The Company
Founded in 1892, the Doctors’ Association of the Canton of Geneva (AMGe) is a non-profit association representing more than 3,000 members, most of which are in private practice.
The AMGe defends the interests of its members by promoting freedom, independence, and high quality medicine. The association represents members before federal and local authorities, insurers, and health partners. It also communicates information on health matters and policies to Geneva’s population.
The Challenge
AMGe was looking for a mail solution to host at their headquarters that was secure, reliable, and at the same time simple to use for its members.
Medical professionals are required to maintain full confidentiality, which extends to electronic communications. For that reason, the association wanted an on-premises solution that would ensure data privacy.
As important as protecting against unauthorized access was protecting against data loss and system unavailability. If anything went wrong, a backup must allow AMGe to restore all data and be available to take over as soon as possible. Any backup solution must also offer good integration with third-party cloud and off-site backup options for added redundancy.
The members use Windows 7, 8.1, and 10, Linux, macOS, and Apple and Android devices. In order to ensure a high adoption rate, any solution had to support all these devices.
For the same reason, doctors needed to be able to implement the solution quickly and easily. The best way to achieve this was to ensure that it was compatible with the mail clients they already used.
With members distributed throughout the Geneva region, the provider must be able to deliver support remotely in a timely and cost-effective manner.
Mail servers continually store, delete, and modify small amounts of data. With these workloads, the solution needed fast disk access to ensure consistent performance for all users.
The Solution
A three-year cost projection was conducted examining multiple solutions. Most incurred yearly licensing costs, while the free and open source options required hiring a full-time administrator for daily maintenance. Both types of solutions were considered too costly to implement.
AMGe finally turned to Synology-approved systems integrator IT-Awareness for help. After hearing AMGe’s requirements, IT-Awareness decided on Synology MailPlus for its simplicity, value for money, and easy integration.
MailPlus is hosted entirely on Synology NAS, providing 100% data ownership. Synology’s private cloud solution helped the association avoid the potentially insecure and unstable storage of public cloud-based solutions, thus meeting members’ security and confidentiality requirements. It also allowed AMGe to implement its preferred third-party encryption solution, ensuring security in transit.
Availability and performance
Seven Synology NAS servers were used to build an email system that includes an LDAP cluster for domain and account management, a main MailPlus Server cluster, a dedicated MailPlus Server cluster for incoming communications, and a backup server.
All three clusters in the system run in high-availability configurations, with a passive server in each ready to take over when the active of the two units experiences planned or unexpected downtime. Each of the three clusters is also protected against data loss by versioned backups to a dedicated server.
To host the main MailPlus High Availability (HA) cluster, two all-flash FS3400 were selected for their lightening-fast performance. Hot spares allow for fast replacement of SSDs while a configuration with Synology’s proprietary F1 RAID protects against several flash drives failing simultaneously.
Configured for redundancy
The main MailPlus cluster serves as an SMTP and IMAP server that handles all internal and outgoing email traffic, as well as user access to emails using desktop clients, mobile apps, and a webmail interface. Outgoing emails first pass through a third-party server cluster that provides proprietary encryption of content for communications to addresses that support this.
A smaller MailPlus HA cluster of two four-bay RS1619xs+ units is exposed to the internet and dedicated to receiving and transferring incoming mail, both encypted and unencrypted. It passes emails on to the proprietary encryption cluster, which decrypts protected emails before delivering them to the main MailPlus cluster.
A final pair of RS1619xs+ units runs Synology LDAP Server, a required component of MailPlus HA that provides user credentials to the main MailPlus cluster. These units are configured as a Synology High Availability (SHA) cluster. The cluster also runs DSM Log Center to monitor all services on the network and connects with third-party mail clients used by some AMGe members.
Built-in data protection
To back up the three clusters in its email system, the association uses the RS3617RPxs, a 12-bay unit with redundant power supply, in combination with two of Synology DiskStation Manager’s powerful and license-free backup solutions.
Snapshop Replication helps protect large pools of fast-changing data by creating almost instantaneous snapshots. With intervals of as low as every 5 minutes, it helps organizations reduce their Recovery Point Objective. AMGe uses this Synology package to generate frequent backups of the crucial data on the main MailPlus cluster, reducing the risk of losing emails.
Synology Hyper Backup offers a wealth of backup destinations while helping to minimize storage use with block-level incremental backups and deduplication technology. The association uses Hyper Backup to make efficient traditional backups of the main cluster, as well as the smaller LDAP and incoming mail clusters.
Both solutions are configured to encrypt all backup data to ensure robust data security.
As a final layer of data protection, AMGe uses Hyper Backup’s off-site backup functionality to store secondary copies of its backups on the RS3617RPxs to an OpenStack Swift storage provider elsewhere in Switzerland.
Seamless user migration
Many of AMGe’s users accessed their emails through the Thunderbird desktop client. To start using the new email solution, these users needed to do little more than enter their email addresses passwords to automatically retrieve IMAP settings.
Email configuration for iOS and Android devices was also simple, fast, and did not require technical skills on the part of members. Users were sent a link to download the MailPlus app from Google Play or the App Store and only needed to enter their LDAP usernames and passwords to complete the setup.
Some members used MailPlus’ intuitive webmail interface to access their emails from popular web browsers as they would with public cloud solutions.
As the new deployment consisted mainly of server-side upgrades and required minimal actions on the side of the members, the adoption rate was very high.
With a robust email system powered by Synology MailPlus, AMGe members have quick and easy access to their communications while enjoying the security of an on-premises solution.
Credit by: Synology