Univention Corporate Server

Quick start guide for Univention Corporate Server


Table of Contents

1. Introduction
2. Installation
3. UCS web interface
4. UCS updates / Installing additional software
5. Configuration management using Univention Configuration Registry
6. Clients
7. Further expansion of the domain
8. Further information
Bibliography

§Chapter 1. Introduction

Univention Corporate Server (UCS) is a server operating system based on Debian GNU/Linux with integrated management system for the central administration of servers, services, clients, desktops and users.

This quickstart guide offers a short introduction on how to get started with UCS. Several features of UCS are only mentioned briefly with a reference to further documentation. The documentation on UCS is available at https://docs.software-univention.de/.

The installation DVD can be downloaded from the Univention website at https://www.univention.com/downloads/ucs-download/iso-installation-image/. The installation DVD is only available for the host architecture amd64 (64-bit). It has support for the Unified Extensible Firmware Interface-Standard (UEFI) including SecureBoot.

Alternatively preinstalled images for VMware and VirtualBox can be used. These are available for download at https://www.univention.com/downloads/ucs-download/preinstalled-vm-images/..

The system requirements vary considerably depending on the intended purpose and the number of users. The minimum requirements for the installation are 512 MB memory and 8 GB hard drive space.

§Chapter 2. Installation

The installation is performed via a menu-driven installer and can be used both interactively and completely profile-based [ext-doc-inst].

The system language, keyboard layout and time zone can be selected in accordance with local requirements.

A valid network configuration should be set during the installation. If, for example, a gateway and a name server are specified, but the name server cannot be reached, this may result in unnecessary timeouts. In these cases, it makes more sense not to specify a gateway. The network configuration can be employed using DHCP. If there is already a name server available in the local network, it should be used. If additional UCS systems are installed in the domain at a later point in time, the master domain controller and any backup domain controller systems should be entered as name servers.

§

Figure 2.1. Selecting the domain setup

Selecting the domain setup

During the installation, it is possible to select whether the system should be the first system in a new UCS domain, whether the system should join an existing Active Directory domain or whether it should join a UCS domain. In cases where the system is the first in a new UCS domain or the first UCS system to join an existing Active Directory domain, the master domain controller system role is selected implicitly. All further systems then join the UCS domain when they are installed. The base system is the exception here; this system does not join any domain and also does not offer a management system. As such, it is only used in a few scenarios – as a firewall system, for example. An overview of the other different system roles can be found in [ucs-systemrole].

In the subsequent course of the installation, the fully qualified host name, under which the computer should be accessible in the network, is entered for a master domain controller. A local name should also be used as the domain name in this case, e.g., company.local. (If the system is used as a mail server, for example, the mail domains can be used independently of the domain names). For example, to commission the mailserver host system in the company.local DNS domain, mailserver.company.local should be entered as the fully qualified host name. The LDAP base is suggested based on the fully qualified host name and only needs to be adjusted in exceptional cases. The root password must be at least eight characters long and is also set as the password for the user Administrator during the installation of the first UCS server (master domain controller).

An autopartitioning feature can be used during the installation which creates an LVM volume group on the first hard drive by default.

The installed software components can be adapted later at any time and subsequently installed from the Univention App Center.

After confirming the configuration settings the installation is initiated. Once completed, the system must be restarted. The further configuration is made using the Univention Management Console (UMC).

§Chapter 3. UCS web interface

The web interface of an installed UCS system is directly available via its IP address (https://server_ip or http://server_ip, HTTPS is recommended). By default, a portal page is configured on the master domain controller where all applications are listed that are installed in the domain. For all other system roles, the start site consists of an overview of all locally installed applications. (View as well as the partitioning of entries can be customized in a very flexible manner, see also [ucs-portal].)

§

Figure 3.1. Illustration of the portal page on the master domain controller with all domain wide available applications

Illustration of the portal page on the master domain controller with all domain wide available applications

On each start site of a UCS system, there is an entry System and domain settings in the section Administration (or System settings, respectively) that points to the Univention Management Console (UMC) of the local system. Univention Management Console is the central tool for web-based administration of a UCS domain. There are different modules available on the UCS system depending on the installation and system role selected. The login to Univention Management Console is performed as user Administrator with the password specified for the user root during the installation.

For administrating UCS, the LDAP directory is the central component of a UCS domain. In the LDAP, domain wide information such as the users, groups and computer accounts is saved. Depending on the settings, this information is replicated to the other domain controllers in the domain either completely or selectively. The UMC modules which edit the LDAP directory directly can be accessed only on the master domain controller via Univention Management Console. Furthermore, they can also be controlled using the command line interface Univention Directory Manager [ucs-udm].

§

Figure 3.2. Modules in the UMC

Modules in the UMC

§Chapter 4. UCS updates / Installing additional software

UCS updates can be installed in the UMC module Software update.

Additional software can be installed using the Univention App Center in the Univention Management Console:

  • Additional UCS software can be installed/removed using the category UCS components.
  • Third-party software (e.g. various groupware solutions) and UCS-compatible addon products (e.g. UCS@school for school deployment can also be installed through the App Center.

