Things to consider - moving from testing to production

Technical assistance
1

Hello,

I have been testing Zammad for my use case and loving it so far. I have it running on a Google Compute VM with 4 cores and 16 GB RAM, with notification emails forwarded by Google Workspace SMTP. We are testing from both Agent and Customer points of view, and everything seems smooth.

As we move toward using Zammad for real business communication, what are things I should think about, as far as security and reliability, as a not experienced system admin?

Things I have done, or will do include:

  • SSH only through key files
  • UFW firewall running
  • Automatic certbot renewal of SSL certificate
  • Scheduled VM snapshots through Google Cloud Platform
  • Regular backups through Zammad backup script, stored on Cloud Storage

I’m interested in any and all thoughts from the community. Thank you.

2

Hi,

I am also not an experienced system admin but I would add the following:

  • Change the default ssh port
  • install fail2ban

Cheers,
Gijs

3

Here some ideas we use:

  • We use the RAW Edition of CheckMK to monitor our Zammad Instance (Performance, SSD Space, RAM usage e.g.)
  • changed SSH Port (over 1024, e.g. 65272)
  • use long and complex passwords (not „hello123“)
  • install updates (we update our instance every saturday/sunday)
  • OS updates (in my case Ubuntu) will be installed automatically
  • restrict permission in zammad (reduce all things for the user which do not need it)
  • we are checking with CheckMK the number of administrators (count the members of the admin group)
  • automated backups (we are using Veeam and create backups every day on a separate host and another place)
  • use a firewall to grant access only to 443 (https)
4

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.