Web Proxy and “Shalla List” for Access Rules to External Websites and Higher Performance at the Same Time

For the IT administration of organizations with many users, typically also schools, it can be very useful to regulate the access to external websites. From a technical point of view, in order to improve performance when accessing frequently visited pages, but also in terms of restricting access to certain pages, e.g. for security reasons or to protect minors.
The web proxy, which is a central component of UCS@School, is used to improve performance and control data traffic. In this blog article I’ll show you how to configure Squid Proxy with SquidGuard and how to combine both with existing (youth protection) website filters. And with the “Shalla-List-Downloader” I would like to present you a Cool Solution, with which you can further round off this protection and which we have already successfully implemented in various school projects.

Distributed Data Storage with UCS and Ceph. More Servers, More Storage, More Reliability

More Services, More Space, Less Downtime?

Anyone operating IT services for companies or organisations will sooner or later be confronted with this: everything is growing, you need more space for data and virtual machines, at the same time the demands for the availability of services are increasing and the hardware servers also need to be maintained.

Classic solutions for available storage such as NAS (Network Attached Storage) and SAN (Storage Area Network) systems are often expensive and just as often proprietary – and therefore not necessarily the basis you want to build your own IT infrastructure on as part of an open source strategy.

HowTo: Web-based Linux Terminal Server with 2FA

Timo Denissen of the Professional Service Team of Univention described in February with the blog article “Desktops with Guacamole remote control” how computers can be remote controlled via the browser. In this How To I would like to show how this principle can be extended with the help of privacyIDEA and xRDP to a terminal server environment which can be used completely in the browser, integrated into the domain of the UCS and secured by 2-factor authentication.
I assume in the HowTo that a functional UCS Master already exists. I run this virtualized using Proxmox. I use a second VM for the terminal server environment.
The following steps are described in detail in this HowTo:

  1. Prepare LinuxMint with xRDP
  2. Installing and configuring privacyIDEA and RADIUS on the UCS Master
  3. Integrate xRDP with privacyIDEA
  4. Install and configure Guacamole with RADIUS Plugin

How To: Easily Evaluate and Permanently Operate Apps with Appliances

IT environments are a dynamic situation with changing problematics, requirements and needs of users. System administrators have to face these dynamics while maintaining IT operations. Therefore, they have to regularly deal with new software solutions and check whether they fit the requirements, needs and circumstances of their own IT environment. In this article, we want to show how Univention App Appliances can help with this. As pre-configured virtual images ready for immediate use with an integrated operating system, they can be used to quickly try out new software, switch it off if it fails to deliver the desired results, or, if the evaluation is successful, transfer the test solution to live operation.

UCS: How to Connect your Printers

In this article with corresponding how to film we are going to explain how to connect printers in UCS. Univention Corporate Server offers a printing system that can be implemented even in complex environments. Printers and printer groups are managed in the Univention Management Console, UMC for short. The print services are based on CUPS – that’s the Common Unix Printing System. The printer queues are managed by CUPS and UMC.
PPD files (PostScript Printer Description) describe the technical capabilities of the printers. These files contain information about the printers’ features, i.e. whether it’s a color device, whether duplex printing is possible, which paper trays are available, which resolutions and which printer command languages are supported (e.g. PCL or PostScript). UCS provides a variety of PPD files, so most printers can be accessed and configured without having to install additional drivers. If you have to set up extra PPD files, please have a look at our manual.

Easier than you may expect – How you gradually implement an IDM for larger organizations

Quick question: when an employee leaves your or your customers’ company, how many systems do you have to touch to disable all of their IT access rights? If your answer is more than one, you should think about introducing or improving an Identity Management System. An Identity Management System, in short IdM, takes care of your employees, their authentication, and the roles and privileges they have within your IT environment. However, adding an IdM is often seen as a difficult task. This does not have to be the case! Thus, let me show you how you can quickly introduce UCS as your identity management system while keeping most of your services intact.

Film Tutorial: Providing Central Mail Services in UCS

In our 7-minute film tutorial we will show you how to set up your own e-mail server with UCS. You will first learn why you should install the UCS Mail Server component from the Univention App Center on a UCS slave and how to proceed with the installation. When configuring the server, we will show you how to ensure that users can receive and send e-mails. At this point we will briefly go into the subject of e-mail quota.

Brief Introduction: SAML- a secure, comfortable web access

SSO-SAML-UCS
SAML – meaning „Security Assertion Markup Language“ – is a standard which enables a Single Sign-On (SSO). Users only log in once and are able to use other programs and services automatically. UCS supports SSO with SAML as well. That‘s why users get not only a central identity by using SAML but also a central log-in with UCS, making web-based working more secure and comfortable.

Journaling for Sysadmins: Admin Diary

“When did I install or remove which app, and when was the last time the password for the UCS server was changed?” Answers to these and many other questions can be found in the Admin Diary, which we introduced with UCS 4.4. It provides a quick overview of all administrative events in a UCS domain, such as software and app installations and updates, creation, modification and deletion of users and other directory service objects, password changes, etc.

Strictly speaking, the new diary consists of two apps that you can easily install in your UCS environment through the Univention App Center: the Admin Diary Backend and the Admin Diary Frontend. The backend collects data from all UCS instances in the domain and stores it in a database. The frontend provides access to this log via a module of the Univention Management Console (UMC) and displays the events.

In this blog article, I will introduce you to both apps and also explain how to run backend and frontend on two different computers. This may be useful, for example, if there already is a dedicated database server in your environment: Then you install the backend there. The frontend will be installed on that system, on which you normally use the UMC (e.g. the Master). Let’s start with the standard option: both on one system.