Review - Mac OS X Server 10.3, Part 1

What is the point of Mac OS X Server? Mac OS X is Unix. I have Apache, bind, sendmail, (and whatever I want) already on here. My Mac OS X box is a server already, right? I have a home network with a half dozen Macs, and have a box that does some serving, and I want it do more. So, I set out to figure out what this Server thing is. (Read on for the rest.)

Sure, I can read. I can go to the Mac OS X Server web site and read all the documentation for things related to "standards-based management," "share printers and files," "n-tier" solutions. Yawn. I know all about this stuff, and I know I can do it already. If I am paying good money for this, it better have value I can't already get for free.

First Things First

Essentially, Mac OS X Server is the same thing as Mac OS X (a.k.a. Client). It's the same core OS, it has the same versioning (10.3.2 as of this writing), it runs the same programs. But Server comes with programs and tools and configurations geared toward being a server, rather than a user's workstation.

Server comes in two flavors: a 10-client version for $500, and an unlimited client version for $1000. The only difference between the two is that the 10-client version limits file and windows sharing to 10 simultaneous clients. You can have any number of users, but only 10 can connect to those services at the same time.

With that money, you also get 90 days of "up-and-running" support covering the software that ships with Server. So if you've read the frelling manual and still can't figure out why the firewall doesn't seem to be working, you can get some help. After 90 days, you can still get help -- including more advanced topics -- but it will cost you from $6,000 to $50,000.

Hardware

The Xserve, Apple's rack-mountable computer, comes with the unlimited client version of Server preinstalled; and really, Server is built with Xserve in mind. Server Monitor, included with Server, displays uptime, temperature, drives, power, network usage, fans, and security of Xserve boxes.

You can configure Xserve boxes automatically with Panther Server preinstalled. Design your configuration on one machine, set up an LDAP server and put it in the DHCP server settings, and add your configuration file to the LDAP server. Turn on the other servers for the first time, and each one will find the DHCP server, find the LDAP server, find the configuration file, and configure itself automatically. You can also put the configuration file on a USB key or somesuch, and the machines will configure themselves that way, too.

My test box is a dual G4/1.25 GHz Power Mac; it performs with nary a hiccup. If I had a large network or many users, I can imagine wanting more power: with a Power Mac or Xserve G5, I'd be able to take advantage of an OS that is optimized for the 64-bit CPU. For me, however, this would result in a depressingly, perpetually, low CPU load.

Initial Security Considerations

Out of the box, assuming no one has set up a rogue DHCP server on your network, Mac OS X Server is mostly secure: only SSH is on by default. As other services are turned on, more security concerns are created, because new security holes may be opened.

For the most part, the default configurations of the various services are secure, but that largely depends on your specific environment. Mac OS X Server is excellent at making advanced server configuration easier, but this ease of use comes with a price: you may be opening yourself up to attack. Mac users are often not used to the idea of making themselves vulnerable just by clicking checkboxes.

This may look like a Mac, and may be easy to use, but it is no substitute for having a real live sysadmin on hand to -- at the very least -- audit the security of the system. It'd be nice if Server included audit tools; I envision UI elements that warn you when you have conflicts, or when you've opened up a hole, or when you've violated predefined security policies. On the other hand, it would be more reliable to have a third-party system to do the audit, on basic principle. But that's so un-Mac-like.

Open

Tom Goguen, Director of Marketing for Mac OS X Server, says that Apple is 100% into using open standards and open source in the core operating system.

Mac OS X Server has always been largely based on open standards, but the Panther incarnation has gone even further. Gone are Apple's proprietary mail systems; they are replaced by postfix, mailman, and cyrus. Mostly gone is NetInfo; it is replaced by LDAP. Rendezvous, also an open system that others can plug into, is a bigger part of Server now: FTP, LPR, and web services are all announced via Rendezvous.

Of course, as always, Server -- just like Client -- is based on FreeBSD (now version 4.8, with some of 5.0 stirred in), and most of the Apple core OS itself is under the Apple Public Source License.

A Case for Case

New to Panther is case sensitivity in HFS+. For many years, Mac OS has used the HFS as its file system, which treated "Foo" and "foo" as the same file. Some years ago, HFS+ was introduced to overcome many of the limitations of HFS, but case sensitivity -- seen more as a usability feature than a limitation -- remained.

But in Unix, this certainly is a limitation for many people. "Makefile" vs. "makefile" and "head" vs. "HEAD" have caused many a headache for Mac OS X/Unix users. But now case sensitivity is a formatting option.

Because case insensitivity is still seen as a usability feature, this feature is not available by default on Client, although you could always connect your drive to a Server to format it. It is also possible, in theory, to format a drive with case sensitivity in Client using various tricks.

Setting it Up

My server is connected to my home network via a 100BaseT switch, to which is also connected a cable modem and an AirPort Extreme base station. My PowerBook G4/867 connects to the network via AirPort or the switch. My wife has an iBook G3/600, and I've got a PowerBook G3/400 in my stereo closet for playing MP3s. The PowerBook doesn't have internal AirPort, and instead is connected to another switch and another Extreme base station, configured to do WDS. I've also got the PS2 connected in there. Everything is running Panther Client (except for the PS2, last I checked).

Looking at the various services offered by Server, I can already see many things I want to set up: file sharing (Apple Filing Protocol, or AFP), DHCP for guests, DNS, FTP, SMTP, printing, and web. I have most of those already set up now, but I wouldn't mind if they were easier to configure and manage.

After surveying my situation, I installed Panther Server and took a look around.

The first thing I wanted to see was what my configuration options were. And lo, there in my Dock were not the expected iMovie, iTunes, iPhoto, and the like, but icons that a mouseover revealed to be representative of programs like Workgroup Manager, the aforementioned Server Monitor, and Server Admin.

Workgroup Manager uses a lot of terminology that is completely lost on me, and I am not managing any users, really. My wife doesn't need the file server -- we can exchange files via iChat, or I can copy them to her machine via scp -- and she keeps all her own files on her machine. We won't be using any print quotas. I do use Workgroup Manager to create some basic user accounts for friends, but I don't need any features more advanced than what is in Client.

Server Admin is what I want to sink my greedy little digits into. I opened it up, clicked the "add new server" button, typed in my server name ("Sweeney.local") and password, and started playing.

