Review - Mac OS X Server 10.3, Part 1

What is the point of Mac OS X Server? Mac OS X is Unix. I have Apache, bind, sendmail, (and whatever I want) already on here. My Mac OS X box is a server already, right? I have a home network with a half dozen Macs, and have a box that does some serving, and I want it do more. So, I set out to figure out what this Server thing is. (Read on for the rest.)

Sure, I can read. I can go to the Mac OS X Server web site and read all the documentation for things related to "standards-based management," "share printers and files," "n-tier" solutions. Yawn. I know all about this stuff, and I know I can do it already. If I am paying good money for this, it better have value I can't already get for free.

First Things First

Essentially, Mac OS X Server is the same thing as Mac OS X (a.k.a. Client). It's the same core OS, it has the same versioning (10.3.2 as of this writing), it runs the same programs. But Server comes with programs and tools and configurations geared toward being a server, rather than a user's workstation.

Server comes in two flavors: a 10-client version for $500, and an unlimited client version for $1000. The only difference between the two is that the 10-client version limits file and windows sharing to 10 simultaneous clients. You can have any number of users, but only 10 can connect to those services at the same time.

With that money, you also get 90 days of "up-and-running" support covering the software that ships with Server. So if you've read the frelling manual and still can't figure out why the firewall doesn't seem to be working, you can get some help. After 90 days, you can still get help -- including more advanced topics -- but it will cost you from $6,000 to $50,000.

Hardware

The Xserve, Apple's rack-mountable computer, comes with the unlimited client version of Server preinstalled; and really, Server is built with Xserve in mind. Server Monitor, included with Server, displays uptime, temperature, drives, power, network usage, fans, and security of Xserve boxes.

You can configure Xserve boxes automatically with Panther Server preinstalled. Design your configuration on one machine, set up an LDAP server and put it in the DHCP server settings, and add your configuration file to the LDAP server. Turn on the other servers for the first time, and each one will find the DHCP server, find the LDAP server, find the configuration file, and configure itself automatically. You can also put the configuration file on a USB key or somesuch, and the machines will configure themselves that way, too.

My test box is a dual G4/1.25 GHz Power Mac; it performs with nary a hiccup. If I had a large network or many users, I can imagine wanting more power: with a Power Mac or Xserve G5, I'd be able to take advantage of an OS that is optimized for the 64-bit CPU. For me, however, this would result in a depressingly, perpetually, low CPU load.

Initial Security Considerations

Out of the box, assuming no one has set up a rogue DHCP server on your network, Mac OS X Server is mostly secure: only SSH is on by default. As other services are turned on, more security concerns are created, because new security holes may be opened.

For the most part, the default configurations of the various services are secure, but that largely depends on your specific environment. Mac OS X Server is excellent at making advanced server configuration easier, but this ease of use comes with a price: you may be opening yourself up to attack. Mac users are often not used to the idea of making themselves vulnerable just by clicking checkboxes.

This may look like a Mac, and may be easy to use, but it is no substitute for having a real live sysadmin on hand to -- at the very least -- audit the security of the system. It'd be nice if Server included audit tools; I envision UI elements that warn you when you have conflicts, or when you've opened up a hole, or when you've violated predefined security policies. On the other hand, it would be more reliable to have a third-party system to do the audit, on basic principle. But that's so un-Mac-like.

Open

Tom Goguen, Director of Marketing for Mac OS X Server, says that Apple is 100% into using open standards and open source in the core operating system.

Mac OS X Server has always been largely based on open standards, but the Panther incarnation has gone even further. Gone are Apple's proprietary mail systems; they are replaced by postfix, mailman, and cyrus. Mostly gone is NetInfo; it is replaced by LDAP. Rendezvous, also an open system that others can plug into, is a bigger part of Server now: FTP, LPR, and web services are all announced via Rendezvous.

Of course, as always, Server -- just like Client -- is based on FreeBSD (now version 4.8, with some of 5.0 stirred in), and most of the Apple core OS itself is under the Apple Public Source License.

A Case for Case

New to Panther is case sensitivity in HFS+. For many years, Mac OS has used the HFS as its file system, which treated "Foo" and "foo" as the same file. Some years ago, HFS+ was introduced to overcome many of the limitations of HFS, but case sensitivity -- seen more as a usability feature than a limitation -- remained.

But in Unix, this certainly is a limitation for many people. "Makefile" vs. "makefile" and "head" vs. "HEAD" have caused many a headache for Mac OS X/Unix users. But now case sensitivity is a formatting option.

Because case insensitivity is still seen as a usability feature, this feature is not available by default on Client, although you could always connect your drive to a Server to format it. It is also possible, in theory, to format a drive with case sensitivity in Client using various tricks.

