Slashdot Mirror
Review - Mac OS X Server 10.3, Part 1
Sure, I can read. I can go to the Mac OS X Server web site and read all the documentation for things related to "standards-based management," "share printers and files," "n-tier" solutions. Yawn. I know all about this stuff, and I know I can do it already. If I am paying good money for this, it better have value I can't already get for free.
First Things First
Essentially, Mac OS X Server is the same thing as Mac OS X (a.k.a. Client). It's the same core OS, it has the same versioning (10.3.2 as of this writing), it runs the same programs. But Server comes with programs and tools and configurations geared toward being a server, rather than a user's workstation.
Server comes in two flavors: a 10-client version for $500, and an unlimited client version for $1000. The only difference between the two is that the 10-client version limits file and windows sharing to 10 simultaneous clients. You can have any number of users, but only 10 can connect to those services at the same time.
With that money, you also get 90 days of "up-and-running" support covering the software that ships with Server. So if you've read the frelling manual and still can't figure out why the firewall doesn't seem to be working, you can get some help. After 90 days, you can still get help -- including more advanced topics -- but it will cost you from $6,000 to $50,000.
Hardware
The Xserve, Apple's rack-mountable computer, comes with the unlimited client version of Server preinstalled; and really, Server is built with Xserve in mind. Server Monitor, included with Server, displays uptime, temperature, drives, power, network usage, fans, and security of Xserve boxes.
You can configure Xserve boxes automatically with Panther Server preinstalled. Design your configuration on one machine, set up an LDAP server and put it in the DHCP server settings, and add your configuration file to the LDAP server. Turn on the other servers for the first time, and each one will find the DHCP server, find the LDAP server, find the configuration file, and configure itself automatically. You can also put the configuration file on a USB key or somesuch, and the machines will configure themselves that way, too.
My test box is a dual G4/1.25 GHz Power Mac; it performs with nary a hiccup. If I had a large network or many users, I can imagine wanting more power: with a Power Mac or Xserve G5, I'd be able to take advantage of an OS that is optimized for the 64-bit CPU. For me, however, this would result in a depressingly, perpetually, low CPU load.
Initial Security Considerations
Out of the box, assuming no one has set up a rogue DHCP server on your network, Mac OS X Server is mostly secure: only SSH is on by default. As other services are turned on, more security concerns are created, because new security holes may be opened.
For the most part, the default configurations of the various services are secure, but that largely depends on your specific environment. Mac OS X Server is excellent at making advanced server configuration easier, but this ease of use comes with a price: you may be opening yourself up to attack. Mac users are often not used to the idea of making themselves vulnerable just by clicking checkboxes.
This may look like a Mac, and may be easy to use, but it is no substitute for having a real live sysadmin on hand to -- at the very least -- audit the security of the system. It'd be nice if Server included audit tools; I envision UI elements that warn you when you have conflicts, or when you've opened up a hole, or when you've violated predefined security policies. On the other hand, it would be more reliable to have a third-party system to do the audit, on basic principle. But that's so un-Mac-like.
Open
Tom Goguen, Director of Marketing for Mac OS X Server, says that Apple is 100% into using open standards and open source in the core operating system.
Mac OS X Server has always been largely based on open standards, but the Panther incarnation has gone even further. Gone are Apple's proprietary mail systems; they are replaced by postfix, mailman, and cyrus. Mostly gone is NetInfo; it is replaced by LDAP. Rendezvous, also an open system that others can plug into, is a bigger part of Server now: FTP, LPR, and web services are all announced via Rendezvous.
Of course, as always, Server -- just like Client -- is based on FreeBSD (now version 4.8, with some of 5.0 stirred in), and most of the Apple core OS itself is under the Apple Public Source License.
A Case for Case
New to Panther is case sensitivity in HFS+. For many years, Mac OS has used the HFS as its file system, which treated "Foo" and "foo" as the same file. Some years ago, HFS+ was introduced to overcome many of the limitations of HFS, but case sensitivity -- seen more as a usability feature than a limitation -- remained.
But in Unix, this certainly is a limitation for many people. "Makefile" vs. "makefile" and "head" vs. "HEAD" have caused many a headache for Mac OS X/Unix users. But now case sensitivity is a formatting option.
Because case insensitivity is still seen as a usability feature, this feature is not available by default on Client, although you could always connect your drive to a Server to format it. It is also possible, in theory, to format a drive with case sensitivity in Client using various tricks.
