Cautious Modifications for Added Application and User Security

Bremen, November 17, 2015. With Version 4.1, Univention is now equipping its server operating and management platform Univention Corporate Server (UCS) with new important features for even more secure and convenient use. For example, in order to guarantee even higher security and separation in operation, the App Center integrated in UCS now also supports apps which use the container technology Docker. Manufacturers of applications available in the App Center also benefit from the global single sign-on mechanism recently integrated in UCS, which can be rendered even more secure via the use of two-factor authentication. The self-service mechanisms whereby users can reset their passwords autonomously are another particular highlight.

With the support of Docker-based apps in the Univention App Center, Univention has decided on a standard which allows secure, parallel operation of encapsulated applications in one environment. At the same time, this technology makes it possible to satisfy the contradictory technical requirements of individual apps more simply, as they only need to be satisfied for the respective container each time. Manufacturers of enterprise solutions in the Univention App Center, which now encompasses more than 70 applications in the areas of business and education, can make their software packages available as usual. The App Center is then capable of packaging the respective application as a Docker app automatically. Peter Ganten, CEO of Univention, explained the decision as follows: “For an app store like the Univention App Center, container technologies such as Docker are the ideal technical basis, because they allow the useful separation of all the applications that are used on the cloud or on-premises by an organization with an extreme low overhead as to resource requirements at the same time. If such easy to use containers had already been available on the introduction of the App Center, we definitely would have used them already then…”

Single sign-on in UCS management system via SAML
Although users will probably barely notice that their application is running as a Docker app, the new single sign-on feature now integrated as a permanent product feature of Univention Corporate Server and its management system Univention Management Console as of Version 4.1 brings with it a noticeable improvement in convenience when using UCS. The fact that only one login is required is a considerable simplification when viewed in terms of the continuously increasing number of enterprise applications and cloud services employed by users in their day-to-day work. With the integration of the right interface, manufacturers who make their solutions available in the Univention App Center can simply bind on to the security assertion mark-up language (SAML). The login process to the Univention Management Console for administrators also employs this technology.

Two-factor authentication
As UCS is often employed to administrate IT infrastructures which also contain sensitive data, UCS 4.1 now also makes it possible to supplement the authentication process by a second factor, for example a TAN generated randomly each time, in order to reduce the risk of unauthorised access even further. In this way, UCS users can now integrate the privacyIDEA app, which implements this, from the App Center with just one click. It is then available for both the sign-on to the Univention Management Console and for sign-ons to other services based on UCS, insofar as these support the SAML standard.

Autonomous password-reset service for users
UCS now also offers users the possibility of resetting their own passwords. This function was in particular demand among UCS users in large school environments and clouds services. Users can now conveniently reset their passwords themselves. The identity of the user will optionally be verified via e-mail or SMS.

Usability improvements and more transparent interface for the App Center
These new functions are joined by numerous usability improvements. For example: the Univention App Center interface has been made considerably more transparent; the user is now provided with more information on the individual apps, e.g., via the integration of videos on the respective product or an evaluation system for the individual apps.

Technical foundations
Since the release of UCS 4.0 in November 2014, the development department at Univention has implemented 363 errata updates, security updates, bug fixes and smaller new features for Univention Corporate Server, all of which are included in today’s release. The technical basis of UCS 4.1 is formed by the long-term kernel 4.1.12, the latest version of Samba 4.3.1 and OpenLDAP version 2.4.42, thus offering state-of-the-art technology on all fronts.

The new version 4.1 is available online to download as VM or ISO image for free.

Detailed information on the new, technical features can be found in the Univention Blog.

Maren Abatielos joined Univention in 2012. Since then she has been engaged in content and social media marketing for UCS and Open Source in general.