1. Lawyer’s office#
Hemmerlein & Sons lawyer’s office has a total of ten employees. The employees work predominantly with office applications and a legal workflow management system, which is only available for Microsoft Windows. Windows is employed as the client operating system. All the data is to be stored centrally on a server and backed up. As there is only limited technical expertise available and it is not viable to finance an in-house administrator team, particular value is placed on simple administration. The administrative duties described below can be configured completely through simple-to-use, web-based interfaces after a successful initial installation.
The company has a total of three laser printers (two identical black/white models and one color laser printer), which are all installed in a central office. Large documents with high volumes are printed often.
1.1. Systems and services#
UCS offers the required services and applications out of the box as a complete solution. A single UCS system is used, which provides the logon and file services for the Windows clients, administrates the printers and automates the data backup.

Fig. 1.1 System overview of the lawyer’s office Hemmerlein and Sons#
1.2. Management of user accounts#
User accounts for the ten employees are created in the Univention Management Console web interface. Each employee can set the password with the Self Service app from the App Center. Like all user data the password is saved to a LDAP directory server and requested when logging on to the Windows client.

Fig. 1.2 Creating a user in Univention Directory Manager#
1.3. Managing the Windows computers#
Samba 4 is used on the UCS system for the integration of Microsoft Windows clients. Samba 4 offers domain, directory and authentication services which are compatible with Microsoft Active Directory. These also allow the use of the tools provided by Microsoft for the management of group policies (GPOs).
Microsoft Windows clients can join the Active Directory-compatible domain provided by UCS and can be centrally configured through group policies. From the client point of view, the domain join procedure is identical to joining a Microsoft Windows-based domain.
1.4. Storage management#
Samba provides every user with a home directory on the UCS system as a file share through the CIFS protocol. The users thus always receive the same data irrespective of the computer they are logged in to. In addition, the central file storage allows central backups.
Moreover, there is a central share with legal literature, which is mounted on every client.
Similar to users, shares can also be created and managed web-based in the Univention Management Console.
1.5. Single sign-on with a specialist legal application#
The chambers connect to a web-based legal service. This service has its own user administration system. To avoid having to take care of the user identities and password twice, the UCS SAML Identity Provider is used. SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication information, which allows single sign-on across domain boundaries among other things. The legal service is registered with a cryptographic certificate and then trusted by the UCS Identity Provider. The users then only need to authenticate themselves in UCS and can use the legal service without renewed authentication. The SAML Identity Provider can be installed through the Univention App Center.
1.6. Printer services#
The UCS system provides print services through the CUPS software. Both network-capable printers and printers connected locally to a computer can be centrally administrated. The three printers can be configured conveniently through the Univention Management Console and are directly available to the users on their Microsoft Windows clients.
The two black and white laser printers are grouped together in a printer group: this means that, in addition to the targeted selection of a printer, users also have the opportunity of printing on a pseudo-printer. This is where the print jobs are distributed in turn between the two printers in the printer group. If one printers is busy, the free printer is selected instead, which cuts down waiting times.
1.7. Groupware#
On the UCS system the groupware solution OX App Suite is installed as app from the App Center. OX App Suite accesses the user data of the UCS directory service. The administration integrates seamlessly in the Univention Management Console.
Virus detection including signature updates and spam filters are integrated at no additional cost.
1.8. Web proxy and web cache#
A web proxy server and web cache based on Squid is available with the app Proxy server in UCS. Response times for regular calling the same web pages is reduced. Likewise, the data transfer volume through internet connections can be reduced. Furthermore, the view of internet content can be controlled and managed. For example, it can be defined, which users or user groups view which websites.
1.9. Outlook#
With regard to a planned merger of another office in Munich, it will be simple to install a further UCS system in this branch. All LDAP data is then automatically transferred to the site server allowing the employees to logon at on-site meetings in Munich with their standard user credentials.
The existing Active Directory installation at the Munich office can be migrated to the UCS domain fully automated using Univention AD Takeover.