As I started looking around, I remembered that there was an extra CD in the distribution called Admin Tools. It allows you to install these tools on any Client machine, so you can manage the Server remotely. I want to go hang out in my La-Z-Boy while I configure my server, so I installed the tools on my PowerBook. Nifty.

Server Admin lists each machine and the services available to it, with an icon next to each describing its status. If you select a machine's name, you see several tabs: Overview, Logs, System, Graphs, Update, and Settings. Overview reports the system version, names, and dates. Under Logs, you can view the system log, watchdog log, etc. System reports what network interfaces and volumes are available. Graphs displays CPU and network use in pretty pictures. Update runs Software Update. Settings controls the system names, the date and time and timezone.

This is basic stuff, and each service is laid out in similar fashion. All of them have at least two tabs: Overview and Settings. Most also have a Logs tab. Some have other tabs like Connections, Graphs, Clients, Activity, Accounts, Queues, and Jobs.

The available services are AFP, Application Server, DHCP, DNS, Firewall, FTP, Mail, NAT, NetBoot, NFS, Open Directory, Print, QuickTime Streaming, VPN, Web, and Windows. Somewhat conspicuous in its absence, to me, is MySQL, which is included in Server, but doesn't have an interface in Server Admin.

Server Admin does have its problems. It will crash on occasion, but I see no evidence of my settings being corrupted, or any other lasting ill effects. Some of the lists are not sortable, though they appear to be: for example, the DNS zone listings are not sortable, even though clicking on the column headers indicate otherwise.

Also, it can be slow to update. This is understandable, but annoying. Logs don't refresh immediately, and when you hit reload, the wrong log is selected, instead of the current log being refreshed. When restarting services or viewing logs, I will sometimes use the command line tools, as they are more efficient; it would be nice if Server Admin would display the path to the log you are looking at, so you can easily find and tail it in a shell.

Sharing

Some of these services are available in a minimal form in Client, in Sharing under System Preferences: file sharing, Windows sharing, web, FTP, and printing. In Server, the Sharing preferences are still there, but contain only three items: Remote Login, Apple Remote Desktop, and Remote Apple Events. Remote Login is simple: it allows users to connect with ssh/scp, and can be turned on or off. The other two require, perhaps, a bit more explanation.

Apple Remote Desktop is a way for an admin to control client computers. Previously, the client was distributed only as part of the software package of the same name, but now the client is included with Panther. It is, of course, off by default, and once turned on, each machine must define what users have access to what resources (this can be done via the command line, too). I most commonly use ARD for controlling and viewing the screen of another computer, installing packages, and copying files.

Remote Apple Events has been in Mac OS for many years, since back in version 7-dot-something. It allows controlling "scriptable" Mac applications -- such as with AppleScript -- over the network. It used to run over AppleTalk, but now runs over plain old TCP/IP. Not many people make use of remote Apple events in my experience, but I use them often; for example, I have a Perl script that queries iTunes on a remote box, and sets the current track in iChat.

Windows

I don't use Windows, and therefore can't really test the new Windows integration in Panther Server. But from what I can tell, Apple has added quite a few improvements. Samba has been updated to version 3, and the lists of Unix and Windows users can be united via Directory Services. But I confess to a crippling ignorance and apathy about this small corner of the computing world. Sorry.

To Be Continued

Tomorrow, I'll get into the details of setting up the services I use on my network.

So what

[wpiman]

Yawn. I know all about this stuff, and I know I can do it already. If I am paying good money for this, it better have value I can't already get for free. You may be able to do it- but to those who cannot a simpl GUI on top makes a world of difference. Different strokes for different folks- don't buy it.

Re:So what

[Golias]

So if you've read the frelling manual

"Frelling" == Old and busted.
"Goram" == New hotness.

Firefly forever be-otch!

(A Firefly vs. Farscape cuss-word-substitute flame war... possibly the only thing nerdier than vi vs. emacs. What fun!)

Re:So what

[pudge]

You apparently don't understand the concept of a review, wherein I try to find out whether or not the GUI is worth the expense.

Re:So what

[henben]

He's adopting a skeptical position as a rhetorical device to frame his review. Uh, assmunch.

Boy

Tomorrow, I'll get into the details of setting up the services I use on my network.

iCan't wait for more of this.

the point

[AnonymousCowheart]

the point of it the same of any company; to make money. Duh, imagine that, apple trying to profit!

Re:the point

[proverbialcow]

This isn't the Apple we've come to know and love!

Re:They charge per client?

[gregarican]

Actually that would mean that Apple is charging per connection, not per user. So if you have 100 users a 10-user license would work as long as your users can be limited to 10 at a time. So lo-and-behold they didn't succumb to what you're asserting.

Re:Mac..

[grub]

That's right.. the Mac has been dying for 20 years now. Another 10 should just about wrap it up..

Let's see some pictures, eh?

[Gizzmonic]

I'd like to see your setup.

I'm getting an Xserve G5 soon and I haven't used OS X Server at all. Tell us about Netbooting. The idea intrigues me...I must know more about it.

What other things are fun to use with it? The Xserve will be running PHP/MySQL, I don't know much about Mac OS X Server so please let me know!

I ffropgaermgaeromgaegoSRAGKWgaer/.

Re:Let's see some pictures, eh?

[Mikey-San]

NetBoot is a function based partially in Open Firmware that allows a client to be booted by a Mac OS X Server machine via ethernet. You connect the client to the ether and hold "n" while after you hit the power key. (You can also hold option to get a list of all bootable partitions/devices connected to the machine, which will include valid NetBoot servers.)

We use it at work to image machines for a school system. There are a couple of dozen schools, each with its own image, and when we need to reimage a machine, we hook said machine to the Xserve's switch and bang, the machine boots and a program called NetRestore (third-party) is run to reimage the machine. (You don't need NetRestore, but it makes our day easier.)

NetBooting is really fast and really elegant, and on top of that, it's /really/ easy to set up and maintain on the server end.

I 3 NetBoot.

Re:They charge per client?

[vijayiyer]

This has always been their pricing scheme. It's assumed that if you need more than 10 concurrent connections, the $500 difference is negligible, and you just go for the $1000 unlimited client version. Which is still _much_ cheaper than MS server licensing. Think of the $500 as a cheap version for small businesses or students.

