Univention Corporate Server is an enterprise-class distribution based on Debian GNU/Linux. It features an integrated management system for central administration of servers, Microsoft Active Directory-compatible domain services, and functions for parallel operation of virtualised server and desktop operating systems. Univention Corporate Server is a server operating system derived from Debian GNU/Linux with an integrated management system for the central and cross-platform administration of servers, services, clients, desktops and users as well as virtualized computers operated in UCS. In addition to the operation of local, virtual instances, UCS can also be operated in OpenStack-based, Microsoft Azure-based and Amazon EC2-based cloud environments. Via the integration of the open source software Samba 4, Uni.
Pros: Robustness & reliability. Having used UCS for over 5 years in my own business I am now integrating it into my customers IT infrastructure. It is obvious from the rock solid stability of the platform it's the product of an organisation who employs the highest levels of stringent software development & engineering.Cons: There is very little I don't like about UCS. Occasionally, the web management interface (UMC) will not accomplish some tasks & some command line admin is required. So from that perspective less technically inclined folk might find it lacking. But for anyone with basic linux admin skills it's a breeze to work with.Overall: As an IT service provider in the SMB space I've found the demise of Microsoft SBS is posing many issues for customers. Univention UCS is a perfect fit for SBS replacement & requires much less in the way of hardware resource overhead for any given environment.
![Univention Corporate Server Univention Corporate Server](/uploads/1/2/4/1/124119105/764032118.png)
Univention's approach of partnering with a wide range of software vendors to integrate their products into the UCS platform provides a wide range of easy to implement solutions for all sorts of needs. Pros: Univention UCS is a very good solution for IT-Infrastructure Services. All used services are integrated in that way to easy manage heterogen structures, especially User- and Computer-Accounts as also basic it-services like DNS and DHCPThe Management-UI is web-based, well-designed and with every version they fix failures quickly and developt the UI further.Cons: The technology they try to manage is complex and full of features. With teh UCS-Registry they use a Configuration Database which is ease of use but not very well documented. Theres is no central document or tool which decribes all keys an possible values. Means, there are lot of keys, which you can create but there are only described in the relevant chapter in the documentation or support database etc.Overall: Univention with UCS has got an impressive development. With each new version they get better and better.For me the best thing is, they live opensource every day and during a long period of time.
Pros: Univention Corporate Server is a very flexible but robust enterprise software. Pros: Central Management of all features, even if multi server environmentsIncluded virtualisation plattformIncluded Windows ActiveDirectory supportIncluded SAML2-SupportIncluded Docker SupportCons: The Systemd deamon may cause challenges after upgrades or power outages without UPS.Overall: This is an excellent product for everyone who wants to setup his own network infrastructure with Windows, MAC or Linux clients and servers. It makes it easy to connect on-premise ressources with cloud ressources like Office365 or Google Docs.
Chapter 1. Using a UCS applianceIn addition to the traditional installation, there is also the possibility of providing UCS viaan appliance image. These appliance images can be used both for simple commissioning in avirtualization solution such as VMware and for providing a cloud instance.Appliances can be created with minimal effort. This is described in.Whilst some of the settings can be preconfigured globally in the image, it is still necessaryfor the end user to make final adjustments to the configuration, e.g., to set the computer nameor the domain used. For this reason, a basic system is installed for the appliance image and acomponent set up, which then allows the end user to finalize the configuration. Alternatively,the configuration can also be performed automatically without user interaction. This isdescribed in.The interactive configuration can be performed in two ways.A graphic interface starts on the system, in which the web browser Firefox is started infull-screen mode and automatically accesses the configuration URL. This option isparticularly suitable for images in virtualization solutions.The configuration can also be performed directly via an external web browser.
In this case,the system's IP address must be known to the user (e.g., if it has been notified to him inadvance in the scope of the provision of a cloud image).In the scope of the initial configuration, the user can change the following settings in thedefault setting. 2.2. Performing the basic installationThe basic installation is performed using the standard UCS installer. Further information onthe individual options can be found in the UCS manual. The installation should be performed ina virtualization solution. In this example, the installation is performed in UVMM.
