Secure Operation of Existing Applications in the Corporate Environment with Open Source Tools

Last year I submitted my Master’s thesis titled “Secure Operation of Existing Applications in the Corporate Environment with Open Source Tools”, and successfully earned my degree in IT from Bremen University of Applied Sciences. My research focused in particular on the differences and the security-related advantages/disadvantages of server virtualization compared with operating system virtualization, which had undergone much less intense testing at the time.

As I can imagine that this is a topic which will also be of interest to some of you too, I decided to summarize the most important findings of my work here:

Ansible Modules for the Automation of UCS-Specific Tasks

Ansible Logo

As a long-term Univention partner, we at Adfinis Sygroup operate UCS environments for many of our customers. We employ Ansible for automation when running different Linux distributions as it standardizes the roll-out of UCS among other things.

Up until now there weren’t any Ansible modules available for UCS-specific tasks. To remedy this, we developed modules based on the standard script interface of Univention Directory Manager for recurring tasks in the maintenance of the directory service with the goal of simplifying the process. These currently include the following:

udm_group
udm_user
udm_dns_zone
udm_dns_record
udm_share

These modules are included in the Ansible extra modules as of Ansible Version 2.2 and can be used accordingly with Ansible, as can other modules. If additional Ansible modules are developed in the future (and not yet included in Ansible itself), it will be possible to add them to individual projects. The following offers a brief explanation of how these additional Ansible modules can be installed and then provides a brief introduction to the modules listed above.

Cool Solution Moodle – For Cooperative Learning

Moodle Logo

What are “Cool Solutions”?

Cool Solutions is the name we use to describe Univention solutions which expand UCS with practical, advantageous functions and which we successfully employ for our customers. These solutions are regularly showcased in the Univention Wiki in the form of Cool Solutions articles.

In this article I would like to introduce the learning platform Moodle and its interface with UCS. At the end of this article you can also find an interview we conducted with the Chemnitz education authorities, which are currently implementing Moodle in a number of the city’s schools.

How to Integrate with LDAP: “Generic LDAP Connection”

LDAP

In the blog article series “How to integrate with LDAP”, we introduce a whole range of different options and possibilities for how the LDAP provided by UCS can be expanded or used in cooperation with other services.

In the first section of this article, “Typical Configuration Options”, I will be using an example to demonstrate the sort of information typically required to perform user authentication against the UCS LDAP. I will be taking you through the necessary configuration steps using the project management system Redmine as an example, as this requests all the typical information.

In the second section, “Types of Search Users”, I will go into more detail on the possibilities available to you if it is not possible to search through the UCS LDAP anonymously.

If you are not all that familiar with the topic of LDAP yet, I would recommend you read our blog article: Brief Introduction: What’s Behind the Terms LDAP and OpenLDAP? first of all.

How can OpenLDAP with UCS be scaled to over 30 million objects?

Serverschränke mit Zahnrädern im Vordergrund

The majority of the environments in which UCS is employed include anywhere from a couple of dozen users up to several thousand – sizes which can be directly implemented with the standard configuration of UCS. In the systems operated by the education authorities we see a leap to between 10,000 and 100,000 users – in this case, the UCS@school concepts allow functioning scaling.

Even including groups, hosts, and other LDAP infrastructure objects in the calculations, these environments rarely exceed 200,000 objects. But what happens when an environment with more than 30,000,000 objects needs to be administrated in LDAP?

Univention App Center presented

Univention Corporate Server Logo

In this video tutorial we give you a short introduction into the Univention App Center. The App Center is a central feature of Univention Corporate Server which allows you to easily install and manage additional UCS components and business applications of third-party vendors. You can thus adjust your IT infrastructure to your personal needs at any time. One crucial and great benefit of the App Center is the central management of all apps including their users via the UCS management system.

More on this in the following video!

Cool Solutions – Guacamole…Not Just a Dip!

What are “Cool Solutions”?

Cool Solutions is the name we use to describe Univention solutions which expand UCS with practical, advantageous functions and are also sometimes employed by our customers. These solutions are regularly presented in the Univention Wiki in the form of Cool Solutions articles.

In a new series of articles, we want to introduce you to the five most popular “Cool Solutions” over the next few weeks. Today we are starting with Guacamole – and no, we don’t mean the tasty Mexican dip this time.

Protection Against Ransomware – a Subjective Overview

antivirus. Binary code, technology background

The threat posed by ransomware such as Locky and other malware has been a hot topic on and off in the media for months now. In a number of cases, including some rather more prominent ones, hackers have managed and continue to manage to infect their victims’ files with malware, which encrypts them to the point where they can no longer be used – the files are only made available again once a “ransom” has been paid. The more accesses the user in question has, the higher the damage: if possible, files on servers in the network are also “captured”.

A great deal has already been written on the topic. At this point, I would like – albeit very subjectively – to introduce a couple of approaches for how to protect yourself against such attacks.

Page 1 of 3123