Fail-safe performance and load distribution thanks to LDAP replication

ldap-replication

Even if you only have a small number of staff, the administration of individual user accounts for numerous applications and the corresponding access rights can still prove very time consuming. When responsibilities change hands or when new members of staff join the company at the latest, the IT infrastructure becomes characterized by uncontrolled growth, which not only requires a lot of time to handle, but also becomes more and more insecure over time. More often than not, the administration of the users and their rights gets neglected at some point. As the enterprise expands, this type of out-of-control infrastructure becomes more and more risky and dangerous. Centralized user management in the form of an identity management system can help you to rein your IT back in again.

The beating heart of an identity management system is often a so-called LDAP directory service, which is also integrated in our Univention Corporate Server. LDAP stands for lightweight directory access protocol, so it really only describes the protocol itself, although people also tend to talk about “the LDAP” when they actually mean the LDAP directory service.

Moving your business to the cloud?

Moving your business to the cloud?According to a survey conducted by analyst firm Statista GmbH, 44 percent of German companies have moved their business to the cloud. During the last couple of years, many cloud providers have developed different applications and the upward trend will remain steady. Our development-team from Sweden designed the business software Fortnox already in 2001, so we can confirm that the trend of moving businesses to the cloud is an upward trend. Especially, the future development is crucial because the requirements for cloud providers are growing continuously. Plenty of new suppliers are entering the cloud market every day, so the competition is increasingly high. Providers of cloud solutions have to stand out with new and innovative products otherwise they will leave the cloud market as fast as they entered it.

Dovecot is the default IMAP/POP3 mail server in UCS

Univention integrated Dovecot as new default IMAP/POP3 mail server in UCS. This article gives a first overview about this integration.

Why Dovecot as default IMAP/POP3 server in UCS?
Dovecot IMAP Server LogoDovecot has a focus on security, stability and performance, while complying with established standards. Similarly to Postfix Dovecot starts a couple of separate processes for different tasks. The processes can be run with different owner and group permissions to limit the impact of a security incident.

Dovecot supports several backend storage formats: mbox, Maildir and dbox. In each case it uses indices to increase access performance. Their self healing and self optimizing features reduce tedious administrative intervention and simplify backups.

Bundestag Hack: Possible Backgrounds and Defense Methods

Bundestag Hack

Here at Univention, we are of course also concerned by the attack on the German parliament’s IT infrastructure, better known as the “Bundestag hack”. To recap: It appears that there were some bogus e-mails there including links to malware. A number of the Windows PCs in the Bundestag’s “Parlakom” network were or may still be infected with the malware, which is alleged to have searched for and copied certain confidential Word documents. According to a report in the Tagesspiegel (German) newspaper, this allowed the hackers to gain “administration rights for the infrastructure”. The attack was conducted as an “advanced persistent threat” or “APT attack” for short: in other words, a complex, multi-phase attack on the German parliament’s “Parlakom” IT network.

How IT systems can be taken over

There are a whole host of “classic” approaches for taking over IT systems, such as the exploitation of security vulnerabilities in the software, the interception or guessing of passwords (brute force attacks) and the cracking of password hashes. These methods are well known and it is comparatively simple to reduce the risk of such attacks’ being successful. The requisite measures are: regular, comprehensive and rapid installation of updates, encryption of sensitive data and network communication using state-of-the-art encryption standards, the use of sufficiently long passwords, logging of failed login attempts and blocking of user accounts with too many failed attempts, the use of salted password hashes (the salt converts two identical passwords into different hashes), iteration of the hash functions (rounds) and changing passwords regularly.

Working On The Go – How You Stay Productive and in Control

working-on-the-goAs manager of Univention North America, I often find myself working on the go. While free WiFi and mobile Internet are slowly bridging the gap between the office, airport lounges and hotels, connections are often slow and congested whenever many people are congregating.