Costs?

[ericdano]

Where did you get this "After 90 days, you can still get help -- including more advanced topics -- but it will cost you from $6,000 to $50,000." quote? Link? Facts?

Re:Costs?

[midifarm]

I've been using OSX Server for over two years now (first time on an iMac!) and have NEVER had to pay for support for server. From the guys that I've talked to at Apple, they've stated that they don't want to charge the Server customer because they WANT that customer. They've been very helpful in the few problems that I've encountered even getting me to an actual programmer!

Peace

Re:Costs?

[jeffehobbs]

Yeah, that's not actually... true. I called Apple a couple months ago about a really odd password problem with Mac OS X Server (you could log in as any user on my server by entering a blank password!), and while they did charge me, it was only $100.

Now here's $100 worth of secret, annoyingly undocumented Mac OS X Server information: you can use the password of an Admin account to log in via AFP as any user on the system. For example, if one of your admin passwords is "fl0nk", you could use "fl0nk" as the password to test any user on the system.

So make sure your Admin passwords are strong! And secret! And not blank!

~jeff

Re:Costs?

That's actually an option.

If you configure your AFP server, there's a checkbox right there that allows you to use admin password to masquerade as another user. That's not the exact wording, but it's pretty close.

I highly doubt this isn't documented, though - since it's just a checkbox in the GUI. It's under the "help" menu at the very least.

Re:Costs?

[pudge]

Now here's $100 worth of secret, annoyingly undocumented Mac OS X Server information: you can use the password of an Admin account to log in via AFP as any user on the system.

Hm, maybe I should have mentioned that in the review. Oh wait, I did! :-) And it is documented, in Panther Server, anyway. And you can turn it off, as noted in the review.

Re:Costs?

[daviddennis]

When I got an Xserve for my company, I was quoted $995 for a year's onsite hardware service, and $995 for three years of OS updates.

D

Re:Costs?

[wchin]

True. But the Xserve + Xserve RAID + Mac OS X Server is a compelling SMB solution which plays "nicer" with much bigger systems (which are typically UNIX) than your typical Windows x86 setup.

Re:Costs?

[mjpaci]

you're missing the point. sometimes you need to logon as the user. the only way to do this in windows is to know the user's password or have enough rights to change it. in os x, if you're an admin you can login as the user without knowing their password or having to change it. that would be very useful feature for techs troubleshooting profile-specific issues.

Re:Costs?

[dtungsten]

Where did you mention this in the review? I didn't notice it. I'm not trying to be a jerk jere, but I honestly couldn't find it.

Re:Costs?

[NatasRevol]

Logging in to an AFP mount is not possible with root. It's a GUI system, and you can't su to another user. You can log in without starting a windowing system. At the login screen, type '>console' without the quotes.

Re:Costs?

[NatasRevol]

Actually, it's a typo. I forgot a space. Natas Revol. Funny how dumb college humor stays with you...

The main reason for XServe...

The main reason Apple developed the XServe is because their original server, the iRack, was inadvertenly taken over by the US military due to a typo.

Re:They charge per client?

[Night+Goat]

Novell does the same thing. It's not that surprising, businesses are used to paying per client. What I do like is that it only costs $1000 for unlimited clients. That seems pretty cheap. You have to buy Mac hardware though, so it makes sense that they don't charge as much for the OS.

Userland is mostly based upon *BSD+GNU not FreeBSD

[chrysalis]

Please stop saying that MacOS X unix tools is based upon FreeBSD.

Apple actually took parts of NetBSD, FreeBSD and OpenBSD.

Most tools actually come from OpenBSD.

If you got MacOS X and if you need a proof, just try :

ident /usr/bin/* /bin/* /sbin/* /usr/sbin/* 2>/dev/null | fgrep OpenBSD | wc -l
ident /usr/bin/* /bin/* /sbin/* /usr/sbin/* 2>/dev/null | fgrep FreeBSD | wc -l
ident /usr/bin/* /bin/* /sbin/* /usr/sbin/* 2>/dev/null | fgrep NetBSD | wc -l

Here's what I get on Darwin 7.2.0 (Panther, everything up to date) :

OpenBSD : 303
FreeBSD : 258
NetBSD : 143

The rest is mostly GNU tools.

How about an article using older macs for server?

[ericdano]

I'd love to see someone post an article using older, PCI macs (9500 or something) running XPostFacto, a G4 card in it, and a huge IDE system (with RAID or without) AND running Mac OS X Server.

I think Apple missed the boat not supporting these Macs with OS X. They make great little OS X workhorses.

Re:They charge per client?

[mgs1000]

So is there a client limit on regular OS X? (Client)

Windows -- Small corner?

[Phishcast]

...but I confess to a crippling ignorance and apathy about this small corner of the computing world.

I'm not sure if this is a joke or if this is a typical Mac user's view of the computing landscape today.

eh, how many clients?

[192939495969798999]

How many clients can connect to OS X Client? That would be interesting to know. Granted, the server version comes with tools, but what tools are really there that aren't available for free somewhere?

Re:eh, how many clients?

[sootman]

If you are asking "If I set up a computer with non-server Mac OS X and use it as a server, how many other clients can connect to it at a time?" then the answer is "Ten."

Paying for Server gets you the fancy tools, which you may or may not need depending on what you're going to do with the box. Also, Server comes with all of those things installed and ready to go. Putting things like a mail server onto OS X non-server requires work and manual admin, whereas turning on the mail server in Server is a few clicks.

There are also a lot of advanced settings that aren't available (or close enough for mere mortals) in non-server, such as the ability to make and manage multiple AFP and SMB mount points. For example, if you connect to a non-server server via AFP, you can mount your own home directory, anyone else's public directory, or a volume. That's it. No more "make a folder and share it out as..." like Windows and OS 9 have. (Although snb.conf will do whatever you tell it.)

Oh, and some things, like using it for a NetBoot server, are close to, if not totally, impossible. So things like sendmail and samba can work as well as any other UNIX, but Apple tools, like AFP and NetBoot, can't.

We use plain-vanilla OS X for a file server (light use, just a repository for application installers mostly) and a web server without a hitch. File serving is 4x faster than Personal File Sharing was in OS 9.

