UbuntuEasyBusinessServer
|
Size: 15174
Comment: NetworkAuthentication
|
← Revision 37 as of 2012-11-09 15:46:51 ⇥
Size: 10035
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 10: | Line 10: |
| This spec describes Ubuntu's Easy Business Server, a configuration utility aimed at making it easy for non-technical businesses set up an Ubuntu based server for various things. | This spec describes Ubuntu's Easy Business Server, a configuration utility aimed at making it easy for non-technical businesses set up an Ubuntu based server for various things. I specifically does not deal with file and print services as that's covered in UbuntuEasyFilePrintServer |
| Line 15: | Line 15: |
| The currently available solutions have various shortcomings. E.g. webmin is essentially a web enabled configuration file and does not provide a lot of help for the inexperienced user. The goal of this project is to provide something much more high level. For instance, insted of "setting up the server with lvm, creating a new logical volume, formatting it with xfs, sharing it via samba to an appropriate set of users, who btw are kept in LDAP", the user will just "Create a Sales group". In short: UEBS should bring the ease-of-use from the Ubuntu desktop to the server world. (Just to preempt inevitable questions: this does not mean that the server will have the Ubuntu desktop interface installed, but it will provide some graphical means for configuring certain things.) |
|
| Line 20: | Line 16: |
* Mark runs a small business and has almost no computer experience. He doesn't want to store the documents he creates on the local PCs and laptops, because those have to be re-installed sometimes when they get viruses. He wants his documents to be safe, and know that everything is backed up as well. So Mark wants a new server but to utilise his existing network infrastructure. * Alan has a small business which needs a backend storage for office files. He needs a simple interface to setup and configure the new server he has bought. * Soren has been running this software for a year in his small business. He's now grown up and wants to use the user database for authentication on his network. He'd like to be able just set up the clients and ready to go. His guru friends say he should be using interoperable standards like ldap and kerberos. Soren (being a sensible man) agrees. |
|
| Line 29: | Line 19: |
| Line 32: | Line 21: |
| * Initial setup (IP address (range), company name, etc) * File server * Sharing of files * Limitation of access to files * User based access * Print server * Easy/simple "incremental" (+ hardlinks) backup to an attached USB disk (+ unmounting + "it's no(w|t) safe to remove your backup disk" things). |
User management, file and print services are covered in UbuntuEasyFilePrintServer. |
| Line 40: | Line 23: |
| '''For the Google Summer of Code project, "only" the above will be prioritised.''' Note: The scope was changed after discussion at UDS-Sevilla. For each of these tasks, a set of configuration files will be created based on best practices and a simple interface for setting them up will be provided. Ultimately, the following services will be included, too: |
The following services will be included(in no particular order): |
| Line 61: | Line 40: |
| * User management * Linux * Windows * Backup * Configuration * Files |
|
| Line 72: | Line 45: |
| The goal is to provide a file and print server that will blow the users away. On the path to file and print nirvana we also find network configuration and user/group management. |
|
| Line 76: | Line 47: |
| The user will be asked to describe his network using a set of widgets that he can connect with lines. Based on the resulting diagram, we'll be generating a sensible network configuration. | The interface will in every possible way help the user make good decisions. |
| Line 78: | Line 49: |
| In doing user management the user (of the admin tool) will be encouraged to group people by function or department. E.g. when creating a new user, a list of commonly used groups will be shown and we'll ask if the user does any of these things or logically belongs in any of these deparments. This is done to ease the enivetable transition in a growing company from having e.g. a sales person to having a sales department which in many cases means that the previous sales person, Bob, now has to share a set of his files on the server with someone else and he does this by giving said user access to a certain subtree of his home directory. As the Each user and group will automatically be assigned a shared storage space on the server as well as given access to a storage space shared among all users. Printer sharing should include autodetection of any sort of newly available printer (USB, Zeroconf, etc.). The scope of the project as been narrowed down to a file/print server. These two services, however, should be top-of-the-pops, all-bling, no-fuss magic. |
While providing a really simple frontend, the backend should set up a system that any experienced admin will find professional and pleasing to work with. |
| Line 88: | Line 53: |