Setting it Up

My server is connected to my home network via a 100BaseT switch, to which is also connected a cable modem and an AirPort Extreme base station. My PowerBook G4/867 connects to the network via AirPort or the switch. My wife has an iBook G3/600, and I've got a PowerBook G3/400 in my stereo closet for playing MP3s. The PowerBook doesn't have internal AirPort, and instead is connected to another switch and another Extreme base station, configured to do WDS. I've also got the PS2 connected in there. Everything is running Panther Client (except for the PS2, last I checked).

Looking at the various services offered by Server, I can already see many things I want to set up: file sharing (Apple Filing Protocol, or AFP), DHCP for guests, DNS, FTP, SMTP, printing, and web. I have most of those already set up now, but I wouldn't mind if they were easier to configure and manage.

After surveying my situation, I installed Panther Server and took a look around.

The first thing I wanted to see was what my configuration options were. And lo, there in my Dock were not the expected iMovie, iTunes, iPhoto, and the like, but icons that a mouseover revealed to be representative of programs like Workgroup Manager, the aforementioned Server Monitor, and Server Admin.

Workgroup Manager uses a lot of terminology that is completely lost on me, and I am not managing any users, really. My wife doesn't need the file server -- we can exchange files via iChat, or I can copy them to her machine via scp -- and she keeps all her own files on her machine. We won't be using any print quotas. I do use Workgroup Manager to create some basic user accounts for friends, but I don't need any features more advanced than what is in Client.

Server Admin is what I want to sink my greedy little digits into. I opened it up, clicked the "add new server" button, typed in my server name ("Sweeney.local") and password, and started playing.

As I started looking around, I remembered that there was an extra CD in the distribution called Admin Tools. It allows you to install these tools on any Client machine, so you can manage the Server remotely. I want to go hang out in my La-Z-Boy while I configure my server, so I installed the tools on my PowerBook. Nifty.

Server Admin lists each machine and the services available to it, with an icon next to each describing its status. If you select a machine's name, you see several tabs: Overview, Logs, System, Graphs, Update, and Settings. Overview reports the system version, names, and dates. Under Logs, you can view the system log, watchdog log, etc. System reports what network interfaces and volumes are available. Graphs displays CPU and network use in pretty pictures. Update runs Software Update. Settings controls the system names, the date and time and timezone.

This is basic stuff, and each service is laid out in similar fashion. All of them have at least two tabs: Overview and Settings. Most also have a Logs tab. Some have other tabs like Connections, Graphs, Clients, Activity, Accounts, Queues, and Jobs.

The available services are AFP, Application Server, DHCP, DNS, Firewall, FTP, Mail, NAT, NetBoot, NFS, Open Directory, Print, QuickTime Streaming, VPN, Web, and Windows. Somewhat conspicuous in its absence, to me, is MySQL, which is included in Server, but doesn't have an interface in Server Admin.

Server Admin does have its problems. It will crash on occasion, but I see no evidence of my settings being corrupted, or any other lasting ill effects. Some of the lists are not sortable, though they appear to be: for example, the DNS zone listings are not sortable, even though clicking on the column headers indicate otherwise.

Also, it can be slow to update. This is understandable, but annoying. Logs don't refresh immediately, and when you hit reload, the wrong log is selected, instead of the current log being refreshed. When restarting services or viewing logs, I will sometimes use the command line tools, as they are more efficient; it would be nice if Server Admin would display the path to the log you are looking at, so you can easily find and tail it in a shell.

Sharing

Some of these services are available in a minimal form in Client, in Sharing under System Preferences: file sharing, Windows sharing, web, FTP, and printing. In Server, the Sharing preferences are still there, but contain only three items: Remote Login, Apple Remote Desktop, and Remote Apple Events. Remote Login is simple: it allows users to connect with ssh/scp, and can be turned on or off. The other two require, perhaps, a bit more explanation.

Apple Remote Desktop is a way for an admin to control client computers. Previously, the client was distributed only as part of the software package of the same name, but now the client is included with Panther. It is, of course, off by default, and once turned on, each machine must define what users have access to what resources (this can be done via the command line, too). I most commonly use ARD for controlling and viewing the screen of another computer, installing packages, and copying files.

Remote Apple Events has been in Mac OS for many years, since back in version 7-dot-something. It allows controlling "scriptable" Mac applications -- such as with AppleScript -- over the network. It used to run over AppleTalk, but now runs over plain old TCP/IP. Not many people make use of remote Apple events in my experience, but I use them often; for example, I have a Perl script that queries iTunes on a remote box, and sets the current track in iChat.