Oh, and Apple doesn't support the use of non-Server as a server. So, if we were to call up one day and say "Our OS X box keeps dropping connections in the middle of large file transfers" they wouldn't help.

PS--I suppose there is the same 10-user limit in Samba that there is in AFP, but I haven't seen it first-hand and nothing is jumping out at me from smb.conf, though of course that limit could exist elsewhere. But, I did indeed try to connect 11 boxes to an OS X non-server and got a warning on client #11.

Re:They charge per client?

As an engineer it's offensive to see limiters put into software for non technical reasons.

OpenDirectory is the key feature

[caseih]

While you can easily do everything that Panther Server does on your linux box, what Panther excels in is integration. Specifically the binding together of OpenLDAP, Samba, Apache, Postfix, IMAP, POP, and CUPS with the OpenDirectory password server. OpenDirectory's password server is essentially a SASL password store that they've hacked all the programs mentioned to interact directly with it for all authentication. Think of it similarly to what pam does for linux. The nice thing about OpenDirectory is that a password change from any of these mechanisms (say via samba) then all of the password hashes in the database are automatically synced (even kerberos is synced). This makes for very slick administration of users all from one central console. In the past on Linux, it was not uncommon to have to hack together some scripts to syncronize ldap, samba, and kerberos authentication stores. Even in the best case right now, samba password hashes have to be kept in the ldap database along with either an md5 hash for unix logins, or a pointer to kerberos. With OpenDirectory, there are no passwords stored in ldap itself. Instead an Apple Password field points to the password database which can provide md5 challenges and responses, samba challenges, and general password verification.

Essentially OpenDirectory brings all the technologies together that we already use and make them into a service that competes very well with Active Directory or NDS.

Another bonus is that since OpenDirectory (all its parts including the SASL password database and patches to cups, samba, etc) is open source, we could build a complete OpenDirectory-compatible system on Linux. I plan to do this over the next year or so. Most likely there will have to be a pam module created, and some patches made to OpenLDAP, Samba, etc. But it's a very exciting example of how to put open source projects together and have them work really well.

Re:OpenDirectory is the key feature

[curious.corn]

and I can't help but weeping in desperation for the weeks spent shoehorning configs, outdated schemas, shoddy howtos, help calls to usenet groups go get the same stuff up on various MDKs, FreeBSDs, RHs etc... Well, we needed a unix office server... we could have gone IBM... the XServe is shipping this week... :-) Linux is cool, but all the mentioned distributors didn't manage or care to do what Apple did. I'm starting to think that the corporate desktop is quite ready for Macs...

The future...

[thrillbert]

You know, a lot of friends and colleagues have been laughing at me when I tell them that Mac is the new force to be reckoned with. I've been watching them for a little while now and ever since they integrated FreeBSD into their OS, they've taken on a new direction which seems a lot more proffitable.

Don't get me wrong, I still have my two Linux and two OpenBSD boxes at home along with the obligatory windows boxes for the wife, daughter and gaming.. but you know what? I'd love to get my hands on one of them OS X boxes..

If you don't think I'm right.. that's your opinion.. but I know if I had OS X experience, I might be able to get a job Here!

---
No matter how subtle the wizard, a knife in the shoulder blades will seriously cramp his style.

Re:The future...

[MoneyT]

So buy a fucking two button mouse and plug it in. *GASP* it works! Even better, you could buy a 5 or 12 or 40 button mouse, and as long as you could get drivers for all 40 buttons, it would work. Suprise suprise, apple actualy uses or at least is compatible with standard parts.

And how is a menu bar at the top of the screen inaccessable?

Re:The future...

[ScottSpeaks!]

I know if I had OS X experience, I might be able to get a job Here! [pixar.com]

I'm sure it would help, but looking over the specs for Pixar's software (available for outside licence) indicates that, not only does it run on Windows and other Unixes, but some of it is not available for OS X.

Re:They charge per client?

If you buy an xserve you get osx unlimited client version...

Waiting for the other half, but....

[Chordonblue]

...I really do want to know why I should use this in a Win2K environment. My boss wouldn't care what I get as long as it does the job. What I want to know is: Can this server provide me with tools to form a good bridge between Windows, Apple, and Linux clients?

SAMBA 3, from what I read is GREAT, but it in no way yet compares to the ease of use of MS's Active Directory tools (at least in configuring Windows clients).

Re:Waiting for the other half, but....

[caseih]

The Workgroup Manager (as mentioned by another poster) combined with OpenDirectory and Samba 3.0 make a killer competitor to MS's Active Directory. Definitely very cool and very easy to use and set up to server your windows needs. Panther Server is probably the best solution to bridge between your Windows, Apple, and Linux clients. Combine this with very good, cheap storage (2 TB fibre channel raid), and it's hard to beat.

Re:Waiting for the other half, but....

[uncitizen]

Yes, yes, and yes. its like a multipart tool. You would use Samba for Windows connectivity and the native *Nix/MacOS protocols for Linux, *BSD, MacOS, and Classic MacOS. Users groups would be controlled by open directory. Again, via samba, the MacOS X server could be a PDC.

There are a couple points of note. First, MacOS X cannot do group policy. Nothing other than a Win2k server can--so it could be harder to lock down workstations if that is a goal. Second, MacOS X has a little bit of difficulty joining a Win2k domain (ie, a file server in a Win2k Domain). *BSD does not have nss, so Apple drew up a little " AD Integration" tool. Its a great concept and basically does what nss does, but it is still far from perfect*.

*=This is as far as I know--Apple's own forums tell of horror stories about the subject. I have not attempted to use AD Integration with Panther Server. I had a developer preview CD that I DID attempt AD integration, however, this was quite broken and there was no documentation. It was a developer release. It also wasn't very important. It way my home I'm-a-big-nerd-with-a-home-lab-that-has-too-many-O Ses-installed lab. Once I can afford a copy for home use, I'll know for certain.

Re:Waiting for the other half, but....

[calyphus]

make that 3.5TB FC raid at $3.14/GB (vs. Dell 2.1 TB at $9.05/GB source ).

applause!

[torpor]

i just want to say that i enjoyed this review, and i'm looking forward to tomorrow's followup.

in light of the fact that its so easy to complain about /. quality, i figured that i'd actually do the opposite for a change and congratulate the editors for a 'stuff that matters' moment... i thought this article was fun to read, and not just because i too am an osx/linux weenie.

