UbuntuEasyBusinessServer

Differences between revisions 22 and 23
Revision 22 as of 2007-05-17 04:40:05
Size: 15174
Editor: c-67-173-246-94
Comment: NetworkAuthentication
Revision 23 as of 2007-05-17 04:53:56
Size: 15218
Editor: c-67-173-246-94
Comment: ImpiLinux
Deletions are marked like this. Additions are marked like this.
Line 210: Line 210:
 * [http://www.impilinux.co.za/ ImpiLinux]

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

This spec describes Ubuntu's Easy Business Server, a configuration utility aimed at making it easy for non-technical businesses set up an Ubuntu based server for various things.

Rationale

The free software universe in general, and Ubuntu in particular, already provides most of the tools and infrastructure components needed to fulfill the needs of small businesses. What we need is good integration between these components and easy configuration.

The currently available solutions have various shortcomings. E.g. webmin is essentially a web enabled configuration file and does not provide a lot of help for the inexperienced user. The goal of this project is to provide something much more high level. For instance, insted of "setting up the server with lvm, creating a new logical volume, formatting it with xfs, sharing it via samba to an appropriate set of users, who btw are kept in LDAP", the user will just "Create a Sales group".

In short: UEBS should bring the ease-of-use from the Ubuntu desktop to the server world. (Just to preempt inevitable questions: this does not mean that the server will have the Ubuntu desktop interface installed, but it will provide some graphical means for configuring certain things.)

Use Cases

  • Mark runs a small business and has almost no computer experience. He doesn't want to store the documents he creates on the local PCs and laptops, because those have to be re-installed sometimes when they get viruses. He wants his documents to be safe, and know that everything is backed up as well. So Mark wants a new server but to utilise his existing network infrastructure.
  • Alan has a small business which needs a backend storage for office files. He needs a simple interface to setup and configure the new server he has bought.
  • Soren has been running this software for a year in his small business. He's now grown up and wants to use the user database for authentication on his network. He'd like to be able just set up the clients and ready to go. His guru friends say he should be using interoperable standards like ldap and kerberos. Soren (being a sensible man) agrees.
  • John is a Sysadmin with experience in other Microsoft-Branded OSes. He expects that Ubuntu Easy Bussiness Server brings similar features 'out-of-the-box' as Microsoft-branded OSes. He expects a simple way to connect remotely to the server configured out-of-the-box (VNC will be fine).

Scope

  • Initial setup (IP address (range), company name, etc)
  • File server
    • Sharing of files
    • Limitation of access to files
    • User based access
  • Print server
  • Easy/simple "incremental" (+ hardlinks) backup to an attached USB disk (+ unmounting + "it's no(w|t) safe to remove your backup disk" things).

For the Google Summer of Code project, "only" the above will be prioritised. Note: The scope was changed after discussion at UDS-Sevilla.

For each of these tasks, a set of configuration files will be created based on best practices and a simple interface for setting them up will be provided.

Ultimately, the following services will be included, too:

  • Groupware
    • Mail server (internal and external)
      • Multiple domains
      • Aliases
      • vacation integration
    • Calendar server
      • Sharing of free/busy schedule
    • Contact Management (Added by gQuigs 2007-3-15)
      • Optional: Storing telephone call information
    • Jabber or IRC server
  • Infrastructure
    • DHCP
    • DNS
    • Time
    • Firewall/Internet gateway
    • VPN
  • User management
    • Linux
    • Windows
  • Backup
    • Configuration
    • Files

Design

The single most important keyword is simplicity.

The goal is to provide a file and print server that will blow the users away. On the path to file and print nirvana we also find network configuration and user/group management.

The interface will be web based and some means of accessing it on the machine's console will be provided.

The user will be asked to describe his network using a set of widgets that he can connect with lines. Based on the resulting diagram, we'll be generating a sensible network configuration.

