-
Zextras Carbonio 23.6.0
-
-
- Older Version's Changelogs
- Changelog Version 23.2.0
- Changelog version 23.3.0
- Changelog Version 23.4.0
- Changelog Version 23.5.0
- Changelog Version 23.7.0
- Changelog Version 23.6.0
- Changelog version 23.9.0
- Changelog Version 23.10.0
- Changelog for Release 23.11.0 of Carbonio
- Changelog for Release 23.12.0 of Carbonio
-
-
-
-
Carbonio Community Edition
-
Suite for Zimbra
- Zextras Suite documentation
- Introduction
- Installation Instructions for Zextras Suite
- Licencing of Zextras Suite
- File Management for Licences
- Zextras Backup
- Backup and Restore by Zextras
- Zextras Backup Advanced Methods
- Zextras for Mobile
- Service for Address Books
- Troubleshooting Zextras Mobile
- Powerstore Zextras
- The Indexing of Attachments
- Extractor of External Content
- Delegated Admin Provisioning Zextras Admin
- The Zextras Drive
- Docs Zextras
- Authentique Zextras
- Team Zextras
- Video Server Zextras
- CLI
- next (6) back
-
- Changelog for Zextras 3.1.x releases
- Changelog for Zextras Suite 3.2.0
- Changelog for Zextras Suite 3.3.0
- Zextras Suite Changelog - Release 3.4.0
- Changelog for Zextras Suite 3.5.0
- Changelog for Zextras Suite 3.6.0
- Changelog for Zextras Suite 3.7.0
- Changelog for Zextras Suite 3.8.0
- Changelog for Zextras Suite 3.9.0
- Changelog for Zextras Suite 3.10.0
- Changelog for Zextras Suite 3.11.0
- Changelog for Zextras Suite 3.12.0
- Changelog for Zextras Suite 3.13.0
- Changelog for Zextras Suite 3.14.0
- Changelog for Zextras Suite 3.15.0
- Changelog for Zextras Suite 3.16.0
- Changelog for Zextras Suite 3.17.0
- Changelog for Zextras Suite 3.18.0
- Zextras Suite Changelog - Release 3.19.0
- next (4) back
Zextras Mobile Synchronisation for a COS should be enabled.
Take Note of the Settings Hierarchy
User-level settings take precedence over COS-level options.
Allow Zextras Mobile for One User
By enabling the Zextras Mobile Module for a single user, you grant that user access to all of the Zextras Mobile Module’s mobile features.
How to Make Zextras Mobile Available to a Single User
Mobile Passwords and You Mobile Passwords and You
The Mobile Password feature enables Global and Delegated Admins to create a new password for an account that will only be used for Exchange ActiveSync authentications.
The following are the primary advantages of utilising this feature:
- Enforce set-and-forget secure passwords, regardless of any other password policy, so you don’t have to change the password kept on all mobile devices synchronised with an account if the Zimbra password for this account changes.
- Avoid revealing the true password in the event of unauthorised access to the device/client.
A Mobile Password will not be accepted for Webmail/POP3/IMAP/SMTP logins, and neither will the account password.
How to Configure a Mobile Password for a Mailbox
The Zextras Auth module handles mobile passwords; further details may be found in the section Create New Credentials: EAS.
Mobile Device Management is also known as Mobile Provisioning.
What is Mobile Device Management (MDM – also known as provisioning)? Mobile Device Management (MDM – also known as provisioning) allows an administrator to define a set of rules and security settings that are applied Over The Air to one or more mobile devices, ranging from PIN policies to Allowed/Blocked app lists and including one-time commands such as remote device wipe.
MDM enables managers to efficiently regulate and restrict the usage of business mobile devices in order to minimise unsafe or unethical behaviour.
MDM is also a valuable tool for corporate Bring Your Own Device policy, allowing users to connect their own mobile devices to corporate servers while minimising the risk of security breaches.
Provisioning Options Are Available for Your Client
Not every provisioning capability is available on every client. For particular information on the MDM features supported by your device, please consult the manufacturer and internet resources.
MDM and Zextras Suite
Zextras Suite includes comprehensive MDM capabilities through the Exchange ActiveSync protocol version 14+.
Mobile policies may be activated at the COS and mailbox levels, allowing for both one-time setup and user-based customization. Mobile Management Options are provided in both circumstances under the Mobile tab.
Provisioning Alternatives
Provisioning options include the following:
- Enable Mobile Device Management: Select whether or not to utilise mobile policies for the current user/COS.
