A universal digital profile, with full privacy control for the users
Many users are tired of remembering hundreds of usernames and passwords. So the majority is either using one password for everything or storing their login information in the browser. Security managers are frequently shocked by the password management of users. But security and IT experts are now able to relax as a group of Internet experts has created a global open standard: ID4me.
Only a short percentage of users is changing their passwords on a regular basis. And when choosing a password, „easy to remember“ usually beats „secure, unique and complex“. Of course, you want to make sure your users choose a username and password combination that is secure. Forcing users to do so often results in storing the login credentials in the browser. Some systems force their users to change the password on a regular base, resulting in frustrated users or employees.
With the announcement of July 23, 2018 at the beginning of February this year, Google created a new milestone on the path to a fully encrypted web. On this day the new version 68 of the Chrome browser will appear, which will, for the first time, mark all websites accessed via HTTP as unsafe. Instead of the well known green lock, which stands for secure HTTPS connections, there will then be shown a grey lettering indicating the uncertainty of the connection.
The JOBELMANN-SCHULE – Berufsbildende Schulen I Stade vocational school developed its own social network for teachers and the school administration. Open Source made it possible to set it up in a manner that complies with the latest data privacy regulations, and the use of Univention Corporate Server for the basis also makes it easy to administrate.
The JOBELMANN-SCHULE in Stade has around 2,250 students, almost two thirds of which attend part-time while they complete vocational qualifications. There are 130 members of staff on site offering instruction in more than 20 careers requiring practical training. E-mail communication between the staff and students has long been handled by the groupware “Tine 2.0”, which is based on Univention Corporate Server and which we introduced some time ago with the support of the Hamburg-based company Files Per Hour. However, the majority of faculty members also wanted to offer the students a means of communicating with them outside of class. To this end, they began looking for a platform that spoke to the young people: a social network.
Every knows e-mails, but students are now using this communication channel less frequently and intensively. In addition, many solutions are not secure. In contrast, they do use Facebook, WhatsApp, etc., intensively. Those applications are out of the question for use by a school though, as there is absolutely no guarantee for the protection of personal data. For data privacy reasons, the official use of such networks is also explicitly forbidden for schools in the majority of the German states.
The central management of a heterogeneous network has always been UCS’ strength. This was our goal from the beginning to provide a platform that bridges the Linux/Windows worlds. But how does the synchronization between UCS and Microsoft Windows actually work? The problem is that Windows doesn’t speak the same language as UCS. They don’t support the standard-compliant LDAP protocol that allows the communication between the server and clients in UCS. Microsoft has chosen a different approach for its Active Directory.
Let me explain you today which exact technologies we introduced in Univention Corporate Server to provide a solution to this problem. Among other things, I give you details about the replication process via listener/notifier for OpenLDAP, DRS replication for the Active Directory and the Univention S4 Connector, which synchronizes between Microsoft Windows and Linux.
Single Sign-on (SSO) is a process where your users authenticate themselves only once against the system and that’s it. They can then use a whole range of different programs, services, and cloud offerings without having to sign on personally each time again. Your users will love it. No more hassle with inventing and remembering numerous different passwords.
But single sign-on is not only about user friendliness. Another important aspect is, of course, the security of your data. When you’ve got a complex IT infrastructure, which includes mobile apps and devices and cloud services, the security risk increases a lot.
This is why I would like to explain here how you can catch two birds with one stone: Making work easier for your employees with single sign-on technology while keeping your data safer from external attacks at the same time.
We released UCS 4.3-1, the first point release for Univention Corporate Server (UCS) 4.3. In addition to a number of security updates, it also brings various new features.
The diagnostics module of the Univention Management Console (UMC), for example, now provides further functional tests. These help administrators to check the “health” of the server and the entire domain. In addition, UCS 4.3-1 has improved its usability, for example with regard to the configuration of e-mail addresses or DNS settings. Furthermore, the integration of very large LDAP scheme extensions and the start of the LDAP server on DC backup and DC slave systems now work much more stable.