While many office documents can still be worked on when on the go, synchronization with the office and collaboration with coworkers are still difficult, especially, if you have to consider questions like data and transmission security, including secure access to the company network, travel across time zones or, oh horror, the date line and slow connections.

Of course, travel needs are not the only reason, why you would want to look at these applications, for synchronization and collaboration can also greatly benefit teams that work at multiple locations or colleagues frequently working from home. In the end, nothing is worse than finding out that an employee has uploaded much of the companies confidential knowledge base to a cloud service, because tablets, smart phones or collaborations are words that the IT office can’t be bothered with.

Identity Management – What you Need to Know

Identity management (IdM) in essence refers to the management or administration of individual identities within a system, such as a company or network.

Within the corporate world, ID management refers more specifically to providing IT managers with a centralised administrative system (Identity Management System – IdMS) where company users and permission restrictions to applications such as ERP, CRM, e-mail client etc etc can be grouped together and managed collectively. The principle objective behind IdM is to improve security and protection for sensitive company data and systems, whilst simultaneously improving productivity as well as reducing costs, downtime and repetitive time consuming tasks. [1]

Example Set Up

What makes Identity Management Systems such as Univention Corporate Server (UCS) so useful is that they can be integrated into a whole host of systems including for example corporate phone systems like pascom’s mobydick VoIP Communications Solution as illustrated by the following video.

Should QNAP servers be expanded with UCS and Zarafa or is it technical overload?

QNAP LogoIt’s not just in our working lives that digitalisation is constantly gaining ground; the number of digital devices we use at home is also increasing on a daily basis. A family of four or a shared flat can easily boast a formidable number of different devices and applications. It gets even more interesting when friends come to visit and want to play a movie on your television or use your printer. And it gets downright complicated if all these digital devices have to interact with each other too! In such cases, the requirements are often hardly any different from those of a small company, and the need for more comprehensive functions soon arises.

Many people already have a small home server at home, even if they don’t realise it. Boxes like QNAP, Synology and the like are often used for central file storage and as media servers, and these little boxes can really do much more than you’d think. So why not tap the existing potential?

1 Year Univention North America: The Move across The Pond

140826_Kevin_Dominik_KorteWhen I started at Univention’s Professional Services in Germany, one of the questions I was asked was “Where do you see yourself in 5 years?”. Being prepared for the interview, my answer was a mixture of showing my idea of working with customers, my understanding of the technologies of UCS as well as my personal goals and dreams. Looking back to my answers in our HR folder, I have to admit that life has taken many turns that I didn’t plan for. Today, I’m no longer working in Professional Services. For a bit over a year, I’ve been Univention’s North American Operations dealing not only with technical projects but also with Sales, PR and Management as a whole.

What better chance is there to look back at the challenges and opportunities our move to the US has presented to us at Univention. I will look at the problems we could solve for our customers, the technical challenges UCS has mastered and how it changes us as a company when striving for perfection. For this reason, I’m happy to introduce this short series of blog posts looking back at the past and giving an outlook into the future:

Zarafa integration update introduces module for managing Zarafa contacts

Univention App-CenterThe latest update for the Zarafa app in the Univention App Center – to version 7.1.12 – is significant not just for Zarafa itself but also for UCS integration: the update brings you up to version 2 of the Zarafa Web app and allows the app to be installed on a UCS member server. One significant improvement is a dedicated module in the UCS management system for managing Zarafa contacts and Zarafa shared stores.

Make money with Open Source software

Even today, the general consensus still stubbornly persists that Open Source software is developed by ponytailed computer geeks as a hobby in the middle of the night. It’s admittedly a very romantic notion, but one which only reflects the reality to a certain extent.

The Linux Foundation recently published a very interesting document on who actually contributes to the Linux kernel. Since 2005, some 11,800 individual developers from around 1,200 different companies have contributed to the Linux kernel. The fact that recently at least 88.2% of the improvements came from people who are also paid for this work – a growing trend – is proof that more and more IT professionals are also working on Linux.