O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
UCS Wrap-up
What happened in 2018
and what is next?
Erik Damrose & Arvid Requate
Univention Product Development
{damrose,r...
The Journey 2018/19
UCS 4.3 Release in March 2018
●
Based on Debian 9 (stretch)
●
Uses upstream packages where possible, e.g. Linux-Kernel
●
S...
UCS update statistics
UCS Wrap-up: Samba in UCS 4.3
●
Samba 4.7.5 - shipped with UCS 4.3-0
●
Samba 4.7.8 - update in August 2018
●
Security upda...
UCS Wrap-up: Security
●
Debian security updates pulled semi-automatically (started August 2018)
●
Quicker delivery to cust...
Errata Update statistics
Errata Update statistics – Automation & CI-Tests
Covered by Continuous Integration Tests
UCS Wrap-up: Meltdown, Spectre, Foreshadow/L1TF issues
●
2018, the year of Speculative Execution issues ...
●
Fixed or mit...
UCS 4.3-2 – Maintenance Mode
●
Simple view when installing updates, improved stability
New in August: UCS Dashboard
●
Lets administrators easily assess the state of the domain
and all servers
●
Integrates Prom...
UCS Dashboard
App Center – News for ISVs
●
Apps can now deploy multiple Containers
●
Maintainers can use the standard docker-compose syn...
UCS App News
●
Office365 and G-Suite connector apps now available for DC Backups
●
Let‘s Encrypt App ships separate Virtua...
UCS Wrap-up: UVMM Improvements
●
Support for post-copy migration.
●
Show CPU and memory usage of KVM hosts
●
Target hosts ...
Simple UDM API
●
Introduced mid November with UCS 4.3-2
●
Simplifies development of code that handles UDM objects
●
Less p...
Ongoing improvements of Documentation
UCS Wrap-up: Improvements of the UCS System Diagnostic module
●
UMC Module to do a quick health check for any UCS system
UCS Wrap-up: Improvements of the UCS System Diagnostic module
●
UMC Module to do a quick health check for any UCS system
●...
UCS 4.4 Feature Highlights
●
Codename Blumenthal
●
Release in Q1/March
●
No new Debian base (Debian 10 still frozen..)
●
A...
UCS 4.4 Feature Highlights – Self Service
●
Right now: Set recovery mail address, recover and change password
UCS 4.4 Feature Highlights – Self Service
UCS 4.4 Feature Highlights – User Invitation Workflow
UCS 4.4 Feature Highlights – Portal improvements
UCS 4.4 Feature Highlights – Portal improvements
UCS 4.4 Feature Highlights – Portal server
UCS 4.4 Feature Highlights – App Center
●
Increase visibility of relevant information in the App Center UMC Module
●
Vote ...
UCS 4.4 Feature Highlights – App Center
UCS 4.4 Feature Highlights – Admin Diary
●
Problem: reconstruct changes in the UCS domain across servers
●
e.g. User modif...
UCS 4.4 Feature Highlights – Admin Diary
UCS 4.4 Feature Highlights – Admin Diary
UCS 4.4 Feature Highlights – Improved Radius domain integration
●
Merge of UCS@School and UCS Radius packages into one sin...
UCS 4.4 Feature Highlights – Samba 4.10
●
Performance: New GUID Index mode in sam.ldb for the AD DC
●
Hardware accelerated...
What‘s next after the UCS 4.4 Release
●
Continuation of patchlevel releases about every 3 months
●
Patch collection, new i...
What‘s next after the UCS 4.4 Release – REST-ful Web-API
●
REST-ful Web-API for UCS
●
Simplify provisioning and automation...
Ideas for post UCS 4.4 – Improve Univention Domain Join Client
●
Tool to simplify joining Ubuntu clients to the UCS domain...
Points of Contact:
●
GitHub - https://github.com/univention/
●
Bugzilla - https://forge.univention.org/bugzilla/
●
Communi...
Vielen Dank für
Ihre Aufmerksamkeit
Kontakt
Erik Damrose & Arvid Requate
Univention Product Development
{damrose,requate}@...
Próximos SlideShares
Carregando em…5
×

UCS "Wrap Up": Highlights from 2018 and Prospects for 2019

208 visualizações

Publicada em

Erik Damrose and Arvid Requate from product development summarize the most important technical innovations from 2018 and give an outlook on 2019. The presentation focuses on the changes in the basic distribution, extensions of the UCS portal, new and improved functions of the UMC, new possibilities for developers of apps and new features for users of the self service app.