Setting it Up
My server is connected to my home network via a 100BaseT switch, to which is also connected a cable modem and an AirPort Extreme base station. My PowerBook G4/867 connects to the network via AirPort or the switch. My wife has an iBook G3/600, and I've got a PowerBook G3/400 in my stereo closet for playing MP3s. The PowerBook doesn't have internal AirPort, and instead is connected to another switch and another Extreme base station, configured to do WDS. I've also got the PS2 connected in there. Everything is running Panther Client (except for the PS2, last I checked).
Looking at the various services offered by Server, I can already see many things I want to set up: file sharing (Apple Filing Protocol, or AFP), DHCP for guests, DNS, FTP, SMTP, printing, and web. I have most of those already set up now, but I wouldn't mind if they were easier to configure and manage.
After surveying my situation, I installed Panther Server and took a look around.
The first thing I wanted to see was what my configuration options were. And lo, there in my Dock were not the expected iMovie, iTunes, iPhoto, and the like, but icons that a mouseover revealed to be representative of programs like Workgroup Manager, the aforementioned Server Monitor, and Server Admin.
Workgroup Manager uses a lot of terminology that is completely lost on me, and I am not managing any users, really. My wife doesn't need the file server -- we can exchange files via iChat, or I can copy them to her machine via scp -- and she keeps all her own files on her machine. We won't be using any print quotas. I do use Workgroup Manager to create some basic user accounts for friends, but I don't need any features more advanced than what is in Client.
Server Admin is what I want to sink my greedy little digits into. I opened it up, clicked the "add new server" button, typed in my server name ("Sweeney.local") and password, and started playing.
As I started looking around, I remembered that there was an extra CD in the distribution called Admin Tools. It allows you to install these tools on any Client machine, so you can manage the Server remotely. I want to go hang out in my La-Z-Boy while I configure my server, so I installed the tools on my PowerBook. Nifty.
Server Admin lists each machine and the services available to it, with an icon next to each describing its status. If you select a machine's name, you see several tabs: Overview, Logs, System, Graphs, Update, and Settings. Overview reports the system version, names, and dates. Under Logs, you can view the system log, watchdog log, etc. System reports what network interfaces and volumes are available. Graphs displays CPU and network use in pretty pictures. Update runs Software Update. Settings controls the system names, the date and time and timezone.
This is basic stuff, and each service is laid out in similar fashion. All of them have at least two tabs: Overview and Settings. Most also have a Logs tab. Some have other tabs like Connections, Graphs, Clients, Activity, Accounts, Queues, and Jobs.
The available services are AFP, Application Server, DHCP, DNS, Firewall, FTP, Mail, NAT, NetBoot, NFS, Open Directory, Print, QuickTime Streaming, VPN, Web, and Windows. Somewhat conspicuous in its absence, to me, is MySQL, which is included in Server, but doesn't have an interface in Server Admin.
Server Admin does have its problems. It will crash on occasion, but I see no evidence of my settings being corrupted, or any other lasting ill effects. Some of the lists are not sortable, though they appear to be: for example, the DNS zone listings are not sortable, even though clicking on the column headers indicate otherwise.
Also, it can be slow to update. This is understandable, but annoying. Logs don't refresh immediately, and when you hit reload, the wrong log is selected, instead of the current log being refreshed. When restarting services or viewing logs, I will sometimes use the command line tools, as they are more efficient; it would be nice if Server Admin would display the path to the log you are looking at, so you can easily find and tail it in a shell.
Sharing
Some of these services are available in a minimal form in Client, in Sharing under System Preferences: file sharing, Windows sharing, web, FTP, and printing. In Server, the Sharing preferences are still there, but contain only three items: Remote Login, Apple Remote Desktop, and Remote Apple Events. Remote Login is simple: it allows users to connect with ssh/scp, and can be turned on or off. The other two require, perhaps, a bit more explanation.
Apple Remote Desktop is a way for an admin to control client computers. Previously, the client was distributed only as part of the software package of the same name, but now the client is included with Panther. It is, of course, off by default, and once turned on, each machine must define what users have access to what resources (this can be done via the command line, too). I most commonly use ARD for controlling and viewing the screen of another computer, installing packages, and copying files.
