2.1. Capabilities#
This section describes the most important capabilities and functions of Univention Nubus for Kubernetes from the perspectives end users, operators and providers, and developers and integrators. It focuses on the following perspectives:
Each subsection details the capabilities for each perspective. Fig. 2.1 shows the capabilities.
Fig. 2.1 Capability overview#
2.1.1. End user perspective#
From the user’s point of view, Univention Nubus for Kubernetes offers a standardized user interface (UI) for accessing the integrated applications. Functions for users to manage their profile and accounts supplement the interface. Fig. 2.2 shows the capabilities of this perspective.
Fig. 2.2 Capability End User Perspective#
2.1.1.1. User account self service#
- Password reset and forgotten password
The end user can set a new password, if they forget it, without the need for an administrator or a help desk team. The password reset follows a bi-directional process and includes email as a second channel. A link in an email contains a token. The link is the entry point to the password reset. The token authenticates the end user. In addition, the password reset enforces password policies, such as minimum length, characters involved, and password lifetime.
- User profile management
End users can typically edit their first name and last name, profile picture, and other attributes for their user account profile, without involving a help desk team.
Administrators can customize, which attributes an end user is able to change.
2.1.1.2. Uniform integrated user interface#
- Easy access to integrated applications
A single point of entry to integrated applications that the user can access.
The administrator configures which user account or user group can access an application. They also configure which applications appear to unauthenticated users.
- Information sharing
Applications can use a central notification service in the integrated user interface.
Information, data, and document sharing is possible through external adapters. For example, retrieve a document from a file storage application into an email application.
2.1.1.3. Single Sign-On / Single Sign-Out#
- Switch applications without sign-in interruption
End users only need to sign in once and can access multiple integrated applications without having to sign in to each application again. This capability provides convenience to the end user.
- One user account to access integrated applications
A single user account and password for access to integrated applications. Administrators can centrally manage user accounts from a single point of administration.
2.1.2. Provider and operation perspective#
The consistent focus on Kubernetes enables providers and operators to operate in compliance with the Deutsche Verwaltungscloud Strategie (DVS) with a high level of standardization. Fig. 2.3 shows the capabilities of this perspective.
Fig. 2.3 Capability Provider and Operation Perspective#
2.1.2.1. Operation in Kubernetes cluster#
Univention Nubus runs in a Kubernetes environment. Operators can configure the specific setup of the Kubernetes environment, such as storage, monitoring, and databases. An install setup provides all required resources. Univention Nubus for Kubernetes supports standards for deployment and operation of the hardware and software components used.
For more information, see Univention Nubus for Kubernetes - Operation Manual [1].
2.1.2.2. Management of user accounts#
- Interface for user account lifecycle management.
Run create, read, update, and delete operations (CRUD) for user accounts and user groups. Define attributes, such as account lifetime, status, email address, username, etc.
- Permission management and access control
Manage permissions for user groups with Management UI. Grant access to user accounts for applications that uses Univention Nubus for Kubernetes.
See also
- Management UI in Functional components section
for information about the purpose and tasks.
2.1.2.3. Integration with external IAM systems#
Univention Nubus for Kubernetes can connect to the user lifecycle of an existing external IAM system, and integrates existing user lifecycle processes.
2.1.2.4. DVS compatible#
Univention Nubus for Kubernetes supports the requirements of the Deutsche Verwaltungscloud Strategie (DVS). Univention Nubus for Kubernetes complies with the specifications for the development of applications for the DVS. It also provides a standardized platform for the DVS-compliant integration of applications.
This takes place over the entire lifecycle of application deployment and support.
See also
- Deutsche Verwaltungscloud
for more information about DVS. The article is in German.
- Deutsche Verwaltungscloud-Strategie - Zielarchitektur
for information about the target architecture. The document is in German.
2.1.3. Development and governance perspective#
Capabilities for development and governance of Univention Nubus for Kubernetes describe the required abilities to develop and manage Nubus. Fig. 2.4 shows the capabilities of this perspective.
Fig. 2.4 Capabilities Development and Governance#
2.1.3.1. Integration of components and applications#
- Integration in central user management
Applications have the possibility to integrate with the central user management through unified interfaces.
- Integration in provisioning
Provides the connection and synchronization of user account objects, user group objects and asset objects that locate in the central IAM to components with their own user account persistence.
- Integration in UI
Applications have the possibility to integrate with the UI through unified interfaces regarding access, permissions, and information exchange.
2.1.3.2. Support and Maintenance#
- Support hotline
The software vendor provides a team to help operators and providers with the operation of Nubus.
- Maintenance service
The software vendor provides security updates, feature updates, and working Helm Charts to deploy Nubus into Kubernetes clusters. The software follows a typical lifecycle management for software updates, and software versioning complying to semantic versioning.
- Installation support
The software vendor helps operators and providers to bring Nubus into operation.
See also
- Semantic Versioning
for more information about the specification.
2.1.3.3. Available as Open Source Software#
- Source code publicly available
The source code for Univention Nubus for Kubernetes is publicly available together with the involved Helm Charts.
- Hardware independent deployment
Univention Nubus for Kubernetes uses containers to deploy its software. Container descriptions are part of the publicly available source code.