In this article, we will take a look at Univention Corporate Server (UCS) and It is also sort of brief tutorial on UCS. Before we get into it, lets talk about an overview.
First, what is Univention Corporate Server (UCS)? It is an enterprise Linux distribution that is built by Univention. It is their goal to simplify the access to applications and devices for organizations and Univention heavily uses Open Source software for that. Basically, this involves three core topics:
- A central identity management system
- An app store-like environment for applications
- And, of course, IT infrastructure and device management
All this is brought together into one product called Univention Corporate Server.
You can imagine UCS as an alternative to Microsoft Windows Server, because it provides Active Directory (AD) services and can be used for similar purposes. For example, UCS can participate in an Active Directory domain or Active Directory domain data can be migrated to UCS for a drop-in replacement.
You can also imagine UCS as Android for servers. Like Android UCS offers a marketplace for apps. Univention calls it App Center. It manages apps’ life cycles and integrates them with the central identity management system incorporated in UCS. Because of the flexibility of UCS, most apps can be operated both on premises or in the cloud.
UCS is used by a broad variety of organizations in very different industries ranging from just a few users until up to 30 million users in the directory service.
2: Origin and Functionality
Univention Corporate Server is derived from Debian GNU/Linux. The software packages are taken from the Debian project. Univention builds some packages on their own, because some packages like Samba or OpenLDAP are customized with patches or simply need a newer version than available in Debian stable.
The Open Source software projects Samba 4, Heimdal Kerberos or OpenLDAP are used to provide the Active Directory domain functionality in UCS.
UCS offers a central configuration system name Univention Configuration Registry (UCR). It consists of a tree of variable keys and their values that are used in configuration files and scripts. It allows to use the same variable, for example the LDAP base distinguished name, in different places and it is only defined once. With UCR a system administrator does not need to worry about missing settings spread over several configuration files. A value can be changed and is then committed to the relevant configuration files.
System administrators are mostly interacting with UCS via the web-based management system. There they take care of the identity management with users, groups and roles and the infrastructure management like IP address leases, name resolution for systems. The UCS system itself is also managed this way and administrators update system packages or install new apps via the web-browser. System administrators usually deal with recurring tasks and they are simplified by the management system. Furthermore, the learning curve for enterprise Linux systems is lowered.
Univention Corporate Server in the Core Edition can be downloaded from Univention’s website. The Core Edition comes full-featured and free of charge with community support. It is available as ISO image or pre-installed virtual machine image for KVM, VirtualBox and VMware. Enterprise subscription is also available including support and a longer maintenance of five to seven years for a major version.
4: Installation Tutorial
Let’s now get our hands a little bit dirty and setup UCS as virtual machine. This installation uses the UCS virtual machine image for VirtualBox and walks through the single steps.
- Download UCS virtual machine image for VirtualBox.
- Download VirtualBox and install it.
- Import the UCS virtual machine image into VirtualBox
- Start the virtual machine and go through the UCS system setup wizard:
- Select location
- Customize keyboard, if needed
- Enter network configuration: Either choose to obtain an IP address automatically (default) or enter a static IP address. In this tutorial, used a static IP, because UCS system should take care of all the ip address handling.
- Domain setup: Select the first option. I want setup my own domain and I start with creating a new one. I can later add more systems to this new domain by selecting the second option during the setup. Furthermore, if an existing Active Directory service should be used, select option three.
- Enter the password for the root and Administrator account. The system needs to have a root password. It can later be used for the user “Administrator” to login to the management system. I postpone the system activation to a later time and leave the other fields empty.
- Specify the name of the system in the Host settings. I just went with the proposed defaults. Here the system receives its name.
- You may already want to install additional components, like for example the Active Directory compatible domain controller.
- Go over the configuration summary and click “Configure System”. UCS will apply the settings. This can last several minutes and depends on the performance of your underlying virtualization host system.
- Finally the setup is completed. After finishing the setup wizard, the appliance greets with a welcome screen and announces what IP address should be used in the browser to access the UCS management system. This screen comes up after every reboot of the appliance and gently reminds where to reach the system.
- Heading to the address provided by the welcome page opens the UCS portal page. It looks quite empty yet and offers a login to the management system.
- For the first login I choose “Administrator” for the username and the password I provided during the setup. The Administrator is the first administrative user having all the rights for the environment.
- With the first successful login, UCS welcomes the user with a short dialog and asks for the first feedback, if issues occurred during installation and setup.
- The UCS management system is the central place to control your UCS environment. At the top there are the sections Users, Devices, Domain, System and Software. Each section reveals its own modules for different administrator tasks. Frequently used modules can be put into the Favorites section.
- After UCS setup, the system should be extended by an additional app and ownCloud is my candidate.
- In order to use the App Center, the system has to be registered. I didn’t register before and I’m now reminded of it. A click on “Install” guides me through the registration where I provide a valid email address, receive the registration via email and upload it to the system. Afterwards, I can continue with the installation. The registration has to be done only once.
- ownCloud is now installed and the app informs the administrator about how to access the ownCloud admin account.
- A look at the portal now shows some more tiles on it. It offers the login to ownCloud. Before a login with a usual user can be made, the user needs to be created. The admin user can login though with the given credentials shown after the installation.
- To create a new user, select the Users module from the Favorites or Users section in the UCS management system. Provide at least a lastname, username and a password. By default, new users are enabled for ownCloud, as soon as the app is installed. If a new user shall not be able to login to ownCloud, the checkbox has to be removed in the Advanced settings section.
- Going back to the UCS portal, I click on the ownCloud login and there I enter the credentials of my new user. Et voilà, I’m in and can use my fresh ownCloud.
Univention Corporate Server (UCS) is very sophisticated operating system for identity and infrastructure management for organizations. The setup is straight forward and easy to make. I like the way how third party solutions extend the platform and that they are integrated with the identity management. This makes testing and even production operation very easy.