This blog post covers Zimbra 10.1 Licensing Server (“LDS”) best practices from the more than 20 Zimbra 10.1 installations/upgrades completed to date, combined with some technical deep-dive sessions and 1:1 conversations with senior engineers at the June 2025 Zimbra Global Partners Summit (where we won — for the second year in a row — Americas VAR Partner of the Year award!).
Zimbra Licensing Level Set
The licensing engine in Zimbra 10.1 and higher is totally new and quite different from the previous xml-file-based licensing. Zimbra calls the older xml-file-based license a “v2” license, whereas the new licensing (“v3”) is no longer an xml file but rather a key comprised of a string of numbers that varies in length.
With a v2 license, if you added more seats, or changed your licensed features mix, Zimbra shipped you a new xml file that you needed to install and activate. Because the v3 licensing engine chats with the Mother Ship every few minutes continuously, changes in licensing take place within a few minutes of Zimbra provisioning them on the back end.
Offline activation is still an option with v3, but requires approval from Zimbra sales, which takes a few days. Defense contractors and similar installations with, for example, air-gapped Zimbra systems will have a few extra steps to go through with offline activation. These extra steps are (at least as of this writing) more annoying than v2 offline activation, but not overly burdensome.
Why Did Zimbra Change Licensing Engines?
Two reasons IMHO:
First, the new licensing engine allows more granular license sales to better fit customers’ desires to purchase only the features they need for only the users who need it.
For example, take a call center with say a 1,250-seat Network Edition Professional license and ~1,000 active agents, many of whom are on six-to-nine month contracts attached to a specific inbound our outbound calling program. After each program ends, the agents are either moved to another program or their contract is just not renewed. But, the call center has a requirement to keep copies of every email for a few years, so the call center creates an Archiving and Discovery mailbox for every agent. Now, we all know that with a Zimbra Network Edition Professional license, you get one Archiving mailbox included. But, over a year or two, that call center may have accumulated perhaps 1,500 Archive mailboxes, so they are out of license compliance.
While there is no technical limitation in the v2 licensing to limit the number of Archive mailboxes, why should the customer be forced to buy a whole bunch of additional Network Edition Professional licenses when all they want is to keep some extra Archive mailboxes around? The customer should be able to buy some lower-cost Archive mailbox licenses, and indeed v3 can empower customers to maintain license compliance at lower cost than under v2. It will also allow Zimbra in the near future to craft and sell more granular “add-on” features at cost-effective prices.
Second… let’s be honest — not every customer has been truthful as regards license compliance, which means such customers aren’t paying their fair share, effectively driving up costs for the rest of us.
LDS Server Installation Best Practices
We recommend deploying LDS on a separate node. It’s inexpensive, as 2 CPU cores, 8GB of RAM and a 50GB hard disk are more than adequate. LDS, now that many of the early-days issues have been sorted, rarely needs to be patched/updated, so having it on a separate node, while not quite “set it and forget it”, means it can just sit there, and you won’t have to worry about service interruptions.
Wait… “service interruptions”?? Yes. For better or worse, if LDS can’t talk to the Mother Ship every few minutes, your Zimbra system goes into a 5-day Grace Period, with a banner presented to web client users. If the LDS server is offline for more than 5 days, Zimbra Network Edition functionality stops working.
We recommend deploying LDS after you have deployed LDAP, Proxy and MTA. LDS must be installed after LDAP 10.1 is installed but before a 10.1 mailbox server is installed in a multi-server environment. An LDS installation needs to create a system identifier to register with the licensing Mother Ship, and it uses LDAP for that. LDS is also at the end of the day, a new Zimbra server in the pool, so like “zmprov gas” will list an LDS server, and an LDS server will also appear in the Monitoring status page in the Admin Console.
We recommend making sure your DNS and networking is up to date and accurate. Like any Zimbra server, the LDS server’s (private) IP should be referenced in an A record so that other Zimbra mailbox servers can find the LDS server. During the Activation process, we have seen with one customer that LDS actually uses telnet to send a pre-encrypted set of packets to the Mother Ship. This customer does not allow telnet on their network, so the Activation failed. The customer deployed Offline Activation instead as a workaround. Note that Offline Activation takes a few days. There is an internal approval process at Zimbra (it’s complicated as to why…) so best to check DNS and networking ahead attempting the upgrade to 10.1 and installing your DLS server.
We recommend checking and rationalizing your Zimbra entitlements before upgrading to Zimbra 10.1. As noted above, a v2 license does not enforce Archive mailbox entitlement limitations (but v3 most certainly does…). If you have a 1,000-seat license and 1,200 Archive mailboxes, and you upgrade to 10.1, LDS will see that you have exceeded your entitlement and Zimbra on the mailbox server(s) won’t start until you fix this!
