But understand I am the Senior Security Technical person for a 100,000+ user federal government organization.... so my priorities are sort of biased.
Working as an enterprise IT architect for big company (around 60,000+ users), I also tend to have biased view
For the time being, I would not suggest eBox as component anywhere in my company.
From my standpoint, eBox targetting (againg that's only my personal view) small/medium business and soho, high availability is not something having top priority.
I don't don't mean it's not important but I would not put it on top of the list of "missing" features.
What's critical for such component is security, stability and easiness in term of deployemnt and administration.
1 - Security when eBox is used as internet gateway.
2 - Easyness, because security depends on it (what's difficult here is to "hide" complexity and make it easy to understand and configure so that it remains safe)
3 - stability would be my third topic in the stack.
Of course what is supposed to work "must" work: I would prefer not to have "not fully functional" LDAP master/slave feature but have capability to use "external" ldap server. What if you can't change ldap content for some time in small/medium business environnement? Do you really need multi-master?
I share previous comment regarding HA: the one that is required if any is WAN service.
Then for small/medium business, providing strong reliable data backup/restore is more critical than HA.
When it comes to provide HA for file sharing, access to mailbox etc, it's far beyond what this kind of "appliance" can bring out of the box.
This would require external storage (SAN or NAS) + either cluster or load balanced services... much more complex than RAID of your choice for local storage and strong backup process and definitely, again for what I feel, out of the scope of such solution.
To make a long email short, what I would see as "ideal" design for small/medium business, using 2 or 3 eBox is:
eBox 1 - internal server running LDAP, Samba, MDA (means POP or IMAP). i.e any user oriented service.
eBox 2 - internet gateway services (WAN, proxy, MTA + anti-virus). No user mailbox here. (i.e. no data except what is exposed by HTTP/FTP service if any. mail are delivered to eBox 1.
eBox 2 should be configured either to used local slave LDAP or to rely on LDAP on eBox 1, or both as it's the way LDAP service handles failover as defined in LDAP RFCs.
Yes, there is a lot of SPOF with such design :-) but it's simple and safe.
If you feel you need more availability, then it's no more, to me, the same game as it requires different adminsitration skill. Not the same cost