Windows

I don't use Windows, and therefore can't really test the new Windows integration in Panther Server. But from what I can tell, Apple has added quite a few improvements. Samba has been updated to version 3, and the lists of Unix and Windows users can be united via Directory Services. But I confess to a crippling ignorance and apathy about this small corner of the computing world. Sorry.

To Be Continued

Tomorrow, I'll get into the details of setting up the services I use on my network.

a home network with six macs?

what a loser!

Re:To Be Continued?

[Lussarn]

Because 80% of the slashdot articles needs to be about Macs. Apple pay for it.

Mac..

Mac will be dead in 10 years.

Re:Mac..

That's right.. the Mac has been dying for 20 years now. Another 10 should just about wrap it up..

Yes, but when president Bush outlaws gay marrage all the mac users are going to move to eurotrash socialist land and not have any money left to spend on apple's fagintosh computers or their iHomo MP3 players.

sounds like ...

[alamut]

NetBSD to me.

but you say i have to _pay_??

Re:They charge per client?

If I where a applefag I would just roll my own samba.

Apple users , proud members of YMCA!!!

Young man, there's no need to feel down. I said, young man, pick yourself off the ground. I said, young man, 'cause you're in a new town There's no need to be unhappy.

Young man, there's a place you can go. I said, young man, when you're short on your dough. You can stay there, and I'm sure you will find Many ways to have a good time.

It's fun to stay at the y-m-c-a. It's fun to stay at the y-m-c-a.

They have everything for you men to enjoy, You can hang out with all the boys ...

It's fun to stay at the y-m-c-a. It's fun to stay at the y-m-c-a.

You can get yourself cleaned, you can have a good meal, You can do whatever you feel ...

Young man, are you listening to me? I said, young man, what do you want to be? I said, young man, you can make real your dreams. But you got to know this one thing!

No man does it all by himself. I said, young man, put your pride on the shelf, And just go there, to the y.m.c.a. I'm sure they can help you today.

It's fun to stay at the y-m-c-a. It's fun to stay at the y-m-c-a.

They have everything for you men to enjoy, You can hang out with all the boys ...

It's fun to stay at the y-m-c-a. It's fun to stay at the y-m-c-a.

You can get yourself cleaned, you can have a good meal, You can do whatever you feel ...

Young man, I was once in your shoes. I said, I was down and out with the blues. I felt no man cared if I were alive. I felt the whole world was so tight ...

That's when someone came up to me, And said, young man, take a walk up the street. There's a place there called the y.m.c.a. They can start you back on your way.

It's fun to stay at the y-m-c-a. It's fun to stay at the y-m-c-a.

They have everything for you men to enjoy, You can hang out with all the boys ...

Y-m-c-a ... you'll find it at the y-m-c-a. Young man, young man, there's no need to feel down. Young man, young man, get yourself off the ground.

Y-m-c-a ... you'll find it at the y-m-c-a. Young man, young man, there's no need to feel down. Young man, young man, get yourself off the ground.

Y-m-c-a ... just go to the y-m-c-a. Young man, young man, are you listening to me? Young man, young man, what do you wanna be?

HOMOS FANCY APPLE!

It is commonly known that HOMOSEXUALS fancy apple because homos like design stuff shit like that. Mac is the commonly know gay computer and favoured in gay communities!

Re:HOMOS FANCY APPLE!

nothing worse than a limey trying to gay-bash. The nanciest San Fransisco booty burglar is more manly that a shipload of you limpwristed gentlemen. Listen Nigel, get back to your rotting empire and your rotting teeth before we decide "footie" is a weapon of mass destruction and sink your little two-bit island into the North Sea.

Village People!

Hey you apple users! Join the APPLE computer club YMCA!!!! Men and boys do it together!!! YMCA!!!!

Re:ya

Really, people have no clue about how much work is actually involved with this first post shit. I didn't know it. I didn't know it until I was actually in it. Yeah, you gotta be in it to understand what it's like.

MySQL

Somewhat conspicuous in its absence, to me, is MySQL, which is included in Server, but doesn't have an interface in Server Admin.

Ha! No GUI for you! Open up Terminal and administer via CLI like the rest of the unwashed masses.

Let's see here, I have a "server" at home that does some similar things:

1. DNS
2. DHCP
3. Samba
4. Appletalk
5. Appleshare
6. Remote administration
7. LDAP
8. FTP
9. Apache

Funny though, when I type "uname -o" in a "terminal" window, it tells me GNU/Linux. Did I get ripped off? Oh wait, I didn't have to pay $500 for this, I got it for free! My bad...