In doing user management the user (of the admin tool) will be encouraged to group people by function or department. E.g. when creating a new user, a list of commonly used groups will be shown and we'll ask if the user does any of these things or logically belongs in any of these deparments. This is done to ease the enivetable transition in a growing company from having e.g. a sales person to having a sales department which in many cases means that the previous sales person, Bob, now has to share a set of his files on the server with someone else and he does this by giving said user access to a certain subtree of his home directory. As the

Each user and group will automatically be assigned a shared storage space on the server as well as given access to a storage space shared among all users.

Printer sharing should include autodetection of any sort of newly available printer (USB, Zeroconf, etc.).

The scope of the project as been narrowed down to a file/print server. These two services, however, should be top-of-the-pops, all-bling, no-fuss magic.

Implementation

Installation:

  • Either its own CD or a prominently displayed install option on the existing server CD
  • Based on the alternate installer (live-cd settings does not really make sense, I think), although network configuration will be preseeded to local-only (unless we can think of something that works in every kind of environment describable by our graphical network config thing)
  • On completed installation (and any subsequent boot), an X-server will be fired up (no desktop!) with a fullscreen web browser (kiosk mode, probably) pointed at the configuration interface.

Administration interface:

  • By default the server boots into text mode and a trivial dialog-style app that allows various operations like 'start admin interface' (X/browser) or 'reboot machine'.
  • We want an X server with just a browser (in kiosk mode); it is convenient and reassuring for users and provides a good rescue interface.

Network configuration:

  • Basic building blocks:
    • Internet
    • This machine
    • Clients
    • Switches
    • Anything else?
    • Existing AJAXy magic stuff for this?
  • When saving a new configuration and it has been put into effect, the user should (within a reasonable timeframe) confirm that everything is still working as expected. If not, reset the network configuration to last known working configuration.
  • Get inspiration from IPCop
  • For the initial use case above we assume that there is a separate router which gives an IP to the server, so that we do not need to worry about network configuration, DHCP, and multiple network cards:

    The Internet <=> DSL Router <=> Network with Server and clients

  • Structure for the complete set of use cases:

    The Internet <=> This Server <=> My Company

User management:

  • LDAP/Kerberos (an NTP Local Server would be useful - possibly configured to a Public Source?)
    • Rationale: If the environment grows up, they'll have a sensible authentication framework in place already.

    • What is going to be used to manage LDAP & Kerberos principals?

    • This could be incorporated into the account creation program? This can all be done from a shell script!
  • When creating new users, a list of common groups will be shown suggesting to create them and add the new user to them.
    • This is to help the admin create a sensible user/group scheme right from the start rather than have to migrate to it later.
    • Should it possible for the user then to add additional groups and be able to use the same 'radio' button joining click?
      • This user management interface should be on the server at startup/configuration, but then available through a Web browser with the same fuctionality from a remote machine on the Internal network.
  • Consider using system-tools-backends for this: when teaching it to know about LDAP, we get a problem solved for Edubuntu as well and get coherent handling with desktops; it only has light dependencies which we want for hal usage anyway

File sharing

  • -( All )- of:
    • Samba / (CIFS+unix extensions)
    • -( http (webdav) )-
    • -( ftp )-
    • anything else?
  • Backup
    • most likely use case is an external USB harddrive, I think. Agreed?
    • rsync? rdiff-backup? rsnapshot!
      • If the system is being considered for future growth and there is time, consider Amanda?
    • Remote backups being provided as a value-add by the vendor of the server/software?
    • -( BackupPC? )-

  • Everything should be announced via ZeroConf for easy access

    • Only useful for Linux and Apple clients. Samba announces itself anyway through nmbd broadcasts etc.
  • Outstanding issues: locking?
    • Not if you only use samba -- that takes care of its own locking

Printer sharing

  • Make the cups server share them via the network (allows cups clients to see them easily)
  • Announce via zeroconf
  • CUPS alegedly has a postscript driver that can be used.
  • Questions:
    • Which of our existing means of configuring printers can be easily used for this? (Directly or by porting certain bits of it)

Implementation language and platform:

  • Nevow
    • since it's in main already
  • Other things to either base it on or steal from:

Screenshots

These screenshots predate the discussion at UDS. Expect major changes! I imagine it will look something like this (these are just mock ups): http://linux2go.dk/uebs-scrshots/mail.png http://linux2go.dk/uebs-scrshots/user.png http://linux2go.dk/uebs-scrshots/users.png http://linux2go.dk/uebs-scrshots/network.png

Data preservation and migration

Unresolved issues

BoF agenda and discussion

Comments

Comment by ArtCancro on 2007-03-15: may I suggest Citadel [http://www.citadel.org] as the groupware component? It would save an awful lot of work because it's got all of the mail and calendar stuff built in.