| Installation: * Either its own CD or a prominently displayed install option on the existing server CD * Based on the alternate installer (live-cd settings does not really make sense, I think), although network configuration will be preseeded to local-only (unless we can think of something that works in every kind of environment describable by our graphical network config thing) * On completed installation (and any subsequent boot), an X-server will be fired up (no desktop!) with a fullscreen web browser (kiosk mode, probably) pointed at the configuration interface. Administration interface: * By default the server boots into text mode and a trivial dialog-style app that allows various operations like 'start admin interface' (X/browser) or 'reboot machine'. * We want an X server with just a browser (in kiosk mode); it is convenient and reassuring for users and provides a good rescue interface. Network configuration: * Basic building blocks: * Internet * This machine * Clients * Switches * Anything else? * Existing AJAXy magic stuff for this? * When saving a new configuration and it has been put into effect, the user should (within a reasonable timeframe) confirm that everything is still working as expected. If not, reset the network configuration to last known working configuration. * Get inspiration from IPCop * For the initial use case above we assume that there is a separate router which gives an IP to the server, so that we do not need to worry about network configuration, DHCP, and multiple network cards: The Internet <=> DSL Router <=> Network with Server and clients * Structure for the complete set of use cases: The Internet <=> This Server <=> My Company User management: * LDAP/Kerberos (an NTP Local Server would be useful - possibly configured to a Public Source?) * Rationale: If the environment grows up, they'll have a sensible authentication framework in place already. * What is going to be used to manage LDAP & Kerberos principals? * This could be incorporated into the account creation program? This can all be done from a shell script! * When creating new users, a list of common groups will be shown suggesting to create them and add the new user to them. This is to help the admin create a sensible user/group scheme right from the start rather than have to migrate to it later. * Should it possible for the user then to add additional groups and be able to use the same 'radio' button joining click? * This user management interface should be on the server at startup/configuration, but then available through a Web browser with the same fuctionality from a remote machine on the Internal network. * Consider using system-tools-backends for this: when teaching it to know about LDAP, we get a problem solved for Edubuntu as well and get coherent handling with desktops; it only has light dependencies which we want for hal usage anyway File sharing * -( All )- of: * Samba / (CIFS+unix extensions) * -( http (webdav) )- * -( ftp )- * anything else? * Backup * most likely use case is an external USB harddrive, I think. Agreed? * rsync? rdiff-backup? rsnapshot! * If the system is being considered for future growth and there is time, consider Amanda? * Remote backups being provided as a value-add by the vendor of the server/software? * -( BackupPC? )- * Everything should be announced via ZeroConf for easy access * Only useful for Linux and Apple clients. Samba announces itself anyway through nmbd broadcasts etc. * Outstanding issues: locking? * Not if you only use samba -- that takes care of its own locking Printer sharing * Make the cups server share them via the network (allows cups clients to see them easily) * Announce via zeroconf * CUPS alegedly has a postscript driver that can be used. * Questions: * Which of our existing means of configuring printers can be easily used for this? (Directly or by porting certain bits of it) Implementation language and platform: * Nevow * since it's in main already * Other things to either base it on or steal from: * Conga * smbldap-tools * edubuntu user management stuff * http://www.cups.org/windows/index.php * Please add other things == Screenshots == '''These screenshots predate the discussion at UDS. Expect major changes!''' I imagine it will look something like this (these are just mock ups): http://linux2go.dk/uebs-scrshots/mail.png http://linux2go.dk/uebs-scrshots/user.png http://linux2go.dk/uebs-scrshots/users.png http://linux2go.dk/uebs-scrshots/network.png |
Everything in this spec will likely be done as plugins to whatever the outcome of UbuntuEasyFilePrintServer may be. |
| Line 180: | Line 63: |
| Comment by ArtCancro on 2007-03-15: may I suggest Citadel [http://www.citadel.org] as the groupware component? It would save an awful lot of work because it's got all of the mail and calendar stuff built in. | Comment by ArtCancro on 2007-03-15: may I suggest Citadel [[http://www.citadel.org]] as the groupware component? It would save an awful lot of work because it's got all of the mail and calendar stuff built in. |
| Line 200: | Line 83: |
| Comment by MathiasGug on 2007-05-28 : Related to configuration files generation in ebox : it would be better to detect when configuration files have been modified locally, ie not by ebox. If so warn the user about it and put the configuration file and his corresponding module out of ebox control (make the module unavailable in ebox for example). That way, advanced sysadmins can still administer the server if they don't want to use ebox. As soon as end user start to play with the configuration files directly, it can be assumed that they know what they're doing and ebox should get out of their way. Yast uses the same approach, which raised some comments from users at UDS Sevilla : they want to have the choice to use Yast (if it suits them) or not (if they need more control). Comment by Isaac Clerencia on 2007-05-30: As others have said eBox already provides the whole infrastructure part and more. Working from eBox, adding groupware modules and, if deemed necessary, enabling the system administrator to do local modifications should be the easiest path towards UbuntuEasyBusinessServer. We would be thrilled if eBox would be used as the base for the Ubuntu SME server. Comment by Leen Toelen on 2007-10-23: