Amazon EC2 Quickstart

From Univention Wiki

Revision as of 13:17, 18 July 2012 by Jwalkenhorst (talk | contribs)
Jump to: navigation, search
Produktlogo UCS Version 3.0

Univention Corporate Server (UCS) is a Debian GNU/Linux-based server operating system with an integrated management system for the central administration of servers, services, clients, desktops and users. This quickstart guide offers an introduction on how to start and run Univention Corporate Server in Amazon EC2 and it is intended for evaluation only.


Univention provides and maintains a public Amazon Machine Image (AMI) in Amazon EC2. The only preparation needed is an account at Amazon Web Services that can simply be registered.

Create an Instance

To create an instance of Univention Corporate Server at Amazon EC2, simply login to Amazon AWS Management Console, open Amazon EC2, create a new instance in the region of your choice and choose Univention Corporate Server. If the reader is familiar with AWS Management Console, simply create the instance with the following settings:

Amazon Machine Image (AMI) Name
Univention Corporate Server (UCS) 3.0-2
Security Groups
Must allow at least HTTP/S and SSH. Please make sure that the security group is setup properly for network communication, e.g. allow ICMP ping and communication through the ports listed in SDB #1081.
IMPORTANT NOTE: If it is intended to setup a whole environment consisting of several UCS instances, it is recommended to use Amazon Virtual Private Cloud (VPC), because it allows a static assignment of IP addresses. If the instances are operated in EC2 only, their IP addresses change after they are shutdown and started again (not rebooted) and the instances won't find each other anymore.

If the reader is not familiar with AWS Management Console, simply walk through the following steps. It is assumed that the reader already has an account, is logged in to AWS Management Console and has opened the Amazon EC2 Console Dashboard.

First of all, choose the region mentioned above.
Amazon EC2 Dashboard Region EU West (Ireland)
Click Launch Instance to open the Create a New Instance Wizard and select the option Classic Wizard.
Create a New Instance and choose Classic Wizard
Click on the Community AMIs tab, leave the viewings filter with All Images, search for Univention Corporate Server and click on Select.
List of Community AMIs
Enter the instance details like Number of Instances, Instance Type and where to launch the instance, in EC2 or a Virtual Private Cloud (VPC).

Click on Continue.

Instance Details
Enter the advanced instance options like Kernel ID or RAM Disk ID. Those options can be left with their default settings. Furthermore, Termination Protection and Shutdown Behavior and other settings may be defined.

Click on Continue.

Advanced Instance Options
Tags may be entered to simplify the administration of the EC2 infrastructure.

Click on Continue.

Choose an existing or create a new public/private key pair to securely connect to the new instance later. The key is necessary to connect to the instance via SSH.

It should not be proceeded without a key pair. A newly created key pair should be downloaded directly and saved locally. See Amazon Elastic Compute Cloud: Getting an SSH Key Pair.

Click on Continue.

Create a new Key Pair
Use an existing Key Pair
Choose an existing or create a new Security Group for the instance. The Security must at least allow SSH and HTTP/S. Depending on the software and services used with UCS additional settings for a security group might be necessary. A list of ports needed by Univention Corporate Server can be found in SDB #1018.

Click on Continue.

Choose or create a new Security Group
The final review shows a summary of the instance settings. Click on Launch to start your new instance of Univention Corporate Server. The start of the instance will last a moment.
Review of the instance summary
Close the Instance Wizard and connect to the new instance.
Instance is now launching

Connect to and configure the Instance

After the instance has been created, it needs to be configured, e.g. set root password and configure UCS to the own needs.

To connect to the created instance, connection information of the instance have to be retrieved first. Right-click on the instance and choose Connect.
Retrieve Connect information
An information window appears showing the SSH command to open a SSH connection to the instance. Use the login information below the example in step four to connect to the instance.
Connect to instance with standalone SSH client
The first login via SSH will show a welcome message and asks the user to set the root password first and finish the configuration.
First connect via SSH
It is strongly recommended to change the password of the administrative root account. Please enter the following command and type in your password twice:
passwd root
After changing the root password, open the UCS management system in the webbrowser. The URL is provided in the welcome message in the SSH client and will open a secure connection to the UCS management system. The SSL certificate may have to be accepted manually in the webbrowser. Login with the user root and the new password.
Welcome and overview for initial configuration of UCS
The first thing to define is the system role of the newly created UCS system. A domain controller master is the first system to be defined for a new environment. More information about the system roles can be found in the UCS Manual in section 3.3 System roles.
Choose the system role
Language settings are for configuration of the available languages on the system. English and German are already installed in UTF-8 encoding. The default system locale is English (United States), if logged in to UCS management system with English language setting.

Click on Next.

Language settings
Basic settings are for configuration of fully qualified domain name (FQDN), LDAP base, Windows domain and Root password. LDAP base and Windows domain are automatically suggested according to the FQDN and can be customized. The Root password has to be filled in.

Click on Next.

Basic settings
Network settings are for configuration of IPv4 and if necessary IPv6 addresses and the gateway. Amazon provides all necessary network information via DHCP. The network settings can be left with the default values provided.

Note: If the system role is not domaincontroller master, it is necessary to add the IP address of the domaincontroller master to the field Domain name server so that the system can connect to the domaincontroller master and join the domain.

Click on Next.

Network settings
Certificate settings are for the configuration of the SSL certificate.

Click on Next.

Certificate settings
Software settings are for installation of additional software components. Depending on the purpose additional software components may be selected for installation after finishing the configuration. The components Active Directory-compatible domain controller (Samba 4), Active Directory Connector and Mail server have been selected as additional components in this example.

Click on Apply settings.

Software settings
The system setup wizard in Univention Corporate Server finishes the configuration and continues the system boot.
Changes are applied
The user will be redirected to the login page of the UCS management system. The user Administrator is already set. Administrative work should be done with the account Administrator or any other user account in the group Domain Admins.
Login as Administrator

Further information

The first source of help for UCS is the manual. Help on UCS is offered in the Univention forum and useful information can be found in the Univention support and knowledge base (SDB). Errors in the documentation or programs can be reported directly in Univention Bugzilla.

Personal tools