Publicada em: Software
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

UCS "Wrap Up": Highlights from 2018 and Prospects for 2019

  1. 1. UCS Wrap-up What happened in 2018 and what is next? Erik Damrose & Arvid Requate Univention Product Development {damrose,requate}@univention.de
  2. 2. The Journey 2018/19
  3. 3. UCS 4.3 Release in March 2018 ● Based on Debian 9 (stretch) ● Uses upstream packages where possible, e.g. Linux-Kernel ● Simplification of user account objects, auto conversion during update ● New features for UCS Portal, e.g. visual composer ● Supports SAML Single sign-on with Kerberos ● New installations use the memberOf extension by default
  4. 4. UCS update statistics
  5. 5. UCS Wrap-up: Samba in UCS 4.3 ● Samba 4.7.5 - shipped with UCS 4.3-0 ● Samba 4.7.8 - update in August 2018 ● Security update, finally deactivate NTLMv1 by default ● Backported security patches from Samba 4.7.12
  6. 6. UCS Wrap-up: Security ● Debian security updates pulled semi-automatically (started August 2018) ● Quicker delivery to customers, covering also less critical vulnerabilities ● UCS: Avoid leaking admin password from joinscripts to process list ● Debian release 9.6 imported in November
  7. 7. Errata Update statistics
  8. 8. Errata Update statistics – Automation & CI-Tests Covered by Continuous Integration Tests
  9. 9. UCS Wrap-up: Meltdown, Spectre, Foreshadow/L1TF issues ● 2018, the year of Speculative Execution issues ... ● Fixed or mitigated: ● Meltdown ● Spectre variants 2, 3a & 4 (Kernel & Intel+AMD Firmware update) ● L1 Terminal Fault (L1TF) variant OS/SMM & VMM – Kernel update ● General industry wide issues with speculative execution – to be continued (Hard & Software: Firmware, Kernel, KVM, Apps) ● Status in UCS: https://help.univention.com/t/7678
  10. 10. UCS 4.3-2 – Maintenance Mode ● Simple view when installing updates, improved stability
  11. 11. New in August: UCS Dashboard ● Lets administrators easily assess the state of the domain and all servers ● Integrates Prometheus for metric collection ● Grafana is used to display the Dashboards
  12. 12. UCS Dashboard
  13. 13. App Center – News for ISVs ● Apps can now deploy multiple Containers ● Maintainers can use the standard docker-compose syntax ● New Listener API for dockerized apps ● App Center Documentation for App Providers is now maintained on https://docs.univention.de
  14. 14. UCS App News ● Office365 and G-Suite connector apps now available for DC Backups ● Let‘s Encrypt App ships separate VirtualHost configuration ● OpenID Connect ● First Multi-Container App:
  15. 15. UCS Wrap-up: UVMM Improvements ● Support for post-copy migration. ● Show CPU and memory usage of KVM hosts ● Target hosts for migrations can now be configured ● Add Hyper-V Enlightenments for Windows VMs ● Detect incompatible CPUs before migrating VMs
  16. 16. Simple UDM API ● Introduced mid November with UCS 4.3-2 ● Simplifies development of code that handles UDM objects ● Less pitfalls for everybody from univention.udm import UDM user_mod = UDM.admin().get("users/user") # load module obj = user_mod.get(dn) # get object by DN obj.props.firstname = "foo" # modify property obj.position = "ou=dev,cn=example,dc=com" # move LDAP object obj.save() # apply changes
  17. 17. Ongoing improvements of Documentation
  18. 18. UCS Wrap-up: Improvements of the UCS System Diagnostic module ● UMC Module to do a quick health check for any UCS system
