Amazon EC2 Quickstart
From Univention Wiki
Univention Corporate Server (UCS) is a Debian GNU/Linux-based server operating system with an integrated management system for the central administration of servers, services, clients, desktops and users. This quickstart guide offers an introduction on how to start and run Univention Corporate Server in Amazon EC2 and it is intended for evaluation only.
Create an Instance
To create an instance of Univention Corporate Server at Amazon EC2, simply login to Amazon AWS Management Console, open Amazon EC2, create a new instance in the region of your choice and choose Univention Corporate Server. If the reader is familiar with AWS Management Console, simply create the instance with the following settings:
- Amazon Machine Image (AMI) Name
- Univention Corporate Server (UCS) 3.0-2
- Security Groups
- Must allow at least HTTP/S and SSH. Please make sure that the security group is setup properly for network communication, e.g. allow ICMP ping and communication through the ports listed in SDB #1081.
If the reader is not familiar with AWS Management Console, simply walk through the following steps. It is assumed that the reader already has an account, is logged in to AWS Management Console and has opened the Amazon EC2 Console Dashboard.
|First of all, choose the region mentioned above.|
|Click Launch Instance to open the Create a New Instance Wizard and select the option Classic Wizard.|
|Click on the Community AMIs tab, leave the viewings filter with All Images, search for Univention Corporate Server and click on Select.|
|Enter the instance details like Number of Instances, Instance Type and where to launch the instance, in EC2 or a Virtual Private Cloud (VPC).
|Enter the advanced instance options like Kernel ID or RAM Disk ID. Those options can be left with their default settings. Furthermore, Termination Protection and Shutdown Behavior and other settings may be defined.
|Tags may be entered to simplify the administration of the EC2 infrastructure.
|Choose an existing or create a new public/private key pair to securely connect to the new instance later. The key is necessary to connect to the instance via SSH.
|Choose an existing or create a new Security Group for the instance. The Security must at least allow SSH and HTTP/S. Depending on the software and services used with UCS additional settings for a security group might be necessary. A list of ports needed by Univention Corporate Server can be found in SDB #1018.
|The final review shows a summary of the instance settings. Click on Launch to start your new instance of Univention Corporate Server. The start of the instance will last a moment.|
|Close the Instance Wizard and connect to the new instance.|
Connect to and configure the Instance
After the instance has been created, it needs to be configured, e.g. set root password and configure UCS to the own needs.
|To connect to the created instance, connection information of the instance have to be retrieved first. Right-click on the instance and choose Connect.|
|An information window appears showing the SSH command to open a SSH connection to the instance. Use the login information below the example in step four to connect to the instance.|
|The first login via SSH will show a welcome message and asks the user to set the root password first and finish the configuration.|
|It is strongly recommended to change the password of the administrative root account. Please enter the following command and type in your password twice:
|After changing the root password, open the UCS management system in the webbrowser. The URL is provided in the welcome message in the SSH client and will open a secure connection to the UCS management system. The SSL certificate may have to be accepted manually in the webbrowser. Login with the user root and the new password.|
|The first thing to define is the system role of the newly created UCS system. A domain controller master is the first system to be defined for a new environment. More information about the system roles can be found in the UCS Manual in section 3.3 System roles.|
|Language settings are for configuration of the available languages on the system. English and German are already installed in UTF-8 encoding. The default system locale is English (United States), if logged in to UCS management system with English language setting.
|Basic settings are for configuration of fully qualified domain name (FQDN), LDAP base, Windows domain and Root password. LDAP base and Windows domain are automatically suggested according to the FQDN and can be customized. The Root password has to be filled in.
|Network settings are for configuration of IPv4 and if necessary IPv6 addresses and the gateway. Amazon provides all necessary network information via DHCP. The network settings can be left with the default values provided.
Click on Next.
|Certificate settings are for the configuration of the SSL certificate.
|Software settings are for installation of additional software components. Depending on the purpose additional software components may be selected for installation after finishing the configuration. The components Active Directory-compatible domain controller (Samba 4), Active Directory Connector and Mail server have been selected as additional components in this example.
|The system setup wizard in Univention Corporate Server finishes the configuration and continues the system boot.|
|The user will be redirected to the login page of the UCS management system. The user Administrator is already set. Administrative work should be done with the account Administrator or any other user account in the group Domain Admins.|
The first source of help for UCS is the manual. Help on UCS is offered in the Univention forum and useful information can be found in the Univention support and knowledge base (SDB). Errors in the documentation or programs can be reported directly in Univention Bugzilla.