / versions. (I have done many migrations for SME6 -> 7, SME 7 -> 8 and SME 8 -> 9. It just works!) Svsleuwen (talk)


SME Server 11.X

SME Server 11.0 is likely to be based on Rocky 8.X


Prerequesite to start

  • a koji builder
  • moving sources to git


For the server

  • finish Mojolicious server-manager integration
  • integrate SSL certificate handling in manager
  • Finish LDAP auth, and use as default going forward
    • having full user and group in LDAP would allow comprehensive management of users over multiple servers
  • remove Horde, use roundcube as default
  • easing switching between webmail software
  • change DNS stack to bind
  • change Qmail to Postfix keeping qpsmtpd
  • moving service name from httpd-e-smith to httpd
  • moving httpd user from www to the standard apache
  • rethink the apache auth to make it pluggable (eg: allow adding a geoip filter)
  • Support IEEE 802.1Q, which will allow companies to create VLAN (separate business critical LAN from Guest LAN)

SME Server 12.x

  • IPv6
  • new firewall using Shorewall
  • multiple network interface
  • rethink the backup management

Nice to have



  • NFS server (David Harper)
    • Investigate ways of promulgating network-wide UNIX UID & GID - LDAP or AD based
    • Would allow for "roaming profile" like setups for clients like Ubuntu and CentOS Desktop
    • David, would you be able to work on a smeserver-nfs as a contrib and I would support change to the core where needed to make this work. (Ian)


  • High Availability (HF)
    • Initial HA based on 2-node fail-over, active/standby cluster involving 2 SME Servers
    • Only supervised services are monitored and HA aware
    • Includes real-time replication of data between the 2 nodes (LAN/WAN Raid1 based on DRBD)
    • Proof of concept available


  • Re-ordered server configuration pages (HF)
    • Start with server role, then continue with existing order (POC available)
    • Add new server role 'Hosted virtual server'. If only 1 NIC present, a second dummy will be used, otherwise usual server/gateway mode (POC available)


  • Delegation - into core (larieu)
    • Server roles - support by default for "split" servers
      • one approach is PDC + mail only + ftp only...
        • in this scenario if you declare server 2 mail only and you set on the primary mx.domain.tld remote x.x.x.x both must work in tandem as one
        • the main one should not keep any mail all related tasks to mail should be delegate to the second one, the second one should receive and maintain local backup user data from main one
      • another approach is PDC Main branch + backup PDC + branch server 1 + branch server 2 ....
        • in this scenario you have the main with HA backup + subdomain1.domain.tld should contain everything for your subdomain inclusive local authentication + mails of users (+ VPN s2s between master and subdomains - star scenario) but users data should be set only on main one, the server-manager on subdomain should have only local users
    • user role delegation - now you can achieve this by separate contrib
      • to be able to delegate user administration for group / domain /...
      • to be able to delegate ibay administration
      • to be able to delegate access to some panels


  • Git (Marco Hess)
    • Move the development of SME Server and SME Contribs to a more modern version controls system like Git instead of CVS.
    • Some work/investigation has already be done https://github.com/smeserver a few years ago.


  • Minimise Required Reboots (Marco Hess)
    • It would be nice if a contrib package on install (or upgrade) could flag that the full blown signal-event post-upgrade and signal-event reboot is not required.


  • chpst (wellsi)
    • Make a decision on chpst vs softlimit (runit rather than daemontools). See Bug 509


  • 2 WAN + 2 LAN
    • 2 WAN - nowadays you have one terrestrial internet connection and for shure good plans from GSM company (Wireless one - but with ETH connection for the whole house) - why to not have 2 WAN
    • 2 LAN - one for "normal" LAN and one for guest / wireless access - or VLAN support - multiple LAN
      • Nice to have 2 LAN, but to have VLAN on a single physical network we need to supporting IEEE 802.1Q. See my request in SME Server 11.X


  • ARM processor support (Mike)
  • A Rolling release version of the SME-Server
  • JMAP support (JSON Meta Application Protocol Specification)
  • Wireguard VPN *in kernel since 3/20 (Seems to be a very professionally scripted new and opensource VPN solution that is a big improvement over OpenVPN and it is also much easier to setup/integrate)


  • journaled quota (larieu)
    • standard used kernel supports the journaled quota but it seems that the default option is standard non-journaled quota ( even it is recommended to use journaled )

Ideas and suggestions

---