UCS 5.0 – Focus instead of feature overkill

The variety of existing Open Source projects makes it easy to add new features to a modular product like UCS. The basic requirements for many things already exist and there are positive experiences with those software projects. At Univention, we pursue the goal of making these functions available to our users. In addition, we want to maintain the integration with our core components. This maintenance is definitely the larger part of the work, which is very noticeable during upgrades. One goal of UCS 5.0 is therefore to focus on the functions that strengthen the core benefit of UCS and to prevent that UCS will become unmaintainable due to feature overkill. Unfortunately, this means saying goodbye to functions and projects that won our hearts. Thus, we first have to close some chapters before we can rejoice over new features in future blog articles.

Working on the base – updating the Debian platform and shutting down runsy

With UCS 5.0 we will update UCS onto the current and stable Debian platform. In the course of this process, several changes and results from decisions made by the Debian team will also affect UCS. I will not specify them here (feel free to check out the Debian Release Notes for further reference), but we also want to modernize the base.

One section that we will no longer support in UCS 5.0 is updating systems with the i386 architecture, i.e. operating UCS as a 32 bit operating system. Installation media for this architecture have not been available for some time now. With UCS 5.0, you will also no longer be able to update from existing 32-bit systems.

Another part of our base updates is the removal of the “runsv” service and the associated package “univention-runit”. This service was introduced to monitor other services and restart them in case of problems. With “systemd”, this task can be executed more easily and services such as the Univention Notifier, Univention Listener or the DHCP daemon will be converted accordingly.

Farewell to the past: Windows NT-compatible domain controller

As one of UCS’ most important components, Samba 4 now emulates a Windows Active Directory including compatible file and print services. Prior to UCS 3.0, it was standard to operate as a Windows NT domain – and in relation to upgrades, the UCS 4.0 releases (and further releases as well) also support this operating mode in a restricted form. With UCS 5.0 we will say goodbye to this. A new installation in the “old” mode of a Windows NT domain has not been possible for some time now. Users who have not migrated yet will have to do so before updating to UCS 5.0.

When saying goodbye to Windows NT domains, we also remove elements which are no longer needed. These include little helpers such as the “samba4wins” which allowed to run redundant WINS servers next to NT-compatible domain controllers under UCS. This will no longer be needed for Samba as an AD compatible domain controller.

This was not easy: Univention Virtual Machine Manager

The decision we have dealt with the longest and most intensively – internally and also in the exchange with customers – was the use of the Univention Virtual Machine Manager (UVMM).

We designed UVMM to meet the virtualization needs of small and medium-sized environments. It offers an easy-to-use graphical front-end for daily work, but thanks to its basis of KVM, QEMU and libvirt, it can also be used to build large virtualization environments with the appropriate expertise. It is used almost exclusively in simple scenarios, for example to provide additional services as a virtual machine on site servers.

When UVMM was introduced with UCS 2.4 over 10 years ago, tools to administer virtualization on Linux servers with a simple, remotely operable interface were missing. UVMM has successfully closed this gap in many projects. Univention’s focus was to be able to operate machines with different operating systems. In order to do so, we not only developed the UI but also supported upstream projects, including the availability of acceleration drivers for Windows operating systems. Thanks to the intensive and committed work, even with difficult details of the network stack or the live migrations, we have meanwhile developed an almost emotional attachment to this component – and changes are thus hard for us.

Saying goodbye: the Univention Virtual Machine Manager will no longer be continued in UCS 5.0

The possibilities and the available tools for virtualization under Linux have multiplied in the last years. Today there are numerous alternatives to UVMM out there. At the same time, virtualization is not the reason why UCS is used. In fact, it seems that people are using it simply because it is available. However, the tasks of UVMM can also be performed by the standard KVM stack included in UCS by Debian as well as by supplementary tools.

In the course of developing UCS 5.0 we therefore decided to no longer maintain UVMM for controlling virtualization. The basic components such as KVM, QEMU and libvirt will continue to be available for UCS. They will also continue to be part of the product support. Operating virtual machines under UCS will also be possible in the future, and existing virtual machines will continue to function. However, we will no longer maintain the graphical administration ourselves but recommend Open Source tools instead. Details will be communicated together with the release of UCS 5.0.

