Skip to content
Technology

Enterprise-grade by architecture

grommunio scales from a single server to clustered, highly-available deployments behind your load balancer — without ever giving up the protocols and clients your organization already depends on.

Try the live demo Read the documentation
100,000+
Users per deployment
Active/active
High availability
MAPI/HTTP
Native Outlook
OIDC · SAML
Modern single sign-on
Architecture

Built to scale out

A Linux-native, service-oriented core engineered for density and growth — add capacity by adding nodes.

Cluster-ready

Run grommunio across multiple nodes. Stateless application services scale out horizontally — more nodes simply means more capacity.

Load-balancer friendly

Put any standard L4/L7 load balancer in front. Sessions aren't pinned to a single node, so traffic distributes cleanly with no sticky-session gymnastics.

Highly available

Active/active and active/passive topologies, health checks and automatic failover keep mailboxes online through node loss and maintenance.

Scalable data tier

A MariaDB/Galera-backed metadata layer and a scalable message store you can replicate and cluster independently of the application tier.

Separation of concerns

MTA, store, web and sync are independent services — scale, isolate, monitor and update each one on its own.

Linux-native performance

A lightweight C/C++ core (gromox) built for efficiency — thousands of mailboxes per node, without the overhead.

High availability

Real HA, the way operations teams build it

Beyond load balancing — grommunio runs on the proven Linux high-availability stack for genuine fault tolerance, not just redundancy on paper.

  • Corosync & Pacemaker Build true high-availability clusters on the established Linux HA stack — Corosync for cluster messaging and membership, Pacemaker for resource management and orchestration.
  • Automatic failover & fencing Resources relocate automatically when a node fails, with STONITH/fencing for split-brain protection and data integrity.
  • Replicated & shared storage Pair with DRBD, shared SAN/NAS or a clustered database tier so no single node is a point of failure.
  • Active/active or active/passive Choose the topology that matches your SLA — scale-out throughput or a warm standby ready to take over.
  • Rolling maintenance, zero downtime Patch and upgrade one node at a time while the cluster keeps serving users.
  • Geo-redundancy Stretch clusters or replicate across sites and data centers for disaster recovery.
Cloud-native

Cloud-native by design

grommunio embraces cloud-native principles, so it deploys, scales and heals the same way modern infrastructure does.

  • Container-ready Official container images run on Docker, Podman and Kubernetes — orchestrate grommunio like any other cloud-native workload.
  • Stateless services Application components keep no local state, so they scale out (and back in) horizontally and recover instantly.
  • Shared-nothing or shared-storage Cluster the way that fits your infrastructure — a shared-nothing cluster with replicated per-node storage, or a shared-storage cluster on a common SAN/NAS. grommunio supports both equally.
  • Scale on demand Add or remove replicas to match load, with rolling deployments and your orchestrator’s autoscaling.
  • Declarative & automatable Configuration-as-code and a management API make deployments reproducible and CI/CD-friendly.
  • Runs anywhere The same artifacts run on-premises, in your private cloud, in public cloud, or in a sovereign environment — no lock-in.
Protocols & compatibility

Every protocol, no compromise

grommunio speaks the same protocols as Microsoft Exchange, so your existing clients connect natively — nothing to install, nothing to migrate away from.

  • MAPI/HTTP — native Outlook Outlook for Windows connects natively over MAPI/HTTP (and RPC/HTTP), exactly as it would to Exchange. No plugins, no connectors, no middleware.
  • Exchange Web Services (EWS) Rich interoperability for clients and integrations that speak EWS, including eM Client, Outlook for Mac and macOS Mail.
  • Offline Address Book (OAB) The global address list is published as an Offline Address Book, so Outlook can cache it for fast, offline address lookups.
  • Exchange ActiveSync (EAS) Native push email, calendar and contacts on iOS, Android and Outlook mobile.
  • IMAP, POP3 & SMTP Open standards for any mail client or downstream system you need to connect.
  • CalDAV & CardDAV Standards-based calendar and contact synchronization across every platform.
  • Autodiscover & Autoconfig Clients configure themselves — users just enter their email address and they're connected.
Works with your clients

Use the client you already love

Your users keep the client they know. Because grommunio speaks the standard protocols, virtually every modern mail and groupware client connects natively — on desktop, mobile and the web.

Microsoft Outlook

Windows, natively over MAPI/HTTP — exactly as it talks to Exchange.

Outlook for Mac

macOS, via Exchange Web Services (EWS).

Apple Mail, Calendar & Contacts

Mainly via Exchange Web Services (EWS) — plus CalDAV & CardDAV on macOS and iOS.

eM Client

Windows & macOS via Exchange Web Services (EWS).

Mozilla Thunderbird

Via Exchange Web Services (EWS), plus IMAP, SMTP, CalDAV & CardDAV.

GNOME Evolution

Linux, via Exchange Web Services and ActiveSync.

KDE Kontact

Linux, via IMAP, CalDAV and CardDAV.

Android & iOS

Any Exchange ActiveSync device works out of the box.

grommunio Web

The built-in, full-featured webmail — nothing to install.

