Become Part of our Team and Push Digital Sovereignty
- Teamleader IT / Project Manager (m/f/x)
- IT Consultant (m/f/x)
- Outbound Sales Represantative (m/f/x)
In this success story, a team which had only worked together online in the past required a stable IT infrastructure of its own with classic, collaborative elements as well as a cloud workspace. Following successful realization of the project, the cooperation can now continue in a virtualized environment with UCS.
In this article, I will be explaining in more detail which hardware and software were employed in the implementation of this project.
The 10-strong team at Chefarztabrechnung24 GmbH is a long-term billing partner for chief physicians, consultants, and hospitals. In the past, it employed simple forms of data exchange and communication tools such as IMAP mail. In early 2017, the group decided to develop its own IT infrastructure.
The new infrastructure needed to offer typical elements of on-premise environments:
Data privacy-relevant information such as patient data, the duties performed by the physicians, and the diagnoses made should not be saved on these systems.
At that time, CAA24 was operating without any set premises or locations. However, premises were planned for the future, and so it was important for it to be possible to integrate the headquarters into the new infrastructure and perform the administration. For financial reasons, there was no intention to set up and operate a standard private cloud including the procurement of the corresponding hardware. Instead, the requisite instances should be operated securely on the public cloud of a trustworthy provider.
In this respect, the team wished to operate instances on the basis of the virtualization software KVM/QEMU. Furthermore, the idea was to complement the instances with a private, local network and administrate them via a web frontend. Into the bargain, the instances should ideally also offer Ceph-based storage. Last, but by no means least, the virtual hardware components should be changed during runtime.
After evaluating a number of different providers, the team selected Filoo GmbH, which operates a data center with a location in one of Germany’s most state-of-the-art data center campuses, Telehouse’s ISO:27001-controlled and certified data center in Frankfurt.
As a solution, they decided to go with our suggestion of Univention Corporate Server in combination with the groupware Zimbra. This combination means that all the central aspects – including the creation of new users, groups, and network drives – can be easily accessed and centrally administrated via Univention Management Console. UCS’ flexible concept and integrated replication mechanisms inherently support the mounting and administration of additional instances.
We created three virtual instances in the data center so as to allow us to implement the desired features. The key components of this scenario are a dedicated UCS domain controller master for the provision of central components such as LDAP, Kerberos, DNS/DHCP, etc. The domain controller was set up with the DNS zone corp.caa24.de and the workgroup CAA24 for internal use. To keep the setup simple, a network was created with a private and a public network segment, secured by a 3-zone firewall and an OpenVPN server. The assignment of a virtual CPU, 2 GB vRAM, and a 10 GB vDisk are sufficient in this case to ensure the sufficiently high-performing running of the instance. The resources can be increased during runtime.
The second instance was also set up with Univention Corporate Server in the role of a domain controller slave and the file server component, connected via the private network, and mounted in the domain. The third instance forms the basis for the Ubuntu server LTS and the Zimbra groupware. It is set up with the top-level domain caa24.de and securely mounted via a public network interface. The inboxes were automatically migrated to the new platform with the help of the imapsync tool. File-based backup is performed via the rsnapshot tool, which backs up the included corporate data every two hours.
The team members’ newly purchased, company ThinkPad laptops were equipped with an OpenVNP client for secure mobile access. At the CAA24 team’s request, the familiar Windows 7 Professional desktop was retained. Following preparation of the ThinkPads, they were sent to the members of the team, who are based in Stuttgart among other locations. Once they were delivered, each team member was offered telephone support and instructed in their use accordingly.
This environment supports a team working at different locations via a traditional, collaborative workspace provided on the cloud. Complete control is retained, the system can be centrally administrated, and it is also possible to integrate additional components.
The selected hardware and software components have proven their worth and allow problem-free shared working. The resources are sufficient for the virtual instances and have not required any expansions to date. The central administration of identities has proven practical.
In the meantime, there are now premises in Berlin with permanent IT workstations. The site was connected in an offline-capable manner via VPN using a low energy server the size of a router from Thomas-Krenn AG, a Univention Corporate Server in the role of a domain controller slave, and the file server component, and integrated in the domain. Both file servers are synchronized bidirectionally by means of the osync project. The workstations and network devices are centrally administrated in the domain, use roaming profiles, and can also be administrated remotely. The Debian/Ubuntu desktops employed are administrated in the domain by means of the realmd project.
The next project in the pipeline is the wish to provide the desktops with applications and updates centrally, which, if all goes to plan, will be made possible through the use of Ansible.
I hope that this user story will provide you with new impulses, and would be delighted if it did. If you have any questions or comments, please feel free to use the comments field or contact me directly via our website.
Martin Schubert from bitpack.io, a small company from the north of Berlin with a focus on open technologies for collaborative workspaces, has over 10 years experience in translating technologies into business concepts and concrete technical solutions.