A qcow2image should be selected for the hard drive for the virtual machine. Qcow2 images can beconverted to different virtualization formats such as VirtualBox or VMware using a toolprovided by Univention, see.The following settings are configured for the basic image.The installation language can be selected as required. The locale of the system is setbased on the selected language. If you want to be able to use the appliance in more thanone language, you can add another locale at a later point in time.A preselection is made for the time zone which is then adapted subsequently by the usersof the appliance.The keyboard layout is only relevant for local logins; it is not important for the web-basedconfiguration.A configuration via DHCP is the most practical presetting for appliance images. TheUnivention Installer attempts to perform a DHCP request in the scope of the networkconfiguration. The network configuration is only performed via DHCP if this is successful,i.e., an IP address must be assigned to the appliance for the duration of the setup.
Thiscan be done with an IP managed client object in the Univention Management Console.In the next step, the initial password is set for the root user. This root password ischanged by the end user during the commissioning of the appliance image.The partitioning can be performed as required, e.g., by using an LVM. For an image thatwill be used in a cloud setup, a single root partition should be used. This allows growingthe root partition based on the selected instance disk size.Once the basic installation is complete, a dialogue is shown in which you can select whetherto create a new UCS domain or join an existing domain. To create the appliance, Control+ Qmust be pressed at this point to interrupt the process. The installation continues for a shortperiod of time, during which the Starting Univention System Setup messageappears and the systems then restarts.The installation of the basic image is now complete. Following a reboot, the user of theappliance is shown the dialogue for adjusting the configuration, see.In most cases, the appliance needs to be preconfigured with a certain selection ofsoftware.
The installation is usually performed via the Univention App Center, which, however,is not yet available at this point in time. The installation is thus performed via the commandline.
UCS standard components can be installed using the corresponding package names, e.g.univention-install univention-printserverPackages from the Univention App Center are installed with the commandunivention-add-app once a valid license is available.The ID of an application can be retrieved with the commandunivention-add-app -list:univention-add-app -l APPIDThe system now needs to be shut down cleanly without filesystems still being mounted.The qcow2 image (i.e., the hard drive of the virtual machine) is now copied. If thedefault storage pool of UVMM was used, the image is stored in thedirectory /var/lib/libvirt/images/.Additional steps are required if the image is to be used in Amazon EC2(see ), OpenStack (see ) or as a VMware / VirtualBox appliance (see ). 2.2.2. Providing an image for OpenStackThe provisioning for OpenStack images occurs via Cloud-Init (see).Cloud-Init is a standardized solution for configuration of an image. Cloud-Init checks arange of data sources for an existing configuration. The univention-cloud-initpackage must be installed to prepare an image for provisioning via Cloud-Init:univention-install univention-cloud-initThe local Firefox session should not be started when running as an OpenStack instance.ucr set system/setup/boot/start=falseThe initial login to the OpenStack instance is performed via a SSH host key. To prevent SSH loginsfrom occurring with the default root password of the standard image during commissioning ofthe instance, the initial root password is removed.usermod -p. root.
2.2.3. Providing an image for VMware/VirtualBoxVirtualization images for VirtualBox, VMware Player and VMware ESX can also be created onthe basis of the qcow2 images above. To this end, Univention offers a tool, which can beinstalled via the generate-appliance package (the integration in UCS 4.3can be followed via ).The generateappliance tool must be started and the qcow2image selected with the parameter -s:generateappliance -s appliance.qcow2The virtual machine is assigned one CPU and a gigabyte of RAM as standard. If the appliancehas a higher storage or CPU power requirement, the parameter -m can beused to specify a different quantity of RAM in megabytes and -c can beused to assign a different number of CPUs.The parameters -vendor and -product can be usedto specify a vendor and product name.In the default setting, three different virtualization images are generated from the qcow2image. The generation for a type can be suppressed using the respectively given option. 2.3.1. Automatic configuration with a UCS appliance mode profile fileAutomatic configuration with the UCS appliance mode requires creating a profile file/var/cache/univention-system-setup/profile. 2.3.2. Automatic configuration of an appliance with Cloud-InitCloud-Init works on a configuration file in the cloud configuration format.The configuration file is provided by the respective cloud service; the type of provisiondiffers from cloud solution to cloud solution.