Workgroup Manager

[raaum]

To me, Workgroup Manager is the reason to buy OS X Server (assuming you are running a Mac OS X network with multiple users and OS X clients). It is a nice, zero effort way to manage multiple users and client computers - controlling who can use which client computers and which files/folders will follow them around from computer to computer.

Re:They charge per client?

[gsfprez]

there is a two tier Mac OS X server licenseing structure...

little guy - 10 clients - $500
everyone above that - limited only by performance - $1000

the drop-dead MSCE-simple admin tools of Mac OS X Server more than justify the $1000 difference in price vs Linux if you're going to be running these things by yourself, and you have a real job on top of it.

To be read

[Doc+Ruby]

Wow, even when there's no article to click on to read, you don't even read the review - just the headline and the "Reply" button. Try to read it, and understand that the Apple hardware is super reliable, supported, and runs an easy to use, high performance, standards-based OS with open-source apps. Then consider that many people have Mac technique experience, from GUI to other skills, and those skills can be used to get the power of a commercial unix server: MacOSX Server.

Re:To be read

[Doc+Ruby]

Right - Mac users want to use their computers to do their actual jobs, not fool with the machines. I relate to either attitude (I used to write C++ development tools for Apple). Now there's a platform for people to do the things that servers *support*, without getting so bogged down in doing the things that servers *do*. Macs might not be worth their price to *you*, because your interest in in tinkering under the hood. But they're certainly worth the price to their users, for whom the ease of getting the *person's* job done is as attractive as their stylish cases.

Re:To be read

[wchin]

holdendeb spouted:

compaq dl 380(which costs less than an IMAC)

A current Compaq DL380 G3 with a single 2.8GHz Intel Xeon processor, 1GB RAM, and no hard drive sells for around $2450. That's more than the starting price of any iMac. Besides, what's with this MAC term that you keep using? Don't you realize that the short name is Mac - short for Macintosh. It's not an acronym. You've got serious issues if you want to play the "proprietary" card. Exactly how open is the BIOS in that Compaq? Plus, you obviously don't have a grasp on the price issues:

Apple Xserve G5: 2 x 2.0GHz IBM 970's, 1GB RAM, 80GB SATA, 2 x GigE, with Apple Fibre Channel card (LSI 7202, includes copper HSSDC2 to SFP FC cables), Mac OS X Server unlimited and the 3 year premium service and support costs $5,449

Compaq DL360, 2 x 3.06GHz Intel Xeons, 1GB RAM, 18GB 15krpm SCSI drive, 2 x GigE, universal sliding rail kit, Windows 2003 with only 10 CALs costs $6,438

The HP Storageworks FCA2214DC PCI-X HBA costs $2,500 bringing the total to $8,938

You might consider getting your head out of the sand

Re:To be read

[Doc+Ruby]

No, we need more administration, even by admins who use only a GUI. Not every driver must be Indy500 material, but every driver must be able to shift gears. Especially now that we're cruising the infobahn in SUVs.

I'm sorry, but this is kind of lame.

[netsrek]

You're missing the killer server features.

You know how Kerberos can be a real pain to set up and manage? Well with Panther Server, if you've set up a box as an Open Directory master, it automatically integrates itself as a KDC.

Any boxes which log into that OD/LDAP directory automatically retrieve the relevant Kerberos information from the LDAP store, no extra configuration required.

The AFP server, the SMB server, the POP/IMAP/SMTP servers are all Keberized, as is the ssh daemon, and the loginwindow of any client machines.

It's probably worth discussing the fact that Apple have finally gotten their shit together with regards to command line administration, as in that everything you can do with the GUI tools you now have *simple* command line equivalents.

ie, no more screwing around with NetInfo and inserting properties by hand to construct mounts/users, you now have proper tools.

Apple finally did the smart thing and followed what most OSXS admins have been doing for a few years, they've dropped their proprietary AppleMailServer in favour of postfix+cyrus.

They've pretty much dropped NetInfo for network directories, it's now just restricted to a local store, and LDAP publishes this information by default. You can still run a NetInfo directory, and indeed I've got boxes logging into both my old NetInfo directory and my new LDAP directory so that I can do user migration more easily.

There are a wealth of features that weren't even touched upon by this review, it's just kind of lame to read a home user's review of a server product.

Re:I'm sorry, but this is kind of lame.

[netsrek]

Single Sign On.

Basically once you're logged into the Kerberos realm as a particular user, any Kerberized service will automatically recognize you as that user, so you don't need to enter in another password/username combination.

This takes centralized user accounts to another level, where not only do you have the same username and password for all your services, but you only have to enter that combination in once. The default on OS X is for Kerberos tickets to last 10 hours before expiring.

Re:Userland is mostly based upon *BSD+GNU not Free

[raodin]

Interesting.. I got 287/224/126. I wonder whats different about our boxes. I've got everything updated, as well.

I use an old G4 as a server

[MarkWatson]

Not OS X server edition - just plain old OS X.

I have been a Linux user for about 10 years (when I first got Slackware over a 1200 baud modem) and until recently I was using a super-cheap Linux box to run Java server side stuff for my little NLP software business.

I switched over to using an old G4 Mac for running web services about 4 months ago. It is a little too early to tell, but I seem to be spending less time taking care of the G4 server (approxametely 1 hour a month - and I think that I used to spend 2 or 3 hours a month messing with my Linux server).

Anyway, a life for old Macs :-)

-Mark

Re:They charge per client?

[heychris]

I used to work for a reseller, and we were beta-testing Mac OS Server 10.1. We noticed that on a 10 user license, AppleShare clients did indeed top out at 10 users. However, SMB, NFS, Apache, etc. was unlimited. We asked if this was normal behavior, and the answer was that if you were using MOSXS for anything other than AppleShare, there was intentionally *no* difference between 10-user and unlimited. Therefore, if you had 5 Macs, and 500 other clients, you could still use the 10-user version!

Weird, but true. Of course that was over 2 years ago, so the policy may have changed, but I still believe that the 10-user limit is only for AppleShare clients. Odd, as you could have more than 10 OS X boxes browse SMB shares on OS X Server without exceeding the limit!