- Allow non-provisionable devices: Allow the user to synchronise any non-provisionable device.
- Allow for just limited policy enforcement on the device: Allow the user to sync any device that does not support one or more rules.
Policy Enforceability
Enforceable Policies are provided just beneath the Mobile Devices list, and are organised into the following categories:
- Sync Options: Configure the synchronisation spans and limitations.
- Device settings allow you to enable or deactivate device functions such as the camera, WiFi, portable storage, and Bluetooth.
- Device Security Settings: Force an unlock code and specify the code’s minimal criteria.
- Enable or deactivate conventional device programmes such as the browser and POP/IMAP client, as well as unsigned apps.
There are additionally two lists for managing application whitelists and blacklists:
Applications that have been approved
A list of authorised applications that may be customised.
Applications That Are Blocked
A list of prohibited programmes that will not be used on the device.
Password for Mobile Device
The mobile password function, while theoretically identical, is not part of Mobile Device Management and may be used with any version of the EAS protocol.
The SyncStates Zextras Mobile and the SyncStates Zextras
The SyncState (short for Synchronisation Status) is a collection of information concerning synchronisation with a mobile device that is retained on the server. When a device establishes a connection with Zextras Mobile, the following events occur:
- One SyncKey is delivered for each local folder (or a single SyncKey set to ‘0’ if this is the device’s initial connection to the server).
- The server responds with a list of directories that are accessible.
- The server sends one SyncKey per folder.
- To synchronise all due items, the gadget requests an itemSync action.
- The synchronised objects are saved in the SyncState by the server.
- Following the completion of the itemSync operation, the device sends a ‘ping’ instruction to maintain the connection.
- Step 4 is performed as long as there are no modifications to the synced account.
- The SyncState variable changes.
- A client-side sync is required.
- The current ping expires, and the device sends a fresh one (the client specifies the keepalive time).
Mobile DoS Filter by Zextras
- The Mobile DoS Filter is completely set through CLI, and the following characteristics are used:
- mobileAntiDosServiceEnabled: the Mobile DoS Filter service is enabled. The default value is false;
- mobileAntiDosServiceJailDuration: synchronisation “jail” duration (in milliseconds). 600000 is the default value.
- To compute the connection ratio, use the mobileAntiDosServiceTimeWindow period of time. If a device submits more than mobileAntiDosServiceMaxRequests requests in this time interval, the prison is activated. 30000ms is the default value.
- mobileAntiDosServiceMaxRequests specifies the maximum number of requests that may be received within the mobileAntiDosServiceTimeWindow milliseconds. The default value is 150.
How Does a Mobile DoS Filter Work?
Autodiscover by Zextras
Shared Folders and You (together with Your Mobile)
Syncing a Shared Folder to Your Mobile Devices
Enable Shared Folder Mobile Synchronisation
- Access the Zimbra Web Client.
- To sync, right-click the shared folder.
- In the drop-down option, select Folder Sync Settings.
- Mark the checkbox Check the Enable synchronisation for this folder box.
- Click OK.
Disable Shared Folder Mobile Synchronisation
- Access the Zimbra Web Client.
- To sync, right-click the shared folder.
- In the drop-down option, select Folder Sync Settings.
- Uncheck the box Check the Enable synchronisation for this folder box.
- Select OK Restrictions.
Filters for EAS
The EAS Filter’s Anatomy
EAS Filter Administration
Account Loggers for Mobile Devices
- The desired account.
- The log’s log_level (verbosity).
- The log_file is dedicated.
- While the logger is active, the window_size will be enforced on all devices synchronising with the account.
ABQ – Device Control Allow/Block/Quarantine ABQ Service
- a List of Device Controls
- an Authentication Engine
- a collection of CLI utilities
Modes ABQ
- If the device/user couple is not in the device list but is in the “allowed” list, synchronisation will proceed.
- If the device/user couple is not in the device list but is in the “allowed” list, synchronisation will proceed.
- If the device is not in the “allowed” list, synchronisation will be halted, a dummy email informing the user of the device’s “Quarantine” status will be sent, and the connection will be put to “Quarantine” status.
- If the device/user pair or the device alone is on the “allowed” list, synchronisation will proceed.
- If the device is not in the “allowed” list, the synchronisation will be marked as “Blocked,” no data will be synchronised, and a bogus email informing the user of the device’s “Blocked” status will be sent.