Nubus for UCS - Operation Manual

Contents:

• 1. Introduction
  • 1.1. Understanding Nubus and UCS
    • 1.1.1. What is Nubus?
    • 1.1.2. What is UCS?
    • 1.1.3. How Nubus and UCS work together
  • 1.2. Key concepts
    • 1.2.1. Domain concept
    • 1.2.2. Management UI
    • 1.2.3. LDAP directory service
    • 1.2.4. Policy concept
    • 1.2.5. Univention App Center
    • 1.2.6. Listener/notifier replication
  • 1.3. Feedback
• 2. System deployment
  • 2.1. Installation methods
    • 2.1.1. Installation image download
    • 2.1.2. Physical and virtual machine installation
    • 2.1.3. Text mode installation
    • 2.1.4. Cloud deployment
    • 2.1.5. VMware-specific considerations
    • 2.1.6. Secure Boot
  • 2.2. Initial system configuration
    • 2.2.1. Select the installation mode
    • 2.2.2. Select the language
    • 2.2.3. Select the location
    • 2.2.4. Select the keyboard layout
    • 2.2.5. Set up network configuration
    • 2.2.6. Define the root password
    • 2.2.7. Partition the hard drive
    • 2.2.8. Finish installation
  • 2.3. Domain setup
    • 2.3.1. Naming convention for hostnames
    • 2.3.2. Naming constraint for the domain name
    • 2.3.3. Mode: Create a new UCS domain
    • 2.3.4. Mode: Join an existing Active Directory domain
    • 2.3.5. Mode: Join an existing UCS domain
    • 2.3.6. Confirm the installation settings
  • 2.4. Steps after the installation
    • 2.4.1. Open the portal
    • 2.4.2. License import after installation
  • 2.5. Troubleshooting for installation problems
• 3. Domain infrastructure
  • 3.1. Understanding system roles
    • 3.1.1. Primary Directory Node
    • 3.1.2. Backup Directory Node
    • 3.1.3. Replica Directory Node
    • 3.1.4. Managed Node
    • 3.1.5. Ubuntu
    • 3.1.6. Linux
    • 3.1.7. macOS
    • 3.1.8. Domain Trust Account
    • 3.1.9. Windows Domaincontroller
    • 3.1.10. Windows Workstation and Windows Server
    • 3.1.11. IP client
  • 3.2. Domain join
    • 3.2.1. Domain join process
    • 3.2.2. How UCS systems join domains
    • 3.2.3. Windows domain joins
    • 3.2.4. Ubuntu domain joins
    • 3.2.5. macOS domain joins
  • 3.3. LDAP directory service
    • 3.3.1. Schema and replication
    • 3.3.2. Operations and maintenance
    • 3.3.3. Access control
    • 3.3.4. Client access and interoperability
  • 3.4. Certificate management
    • 3.4.1. UCS built-in certificate authority
    • 3.4.2. Certificate validity
    • 3.4.3. Monitor certificate expiry
  • 3.5. Kerberos
    • 3.5.1. How Kerberos works
    • 3.5.2. Kerberos realm
    • 3.5.3. Kerberos implementation in Nubus for UCS
    • 3.5.4. KDC selection
    • 3.5.5. Kerberos administration server
  • 3.6. Redundancy and failover for the Primary Directory Node
    • 3.6.1. Fault-tolerant domain setup
    • 3.6.2. Backup to Primary promotion
  • 3.7. Domain activity logging
    • 3.7.1. Admin Diary components
    • 3.7.2. View and search diary entries
    • 3.7.3. Set up Admin Diary
  • 3.8. Domain replication with Listener and Notifier
    • 3.8.1. Listener modules
    • 3.8.2. Transaction-based replication
    • 3.8.3. Listener and Notifier troubleshooting
• 4. Management interface
  • 4.1. Authentication
    • 4.1.1. Sign-in
    • 4.1.2. Refresh browser tabs on sign-out
    • 4.1.3. Single sign-on
  • 4.2. Activate UCS license
    • 4.2.1. About UCS licenses
    • 4.2.2. View license information
    • 4.2.3. Activate a license
    • 4.2.4. Register for a personalized Core Edition license
    • 4.2.5. License key limits
  • 4.3. Customize web interface themes
    • 4.3.1. Switch light and dark theme
    • 4.3.2. Create a custom theme
  • 4.4. Consent for using cookies
    • 4.4.1. Configure the cookie consent banner
    • 4.4.2. UCR reference for cookie consent banner
  • 4.5. Delegated administration for management modules
    • 4.5.1. How delegated administration works
    • 4.5.2. Built-in UMC operation sets
    • 4.5.3. LDAP access rights
    • 4.5.4. Group access to management modules
  • 4.6. Command-line interface for domain management
    • 4.6.1. Parameters of the command-line interface
    • 4.6.2. Command-line interface examples
  • 4.7. Directory reports
    • 4.7.1. Create reports through management modules
    • 4.7.2. Create reports on the command line
    • 4.7.3. Customize reports
  • 4.8. Hardware information
• 5. Lifecycle
  • 5.1. Nubus for UCS versioning
    • 5.1.1. Understand version numbering
    • 5.1.2. Distinguish release types and cycles
    • 5.1.3. Understanding the update hierarchy
    • 5.1.4. Plan for support and maintenance periods
    • 5.1.5. Stay informed about updates
  • 5.2. Update strategies
    • 5.2.1. Planning updates in multiserver environments
    • 5.2.2. Update methods
    • 5.2.3. Post-processing after release updates
    • 5.2.4. Troubleshooting update problems
  • 5.3. Perform updates