Maybe look at zimbra for the mailserver part? --> [Response by DaveWalker] In my experience with Zimbra, it doesn't co-exist with other application very well. Other's opinions might differ. Comment by Michael Lustfield (MTecknology) on 2007-05-22: Zimbra doesn't work well with other applications. One reason for this is it's need for performance. It has a lot going on and that makes it need a buff system. My server has 512MB Registered RAM. I suffer lag during load time, but the AJAX part reduced the load afterward. The other reason, and perhaps the biggest, is the custom software. When installing Zimbra, there is a custom apache, postfix, etc. package installed. In fact, everything it uses is custom. Therefor, it probably isn't well suited for this project, unless you get together with Zimbra themselves. Comment by Christian Merlin on 2008-06-30: I think that for groupware SoGO http://sogo.opengroupware.org/ would be very nice: Open Source Licence. Use Ldap for authentication and PostgreSQL for data managment. The web interface is equal to Thunderbid plus Lightning. There is a plugin for syncronization with Funambol. Comment by NealMcBurnett on 2008-07-31: See for comparison [[http://www.smeserver.org/|SME Server]] based on CentOS. Comment by Christiaan on 2012-11-09: Something long the lines of [[http://www.thefanclub.co.za/how-to/how-setup-ubuntu-business-box-server-ubb-part-1/|How to setup an Ubuntu Business Box Server]] |
|
| Line 202: | Line 100: |
| * UbuntuEasyFilePrintServer | |
| Line 204: | Line 103: |
| * [https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/UbuntuInstantServer] * [https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/SmallBusinessServer] |
* [[https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/UbuntuInstantServer]] * [[https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/SmallBusinessServer]] |
| Line 207: | Line 106: |
| * [http://ebox-platform.com/] * [http://www.webmin.com/] * ["Obuntu"] |
* [[http://www.webmin.com/]] * [[Obuntu]] * [[http://www.impilinux.co.za/|ImpiLinux]] * [[ZeroConfServer]] |
| Line 211: | Line 111: |
| * smbldap-tools * edubuntu user management stuff |
Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.
Launchpad entry: ubuntu-easy-business-server
Packages affected:
Summary
This spec describes Ubuntu's Easy Business Server, a configuration utility aimed at making it easy for non-technical businesses set up an Ubuntu based server for various things. I specifically does not deal with file and print services as that's covered in UbuntuEasyFilePrintServer
Rationale
The free software universe in general, and Ubuntu in particular, already provides most of the tools and infrastructure components needed to fulfill the needs of small businesses. What we need is good integration between these components and easy configuration.
Use Cases
- John is a Sysadmin with experience in other Microsoft-Branded OSes. He expects that Ubuntu Easy Bussiness Server brings similar features 'out-of-the-box' as Microsoft-branded OSes. He expects a simple way to connect remotely to the server configured out-of-the-box (VNC will be fine).
Scope
User management, file and print services are covered in UbuntuEasyFilePrintServer.
The following services will be included(in no particular order):
- Groupware
- Mail server (internal and external)
- Multiple domains
- Aliases
- vacation integration
- Calendar server
- Sharing of free/busy schedule
- Contact Management (Added by gQuigs 2007-3-15)
- Optional: Storing telephone call information
- Jabber or IRC server
- Mail server (internal and external)
- Infrastructure
- DHCP
- DNS
- Time
- Firewall/Internet gateway
- VPN
Design
The single most important keyword is simplicity.
The interface will be web based and some means of accessing it on the machine's console will be provided.
The interface will in every possible way help the user make good decisions.
While providing a really simple frontend, the backend should set up a system that any experienced admin will find professional and pleasing to work with.
Implementation
Everything in this spec will likely be done as plugins to whatever the outcome of UbuntuEasyFilePrintServer may be.
Data preservation and migration
Unresolved issues
BoF agenda and discussion
Comments
Comment by ArtCancro on 2007-03-15: may I suggest Citadel http://www.citadel.org as the groupware component? It would save an awful lot of work because it's got all of the mail and calendar stuff built in.
Comment by PaulKishimoto on 2007-03-20: I added UbuntuServerTasks and AdministerServerViaWebInterface to the related specs list. The former has already been approved, and the creator seems to know something about tasksel, which sounds like it would be useful.
Comment by SorenHansen on 2007-03-20: UbuntuServerTasks (and tasksel) is not quite what I'm after. Those tasks are simply a collection of existing packages. E.g. a web server task would just install apache and a number of interpreters. This spec is more about configuration. AdministerServerViaWebInterface on the other hand looks very similar to this. Interesting.
Comment by PaulKishimoto on 2007-03-22: I'm not a packaging expert, but I suspect .deb install scripts for different groupware packages may interact with each other and modify configuration files. I imagined a use case where Bob installs Ubuntu Server from a CD, chooses certain tasks (ie. package sets), adds the "uebs" package, and then points a web browser at the new server. Several of the tasks in UbuntuServerTasks install the groupware UEBS would configure, so instead of depending on packages directly it could recognizes and enable modules for only those packages which are installed.
