Fritz Haber Institute of the Max Planck Society
The Fritz Haber Institute (FHI) of the Max Planck Society is an international research center, where scientists from all over the world study the fundamentals of the chemical transformation of matter and energy at surfaces and interfaces.
The research activities at the FHI are thematically divided into departments that act independently but pursue a common goal: the promotion of basic research.
Initial Situation: Technical and Licensing Issues Motivate Replacement of Microsoft
The operation of Windows clients in a corporate environment almost always means that they are maintained by using Active Directory. For this reason the Fritz Haber Institute had to operate some Windows servers in addition to the server services that are based on Unix machines. This means additional maintenance effort due to the differences to Unixen. This and Microsoft’s hard-to-understand licensing policy have led the Institute to replace all Windows instances from the server environment with alternative products – if possible with Open and Free Software.
Requirements: One for All
The institute uses a potpourri of almost all common operating systems. Some users operate *nix systems (Linux, MacOS) and Windows clients on their own responsibility. The others are supported by the IT department. Nevertheless all users should be able to use the infrastructure. As a first step of the project the Active Directory domain had to be moved to a Linux substructure on the server side. Of course without disturbing the daily business.
For this purpose a new domain was created based on UCS and the settings of the old domain were imported.
The next step was to connect the Windows-based systems to this new domain. UCS is Linux-based and thus for the institute’s IT department much easier to integrate into the existing infrastructure.
Solution: UCS as Domain and Backup Controller for Connecting the Windows Clients
In the new IT infrastructure, UCS took over the role of domain controller and backup controller for the Windows clients in order to manage their user profiles and apply GPOs.
For global user administration the Fritz Haber Institute has been using a solution developed in-house for a long time. It was possible to connect UCS to the solution via ssh and udm. So that centrally made changes, e.g. creating, editing or deleting users, could be transferred to the computers in the Windows world much more easier.
Right from the beginning the idea was to completely replace the openLDAP server with UCS, since UCS made it possible to mirror this server. The openLDAP server was used for many authentication processes but was clearly outdated.
The institute has distanced itself from this idea due to various legacies that came to light during the implementation and cannot be eliminated in a trivial way.
Separate – Operating IT Services as Independent Virtual Machines
Other IT services used at the Fritz Haber Institute include ONLYOFFICE, Jenkins, Etherpad, Rocket.Chat and several others. These would also be available as an app package from the Univention App Center for UCS. But since great care was taken not to create too many interdependencies these applications run as separate virtual machines.
The remaining Windows server is now only the print server, which provides drivers and connection to the printer for Windows clients. UCS will also replace this server.