UCS Infrastructur advice

UCS - Univention Corporate Server
1

hello all.
ucs is running. finally. found the error from the last topic. anyway

need some advice how to do following
ucs should replace windows ads, only 3 terminal servers will be used (anybody did that already ? running a terminal server farm connected at ucs domain controller with ads function ? as i read, it should work)

but the bigger question is

  1. IP 60.0
    a, UCS DC
    b, User: name at mail1 com
    c, DNS, LDAP, certs other infra components

  2. IP 61.0
    a, UCS with share
    b, User: name @ mail2 com
    c, Nextcloud and egroupware
    d, truenas, need to mounted in UCS
    e, Terminal Server apps

  3. IP 62.0
    a, UCS
    b, User: name @ mail3 com
    c, Nextcloud and egroupware
    d, truenas, need to mounted in UCS
    e, Terminal Server apps

and so on, like 63, 64. every environment is the same.

as mentioned, only in 60 is the domain controller. in the other i only need NC and egroupware, and some other tools and programms.
also i want truenas storage mounded because of Shadow Copy oder versioning. as i understand this feature is not available in ucs.

the self service is cool option but does it have self service for creating users for authenticated users ?
can i run own terminal servers apps there ?

2

Hello @pille99

It is hard to give a generic advice here, as your question is phrased as a very open one. However, I try.

Yes, replacing Windows AD with UCS as the domain controller is a well-supported function, and UCS does allow you to run a terminal server environment connected to its domain controller. Many users have migrated Windows AD setups with terminal servers. UCS can handle user authentication and provide centralized management of terminal servers.

Yes, for each component (IPs 61.0, 62.0, etc.), UCS can be deployed to handle users, shares, Nextcloud, whatever. Install IP 60.0 as role Primary Directory Node, (domain controller).All other UCS systems acting as domain members, running additional services as you described, the UCS terminology for that is Managed Node or sometimes Replica Directory Node, depending on the use case, one example could be for mail/egroupware. Read about that here: 3.2. UCS system roles — Univention Corporate Server - Manual for users and administrators.

You should consider to install a Backup Directory Node as well, which would be able to replace your primary, in case shit hits the fan…

(As far as I know) UCS does not natively support Windows-like Shadow Copy/versioning. Yes, mounting TrueNAS shares (via NFS or SMB/CIFS) on UCS servers is supported. When configured with SMB/CIFS shares, TrueNAS will provide ZFS snapshots and Windows shadow copy integration. As soon as you present the TrueNAS share to your UCS users, the Windows clients will see previous versions provided by TrueNAS’s ZFS snapshot engine. “It works just fine”.

Yes, you can run custom terminal server applications in the described setup. Terminal servers joined to the UCS domain will authenticate users against UCS’s directory, and you can deploy any compatible app just as you would in a traditional AD-backed environment. Open source alternatives to terminal server application are available - and can be integrated with UCS. (ask if this is interesting)

Self Service app enables existing (authenticated) users to manage their own account settings (e.g., resetting passwords, updating personal information). There is also a way to self-register. If you have specific questions to that, have a look into 6.5. User self services — Univention Corporate Server - Manual for users and administrators

Best Lutz

4

thx, worked out seamlessly. great tools and easy to implement. next i need to go deeper in automation, which i can not find a lot of in the docus