I also should have mentioned two blog posts by Herman Bos from Planet Ubuntu: http://dev.osso.nl/herman/blog/2006/12/27/management-framework-2/ and http://dev.osso.nl/herman/blog/2007/01/31/ambition-readjustment/. I'm not sure what you had planned, a client-server model would make it possible to use either the web client or develop a PyGTK client to run on an administrator's desktop. He might have some helpful thoughts on this.
Comment by SorenHansen on 2007-03-22: Yes, postinst scripts might change configurations and whatnot, but that will not be a problem here. When installing uebs, it will "take over" the proper configuration files. Besides, the configuration file handling outlined should mitigate any problems that might arise from other things (possibly a human) changing the configuration files. UEBS will also be modular in nature, so if someone doesn't want certain bits managed, he will just not install the corresponding module. Only when used as an install option (the common use case, I suspect) will all modules be enabled by default. I've also seen Heman Bos' blog posts, but as far as I can tell, we're solving different problems here. That said, there might very well be basis for some cooperation along the way. By the way: Please don't just insert extra spaces here and there unless there's a reason. It's a pain to go through the diffs and try to figure out what was changed. 
Comment by EdwardMurrell on 2007-04-13: Have you considered using Kerberos for authentication? NFSv4 practically requires it, and it would mean that you get automagic secure authentication. If you're already implementing DNS and NTP, then you're halfway there. If you need some help on intergrating it with LDAP, I can feed you the work I've done to get it going here.
Comment by SorenHansen on 2007-04-13: This has turned into a Summer of Code project for me. My main focus is going to be on getting the framework together and building all the groupware-like plugins. The target group for this is mostly the not-so-technical bunch of people who want to use Ubuntu as a server, and I think Kerberos is a bit out of scope for them. Nevertheless, there's nothing per se wrong with having a Kerberos plugin available. I can ping you when the plugin API starts to stabilize, then maybe you can work on the plugin your self. Thanks for your input
Please also add jabber and wiki, as both authenticate off of ldap this should be reasonable, also another great addition would be dyndns, though that's a little pie in the sky. ~~~
Comment by AndyB on 2007-05-15: Don't reinvent the wheel. A good webinterface wich meets a lot of these requirement already exists: eBox (www.ebox-platform.com) It's written in Perl and based on Debian, so the changes should not be too big. I think if a collaboration comes up, that would be a very successful one.
Comment by MathiasGug on 2007-05-28 : Related to configuration files generation in ebox : it would be better to detect when configuration files have been modified locally, ie not by ebox. If so warn the user about it and put the configuration file and his corresponding module out of ebox control (make the module unavailable in ebox for example). That way, advanced sysadmins can still administer the server if they don't want to use ebox. As soon as end user start to play with the configuration files directly, it can be assumed that they know what they're doing and ebox should get out of their way. Yast uses the same approach, which raised some comments from users at UDS Sevilla : they want to have the choice to use Yast (if it suits them) or not (if they need more control).
Comment by Isaac Clerencia on 2007-05-30: As others have said eBox already provides the whole infrastructure part and more. Working from eBox, adding groupware modules and, if deemed necessary, enabling the system administrator to do local modifications should be the easiest path towards UbuntuEasyBusinessServer. We would be thrilled if eBox would be used as the base for the Ubuntu SME server.
Comment by Leen Toelen on 2007-10-23: Maybe look at zimbra for the mailserver part? --> [Response by DaveWalker] In my experience with Zimbra, it doesn't co-exist with other application very well. Other's opinions might differ.
Comment by Michael Lustfield (MTecknology) on 2007-05-22: Zimbra doesn't work well with other applications. One reason for this is it's need for performance. It has a lot going on and that makes it need a buff system. My server has 512MB Registered RAM. I suffer lag during load time, but the AJAX part reduced the load afterward. The other reason, and perhaps the biggest, is the custom software. When installing Zimbra, there is a custom apache, postfix, etc. package installed. In fact, everything it uses is custom. Therefor, it probably isn't well suited for this project, unless you get together with Zimbra themselves.
Comment by Christian Merlin on 2008-06-30: I think that for groupware SoGO http://sogo.opengroupware.org/ would be very nice: Open Source Licence. Use Ldap for authentication and PostgreSQL for data managment. The web interface is equal to Thunderbid plus Lightning. There is a plugin for syncronization with Funambol.
Comment by NealMcBurnett on 2008-07-31: See for comparison SME Server based on CentOS.
Comment by Christiaan on 2012-11-09: Something long the lines of How to setup an Ubuntu Business Box Server
Related specifications and projects
https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/UbuntuInstantServer
https://wiki.ubuntu.com/UbuntuDownUnder/BOFs/SmallBusinessServer
- probably others
- smbldap-tools
- edubuntu user management stuff
UbuntuEasyBusinessServer (last edited 2012-11-09 15:46:51 by 41)