KiKxxl GmbH

User

Founded in 1999, KiKxxl is a communication service provider with its headquarters in Osnabrück and which operates call centres in Bochum, Bremen and Dortmund. The company boasts 1,600 employees and 1,450 computer-based workplaces. Each month, the teams deal with 2.5 million sales conversations, 250,000 items of written communication and 200,000 service conversations.

Requirements

  • Automation of granting of user rights
  • Reduction of administration efforts for user and group administration

Solution

Univention Corporate Server (UCS, Version 3.2) runs on one master, four slave and nine backup servers. Migration to UCS 4.0 is planned for 2015. The UCS management system is used for the assignment, adjustment and control of the rights assignment. KiKxxl has expanded the UDM module in the UCS management system to automate the control processes in such a way that it is no longer necessary for the IT specialists to intervene.

Summary

“Without UCS, the IT wouldn’t have been able to support KiKxxl’s growth innovatively any more and would only have been able to keep up with it with high administrative efforts. Our IT is faced with extreme security requirements, but we can deal with them thanks to Univention.”
Lars Hoeger, Head of IT, KiKxxl

For security and flexibility reasons, KiKxxl has been using Linux for its servers and the thin clients of its employees since its foundation. The company provides call centre services for customers such as Telekom, Vodafone and Mobilcom/Debitel, who verify the IT security by means of regular audits. As a result of its rapid growth, KiKxxl was nearing the limits of its IT capacities in 2009, when it had around 500 employees. Overloaded administrators were barely able to keep supporting the corporate goals innovatively and were running the risk of losing control over the resources.

“We had reached a point, where it had become critical for the company”, said Head of IT Lars Hoeger. “IT pushed to its limits is a security risk.” Then an employee suggested using Univention Corporate Server (UCS) to manage the resources centrally. The “Univention Directory Manager” (UDM) identity and infrastructure management module included in the UCS management system makes it possible to control the users’ rights according to precisely defined regulations.

UCS creates transparency

The updates came just at the right time, as data privacy requirements became more stringent as of 2010. As a result, it is now necessary to keep clients separate in databases, on file servers and on backups. The user, rights and group administration and management functions in UCS provide the requisite complete transparency of the systems for authentication and authorisation rights. This requires all measures to be implemented in real time, processes documented and their compliance monitored.

UDM manages 6.200 right groups fully automatic

KiKxxl now boasts over 1,600 employees at four sites. With the aid of the UDM module from UCS, the IT department now has control over more than 140 servers and around 1,300 thin clients. Rights are no longer granted according to groups such as Management, Accounting or IT, as this concept required too many exceptions. Instead, it employs extremely granular user rights. Each important resource is represented by its own rights group. In this way, there are over 6,200 rights groups, of which approx. 6,000 groups for access to the file structure.

At this level, rights are assigned automatically not manually. All authorisation rights to KiKxxl systems are applied for electronically. The data privacy officer checks them and approves them directly. When employees leave or transfer to another client area, the actions of the HR department delete the authorisation rights automatically. The IT department programmed and integrated this along with verification mechanisms for whether the rules really are complied with based on the UCS management module UDM. Head of IT, Mr Hoeger, said, “All this was only possible because we were using the Open Source Univention server UCS.”

Since 2014, these rights also control the e-mail addresses to which a user can write. An “e-mail whitelisting” function, completely integrated in UCS and automated via the UCS management system, assigns different privileges. In 2015, “safe surfing” will contribute to minimizing the risks of simply opening websites. In certain sectors, the browser will be provided as a remote session by a central server. In addition, the KiKxxl IT department will be setting up “squid” proxy servers, where a site will represent a group which is either approved via “whitelisting” or not. In the same way as for the rights groups, the squid groups are also integrated in UCS and managed by the UCS management system.