As a media center in Bremerhaven, we support a total of about 40 schools, 1,700 teachers and 17,000 pupils in the use of IT and other media. When we began implementing our digitization strategy in early 2015, the introduction of a learning management solution was at the top of our list of priorities. But even then, we were already considering offering further services, such as a service e-mail address for teachers. At that time, however, there was still no standardized database in which the data of all pupils and teachers was available to which a learning management solution or a e-mail server could be connected.
Introduction of UCS as IDM and Connection of the Online Learning Platform itslearning
Since the City of Bremen had successfully introduced the Norwegian cloud solution itslearning at that time, it was obvious for us to first take a look at what our colleagues from our sister city had already accomplished. In Bremen, Univention had connected itslearning to UCS via a specially developed connector, which has already been used for many years to centrally manage the digital identities of pupils and teachers in Bremen. Since the connection of itslearning to the management system of UCS in Bremen worked very easily and other IT services were also managed there with UCS, we decided to follow a similar path and to build on the solution from Bremen. At the beginning of 2016, we chose UCS Domain as our identity and access management solution for the schools in Bremerhaven.
Following the successful establishment of a UCS domain, we focused on connecting itslearning to UCS and decided that the synchronization of users from the Bremerhaven domain should run in the same itslearning entity as that of the Bremen domain, so that pupils and teachers can now use the same learning management solution across their federal state. This creates a synergy effect and also helps to keep bureaucracy to a minimum when teachers or pupils are transferred within the federal state of Bremen.
The itslearning UCS Connector ensures that all user data only needs to be entered once, since it securely transmits all changes to user objects and groups made in UCS to itslearning via the HTTPS protocol. At the same time, users are authenticated to itslearning directly vis-à-vis the UCS system, which means that users can log on to itslearning using their usual passwords and user names. The data is encrypted and forwarded to the UCS directory service LDAP. This service gives feedback as to whether the user has the permission to access the directory. The passwords themselves are not transmitted to itslearning or any other service, but are stored in the UCS system in compliance with data protection regulations.
For users to have a good overview of and easy access to the services connected to their environment, we have set up a web portal for Bremerhaven with UCS, which allows users to access all services and itslearning online. It can be reached at elearning.bremerhaven.de.
Horde Mail Functions in UCS – Secure and Accessible at any Time
Another service which we wanted to administer centrally was the establishment of mail and webmail services for our teachers. Due to the lack of a company e-mail address, official e-mails used to be sent through the teachers’ private e-mail accounts. This was, of course, anything but satisfactory with regard to privacy regulations. Therefore, in 2017 a plan was drawn up to make a service mailing account available to the approx. 2,000 teachers, staff and employees in our schools.
Because the teachers’ data was already maintained in the UCS directory service and UCS also has an e-mail stack, i.e. its own mail server, we decided to integrate the mail servers into the UCS domain. We therefore added two UCS servers to the existing domain to act as dedicated mail servers. We also set up a third server with the open source webmail software Horde so that the teachers can also access their e-mails using a webmailer in their browser, for example with their mobile phones.
More Reliability via Load Balancer
To make the entire system more fail-safe, we, in cooperation with our city’s own computer center as the only system accessible through the firewall, place a load balancer in front of the mail servers, which ensures that the e-mails are distributed to the two mail servers according to the load. If one mail server fails, the load balancer distributes the e-mails to the other mail server. Then the firewall lets only the for a mail server relevant ports for SMTP, Submission and IMAPS through.
Managing the Mail Process with Dovecot and Postfix
The UCS mail server itself consists of Dovecot and Postfix. Dovecot takes care of sending and receiving e-mails, while Postfix is responsible for delivering e-mails to mailboxes. The UCS mail servers were installed directly from the Appcenter that is integrated in UCS.
The webmailer runs on an additional separate server on which the Horde software is installed. By offering webmail software such as Horde, teachers can retrieve their e-mails at any time in their browser without having to use a mail program, such as Thunderbird. Horde has also been installed directly from the UCS App Center.
With a view to improving use and acceptance among teachers, it has become mandatory for them to retrieve service e-mails. From the constantly increasing requests we can see that the service mail accounts are used increasingly. With the usage also the requirements to the service mail increased. By now, a mailing list for teachers and a mailing list for staff is created automatically on a daily basis, thereby also encouraging communication at and with schools. The school office and the administrative offices can now send messages to all colleagues without having to spend a lot of time distributing paper copies in their pigeon holes.
Horde Calendar Functions
Not only e-mail accounts, but also public calendars for all users have been introduced with Horde, so that all users can keep up to date about upcoming events. Especially the calendar function will be improved and expanded in the future.
Prospective Connection of Further Services such as Borrowing from the City Library is Envisaged
At the moment we are in the process of standardizing the WLAN supply of our schools. As part of our digitization strategy, users will also be authenticated to the school WLAN via their UCS user accounts. Also here we have expanded the central environment and set up two new servers for Radius in October 2018, which will take over the authentication at the access points of the school WLAN in the future. Our plan is to provide our schools with WLAN area-wide. In 2019, further services could also be connected to the UCS IDM. One conceivable possibility would be the connection to the Bremerhaven City Library, so that pupils and teachers can log on to the library’s online services via their UCS accounts.
We are generally satisfied because UCS is running extremely stable. Of course, there are always small things, such as the calendar that is integrated in Horde, which could be improved. Nonetheless, we are satisfied to have been able to offer our schools an all-round solution for digitization in this relatively short period of time with a learning management solution, service e-mail addresses for teachers and staff and a solution for the school WLAN, and to have created a foundation on which we can gradually expand our range of services.