  19. 19. UCS Wrap-up: Improvements of the UCS System Diagnostic module ● UMC Module to do a quick health check for any UCS system ● More helpful messages and links to SDB articles ● Elimination of false positives (error alerts) ● Logging of actions ● Additional checks (SAML certificates, filesystem permissions)
  20. 20. UCS 4.4 Feature Highlights ● Codename Blumenthal ● Release in Q1/March ● No new Debian base (Debian 10 still frozen..) ● And now… let's dive into it
  21. 21. UCS 4.4 Feature Highlights – Self Service ● Right now: Set recovery mail address, recover and change password
  22. 22. UCS 4.4 Feature Highlights – Self Service
  23. 23. UCS 4.4 Feature Highlights – User Invitation Workflow
  24. 24. UCS 4.4 Feature Highlights – Portal improvements
  25. 25. UCS 4.4 Feature Highlights – Portal improvements
  26. 26. UCS 4.4 Feature Highlights – Portal server
  27. 27. UCS 4.4 Feature Highlights – App Center ● Increase visibility of relevant information in the App Center UMC Module ● Vote for Apps in the UMC App Center Module ● Support for App install permissions ● New interface to simplify user activation for apps on one tab
  28. 28. UCS 4.4 Feature Highlights – App Center
  29. 29. UCS 4.4 Feature Highlights – Admin Diary ● Problem: reconstruct changes in the UCS domain across servers ● e.g. User modification, App installation, Server password change ● Solution: Admin Diary ● Backend collects high-level events accross all domain servers ● Admin Diary frontend shows the domain wide changes in a UMC module ● View, filter and annotate events
  30. 30. UCS 4.4 Feature Highlights – Admin Diary
  31. 31. UCS 4.4 Feature Highlights – Admin Diary
  32. 32. UCS 4.4 Feature Highlights – Improved Radius domain integration ● Merge of UCS@School and UCS Radius packages into one single app ● Simplified adding of access points to Radius via UMC computer module ● Replication of config to all Radius servers in the domain
  33. 33. UCS 4.4 Feature Highlights – Samba 4.10 ● Performance: New GUID Index mode in sam.ldb for the AD DC ● Hardware accelerated AES-NI crypto instructions on 64bit CPUs ● Activation of new KCC implementation – replication topology shaping ● Improved Audit support (Fileserver, AD-DB) ● Fine-Grained Password Policies (FGPP) ● Improved support for trusted domains
  34. 34. What‘s next after the UCS 4.4 Release ● Continuation of patchlevel releases about every 3 months ● Patch collection, new install media ● Allows to implement small API changes ● Steps to continuously improve the security of UCS: Classify all UCS-specific security vulnerabilities according to CVSS
  35. 35. What‘s next after the UCS 4.4 Release – REST-ful Web-API ● REST-ful Web-API for UCS ● Simplify provisioning and automation for DevOps by standard interfaces ● UCS@School project proved use case for user provisioning ● Currently we have two prototypes
  36. 36. Ideas for post UCS 4.4 – Improve Univention Domain Join Client ● Tool to simplify joining Ubuntu clients to the UCS domain ● Added support for Linux Mint ● Add support for Kerberos based SAML-SSO ● Check compatibility for upcoming Ubuntu releases ● Check demand for other Desktop Linux Distributions
  37. 37. Points of Contact: ● GitHub - https://github.com/univention/ ● Bugzilla - https://forge.univention.org/bugzilla/ ● Community - https://help.univention.com/
  38. 38. Vielen Dank für Ihre Aufmerksamkeit Kontakt Erik Damrose & Arvid Requate Univention Product Development {damrose,requate}@univention.de https://www.univention.com

×