It is currently only possible to provide amaster domain controller.The configuration file may be adapted for different scenarios. To setup a domain,the ucssetup section is required. Note that the suppliedldapbase is used in other configuration sections as well.The following includes an example file with which a master domain controller can be provided. Inaddition, several files are generated on the system: the UCS license to be installed and a filewith the apps to be installed from the Univention App Center.The license in this example is the default core edition license.More information about requesting a proper license can be found in.Two example hook scripts are generated which are called after setup is finished:One calls wget for a given URL, which could be used to signal an external service that theprovisioning of the instance is done. 2.3.3. License management in cloud instancesIn the default installation, a UCS installation has a core edition license.An updated license from Univention is required in order to use the App Center.
For standard installationsit is sent to the user by e-mail and then set up in the Univention Management Console.Cloud service providers have the possibility of retrieving UCS licenses via an API, i.e., ifa new instance is to be created for a customer, the license can be retrieved via the API andthen installed in the provided instance directly.Access to the license server requires a user name and a password. These can be requestedfrom Univention at. In this document,is used as an example URL for thelicense server.
2.3.3.1. API for retrieving UCS licensesThe licenses are retrieved via HTTPS from the Univention license serverlicense.univention.de. The retrieval can be performed completely withwget.Firstly, a session with the license server must be opened, in this case with the user nameunivention and the password secret as anexample. It is also possible to request more than one license in one session.wget -keep-session-cookies -save-cookies cookie.db -load-cookies cookie.db -post-data='username=univention&password=secret' license can also be ordered with a POST request via wget. Please note that specialcharacters such as blank spaces must be escaped in URL-encoded syntax, seefor details.wget -keep-session-cookies -save-cookies cookie.db -load-cookies cookie.db -post-data='kundeEmail=customer@example&'kundeUnternehmen=New%20Customern&'EndDate=&'BaseDN=dc%3Ddrei%2Cdc%3Dzwei%2Cdc%3Dtest&'Servers=0&'Support=0&'PremiumSupport=0&'Users=100&'ManagedClients=0&'CorporateClients=0&'VirtualDesktopUsers=0&'VirtualDesktopClients=0&'Type=UCS' the order is successful, the return code 202 is returned. The HTML data includes the tagorderid, which identifies the order number of a successful order.21.If the order fails, a return code 4xx is returned and the details tagincludes additional information, e.g.Not a valid date: u'27.11.201'.Should it not be possible to process an order due to a server error, 5xx is output as thereturn code. The order can then be repeated at a later point in time.Following ordering of a license, it takes a few seconds before the license isgenerated.
It can then be retrieved in LDIF format using the order number. If the requestabove returns e.g. The order number 465, the file name is thus 465.ldif.The request specified below waits for the availability of the license for up to sixty seconds:wget -keep-session-cookies -save-cookies cookie.db -load-cookies cookie.db https://license.univention.de/shop/example/orders/465.ldif. NameFunctioninterfaces/eth N/typeIf this parameter is set to dynamic or dhcp, the network interface eth N procures its network configuration via DHCP.The settings of interfaces/eth N/address, interfaces/eth N/netmask, interfaces/eth N/network, interfaces/eth N/broadcast, nameserver N and gateway then become optional, but can still be used to over-write the configuration provided by DHCP.If no DHCP offer is received, a random IP address from the link-local network 169.254.
NameFunctionssl/countryThe ISO country code of the certification body appearing in the certificate (root CA), specified with two capital letters.ssl/stateThe region, county or province that appears in the certificate of the root CA.ssl/localityPlace appearing in the certificate of the root CA.ssl/organizationName of the organization that appears in the certificate of the root CA.ssl/organizationalunitName of the organizational unit or department of the organization that appears in the certificate of the root CA.ssl/emailE-mail address that appears in the certificate of the root CA. 3.4.1. Local repositoryThe local repository must be initialized using the DVD (image) of the targeted UCS release.This is done by running the command univention-repository-create, which copies the corresponding PXE kernel and installer to /var/lib/univention-client-boot/installer/ release/.It is safe to run univention-repository-create again, which is for example required to update the installer to a newer version of UCS.For more information on local repositories see the software deployment chapter of the.