Components of little use

There are many other components or apps that have been available in UCS for a long time. We have also tested them for their actual benefit to our users. As to some of them, we have decided to no longer offer them for UCS 5.0:

• The local desktop has been introduced in UCS for easy access, especially in case of hardware installations. It supports mainly users without command line experience. However, these users now benefit from our web interfaces for their daily work. If you want to continue using a desktop on an UCS, you can do so in the future via the standards adopted by Debian.
• Another use case was the provision of Linux terminal services. Here, the desktop was supplemented by the XRDP app for remote access via RDP. Since we already stopped supporting these use cases in the past, it is only logical to no longer maintain these integrations anymore.
• Here are two further examples of no longer frequently used UCS extensions that are so rarely used that most readers probably don’t even know about them: The package “univention-ftp” enabled you to connect an FTP server to the UCS identity management. The integration “univention-snmp” allows a simplified access to properties of a UCS instance via SNMP. Both integrations are rarely used and FTP in particular is no longer widespread due to its insecurity.

Aged with dignity

Worthy successors for a number of UCS apps and components that are no longer “state of the art” can be found at our App Center today. Said apps and components are often accompanied by a lack of maintenance of the original software. Here we have planned the following replacements:

• The webmail interface Horde was originally launched as a reference for accessing our mail stack. However, it is now accompanied by numerous other webmail and groupware solutions in our App Center which surpass it in functionality and usability.
• Monitoring in UCS has long been implemented via Nagios – as with Horde, there has been little development in the release branch we use. The focus of our integration is on checking parameters of the UCS instances which overlaps with the UCS Dashboard. The latter only lacks the possibility to report detected problems as an alert via e-mail. The Prometheus service behind the dashboard is able to deliver such alerts. We thus decided to integrate the functions of Nagios into the UCS Dashboard.
• The integration of MRTG into the Univention Management Console shows another overlap with the UCS Dashboard. MRTG can be used to generate simple system statistics. We will also remove this integration in favor of the UCS Dashboard.
• With “Pykota”, we have so far implemented the print quota functionality. We wanted to add transparency to the volume of print jobs. The software is no longer actively maintained and loses much of its functionality due to incompatibility. At the same time, we have good alternatives in our partner environment, e.g. Papercut.
• We will discontinue further packages which we originally maintained to simplify the integration of Open Source in UCS in favour of other solutions. These are “univention-bacula” and “univention-remote-backup”. There are better backup solutions available in the App Center or via partners.

Follow-up

As already mentioned in the blog article on the changes of the system roles, we have removed some computer object types from Univention Directory Manager. Those were left over from the UCC and TCS products we discontinued a long time ago. These products also contained some packages which should simplify the work with UCS as a Linux terminal server or desktop system. The following are also no longer needed: “univention-passwd-cache” took over the transfer of passwords within a desktop session, while “univention-check-printers” monitored USB printers for accessibility.

For compatibility reasons, there was the package “univention-java”, which enabled access to the Univention Configuration Registry via Java. This package is also no longer required. With earlier versions of the proxy in UCS, access to Internet pages was controlled specifically via configurable rules in Dansguardian. Nowadays other Squid plug-ins have assumed this task.

Looking ahead

A farewell is simultaneously a direct step into the future: As announced, we are switching our implementations from Python 2 to Python 3. In the pre-release, we will have already migrated the Univention Directory Manager and Univention Configuration Registry to Python 3 as well as other implementations based on it, such as the Samba4-Connector.

Not all of the announced changes can be carried out unnoticeably in the background. Some of them will also require intervention by the administrators of UCS and produce changes for the users. For all the changes announced here, the following applies: We are working to make these transitions as easy as possible. We will automate changes wherever it makes sense and will document them wherever it is necessary.

After the many goodbyes in this article, I look forward to using the next few blog posts to take a look at the improvements and innovations in the focus areas of UCS. Accompanying the actual pre-release, we will have more info available for you.