CC

Re:They charge per client?

[LionMage]

As pointed out elsewhere, they're actually limiting the number of simultaneous connections in the $500 version of the software, not the total number of users.

I would like to point out that the Xserve hardware ships with the unlimited client license by default, a selling point Steve Jobs touted when unveiling the Xserve G5 at his latest MacWorld keynote address. This provides an incentive to businesses to purchase the latest Xserve hardware; since Apple still makes the lion's share of its profits off of hardware, this makes all kinds of sense.

Re:Userland is mostly based upon *BSD+GNU not Free

[Guy+Harris]

Most tools actually come from OpenBSD.

Most source files that, when compiled, have RCS IDs in the resulting object file, and that are used to build tools, came from OpenBSD.

Try running a script such as

for i in /usr/bin/* /bin/* /sbin/* /usr/sbin/*
do
echo $i:
ident $i 2>/dev/null | egrep '(Free|Net|Open)BSD'
done

and look at the output. Many tools have no RCS IDs in the binary. Some of them have multiple RCS IDs in them, as more than one source file for a tool in that set has an RCS ID in it that shows up in the object file.

If we prune that output to leave, for each tool, only one line for each OS for each tool, we get 85 lines for NetBSD, 75 lines for FreeBSD, and 19 lines for OpenBSD - OpenBSD is overrepresented in your results because, for example, the OpenSSH stuff came from OpenBSD, with each tool having multiple source files, and most if not all of those files put the RCS ID into the binary.

NetBSD is slightly overrepresented by the counts I gave, as Panther's yacc came from NetBSD, and its skeleton parser puts an RCS ID into the object file; if we remove those 7 lines, we get 78 for NetBSD.

Of course, there are a lot of commands that don't have any RCS information at all. 171 commands do, but there are a total of 928 commands. This means that your counts and my counts don't necessarily give any believable information about the number of tools that came from FreeBSD, NetBSD, or OpenBSD, unless all the tools without RCS IDs came from elsewhere (GNU, Apple, etc.).

My review of OSX Server

[stratjakt]

Hi, I have pac man fever so I bought the most expensive box at the store - OSX Server.

I put it on my computer, and then put a laptop on top of my stereo.

And then I dont really use it for managing stuff or sharing files theres only me and my cat in the house, also I dont know about technical stuff like kerbones because I'm not much of a computer guy I just know the most expensive stuff HAS to be the best.

So all in all I give Mac OSX Server a 10 out of 10 it is very cool and has wonderful animated icons, and not too many buttons on the mouse to confuse me.

Stay tuned for part 2 of my review, where I plan to put my iPod next to it and take pictures!

Re:Wasteful networking

[dossen]

I have no idea about his situation, but I know that some houses here (in Denmark) are protected (as historic buildings), and as such the things you can do to them are limited. In that case it might make perfect sence to use wireless, if you want to avoid having cables lying around. Or maybe he just wanted to have the connection hidden and found that having proper hidden cabling done (in his home) would be more expensive (and/or otherwise undesirable) than doing a wireless link.

Wasteful posting

[Matt+Clare]

I find it odd how you can be personally offended by someone's use of a base station. For a PowerBook G3/400 you need to use a PCMCIA Airport card running the open source driver found here: http://wirelessdriver.sourceforge.net/

There is no Airport card for the PowerBook G3/400 or a supported USB device.

However, I'll tolerate your lack of knowledge, but I can't give your comment much credit.

Here is a review of Panther Server for you from OS News http://www.osnews.com/story.php?news_id=5221

Any word on NAS featuers?

[NetJunkie]

I looked at the XServe for a NAS solution but couldn't find any information on things such as snapshots. Is it there? Coming?

Scripting...

[RAMMS+EIN]

``Remote Apple Events has been in Mac OS for many years, since back in version 7-dot-something. It allows controlling "scriptable" Mac applications -- such as with AppleScript -- over the network. It used to run over AppleTalk, but now runs over plain old TCP/IP. Not many people make use of remote Apple events in my experience, but I use them often; for example, I have a Perl script that queries iTunes on a remote box, and sets the current track in iChat.''

Does this mean that, on macs, you can

1. Script GUI apps
2. Script them over the network

? That gives the traditional unices a run for their money, I should think...

Re:Scripting...

[emoon]

Does this mean that, on macs, you can

1. Script GUI apps
2. Script them over the network

Yeah, it does.

As mentioned in the article, this capability was present in the System 7.0.x days (late '80s/early '90s). When you enabled filesharing (Localtalk based), there was an option to enable program sharing.

If you enabled that, you were able to script applications on a remote machine (assuming you had an user account with the rights).

What was really nice about Apple's scripting engine was that you didn't have to do anything extra to enable remote scripting in an app. If you took the effort to make your app AppleScriptable, you got remote scripting for free.

Re:Scripting...

[koehn]

Yes, for over ten years. And yes, virginia, there is security (albeit limited): you can set up which users can send apple events to your machine.

I used to run a Mac LAN in the early 90s, and AppleScript was a complete godsend for administration.

And now with OSX, the scripting language lines blur a bit, because I can have applescripts that execute command-line apps, and vice-versa.

Being able to tell Excel to open a document, update it from its ODBC data source, save changes, then tell Mail to email it to a bunch of people as an attachment. It's a good thing.

For the love of G-d! Don't say it!

[Walter+Wart]

Say "BSD", please. If you say "UNIX" SCO will sue Apple and Darl McBride will institute "introductory" OSX license pricing of $1000 a seat.

Apple technical training

[plsuh]

For those folks interested in learning more in depth about Mac OS X and Mac OS X Server, you might want to look into Apple's technical training courses. There are a variety of hands-on courses and certifications covering all of the OS in great detail, some of it written by yours truly. :-)

</Blatant Plug>

--Paul
Trainer/Curriculum Developer
Apple Computer

Re:Wasteful networking

[MoneyT]

I don't suppose it's possible that he uses a mobil wireless laptop in his house, and often finds himself out of range of the first base station, and thus the second one doubles as a net connection for both the MP3 player and a nother laptop is it? No I suppose having a logical explination would shatter your world view.

Re:They charge per client?

[tgibbs]

Think of the $500 as a cheap version for small businesses or students.