    • 5.3.1. Understand pre-update checks
    • 5.3.2. Understand post-update cleanup
  • 5.4. Package installation and management
    • 5.4.1. Choose your installation method
    • 5.4.2. Installation through Univention App Center
    • 5.4.3. Installation through Management UI
    • 5.4.4. Installation from command line
    • 5.4.5. Automate tasks around app actions with hook scripts
    • 5.4.6. Centralized package management with policies
  • 5.5. Package maintenance policy
    • 5.5.1. How to create a maintenance policy
    • 5.5.2. Understanding maintenance policy fields
    • 5.5.3. Related policies
  • 5.6. Local repository servers
    • 5.6.1. Create and update a local repository
    • 5.6.2. Configure the repository server
    • 5.6.3. Maintain the local repository
    • 5.6.4. Troubleshooting repository problems
  • 5.7. Univention App Center
    • 5.7.1. Finding and viewing applications
    • 5.7.2. How to install applications
    • 5.7.3. Multi-host installation
    • 5.7.4. Docker applications
    • 5.7.5. After installation
    • 5.7.6. Application lifecycle and updates
    • 5.7.7. App Center troubleshooting
  • 5.8. Let’s Encrypt
  • 5.9. Software monitor
    • 5.9.1. Features and functions
    • 5.9.2. Configure the software monitor
• 6. Identity and Access Management
  • 6.1. Password management
    • 6.1.1. Password policies
    • 6.1.2. Samba domain password policy
    • 6.1.3. Password hashes
    • 6.1.4. End User Self Service
  • 6.2. Group management
    • 6.2.1. Group creation and assignment
    • 6.2.2. Nested groups
    • 6.2.3. Group caching
    • 6.2.4. Active Directory group synchronization
    • 6.2.5. Group overlay module
  • 6.3. User creation wizard
    • 6.3.1. Require primary email address in user creation wizard
    • 6.3.2. Deactivate user creation wizard
    • 6.3.3. Control account properties for user setup
    • 6.3.4. Restart the UMC server
  • 6.4. HTTP API for domain management
  • 6.5. User activation for apps
    • 6.5.1. Activate a user or a group for an app
    • 6.5.2. Deactivate a user or a group for an app
    • 6.5.3. Effect of app deinstallation
  • 6.6. User account lockout after failed sign-in attempts
    • 6.6.1. Configure lockout for Samba and Active Directory
    • 6.6.2. Configure lockout for the PAM stack
    • 6.6.3. Configure lockout for OpenLDAP
    • 6.6.4. Unlock a locked user account
  • 6.7. Track last sign-in time to detect inactive accounts
    • 6.7.1. Activate the overlay module
    • 6.7.2. Collect and store the timestamp
    • 6.7.3. Schedule automatic updates
• 7. System administration
  • 7.1. Configure the local system with Univention Configuration Registry
    • 7.1.1. Manage UCR variables in the Management UI
    • 7.1.2. Manage UCR variables on the command line
    • 7.1.3. UCR variable precedence
    • 7.1.4. Modify UCR templates
    • 7.1.5. Configure UCR variables with policies
  • 7.2. Administrative access and authentication
    • 7.2.1. Administrative access with the root account
    • 7.2.2. SSH sign-in to systems
    • 7.2.3. Authentication with PAM
  • 7.3. Regional settings
    • 7.3.1. Language, locale, and keyboard settings
    • 7.3.2. Time zone and time synchronization
  • 7.4. Service management and system integration
    • 7.4.1. Manage system services
    • 7.4.2. Configure the LDAP server
    • 7.4.3. Configure the print server
    • 7.4.4. Name service cache daemon
  • 7.5. Run recurring actions with cron
    • 7.5.1. Predefined cron directories
    • 7.5.2. Define local cron jobs in /etc/cron.d/
    • 7.5.3. Define cron jobs in Univention Configuration Registry
  • 7.6. Log files and log rotation
    • 7.6.1. Log file locations
    • 7.6.2. Log rotation
    • 7.6.3. Listener module log files
  • 7.7. System diagnostics
    • 7.7.1. Command-line diagnostics
    • 7.7.2. Diagnostics in the Management UI
  • 7.8. Kernel
    • 7.8.1. Kernel packages
    • 7.8.2. Version management
    • 7.8.3. Kernel modules and drivers
  • 7.9. Boot manager
    • 7.9.1. Boot loading process
    • 7.9.2. Kernel selection
    • 7.9.3. Configuration
  • 7.10. Network configuration
    • 7.10.1. Basic network configuration
    • 7.10.2. Advanced network configurations
  • 7.11. Configure proxy settings through UCR variables
    • 7.11.1. Configure proxy access
    • 7.11.2. Exclude domains from proxy access
    • 7.11.3. Session behavior
    • 7.11.4. Integration with Nubus for UCS tools
• 8. Infrastructure monitoring
  • 8.1. UCS Dashboard
    • 8.1.1. Installation
    • 8.1.2. Accessing the UCS Dashboard
    • 8.1.3. Dashboards
  • 8.2. Monitoring
    • 8.2.1. Installation
    • 8.2.2. Configuration
    • 8.2.3. Preconfigured monitoring checks
    • 8.2.4. Extend monitoring with new alerts

• UCR variable reference
• Document changelog
  • Year 2026
  • Year 2025
• Glossary
• Bibliography