Comment by PaulKishimoto on 2007-03-20: I added UbuntuServerTasks and AdministerServerViaWebInterface to the related specs list. The former has already been approved, and the creator seems to know something about tasksel, which sounds like it would be useful.

Comment by SorenHansen on 2007-03-20: UbuntuServerTasks (and tasksel) is not quite what I'm after. Those tasks are simply a collection of existing packages. E.g. a web server task would just install apache and a number of interpreters. This spec is more about configuration. AdministerServerViaWebInterface on the other hand looks very similar to this. Interesting.

Comment by PaulKishimoto on 2007-03-22: I'm not a packaging expert, but I suspect .deb install scripts for different groupware packages may interact with each other and modify configuration files. I imagined a use case where Bob installs Ubuntu Server from a CD, chooses certain tasks (ie. package sets), adds the "uebs" package, and then points a web browser at the new server. Several of the tasks in UbuntuServerTasks install the groupware UEBS would configure, so instead of depending on packages directly it could recognizes and enable modules for only those packages which are installed.

I also should have mentioned two blog posts by Herman Bos from Planet Ubuntu: http://dev.osso.nl/herman/blog/2006/12/27/management-framework-2/ and http://dev.osso.nl/herman/blog/2007/01/31/ambition-readjustment/. I'm not sure what you had planned, a client-server model would make it possible to use either the web client or develop a PyGTK client to run on an administrator's desktop. He might have some helpful thoughts on this.

Comment by SorenHansen on 2007-03-22: Yes, postinst scripts might change configurations and whatnot, but that will not be a problem here. When installing uebs, it will "take over" the proper configuration files. Besides, the configuration file handling outlined should mitigate any problems that might arise from other things (possibly a human) changing the configuration files. UEBS will also be modular in nature, so if someone doesn't want certain bits managed, he will just not install the corresponding module. Only when used as an install option (the common use case, I suspect) will all modules be enabled by default. I've also seen Heman Bos' blog posts, but as far as I can tell, we're solving different problems here. That said, there might very well be basis for some cooperation along the way. By the way: Please don't just insert extra spaces here and there unless there's a reason. It's a pain to go through the diffs and try to figure out what was changed. Smile :-)

Comment by EdwardMurrell on 2007-04-13: Have you considered using Kerberos for authentication? NFSv4 practically requires it, and it would mean that you get automagic secure authentication. If you're already implementing DNS and NTP, then you're halfway there. If you need some help on intergrating it with LDAP, I can feed you the work I've done to get it going here.

Comment by SorenHansen on 2007-04-13: This has turned into a Summer of Code project for me. My main focus is going to be on getting the framework together and building all the groupware-like plugins. The target group for this is mostly the not-so-technical bunch of people who want to use Ubuntu as a server, and I think Kerberos is a bit out of scope for them. Nevertheless, there's nothing per se wrong with having a Kerberos plugin available. I can ping you when the plugin API starts to stabilize, then maybe you can work on the plugin your self. Thanks for your input

Please also add jabber and wiki, as both authenticate off of ldap this should be reasonable, also another great addition would be dyndns, though that's a little pie in the sky. ~~~

Comment by AndyB on 2007-05-15: Don't reinvent the wheel. A good webinterface wich meets a lot of these requirement already exists: eBox (www.ebox-platform.com) It's written in Perl and based on Debian, so the changes should not be too big. I think if a collaboration comes up, that would be a very successful one.

CategorySpec

UbuntuEasyBusinessServer (last edited 2012-11-09 15:46:51 by 41)