February 20, 2013 by Nico Gulden
In July 2012 Microsoft announced it will abandon Windows Small Business Server. Customers operating Windows Small Business Server are encouraged to upgrade to Microsoft Windows 2012 Essentials and use the Microsoft Exchange Cloud service. For customers following this approach it will become much more expensive.
Right after those announcements Heise Zeitschriften Verlag approached us (Univention) in August 2012 and asked if we would be interested to present an alternative to Microsoft’s Small Business Server (SBS) to their readers using our product Univention Corporate Server (UCS). Heise imagined an installation DVD with UCS accompanied by a few articles in several issues of c’t, Germany’s most respected computer magazine, mainly describing the migration from Microsoft Active Directory and Exchange in SBS to UCS and an Open Source groupware. The resulting installation DVD would be called "UCS c’t Edition".
As you might guess, we were very happy about the request and offered our support. In order to be a much closer alternative to SBS we also suggested to include the document management system agorum core, the backup solution SEP sesam and the groupware Zarafa Collaboration Platform. All three vendors already offer their products as certified solution for Univention Corporate Server.
At the end of August 2012 the project started and it was quite some effort to produce an installation DVD including UCS and all three products with a feasible integration offering a bunch of benefits to the user. Let me go a little bit into the details and the challenges we had to face. First of all, the following demands should be satisfied:
Furthermore, the DVD is aimed at a ten user environment and it should be possible to upgrade to the default vendor solutions by just applying a usual license key from the respective vendors. Additionally, an Update to UCS 3.1, which has been under development during the project, should bei possible for UCS c’t Edition.
We had only two and a half months and at the start of the project we had the following challenges and some more arose, as always, during the course of the project:
Overall, we solved all the challenges together with the involved partners. Let’s start and dive into some of those challenges in more detail.
Let me first start with Zarafa. We were in a fairly good starting position with the integration package Zarafa4UCS. Zarafa 7.1 was almost finished at that time and therefore Zarafa4UCS could receive an update soon. Originally, it was only planned to just update the integration package for Zarafa 7.1 without including any new integration features. Finally, it turned out that some new features have been added, e.g. Zarafa WebApp and for UCS c’t Edition we also added Single Sign-On for Outlook and the Zarafa web frontends and the integration of Z-Push.
At the time of writing UCS c’t Edition is the only solution that includes and integrates Z-Push and Single Sign-On for Zarafa with Microsoft Outlook and allows to enable web Single Sign-On for WebAccess and WebApp, as well. I want to pick up this topic and highlight, what has been done. The Zarafa manual describes in detail how to setup Single Sign-On for Outlook and the web frontends. UCS already delivers all necessary services and upon installation of Zarafa on UCS c’t Edition the following steps will be done automatically in the background:
After the installation the system is ready for Single Sign-On with Microsoft Outlook on a Microsoft Windows client that is member of the Samba 4 Active Directory compatible domain. Only the Outlook client for Zarafa has to be installed on Windows. Webaccess to Zarafa, either through WebAccess or WebApp, is still possible through the usual login. As soon as the browser is enabled for Zarafa web Single Sign-On and all users on the system should use it, only the pre-configured Apache webserver site configuration has to be enabled with a few commands on the command-line and everything is setup out-of-the-box.
a2ensite zarafa-webaccess-sso zarafa-webapp-sso
It basically enables Apache authentication via kerberos.
Starting with the project agorum core packages only existed for UCS and it provided a solid basement for the tasks to come. One of the biggest challenges came from the architectures of agorum core and UCS. agorum core implements a document management drive using the CIFS protocol. It enables the users to directly mount this drive as share on their Windows client. But it therefore requires the sames ports that are used by Samba in UCS to provide file services to the Microsoft Windows environment. agorum core customers usually use a server with two network interfaces and reserve one interface only for the document management drive.
agorum implemented a configuration script and an appropriate module for the web based UCS management system to configure the document management drive for either using another physical network interface or creating a virtual network interface for the existing physical one. As soon as agorum core is installed on UCS c’t Edition this configuration script and the module are installed as well and enable agorum core’s document management drive on a system already offering file services through Samba. Not only UCS c’t Edition benefits from this feature, but also all other environments using default UCS and the agorum core integration.
One topic with the most effort was the development of a tool to guide through the migration from Microsoft Active Directory to Samba 4 in UCS. The takeover will move users, groups, computer objects and group policy objects from Active Directory (AD) to Samba 4. It is an interactive process on the command-line and it guides through three distinct phases:
We benefited from our deep Samba know-how from the past years and it enabled us to development such a tool. The whole process requires a good preparation and an exact step-by-step walk through of the documentation in the Univention Wiki. One really important item is exact time synchronisation between Active Directory and UCS, as with everything in the AD scope. This tool has been improved further and is part of UCS 3.1, the latest UCS release.
After all and beyond the listed challenges it has been Univention’s task to put everything together on one DVD and get it polished. We took the default UCS 3.0-2 installation ISO and modified it by adding the packages for agorum core, SEP sesam and Zarafa. We customized the UCS installer and removed the system role selector, because UCS c’t Edition was intended to be installed as domain controller master. Furthermore, the modifications include the following parts:
agorum core and Zarafa require a certain amount of memory. If agorum core and/or Zarafa are selected and the sum of the available memory is less than the required memory, a warning will be displayed. To operate both solutions together on one system, a minimum of 4 GByte memory is recommended by the vendors.
Additionally, separate package repositories have been created and are activated on the installed system to allow the installation of a software component after the initial system installation. Most of the work consisted of a lot of tests and I want to mention a few:
During the project finally three milestones have been prepared and sent to the participants for tests of their respective products and feedback for the DVD.
The project itself created a lot of effort for all stake holders. But all participants benefit from an improved partnership and integration of their products with UCS. Most of the work done for the project will probably go upstream into the products or the integration parts. For example, AD Takeover is already part of UCS 3.1, the latest release of Univention Corporate Server. The solution for the agorum and Samba challenge are already part of the integration available in Univention App Center with UCS 3.1.
After all, I would like to thank everyone involved in the project: The editors at Heise and the article author for their continuous feedback, my colleagues from the development department and our marketing team and my contact persons at the vendors' side. It truely was a lot of work in addition to the daily business.