Our small optometry office currently runs Univention Corporate Server as a primary domain controller. The documentation is good, it’s got more features than we’ll ever need, it’s been petty reliable, and nobody in the office complains about it (that last part is most important). At least, nobody except me. I’m the one who has to maintain it.
I find that running any backend operations like a simple software update, installing or deleting a module, or running a simple diagnostic, to be painfully slow. But I can live with that, it’s not like I have to perform these tasks often.
The most egregious issue I have with UCS is the level and quality of community support. It’s abysmal. Support requests can often go days or weeks without a reply. The quality of replies is shameful. I dread having to ask any questions
They offer paid support, but it’s as expensive and restrictive as a Windows server setup. I’m not averse to paying for support. I’d probably do it if I knew it was worthwhile. But in my experience, a company that ignores their community support forums typically has awful paid support, as well, so I’m just not willing to fork over the $1500+ for help with the issue I’m currently experiencing. I’m concerned that, someday, the AD service will stop working and I’ll be stuck with no help to get it fixed quickly.
So I’ve been exploring alternatives, and this is one of them. I’d love to know what kind of experience I’d have as a Nethserver user. Here’s how we currently use UCS, and hopefully this community can tell me how easy this is to do with Nethserver.
As mentioned above, we use UCS as a primary domain controller. I run it as a VE on ProxMox with 8 Epyc cores (out of the available 24) and 16GB of ram (of 64). Our staff makes extensive use of roaming profiles with folder redirection, nobody really has an assigned computer. There are many GPOs in place to standardize the appearance and behavior of desktops, and to lock stuff down to adhere to HIPPA regulations. I got sick and tired of having to constantly re-enable screen lock timeouts and password requirements. All office printers are run via this server. I have a “hot folder” for each printer that’s shared throughout the office, and any files copied to these folders automatically get queued for printing using a script I wrote. We had to implement this because a lot of Windows 10 computers had printer driver issues that would cause the queue to freeze up and it got on my nerves. Having all the print queues on a single server has saved me so much time. We have lots of shared folders. One for each printer, one for each scanner, one for general sharing, each user’s home share (which also holds the redirected folders), a read-only share with correspondence templates, etc. We use UCS’s self-service backend to let staff set or reset their passwords with any web browser. I love the easy Let’s Encrypt integration so that nobody gets security warnings when they try to access the self-service site, even from outside our network. It’s remarkable how much panic those warnings can cause some people…
We do not host email, we use Gsuite for that. All system emails get relayed by postfix through an Amazon SES server. This includes “please set your password” emails sent to new staff.
In the near future, I was hoping to implement some kind of always-on VPN for some of our laptops, so staff can bring them home and still be able to access our locally-hosted practice management software while the laptop is domain-joined. This is possible with UCS, but requires some setup.
In the farther future, there will be multiple office locations which need to synchronize users and data over the internet. For now it’s just a single office with 15 computers.
Seems like these requirements are pretty straightforward. Should I be concerned about any of it if I choose to migrate to Nethserver?