It’s not just Archiving mailboxes, we saw a customer who was upgrading a system that was licensed with a mix of Network Edition Standard and Professional licensing. Mobile you may recall is not included in NE Standard. The customer had Mobile configured and working for less users than their number of Professional licenses, so technically they were compliant, but after the mailbox server upgrade to 10.1 Zimbra didn’t start. Why? Because in their Classes of Service, Mobile was turned on for everyone.
In other words, v3 looks around to see if things are configured in a way that could allow you to be non-compliant, and if so, well…
Therefore, to help ensure a seamless upgrade, before you upgrade to 10.1 and v3 licensing, be absolutely sure that your Classes of Service are configured to prevent you from even accidentally exceeding your entitlements for Mobile, Archiving, S/MIME, ZCO, EWS and EAS.
One License But Multiple Zimbra Systems
A v3 license gets Activated similarly to a v2 license. If your license does not have an available Activation assigned to it, you won’t be able to Activate the license.
One very cool v3 feature we love for our larger customers who run multiple Zimbra systems (separate LDAP realms) is that the licensing Mother Ship knows total entitlements on the back end — and tracks them across multiple systems. Let’s say you have two totally separate Zimbra systems, one in Paris and one in Tokyo. Let’s also say that the license has 5,000 seats of Network Edition Professional, and the Paris system has 4,500 mailboxes already deployed. You can use the same v3 license key in both locations, just open a Support Case to ask for an additional Activation for Tokyo, and then you can install up to 500 more mailboxes in Tokyo. Suppose you install 495 mailboxes in Tokyo, and then need to add more mailboxes in Paris? No problem, but you can only add 5 mailboxes in Paris (5,000 – [4,500 + 495]) = 5.
Disaster Recovery Best Practices
It used to be that we used the same v2 xml license file for our D/R environment. But, with v3, you need only ask Zimbra to issue you a separate Disaster Recovery v3 license key. Build and Activate the D/R system using this special key, and you can test recoveries as many times as you wish. If you have a 5,000-seat license, you can have 5,000 mailboxes on your Production system, and 5,000 mailboxes on your D/R system no problem. If the Production data center gets hit by a meteor, just change DNS (or however you do the cutover) and you can failover to the D/R site immediately at any time — without needing anything from Zimbra Support.
What about rebuilding the Production environment? For that, you will need to open a Support Case as they will need to do some magic on the back end as regards your Production license. Since fail backs are scheduled, needing to engage Zimbra Support for this task should not be an issue.
Entitlement Changes – Enhanced Ease of Use
With v2 licenses, if you added say 100 seats, or swapped 100 Standard seats for 100 Professional seats, after the order was completed you got a new v2 xml license file sent via email, which then needed to be installed either via the CLI or the Admin Console before your changed entitlements took effect. No more! Once Zimbra completes the order, part of that process includes updating your entitlements on the licensing Mother Ship, so your 100 new Professional seats are available to you much sooner, and you have nothing to do on your end either.
Key Takeaways
v3 licensing in 10.1 more strictly enforces entitlements than v2, which can cause problems with upgrades even for customers who are technically in compliance with their licensing entitlements. But v3 comes with some features that enhance Disaster Recovery and which will enable Zimbra in future to sell more granular add-ons going forward, enabling many customers to lower their licensing costs and/or add features cost-effectively.
One Last Thing…
We are not so happy that LDS presently is a single point of failure. Also, when the LDS software was initially released, it had some bugs that could cause LDS to crash, and which in some cases required us to build a replacement LDS server. The bugs seem now to be sorted; we haven’t had LDS issues of late. Further, Zimbra have indicated that they are exploring opportunities to have LDS High Availability, so that an issue with one LDS server won’t automatically cause all web client users to get a notice that Zimbra is in a 5-day Grace Period.
So while LDS got off to a bit of a rocky start, things seem to be in a better place now — but… when you are doing an upgrade to Zimbra 10.1, you’ve got a bit of licensing-related homework to do to maximize the likelihood of as seamless an upgrade as possible.
If you have any LDS questions, or need help with a Zimbra 10.1 upgrade, please start the conversation by filling out the form below and we’ll follow up straightaway!
Hope that helps,
L. Mark Stone
Mission Critical Email LLC
9 June 2025
The information provided in this blog is intended for informational and educational purposes only. The views expressed herein are those of Mr. Stone personally. The contents of this site are not intended as advice for any purpose and are subject to change without notice. Mission Critical Email makes no warranties of any kind regarding the accuracy or completeness of any information on this site, and we make no representations regarding whether such information is up-to-date or applicable to any particular situation. All copyrights are reserved by Mr. Stone. Any portion of the material on this site may be used for personal or educational purposes provided appropriate attribution is given to Mr. Stone and this blog.