End of Migration: Orange Celebrated Successful UCS Project Completion

When we at Orange decided to renew our e-mail platform, we could not yet know
that we would celebrate the successful end of migration on the 5th of July
2022 in our headquarters in Paris with more than 200 guests. We initiated the
project back in 2014 and are now able to look back on eight years of
successful cooperation with Univention that led to our new e-mail platform.
Its main components are the e-mail back-end solution Dovecot, the groupware
Open-Xchange as webmail and PIM solution, and the identity management
Univention Corporate Server
(UCS), which today manages the
user identities of about 13 million active mailboxes.

In this blog article, we would like to tell you how we got here – starting
with our expectations and motivation for the project and the cooperation with
Univention, and ending with challenges, how we tackled them and what we plan
to do next. Let’s turn back the clock and take a look at the first important
steps that we took at Orange to get the project up and running!

Starting Point: When We Knew that Change Was Coming

Our main motivation to start this complex and years-long project was the
continuous growth of the platform and the no longer up-to-date software stack.
That was partly because the system had to map an extremely large number of
accesses to the LDAP directory service, which lead up to huge number of
changes in the objects stored there every day. At the same time, our IT
managers valued high reliability: We wanted to operate in two mirrored data
centers in Paris in the event of technical problems. Additionally, it should
be possible for our IT to replace the servers during operation with little
downtime .

Since it was not possible to migrate the millions of user accounts at once, a
step-by-step approach has beeFabrice from orangen introduced which needed high
scalability of the system for the gradual migration of e-mail accounts. The IT
managers of the project also wanted flexible roles both for delegative
administration and for the content of LDAP replicas (dedicated LDAP clusters
per connected service). Finally, high data protection requirements had to be
met – just another challenge we had to overcome.

Expectations and Motivation: Complete Overhaul of the E-Mail Platform

After it had become clear that a renewal of the old system was necessary, we
jointly defined the requirements we had for the new platform:

• Ability to manage 13 million active user identities
• The directory service must handle more than a hundred thousand simultaneous requests
• Delegated administration and scalable notifications
• API compatibility with existing systems
• Highly scalable for gradual user data migration

Our solution for the complete overhaul of the platform – which fulfilled all
of the above requirements – included the following:

• UCS utilizing integrated OpenLDAP as an identity management for the millions of users using Orange mail accounts at that time
• Creating a stable LDAP cluster capable of handling numerous simultaneous requests
• Implementing SOAP interfaces and provisioning and notification plug-ins for external APIs
• Integrating Open-Xchange, Dovecot, a provisioning router and broker from Tarent, and many Orange-specific services

Finding the Perfect Solution: Why We at Orange Decided to Use UCS

Although there were other competitive products, we knew we had found the best
solution for Orange when we first discovered UCS from Univention that was
recommended by Open-Xchange with which we at this time had already started
modernizing our e-mail offering. We were quickly convinced that using UCS
would enable flexible roles and rights mapping, both at the level of
delegative administration and for selective replication of the LDAP servers.

However, the possibilities offered by UCS for a scalable notification system
as well as the existing and expandable interfaces were relevant as well, since
UCS had to harmonize with the already existing system. Last but not least, it
was very important for us to work with a company that allows us to develop a
sincere partnership. This was just one more reason to work with Univention,
Open-Xchange and Dovecot for this project, as they valued partnership as we
did. Moreover, these three companies were able to provide consistent
individual consulting as well as product support and ensure the consequent
implementation of sub-projects during the course of the project.

Challenges & Solutions: Identifying Bottlenecks and OppoFabrice from

orangertunities

Looking back at the whole project implementation, the biggest challenge was
the sheer size of the project environment. While in typical UCS projects at
this time about 200,000 objects were stored in the LDAP database, Orange
maintained more than 13,000,000 active objects. UCS had not yet been used in a
project of this size, even though Univention knew that the technical
possibilities were available.

To cope with the large amounts of data and high system loads, LDAP clusters
were chosen, which were set up as a group of UCS Replica Directory Node
instances with an identical subset of LDAP objects/attributes. The
configuration of the database indexes, the implemented LDAP queries and the
sizing of the server systems had to be coordinated in detail for these
clusters. The operation of the system was distributed over two physical
locations.

Another challenge was to create a system that is API-compatible with the
already existing system, Univention’s project team had to implement several
specific SOAP interfaces. It was also necessary to generate provisioning or
notification plug-ins for many external APIs. These APIs are part of an
extended notification system specifically for the project based on Univention
Directory Manager and complementary tools such as RabbitMQ.

Summary & Outlook: Taking a Look at the Project History and Future Plans

for Orange

Univention took over the IAM in our e-mail
back-end, and from 2014 on, our IT department migrated all these mailboxes
into UCS. The first project release with full functionality could already be
delivered in 2015. Over the course of the following year, the solution was
expanded with additional functions and server roles and numerous performance
tests were carried out to ensFabrice from orangeure that the system would
withstand the expected extremely high workloads. At the end of 2016, the
system went live with the full range of managed identities.

Since then, e-mail accounts have been gradually migrated to the new system. In
addition, new requirements, such as stricter data protection regulations or
new provisioning workflows, are continually being implemented. Thanks to the
stability, reliability, and scalability of the new system, the commissioned
24/7 support seldom had to be used.

We started this project eight years ago, a long period of time due to the
unusual amount of data in the mailboxes. So the migration into Univention’s
LDAP was not the bottleneck, but the migration of the mailbox contents.
Together we managed to find a solution and take the strain from the system.

In the future, we plan to migrate the project’s environment to UCS 5 and look
forward to the ongoing good cooperation with Univention and its technical
teams.

Der Beitrag End of Migration: Orange Celebrated Successful UCS Project
Completion
erschien zuerst auf Univention.

link