Remote Apple Events has been in Mac OS for many years, since back in version 7-dot-something. It allows controlling "scriptable" Mac applications -- such as with AppleScript -- over the network. It used to run over AppleTalk, but now runs over plain old TCP/IP. Not many people make use of remote Apple events in my experience, but I use them often; for example, I have a Perl script that queries iTunes on a remote box, and sets the current track in iChat.
Windows
I don't use Windows, and therefore can't really test the new Windows integration in Panther Server. But from what I can tell, Apple has added quite a few improvements. Samba has been updated to version 3, and the lists of Unix and Windows users can be united via Directory Services. But I confess to a crippling ignorance and apathy about this small corner of the computing world. Sorry.
To Be Continued
Tomorrow, I'll get into the details of setting up the services I use on my network.
Why not post the whole review at once?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Yawn. I know all about this stuff, and I know I can do it already. If I am paying good money for this, it better have value I can't already get for free. You may be able to do it- but to those who cannot a simpl GUI on top makes a world of difference. Different strokes for different folks- don't buy it.
the point of it the same of any company; to make money. Duh, imagine that, apple trying to profit!
Where did you get this "After 90 days, you can still get help -- including more advanced topics -- but it will cost you from $6,000 to $50,000." quote? Link? Facts?
It's either on the beat or off the beat, it's that easy.
I moderate therefore I rule!
--
Wow, even when there's no article to click on to read, you don't even read the review - just the headline and the "Reply" button. Try to read it, and understand that the Apple hardware is super reliable, supported, and runs an easy to use, high performance, standards-based OS with open-source apps. Then consider that many people have Mac technique experience, from GUI to other skills, and those skills can be used to get the power of a commercial unix server: MacOSX Server.
--
make install -not war
Big difference is that you pay Apple once whereas MS has per user taxing.
So buy a fucking two button mouse and plug it in. *GASP* it works! Even better, you could buy a 5 or 12 or 40 button mouse, and as long as you could get drivers for all 40 buttons, it would work. Suprise suprise, apple actualy uses or at least is compatible with standard parts.
And how is a menu bar at the top of the screen inaccessable?
T Money
World Domination with a plastic spoon since 1984
I don't suppose it's possible that he uses a mobil wireless laptop in his house, and often finds himself out of range of the first base station, and thus the second one doubles as a net connection for both the MP3 player and a nother laptop is it? No I suppose having a logical explination would shatter your world view.
T Money
World Domination with a plastic spoon since 1984
People who want 1> reliable, long lived hardware 2> relatively easy, familiar operating environment with standard apps 3> affordable support from an experienced, user-friendly service organization that actually develops the tech they're supporting. Total Cost of Ownership studies are probably available from Apple, and I'd expect they're compelling, especially for the installed base of Mac shops. You'd be surprised how much easier selling a server platform to IT can be, when there's a marketing team with decades of experience behind them, a brand name before them, and solid business cases for their technology holding it all together.
--
make install -not war
Please explain how on earth a 1U 2 processor Xserve could possibly "replace" a Sun Enterprise system. Because that's "high end", believe it or not. 32 processors. Hundreds of gigabytes of ram. Disk arrays that fill closets, not 3-5U. Please point me to the SAN(no, the Xraid is NOT a SAN!) and tape backup solutions offered by Apple. Sun *used* to be the end-all-be-all when it came to high-end servers, but apart from the Sun Fires it seems that Apple has much more to offer these days.
You're smoking crack, considering Apple makes ONE model in three configs, and Sun offers everything from a Sun Fire that costs 1/2 as much as the Xserve, to systems in the millions of dollars range...and the tools that can manage that kind of hardware effectively(apple's tools are neat, but not ready for managing hundreds of servers etc.)
Please help metamoderate.
and I can't help but weeping in desperation for the weeks spent shoehorning configs, outdated schemas, shoddy howtos, help calls to usenet groups go get the same stuff up on various MDKs, FreeBSDs, RHs etc... Well, we needed a unix office server... we could have gone IBM... the XServe is shipping this week... :-) Linux is cool, but all the mentioned distributors didn't manage or care to do what Apple did. I'm starting to think that the corporate desktop is quite ready for Macs...
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
RAID mounting - depends on the RAID. If it's a non-XserveRAID, you need to leave the box 'unlocked'. This is (simple) security so that someone can't come in and reboot with a firewire/cd/ext HD and take over your server. The fact that the key is just an allen wrench is another story.
If it's an XserveRAID, it will mount even when locked. Apple's version of buy-in. Still beats MS by a long shot.
There are two types of people in the world: Those who crave closure