IT expenses and Covid-19: learnings for companies

Dark server room with red covid-19 badge

Throughout the Covid-19 crisis, the IT requirements in many companies, organizations and governments have fundamentally changed as has the awareness for IT. For many organizations, it saw the widespread adoption of remote working policies. Often, these changes were required to be implemented overnight, when government- issued stay-at-home-orders created a new reality. Here is the take from our partners and customers on how efficiency gains, system integration and task delegation have changed their IT environment.

Let’s take the Corona crisis as an opportunity

Together we will change the world written on the pavement with chalk

The Corona crisis has had a huge impact on our society. Office workers had to start working remotely, medical professionals had countless double shifts and delivery companies went into over drive. Winners and losers everywhere – Amazon grew turnover by 25% in the second quarter of 2020, the cloud computing department of Microsoft saw a 47% growth, we all know Zoom barely held it together, spending hundreds of millions on expanding their server farms.

Digital Sovereignty is an Indispensable Prerequisite for the Resilience of Our IT Systems – First Lessons from the Corona Crisis

We are in the transition to a “new normal”. However it will look different from the normality before the corona pandemic. Step by step areas of life are being ramped up that until recently were in an unprecedented exceptional situation. This involved a lot of stresses, but it has also brought new and valuable insights into how we can organize our lives. The significance of digital communication options has increased enormously. The use of digital technologies has been accelerated tremendously. It became clear that it is important to have systems that function independently of individual providers or even of foreign countries. Systems that are resilient and can react quickly and effectively to a crisis so that stable conditions can be restored.

Two Standards But One Common Single Sign-on – Integration of SAML and OpenID Connect

The integration of Kopano Konnect in the single sign-on network of Univention Corporate Server is an additional option for users to access a range of various applications that are integrated in UCS via a single, initial login using their user name and password.
The two authentication standards SAML (Security Assertion Markup Language) and OpenID Connect have already been available to UCS users for some time. So far, however, these two technologies have been two separated worlds. If some of the web services used SAML and others OpenID Connect for the authentication against UCS’ identity management, users were forced to log in twice in those environments with multiple services. With the support of the Kopano team, we were able to release an extension of the app “OpenID Connect ID” in the App Center. This is integrating the two standards with each other and thus allows a single authentication process by the end user.
I would like to briefly explain how a single sign-on generally works with UCS. Then I explain the interaction of Kerberos, SAML, and OpenID Connect and show you which functions the new implementation of Kopano Konnect offers to UCS users.

Synchronize Password Hashes between MS Active Directory and UCS

Schaubild: UCS Kerberos-Hashes

Version 4.4-4 of Univention Corporate Server (UCS) comes with some cool new features, one of them being the new AD Connector app. It makes the synchronization of password hashes between a Microsoft Active Directory domain and a UCS domain significantly more secure and less error-prone. While previous versions could only synchronize NTLM hashes, the AD Connector of UCS 4.4-4 also reads newer hashes, the so-called Kerberos keys which allow single sign-on (SSO) to different applications.

I am a second-year trainee at Univention (job description: IT specialist for application development). I was involved in the development of the new feature and mainly had to deal with three tasks: the AD Connector itself, the OpenLDAP overlay module, and the S4 Connector (Samba). In this blog post I’m going to explain what Kerberos hashes are and how I implemented the new feature.

UCS: How to set up LDAP Replication

The central element of every identity management system is usually a directory service, a repository that stores and manages information like user profiles and access privileges, and network resources. Univention Corporate Server (UCS) uses OpenLDAP for this task.
If the directory service is down, many other services are no longer available. In this article we are going to show you how to plan a fail-safe environment for your UCS domain with LDAP replication, i.e., storing an exact copy of the data on multiple servers – this improves the reliability as well as the performance.

Data Ethics & Digital Selfdefense

Using a fake identity to trick Facebook, getting paid for jogging and how to book one and the same hotel room cheaper via VPN – in their keynote speech „Data Ethics & Digital Selfdefense“ at this year‘s Univention Summit, author Pernille Tranberg and journalist Steffan Heuer showed how big our digital footprint actually is and what information we (un-)consciously publish about ourselves on the internet.

Digital Opportunities in Education Simply Too Good to Waste

Tafel mit Aufschrift "What's Next"

What is the current situation?

Compared with other developed countries, Germany’s pupils, teachers, and curricula are lagging far behind in terms of digital education and media skills. The German Minister for Education, Johanna Wanka, has identified two principal reasons for this, which will now be addressed in the new DigitalPakt#D strategy. One the one hand she sees a lack of pedagogic concepts and strategies, and on the other an underdeveloped IT infrastructure. I can agree wholeheartedly with this assessment for many sectors.