Digital Education in Oldenburg: Ensuring Future-Proof School IT with UCS@school

In this guest article, we would like to report on how we have future-proofed the IT infrastructure of around 50 schools in Oldenburg, how we have overcome challenges and which solutions have convinced us, and which exciting projects still lie ahead of us.

As the school IT department for the city of Oldenburg, we look after the IT infrastructure of 48 general and vocational schools with around 28,000 pupils and 2,300 teachers. With around 10,000 mobile and 2,500 stationary devices, our administrative workload is constantly growing. In order to support the increasing use of digital media in teaching, we had to comprehensively modernize the IT infrastructure in Oldenburg to make it fit for the future, streamline its administration and simplify the use of IT in schools.

Until a few years ago, most schools administered their IT infrastructure themselves and were also supported by external service providers, which led to major differences in technical equipment. Only the vocational schools had their own IT administration and therefore an expert contact person on site. As digitalization progressed, it quickly became clear that the previous structures were not sufficient. A modern, future-proof solution was urgently needed to meet the increasing requirements and provide the schools with optimum support.

In 2018, we kicked off the realignment of our school IT with a standardized media development concept. Our aim was to standardize the heterogeneous IT structures and provide central support for all educational establishments. It was particularly important to us to find a reliable, modular and user-friendly solution that would meet the technological and educational requirements of all school locations.

We were looking for a data protection-compliant and secure on-premises solution that we could operate centrally in the city’s data center, which would provide central user IDs and offer the option of connecting other IT services via secure interfaces. It should also support the use of modern forms of learning with mobile devices and offer personalized access to a school Wi-Fi network for all users.

We decided on the UCS@school open source platform because its centralized identity and access management significantly simplifies user administration. We also found its pedagogical functions such as exam mode and room management as well as administrative features such as automated user import, self-service for account adjustments and password resets very useful in order to relieve teachers of IT administration tasks as far as possible. With the new solution, we can administer and provide the entire IT environment centrally in the municipal data center. UCS@school also enables other services such as software distribution, mobile device management, mail and learning platforms to be connected to the central Identity & Access Management system. Thanks to the platform’s adaptability, we can tailor and expand the system to meet current requirements. A central IT service desk and service level agreements guarantee a stable and reliable IT infrastructure.

Our UCS@school environment in Oldenburg comprises 12 servers with different roles, which provide a stable, scalable basic IT structure. User data is maintained in the DaNiS school administration system, synchronized via the moin.schule state directory service and finally transferred to the central identity management system via the Schulconnex interface, where it is automatically imported. This simplifies administration, reduces errors and enables an efficient rollout of user accounts without having to manually import CSV files.

The UCS@school portal serves as a central platform for accessing web services, instructions and admin tools. Keycloak, installed as an app on two UCS backup servers, acts as an identity provider and enables Single Sign-On (SSO) for all connected services and external applications. Our Nextcloud instance, for collaborative work on documents, runs on several virtual servers for load balancing and reliability and is integrated into Identity & Access Management via SAML and LDAP so that teachers and students can access it via SSO in the future. Preconfigured groups automate the creation of class folders and storage space allocations.

For digital learning, Moodle and BigBlueButton are connected, both integrated via OpenID Connect (OIDC), which enables automatic course assignment and virtual classrooms in Moodle. Other services such as the timetabling software WebUntis, BILDUNGSLOGIN for digital educational media and Microsoft 365 are also connected via OIDC or SAML so that users can log in centrally with a single password.

The first project phase for the introduction of the IT infrastructure at five pilot schools went smoothly at the beginning, but we faced challenges: Our team was heavily involved in supporting the vocational schools, which meant that capacity for onboarding was limited.

The Covid-19 pandemic, supply bottlenecks and the “DigitalPakt Push” required a reprioritization, which is why not all pilot schools could be connected by 2021. The network renewal at all schools, the increased use of mobile devices and the shortage of specialists also presented us with additional challenges.

The network expansion is well advanced and numerous services have been rolled out centrally. A mobile device management system with around 10,000 devices has been set up and the school IT team has been expanded to 24 employees. A central service desk and a hotline offer comprehensive support, and SLAs have been agreed for 41 of 48 schools that transparently regulate rollout and support. Media concepts and LAN and Wi-Fi connections are to be completed by the end of 2024.

Around 6,000 users at vocational schools and 7,200 at general education schools are already using the central identity management and new functions. Despite the challenges, we have created a solid foundation for the digital transformation.

Another milestone has been reached with a Microsoft FWU framework agreement for vocational schools. The focus is now on expanding central services and providing additional user accounts. For 2025, we are planning an email and messenger solution as well as a standardized solution in the administration network, which will be tested in a pilot phase.

You can find out more details about our project in our presentation Oldenburg: Zentrales IAM mit Keycloak & moin.schule , which we gave at the Univention Summit in January 2025.