In Schwäbisch Hall, Germany, the IT department manages about 500 Linux-based client computers. One of the team’s tasks is to ensure that the approximately 900 employees in the public sector have access to their e-mails, calendars, contacts and files anytime, anywhere. To this end, Schwäbisch Hall has been using Linux and open source software to the greatest possible extent for 20 years now.

In 2021, the decision was made to replace the identity management system developed specifically for Schwäbisch Hall with an open source solution professionally maintained by a manufacturer and introduced Univention Corporate Server (UCS).

Anwender

User

  • 900 employees in the public sector
  • 500 Linux-based client computers
  • Linux and open source software in use for more than 20 years
Checkliste

Requirements

  • Migrate the self-developed Linux user management to a standardized product that is continuously maintained and supported by a manufacturer
  • Centralized management of employee and system identities and access rights
  • Centralized provision of information such as password changes, user details, group memberships
  • Perform migration to the new solution within a few days without disrupting employee workflows
  • Comply with the no-spy clause of the Federal Ministry of the Interior and Community (BMI)
Lösung

Solution

  • UCS as the technical basis for a heterogeneous IT landscape (open source & Windows) and as identity management for the central administration of users and their access rights
  • Redundant design of central services such as LDAP, DNS and DHCP as well as the Samba-based Active Directory Windows services
  • Replication of user data to the services with the notifier listener mechanism used in UCS
  • Provisioning of the OX App Suite via the UCS OX Connector
  • Transfer of information about users, groups and devices from Samba AD to UCS with UCS Active Directory Takeover

Dealing with the past

Until the decision was made in favor of the open source solution UCS in 2021, the public administration of Schwäbisch Hall relied on a self-developed identity management system (IDM) to manage identities and access rights. However, this system was no longer suitable for this purpose, mainly due to the external support, the lack of in-house knowledge transfer and the slow build-up of know-how in this area. Schwäbisch Hall began searching for a suitable IDM to efficiently utilize its scarce human resources, provide its approximately 900 employees with centralized access to their e-mails, appointments, contacts, and files, and ensure the administration of new programs.

The goal of this modernization process was to break away from vendor lock-in by using open source software (OSS). In addition, the city wanted to increase the security of its overall IT system, reduce licensing costs, and ensure the compatibility of Linux and Windows systems in a complex, heterogeneous IT landscape with a planned migration to Linux systems.

Realignment of IT with the UCS Open Source Solution

The city’s new IT approach was to deploy Linux-based client computers and introduce a professionally maintained open source-based central IDM for standardized and centralized user management. In this way, the old administration system, which at the time replicated all changes to the respective connected services, was to be made future-proof. User information such as group memberships, password changes and user details were to continue to be managed centrally.

The first challenge of the project was to find a suitable IDM that also met the no-spy clause of the German Ministry of the Interior (BMI). Many IDMs did not comply with this clause and were therefore not considered by the IT department in Schwäbisch Hall. With UCS, an open platform with integrated OpenLDAP and Active Directory functions, services could be easily integrated via the App Center or interfaces, centrally administered and made available via a portal. Mathias Waack, Head of the Organization & IT Department of the City of Schwäbisch Hall, emphasizes: “It was somewhat surprising to see that Univention was the only vendor that responded positively to our inquiry at all. Strictly speaking, I was personally surprised by the fact that apparently all other manufacturers of IDM systems had difficulties with precisely this no-spy clause.”

Arrive well prepared

Knowing that the technical foundation of the old and new systems was similar, a migration plan was quickly developed. To transfer information from the old system to the new solution during migration, a notifier-listener mechanism replicates user data to individual services and central services such as LDAP, DNS and DHCP. The redundant design of the Samba-based Active Directory Windows services ensures failure safety. The OX App Suite e-mail solution, which previously ran on a Dovecot server, was also migrated to UCS.

Prior to the actual migration, a virtual test installation was set up with a digital twin of the current system and a UCS. Snapshots and clones were used to clean up the data in advance and to create scripts and a schedule for an automated migration. User, group and device information from the previous Samba Active Directory was handled by UCS Active Directory Takeover, which was developed for Windows domain migrations, so that when the migration was complete, all 500 Linux client computers were working with the new system without any further changes.

This is what our customer says.
  • „It turned out to be a stroke of luck that our technical contact at Univention, with whom we had already planned everything in advance, was on site during the migration. Thanks to his expertise, we quickly found a solution for a very special use case.”

Challenges during the project

One of the biggest challenges was specific use cases that had not been considered by the relatively young IT team. As a result, the team was under a tight deadline to migrate the Linux-based client computers.

The implementation of this quickly found solution proved to be somewhat time-consuming, as the team was not able to automate some points as planned and instead had to make manual adjustments. Nevertheless, the migration was successfully completed in just one weekend.

Conclusion

Future plans in Schwäbisch Hall

In the future, the IT team in Schwäbisch Hall wants to introduce an electronic document management system that will reduce paper consumption in public administration and contribute to the sustainability of Schwäbisch Hall through the simultaneous use of a paper-based and a digital system.

In the long term, the city hopes to see similar standards for IT systems in public administration. This would optimize efficiency and cooperation between municipalities and enable the development of IT solutions based on these standards on the manufacturer side.

Newsletter

Stay updated on all news about Univention and our IAM products via email.

Get started

Make an appointment and get to know our IAM solution.

Further References