UCS security when using it on a dedicated server (internet)

Hi folks,
i am just testing univention server. Never tried it before. It looks interesting. At the moment I have got a kopano-server running at a rootserver (private use only).

Now I am thinking of using the univentionserver instead of the kopano-server, because with univention it seems to be a lot easier, if you want to install additional software.

As the kopano-server (root-server) is directly connected to the internet I wonder whether I can do the same with the univention server. The kopano-server (@debian) is “protected” by updates, monitoring and ufw-firewallrules (only a few ports can go out / in).

Long term short:
Is the univention built for direct installation on a rootserver which is directly reachable from the internet?
Is it safe to use univention server @ a root-server (directly connected to the internet)?
Is there a possibility to protect the univention-server, when doing it that way? (Firewall, automatic updates, monitoring…)
Is the univention server “secure by design” right after installation?

Thanks a lot!
Daniel

I never would connect a server directly to the internet.
as you wrote you’re using it only for private purose i suggest following setup:

proxmox as hypervisor (you can use the community version for free)
1 vm sophos utm or XG home edition (free with all features for non business use)
1 univention vm with kopano

or both servers (sophos FW and univention) on bare metal if that suits better for you

rg
Christian

Hi,
thanks for your reply. Proxmox as hypervisor would then also be connected directly to the Internet? (I am not familiar with this software)

Sophos VM as the Gateway is clear to me.

Behind the Gateway will be the ucs.

Greetings
Daniel

proxmox has integrated Firewall (Linux)

one more benefit with proxmox and mailserver (eg Kopano) would be to use the Proxmox Mailgw which can be installed as lxc container on proxmox ve and therefore does not need much recources

rg

Christian