Identity & access

Modern authentication, your way

Plug grommunio into the identity stack you already run — federate sign-in, enforce policy and delegate administration.

OpenID Connect (OIDC)

Federate authentication with your identity provider — Keycloak, Microsoft Entra ID, Okta and any OIDC-compliant IdP.

SAML 2.0

Single sign-on against enterprise SAML identity providers, with seamless session federation.

LDAP & Active Directory

Authenticate and provision users straight from your existing directory service.

MFA & conditional access

Enforce multi-factor authentication and policy-based access through your IdP.

Role-based administration

Granular, delegated administrative roles — per organization and per tenant.

Secure by default

TLS everywhere, modern ciphers and S/MIME for end-to-end message security.

Security & trust

Hardened at every layer

Security is foundational to grommunio, not an afterthought. A strong track record, fully transparent open-source code and a deep set of security principles keep your communication protected.

Secure by default

TLS everywhere, modern ciphers and hardened defaults out of the box — no insecure legacy modes.

Defense in depth

Independent, layered controls across transport, application, storage and identity.

Least privilege

Granular RBAC and delegated administration — every user and admin gets only what they need.

End-to-end encryption

S/MIME signing and encryption for message authenticity, integrity and confidentiality.

Spam & malware defense

grommunio-antispam (powered by Rspamd) and ClamAV screen every message with rule-based, statistical and signature analysis.

Continuous hardening

Rapid security updates, coordinated CVE response and a responsible-disclosure process.

Transparent & auditable

100% open source — the code is there for anyone to inspect, audit and verify. No black boxes.

Sovereign & compliant

Run on infrastructure you control, in your jurisdiction — GDPR-aligned by design.

Strong authentication

MFA together with OIDC and SAML enforce modern, federated, policy-driven access.

Enterprise operations

Multi-tenant, and built for operators

Run one platform for many organizations, with the deployment options and tooling that operations teams expect.

  • True multi-tenancy Host many isolated organizations on a single platform — each with its own domains, users, policies and administration.
  • Flexible, sovereign deployment On-premises, in your private cloud, or as a sovereign hosted service. Your data stays in your jurisdiction, under your control.
  • Appliance, packages or containers Deploy the turnkey ISO appliance, native packages for major Linux distributions, or container images for your orchestrator.
  • Backup & disaster recovery Consistent backup and restore paths across the metadata and message tiers.
  • Monitoring & observability Health endpoints, metrics and structured logs that drop straight into your existing monitoring stack.
  • Long-term maintenance Security updates and predictable, professionally-supported release cycles.
Proven foundations

Standing on the shoulders of giants

grommunio doesn't reinvent the wheel. It's built on the most trusted, battle-tested open-source technology in the world — the same components that run the internet.

Linux
The rock-solid operating-system foundation grommunio is engineered for.
C / C++
The high-performance gromox core, written in modern C++.
Postfix
The world's most trusted mail transfer agent (MTA).
grommunio-antispam & ClamAV
Best-in-class spam filtering and antivirus scanning.
Keycloak
Open-source identity & access management for OIDC and SAML single sign-on.
SQLite
Fast, embedded stores at the individual mailbox level.
Redis
In-memory caching and shared session state.
nginx
Battle-tested reverse proxy and web front-end.
PHP
Powers the grommunio Web application.
Python
Administration tooling, automation and the management API.
OpenSSL
Industry-standard TLS and cryptography throughout.
Trusted libraries
Dozens of proven open-source libraries — libcurl, tinyxml2, jsoncpp, zstd and more.
Open all the way down

No black boxes

grommunio is 100% open source, engineered in Europe and built on open standards from the protocol layer to the storage engine. Its high-performance core, gromox, implements the Exchange protocol surface natively on Linux — so there's no proprietary connector to license, no black box to trust, and no vendor lock-in.

Because every layer is open and standards-based, you can audit it, integrate with it, automate it, and run it wherever your compliance requirements demand — on hardware you own, in a cloud you choose, or in a sovereign environment you operate yourself.

FAQ

Technology — frequently asked questions

Can I run grommunio in a high-availability cluster?

Yes. grommunio is designed for clustered, highly-available deployments — active/active or active/passive — behind standard load balancers, with health checks and automatic failover. Stateless application services scale out horizontally across nodes.

Does Outlook work without plugins or connectors?

Yes. Outlook for Windows connects natively over MAPI/HTTP (and RPC/HTTP), exactly as it connects to Microsoft Exchange — there is nothing to install on the client and no middleware in between.

Which identity providers and SSO standards are supported?

grommunio supports OpenID Connect (OIDC) and SAML 2.0 for single sign-on with providers such as Keycloak, Microsoft Entra ID and Okta, as well as LDAP and Active Directory for authentication and provisioning.

Can one installation host multiple organizations?

Yes. grommunio offers true multi-tenancy — many isolated organizations on a single platform, each with its own domains, users, policies and delegated administration.

Where can grommunio be deployed?

On-premises, in your private cloud, or as a sovereign hosted service. It ships as a turnkey ISO appliance, as native packages for major Linux distributions, and as container images.

Build on solid ground

Ready to put grommunio under load?

Try the live demo Talk to our team