For students, it's even cheaper. The educational pricing is $249 for the 10-user version and $499 for the unlimited version.

What I don't like about Mac OS X Server 10.3

[koinu]

I am using FreeBSD-CURRENT at home and I am happy with it. And sometimes I'm getting sad about how crippled Mac OS X Server got, because Apple decided to make GUIs for most things, which:

• Don't have all the options, you need.
• Erase your manual configuration.

Let's take cyrus-imapd, e.g.

• It lacks support for group-ACLs, which is essential for bigger companies, who use shared IMAP-folders.
• It does not have any GUIs to set ACLs.

Secondly, I don't like the Classic environment. It is highly unstable in conjuction with Apple-events (Applescript). I am getting "Apple Event Timeouts" all the time with Adobe's Framemaker and the error messages are not very helpful.

Sometimes Classic goes up to 100% CPU usage and I have to kill it manually. It happens mostly when one application starts another application within Classic. This happens often when VISE-installer is calling himself to install a second application, which is a part of the whole package. I managed crash the Classic-engine a couple of times, while starting Mac OS 9 applications.

Maybe you have different experience, but for me it stays a disaster, because I need the G4 sometimes. One thing is sure, the upgrade from 10.2 to 10.3 brought more stability, but that's all to be happy about.

gotta serve somebody

[Doc+Ruby]

People who want 1> reliable, long lived hardware 2> relatively easy, familiar operating environment with standard apps 3> affordable support from an experienced, user-friendly service organization that actually develops the tech they're supporting. Total Cost of Ownership studies are probably available from Apple, and I'd expect they're compelling, especially for the installed base of Mac shops. You'd be surprised how much easier selling a server platform to IT can be, when there's a marketing team with decades of experience behind them, a brand name before them, and solid business cases for their technology holding it all together.

Re:gotta serve somebody

[Doc+Ruby]

1> Good marketing isn't easy - Apple is competing with HP, etc. But Apple has been very good at marketing, with some big failures, too. At one time, they were the single biggest maker of PCs in the USA, bigger than Compaq, and they have survived every other competitor.

2> The professional staff maintaining the server consists of end users, who operate different software than the graphic artist. User friendliness is always an issue, in terms of productivity. Otherwise, we'd still be programming mainframes with punchcards. Color schemes are just the superficial style of user friendliness.

3> You can see Apple anyway you want. You're likely not in the Mac server market, nor am I an Apple marketer. But see for how things change.

Apple doesn't need to sell servers to most end users, certainly not in their homes. Even Microsoft, a major server OS vendor, doesn't sell them to most end users, in their homes or anywhere else. Apple only has to sell these servers to enough appropriate users to justify entering the market. Moreover, those servers also sell client Macs to corporate shops which want to support only a single platform. Not to mention the emergence of the home media server, where Apple will probably gain market share beyond their corporate desktop share, due to their ease of use, ease of remote administration, solid support contracts, and excellent consumer branding. The whole server strategy makes perfect sense to Apple, which has been successfully selling severs for decades. As compared to the alternative, placing all their bets on a crowded, fragmented desktop market, with no server tech to offer their customers, who could bring a competitor into that niche as a beachhead for expansion.

Re:gotta serve somebody

[richard_za]

There's virtually no software that runs on them except the standard Unix stuff.

I hate to break it to you - but theres ton of that standard unix stuff - and most of it runs just as well on all real operating systems e.g. GNU/Linux, the BSDs and MacOS X.

Apache
PHP
MySQL
Postgresql
Sendmail
SSH
X Free86
Gimp

To name only a few! And by the way I have almost exclusively x86 servers. Have an open mind!

No more OS X Server!

[Random+BedHead+Ed]

I've been totally turned off to OS X Server. I help a lab that has two servers (one is a backup/mirror). When I first started helping them they had AppleShare IP 6. This was useable, but it crashed frequently. We upgraded to OS X 10.2 Server hoping to get some added stability from UNIX, but ran into immediate problems.

When I had both machines in place I ran into an issue where I had to rebuild the main one, so I transferred the data to the secondary server and planned to swap them. I changed their settings and IP addresses ... and all of the user accounts on the primary file server disappeared.

This was odd.

I Googled for it and came up with the answer: if you set up a password server on 10.2 Server you can't change the machine's IP address. This has to do with how Apple built the LDAP system that manages passwords, so it's a requirement if you want Windows file sharing (Samba in disguise) enabled. Which I did.

I called Apple tech support and they confirmed it: if I wanted to do Windows file sharing, I needed to set up a "password server" (LDAP). And if I set up a password server, I couldn't change the IP address of the machine. Ever. If I did, the users and groups would vanish into thin air. I asked if I could back up the user and group databases and then upload them again ... and they said no. Not without stripping the passwords out. So I'd have to have my users reset their passwords.

I was stunned. The inability to back up user account information, complete with passwords, and to change the IP address is ridiculous, and not the mark of a true, flexible server OS. So right now I'm migrating them to PPC Linux with Samba. I know 10.3 Server probably addresses these issues, but Linux is just simpler. Heck, all I have to do with Linux/Samba is replicate the passwd, group, shadow and smbpasswd files between the machines. Instant mirror servers. And it'll just work.

Besides, tar and mt will give me better control over tape backups than Retrospect did. Retrospect was always propting me for tapes of a particular set, and rejecting tapes that were from the wrong set. I don't give a pair of fetid dingo's kidneys about backup sets. On Linux, it's just "See that tape drive? Put the data there, and shut up about it." And it does. And it's good.

End of rant.

Re:No more OS X Server!

[yummyporkproducts]

There were a ton of under the hood changes in 10.3 with respect to the directory services, including a command line utility to change the ip address of the server without damaging the user accounts.

Also, retrospect sucks. Don't bother with it. We're using BRU and haven't looked back.

Re:No more OS X Server!

[Random+BedHead+Ed]

Quite right - it was still there. And I knew this, so I rolled back the IP address change. And sure enough, the forces of poor-LDAP configuration realigned, and the users returned. But this presented an issue. If I couldn't switch the machines, I'd have to rebuild. So I'd have to export the user data ... but this does not include the passwords, Apple informed me. So yes, my instinct was the same as yours - let's dump the directory to an LDIF or something and put it back after reconfiguration. But Apple was not optimistic.