§

Figure 4.1. Subsequent installation of UCS components

Subsequent installation of UCS components


§Chapter 5. Configuration management using Univention Configuration Registry

Univention Configuration Registry is the central tool for managing the local system configuration of a UCS system. Settings are specified in a consistent format, the so-called Univention Configuration Registry variables. These variables are used to generate the configuration files used effectively by the services/programs. Direct editing of the configuration files is only needed in exceptional cases.

Univention Configuration Registry variables are managed via the Univention Management Console module Univention Configuration Registry. Configuration files are automatically updated when the UCR variables registered on them are changed.

§

Figure 5.1. Managing Univention Configuration Registry variables

Managing Univention Configuration Registry variables

§Chapter 6. Clients

In addition to the UCS servers, a UCS domain can also integrate different clients. The following clients are supported:

  • Windows clients can join an AD-compatible Windows domain provided by the Active Directory compatible domain controller component (implemented using the software Samba). Further information on setting up Samba and the domain join of Windows clients can be found in the UCS manual [ucs-winjoin].
  • Mac OS X systems are also integrated via a Samba-based, AD-compatible Windows domain. Further information on setting up Samba and the domain join can be found in the UCS manual [ucs-macjoin].
  • Univention Corporate Client can be installed from the Univention App Center for the deployment of centrally administrated Linux-based desktop. Further information can be found in the UCC manual [ucc-manual].
  • Ubuntu systems [ubuntu-join] and other Linux distributions like Debian, SUSE or Red Hat can also be integrated into the domain [integrate-other-linux].

§Chapter 7. Further expansion of the domain

This quickstart guide only provides an entry into UCS. UCS is very scalable, additional services can simply be installed on additional systems. This domain join is described in [ucs-join].

UCS offers various additional services which are covered by the UCS license and which can be integrated at a later point in time:

  • Single-sign-on with web services using a SAML identity provider [wiki-saml]
  • IP management using DHCP [ucs-dhcp]
  • Web proxy for caching and policy management / virus scan [ucs-proxy]
  • Service monitoring with Nagios [ucs-nagios]
  • Hybrid cloud setups [ucs-uvmm]

§Chapter 8. Further information

Univention Corporate Server provides comprehensive documentation:

§Bibliography

§

[ucs-handbuch] Univention GmbH. 2017. Univention Corporate Server - Manual for users and administrators. https://docs.software-univention.de/manual-4.2.html.

§

[ucs-systemrole] Univention GmbH. 2017. UCS Manual - System roles. https://docs.software-univention.de/manual-4.2.html#systemrollen.

§

[ucs-winjoin] Univention GmbH. 2017. UCS Manual - Windows domain joins. https://docs.software-univention.de/manual-4.2.html#windows-domaenenbeitritt.

§

[ucs-macjoin] Univention GmbH. 2017. UCS Manual - Mac OS X domain joins. https://docs.software-univention.de/manual-4.2.html#joining-macos.

§

[ucc-manual] Univention GmbH. 2016. Univention Corporate Client - Manual for administrators. https://docs.software-univention.de/ucc-manual-2.0.html.

§

[ext-doc-inst] Univention GmbH. 2017. Extended installation documentation. https://docs.software-univention.de/installation-4.2.html.

§

[ucs-uvmm] Univention GmbH. 2017. UCS manual - Virtualization. https://docs.software-univention.de/manual-4.2.html#uvmm:chapter.

§

[ucs-proxy] Univention GmbH. 2017. UCS manual - Web proxy for caching and policy management / virus scan. https://docs.software-univention.de/manual-4.2.html#ip-config:Web_proxy_for_caching_and_policy_management__virus_scan.

§

[ucs-nagios] Univention GmbH. 2017. UCS manual - Infrastructure monitoring with Nagios. https://docs.software-univention.de/manual-4.2.html#nagios::general.

§

[ucs-dhcp] Univention GmbH. 2017. UCS manual - IP assignment via DHCP. https://docs.software-univention.de/manual-4.2.html#module:dhcp:dhcp.

§

[ubuntu-join] Univention GmbH. 2017. Integration of Ubuntu clients into a UCS domain. https://docs.software-univention.de/domain-4.2.html#ext-dom-ubuntu.

§

[ucs-portal] Univention GmbH. 2017. UCS manual - Portal page as central view on the UCS domain. https://docs.software-univention.de/manual-4.2.html#central:portal.

§

[ucs-udm] Univention GmbH. 2017. Command line interface of domain management (Univention Directory Manager). https://docs.software-univention.de/manual-4.2.html#central:udm.

§

[ucs-join] Univention GmbH. 2017. UCS Manual - How UCS systems join domains. https://docs.software-univention.de/manual-4.2.html#linux-domaenenbeitritt.

§

[wiki-saml] Univenton GmbH. 2016. SAML Identity Provider. http://wiki.univention.de/index.php?title=SAML_Identity_Provider.

§

[integrate-other-linux] Univention GmbH. 2014. Integration of Linux/Unix systems into a UCS domain. https://docs.software-univention.de/domain.html#ext-dom-unix.