May 13, 2009

Project Review: eBox Platform

With the latest version I have flawlessly setup DHCP and DNS on three networks for my testing purposes.  I have used the TFTP and Samba services to provision devices.  I have setup eBox as a backup MTA for three domains.  I use the eGroupware for project management.  While I do not use the Domain Controller option it has been useful at other customers sites.  The VPN service is amazing and it just creates a package with all the needed info.  The webserver comes in handy for moving files and provisioning IP-Phones.

If I had to pick on eBox it would be difficult.  DHCP to DNS dynamic host mapping would be nice but I use static leases for devices I am working on.  The speed of the administration interface is not the quickest but to be fair it should be installed on a pretty fast server as it provides so many services.


From the website...

Core features

eBox core features are implemented to ensure the security of the platform, the availability of its services and the integrity of the data. It includes a module to make configuration and full backup and be able to restore all services supported in eBox. The administration interface allows to update components of both eBox and the operating system (Ubuntu or Debian). Events allow to receive alerts on issues through different transport methods and logs keep the information of the system to be able understand the cause of the problems and create reports.

User Management Center

An LDAP server stores user and group accounts, which are shared by all the modules that need them. eBox provides also with a Primary Domain Controller, allowing Windows machines to authenticate against it and making roaming profiles available.

This feature uses: OpenLDAP and Samba

Shared Resource Manager

eBox can act as a file and printers server in a Windows network, allowing for the definition of different levels of permissions for users and groups and the backup of critical files and data.

This feature uses Samba and CUPS

Communication Center

eBox can act as an email server, store mailboxes, filter non-desired mail and viruses, or simply act as a mail relay with the mail filter at your choice. Furthermore, it provides an Instant Messaging system for the corporate environment, allowing the connection with the world-wide jabber IM network and the adjustment of the needs of jabber users and administrators.

This feature uses: Postfix, Spamassassin, ClamAV and Jabber

Network Gateway

Network management in eBox is based on objects which allow a high level management of IP addresses, easing the administration of the firewall and other tools. Network interfaces in the machine are configurable through the eBox administration interface. It is possible to create virtual interfaces, 802.1q-enabled trunk interfaces and also set up the default gateway, static routes and dns servers. eBox can balance the network load among several interfaces and make traffic shaping to different traffic flows in order to ensure the Quality of Service (QoS). It has a secure default configuration and lets the administrator filter packets, do NAT and manage the access to all services provided by other eBox modules. eBox provides a caching HTTP proxy that speeds up web browsing and lets the administrator choose what contents can be accessed by each user by filtering pages based on content and black lists. It allows custom file extension and MIME filter as well.

This feature uses: Squid, DansGuardian, Netfilter/Iptables and Iproute2

Infrastructure Manager

eBox supports the 802.1q protocol supported by most switches, allowing to have network interfaces on several VLANs through one physical network interface. It also includes a DHCP server allowing for the management of IP address ranges and the assignment of IPs based on MAC addresses. eBox can also act as an NTP server and synchronise its time and date with external NTP servers. The DNS server included in eBox allows customise your name resolution and integrate with the remainder parts. A Web server is provided to simply share public information by users using HTTP and Samba. A certificate authority is also integrated allowing for the configuration of VPNs to securely connect remote sites and road warriors.

This feature uses: ISC DHCP, NTP, Bind, Apache, OpenSSL and OpenVPN




I would rate this project as a must use.  Just as a backup MTA it is priceless.  Features can be disabled or enabled to fit your need so give it a try...

Click Here!