Das Major Release UCS 5.0 hat zahlreiche Verbesserungen für die offene und transparente Integration von Services und Identitäten in einer vernetzten IT gebracht. Der Vortrag beschreibt diese Strategie anhand konkreter Beispiele wie service-spezfische Passwörter für WLAN, dem Ausbau des UCS Portals, der Vernetzung des IAM durch Konnektoren, Föderierung von Diensten über den Univention ID Broker und den Ausbau des Identity-Providers. Sie erhalten einen Ausblick auf die weitere Planung und erfahren, wie sich diese Strategie in Projekte wie Phoenix, POSSIBLE und der Nationalen Bildungsplattform einordnet.
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
Wohin entwickelt sich UCS? Ingo Steuwer - Univention Summit 2022
1. How is UCS developing?
Ingo Steuwer
Univention GmbH
steuwer@univention.de
2. One year of UCS 5.0
●
UCS 5.0 has been released 2022/05/21
●
Main features
●
UI: Look & Feel and framework
●
New Portal
●
Debian upgrade
●
Python3 migration
●
App Center
●
>300 Errata and various App updates
3. Progress on UI, Portal & Self Service
●
Light theme
●
Full edit mode in the portal
●
Self Service frontend rewrite based on
new Framework
●
Portal & Self Service Accessibility
dedicated slot later today
→
4. Service specific password for WLAN / RADIUS
●
WLAN passwords are stored on end user
devices in a decryptable way
●
If devices are lost passwords have to be
considered as „leaked“
●
To reduce the risk, WLAN/RADIUS passwords
differ from standard password
●
End users can manage the WLAN password
in the self service
6. Apps for UCS 5.0
●
Many Apps have been available with the release:
●
Univention Apps: AD DC (Samba4), Fileservice, Printservice, AD Connector, ...
●
3rd party Apps: Nextcloud, ownCloud, Collabora and more
●
In the past year most Apps followed:
●
Univention Apps: UCS@school, MS 365 Connector,
Apple School Manager Connector, UCS Dashboard
●
3rd party Apps: Open Xchange, OPSI, Agorum, itslearning Connector
●
New Apps like OX Connector, XWiki, Brainyoo, Odoo/ITISeasy
●
Apps expected in the next weeks for UCS 5.0:
●
Univention Apps: UCS Dashboard based Nagios replacement, Google GSuite Connector
●
3rd party Apps: Kopano, OpenVPN4UCS, Zimbra Connector, Audriga, Openproject, ...
7. One year UCS 5.0 – User Feedback
Positive
●
New UI, features & options
●
General improvements,
stability & speed
→ To reduce the pressure we extended the maintenance for UCS 4.4
Improvable
●
Adoption rate of apps and
integrations
8. UCS 4.4 maintenance
●
Focus of new features is on UCS 5.0
●
Apps blocking upgrades to UCS 5.0 are expected in the next weeks
●
UCS 4.4 maintenance:
planned to allow upgrades in the next holiday seasons
●
End of Core Edition Maintenance: End of September 2022
●
End of Enterprise Maintenance: End of January 2023
(customers with subscription)
10. What else happened?
KOLIBRI
●
Univention
participated in a
PoC for the
Federated Login &
Portal for the
„National
Educational Portal“
of the german
government (BMBF)
●
Portal based on the
Univention Portal
●
Federated SSO
based on Keycloak
POSSIBLE
●
Project funded by the BMWi
●
Objective:
Federated collaboration
based on Phönix Weboffice
●
Federated catalogue: Connect Phönix deployments
among each other with standardized federation
●
Federated Dataspaces: Give organizations the
possibility to process data stored in Phönix in SaaS
offerings („smart services“)
11. What else happened?
Phoenix
●
Weboffice for the public sector
under direction of Dataport
●
IAM for
●
Federated Login with existing IDPs
●
Service integration for Phönix components
●
Portal with service & UI integration
●
Standardized look & feel of all modules
●
Functional integration like menues and file access
●
In collaboration with OpenXchange, Nextcloud, Collabora,
Matrix, Jitsi and others
12. Federated IDP scaled big – Univention ID Broker
●
Simplify SSO & Integration for
educational SaaS offerings:
●
Only one configuration for each offering
●
Only one configuration for each authority
●
Data protection and privacy
●
Full controll for authorities
●
Data transfer only for active users
●
Pseudonymization
School
Authorities /
Federal States
Educational
offerings
SSO APIs
Login
Access
Learning
context
14. Further short term Roadmap – upgrades in the next weeks
●
Keycloak as federated Identity Provider
●
Details in the next talk by Arvid Requate
●
UCS@school:
●
Improvements in classroom management & Veyon
●
MS 365 Connector: Migrate all functions to latest MS365 APIs
●
Samba Upgrade 4.13 4.16 in UCS 5.0-2
→
●
Radius: VLAN-assignment (released last week)
15. Further short term Roadmap – UCS Dashboard
●
UCS Dashboard:
KPI Dashboard based on Grafana &
Prometheus
●
First release for UCS 5.0 (last week)
●
Upgrade to current versions of Grafana &
Prometheus
●
Updates in the next weeks: Extended
functionality with monitoring & alerting
●
Replaces Nagios
16. What’s ahead? - Roles & Rights
●
Objective: Flexible Roles & Rights, configurable by administrators
●
Definition on API data model, not at the database level
●
→ in UDM REST API & KELVIN API, not OpenLDAP ACLs
●
„API First“ approach
●
Assignment of Rules to Roles can be done in UDM/UMC
●
Will be combined with rewrite of UI in new Framework
●
New UI already used for Portal and Self Service
●
UI behaviour based on rights
●
First implementation will be done for UCS@school
●
Base integration of „Open Policy Agent“ in Kelvin API already in production
17. What’s ahead? - Core upgrades
●
Functional upgrades – examples:
●
Generic improvements: speed, support-tools
●
Feature-Upgrades of core components (like Samba upgrade)
●
„Driverless Printing“ based on IPP
●
Further integration & extension of Keycloak IDP
●
Improve App integration & ISV workflows
●
Extend functionality of the portal
●
UCS 5.1
●
Will be based on new Debian release
●
Will discontinue Python 2 support
18. What’s ahead? - next speeches
modularization &
containerization
user interface
accessibility