Another amusing quote:

My wife doesn't need the file server -- we can exchange files via iChat, or I can copy them to her machine via scp -- and she keeps all her own files on her machine. We won't be using any print quotas. I do use Workgroup Manager to create some basic user accounts for friends, but I don't need any features more advanced than what is in Client.

Um ... what's the point in paying $500 for a server OS (and I use that term loosely) if you're not going to ... serve?

Lost on terminology?

[LoudMusic]

Workgroup Manager uses a lot of terminology that is completely lost on me, and I am not managing any users, really.

Gripe number two - who the hell is this guy? Why does he have an XServe in his home?

Has any notable person, perhaps a system administrator, done a review on the OS X Server package? I have an XServe G5 coming to my advertising agency (as soon as they ship). Perhaps I'll write a worth while review of it.

Re:Did you know?

At least Mac users like to be top. Windows users are more comfortable bent over, taking it in the ass.

Re:To be read

[holdendeb]

MAC users are hardly known for their tech expertise. their skills are primarlly in graphics editing. MACs are overpriced pretty little boxes. not something i'd want to run my network. sorry slap open-bsd on a compaq dl 380(which costs less than an IMAC). the hardware is properitary and over priced despite the open os. sorry i clicked away too fast...

Wow!

My server is connected to my home network via a 100BaseT switch, to which is also connected a cable modem and an AirPort Extreme base station. My PowerBook G4/867 connects to the network via AirPort or the switch. My wife has an iBook G3/600, and I've got a PowerBook G3/400 in my stereo closet for playing MP3s. The PowerBook doesn't have internal AirPort, and instead is connected to another switch and another Extreme base station, configured to do WDS. I've also got the PS2 connected in there. Everything is running Panther Client (except for the PS2, last I checked).

<nasal voice>

I'm Robin Leach, sucking up to the rich! And today we pay a visit to 'pudge', open source luminary and owner of several hundred thousand dollars worth of Apple hardware. We check out his priceless Louis OSX 'Work-A-Do' desk inlaid with mother-of-god Cheeto fragments and get the lowdown about his LUG escapades from his wife! Stay tuned! But first, a message from our sponsors, OSDN Personals!!

</nasal-voice>

Re:The future...

do they also laugh at you when you tell them that Howard Dean is going to kick ass in Iowa? Apple has a 2-3% desktop marketshare. iTunes/iTMS is doing more for them than *BSD.

Re:My review of OSX Server

Yes, we are. =)

Re:To be read

My johnson is 12 inches long.

Re:OSX Server?

[Queuetue]

Ok, so yes, you're willing to pay extra money to get all that lickity-clickity stuff in your way.

Still doesn't help me understand the phenomena, but at least there's one more for Apple's "Charge me extra, please!" camp. I think I'm in the wrong business.

Re:OSX Server?

[Queuetue]

Well, it may be more "helpful" but it certainly isn't easier, faster, or simpler than editing a text file.

Is that what Apple people are paying extra for? The online help?

Re:gotta serve somebody

Don't listen to these fanboys expousing the virtues of Apple.

90% of xServes are sold to people who have Mac desktops and use AppleShare file/print sharing. Period.

And quite frankly, unless you are going to do that whole "OpenDirectory" thing, that's about the only thing xServes really excel at. There's virtually no software that runs on them except the standard Unix stuff. Unless you have a Mac network, get an x86 server.

What a waste

[orionware]

Apple is pretty smart. They know that Apple buyers really do care just how slick their server will look locked up in that rackroom or rack cabinet.

Coming from a job where the Director of Tech was an apple lover and made IT dept buy an XServe, I had a chance to play with it. Really unimpressed for the cost. All of the GUI apps had free and usually more featureful linux counterparts . Most of the time the admins did their work in the command line anyway.

When the controller and the ceo found out that we could have bought and built out three x86 boxes running linux for less, the DT was put on the short list and three months later was audited and fired. When it came down to it, there really was no ROI going with the X boxes. A flashy GUI? I'd personally fire anyone who bought server hardware based on that.

That's not much of a review...

...it is more like the "reviews" I see on sites set up just so someone can get free stuff. A long description of what was done, and of the set up of the environment, but short on actual reviewing of the product itself.

"Heh heh it has Ron D. View" and "I tried on my dualie but it'll work on a hemi". Sheesh!

Mac OSX is NOT UNIX

It's some variant on a BSD. It's not UNIX and it never will be, even if Apple gets it certified to carry the UNIX seal of approval. And it's GUI bites harder than the Matrix: Reloaded.

Who Cares

[redhawk1044]

No one cares cause it is Mac, and as far as i know no one gives a darn about Macs Faitfully servering PC's everywhere Joel