So my point is, Linux is a better solution for this group. They're not savvy enough that the GUI tools would be helpful to them, and I can use cron to replicate the important information. The point of their system is to have the servers mirror everything, including user accounts and passwords, and that's easier and more flexible for me to set up on Linux.

Re:How about an article using older macs for serve

[solios]

Heh. A 9500 only has two drive bays- three if you feel like ripping out the floppy and boring holes in the case with a dremel. When it comes to internal drive capacity, you want a 9600, 8600, or beige G3- all of which have internal tray capacity for five drives (one 3.5, then four in the front that are universal trays with mounts for floppy, zip, hard drive, and CDRom- you can easily drop out the floppy and smack in a hard drive). Alternatively, you can add a few firewire cards and load in several drives, but you're still limited by the system bus. :P

My home fileserver is a beige G3/266 with 256 megs of ram. Two IDE hard drives - a 60 and an 80- UWSCSI for an internal 4g disk, an Adaptec 29{3|4}0 card for the outboard 9g SCA drive that holds the OS, and an Apple rom 10/100 ethernet card. It's running 10.2 Server (10.2.0- I've never bothered to patch it up) and runs out basic file services to my home network. Runs like a champ, minus the initial pains in the arse of getting the OS actually ON. All of the SLOW one experiences in OS X is totally at the graphical userland level, in my experience- which isn't something the server uses. My workstation (also a biege G3, running Panther Client thanks to XPF) is a slug, and it has 128 more ram than the server... but I use it largely for gui stuff, and the OS is (UNFORTUNATELY) on an IDE drive- the big SCSI went into the server. :)

I could easily do the server on my 9600 with the Sonnet ATA/66 card that's in my 7300, but the ATA card seems to be a bit flaky, and the 9600's already running linux just fine....

Alternatively, I could toss on Server 1.1 without using XPF at all. It's neat to play with if you can find the media, although I personally wouldn't use it for anything other than Apple File Services.

It is less hassle to get 10.2 or 10.3 onto a beige mac, if you don't have much linux experience- but linux has this funny habit of supporting older hardware that OS X screams about. :D

Re:OSX Server?

[MarcQuadra]

Well, I admin an XServe in a mixed Mac/Win32 environment, we've got the XServe pulling accounts out of the AD and serving them up to the Macs in a 'native' fashion. The XServe is also streaming over 7000 files from the AV department, running LPD print queues for ALL the network printers, and doing whatevr else I feel like making it do.

As for the 'lickable' GUI, I never really have to see it, there's a problem if you're looking at your server's desktop a lot. And honestly, doing all that it does, the CPU load rarely hits 3%, do I really give a flying shit if the GUI sucks a few cycles off the top? Nope. The GUI doesn't slow things down when it's not being used, after all.

And for what we use it for, it really is the best solution out there.

Great Mac OS X Server Admin Site

[pmorelli]

I found this while googling around for how to install spam assassin on 10.2.

http://afp548.com/

It's a great site with lots of very informative, down and dirty technical articles. They also have a forum where you can post questions.

The same guys produce some utilities designed to make VPN and DNS easier...

Are you smoking crack?

[SuperBanana]

You know, it seems to me that Apple has replaced Sun in the high-end server department.

Please explain how on earth a 1U 2 processor Xserve could possibly "replace" a Sun Enterprise system. Because that's "high end", believe it or not. 32 processors. Hundreds of gigabytes of ram. Disk arrays that fill closets, not 3-5U. Please point me to the SAN(no, the Xraid is NOT a SAN!) and tape backup solutions offered by Apple. Sun *used* to be the end-all-be-all when it came to high-end servers, but apart from the Sun Fires it seems that Apple has much more to offer these days.

You're smoking crack, considering Apple makes ONE model in three configs, and Sun offers everything from a Sun Fire that costs 1/2 as much as the Xserve, to systems in the millions of dollars range...and the tools that can manage that kind of hardware effectively(apple's tools are neat, but not ready for managing hundreds of servers etc.)

Be VERY Careful with the 10-client license issue

[alexhmit01]

If you run a Mac network, you can do really cool stuff with Automount points. All my Macs mount a /Network/Application, /Network/Library, and a few other mount points thrown in. The GUI land includes /Network/Library in the search path for stuff, (/System/Library for system installed stuff, /Library for stuff installed by the Admin, ~/Library for stuff installed by you, nice and clean and straightforward).

Each AFP mount counts against the license, no biggie... 7 Macs, all permenantly connected, and we had 3 connections left for laptops.

Incorrect. While all my connections, once logged in, go through one AFP connection, the Automount connections are done anonymously. Oh no, 2 AFP connections from machine->server, anonymous automounts, then w/ permissions mounts. It's worse! Each automount creates it's OWN connection.

So we were automounting: /Network/Applications (server installed apps with drag-and-drop, really nice) /Network/Library (frameworks for custom Cocoa apps, etc) /Network/Software (software installers, why not, right) ... and the Users share, that unfortunately can't be automounted as /Network/Users

well, I had 4 (at the time) automounts, so the first two machines to boot were fine, but machine 3 was all messed up.

Took forever to diagnose and realize that we needed an unlimited license.

Took a few hours with Apple support to diagnose, and they didn't figure out the problem until I started at Server Admin and had the problem. Users couldn't log in, because starting with machine 3, they couldn't get their home directories.

I REALLY like OS X Server's admin tools. LDAP went from scary and impossible to point-and-click. However, even with Panther Server, MUCH better than Jaguar Server, it has some issues.

Alex

Re:Userland is mostly based upon *BSD+GNU not Free

[Octorian]

Running those same commands on my FreeBSD 4.9 server, I get the results: 60/6769/440

The *BSDs share so much code between each other, and most source files have ident tags from different *BSDs, that Apple could have mostly pulled from FreeBSD and may still produce the numbers you saw.

Changing IP on OS X Server

[phillymjs]

And if I set up a password server, I couldn't change the IP address of the machine. Ever.

This has been addressed by Apple with a script to change the IP settings everywhere necessary, without breaking any services.

Works like a charm, I had to do it a couple months ago for a client.

~Philly

Mmmm... headless.

[solios]

An important feature of OS X Server is the Server Administration tools. My own home server, which has the internal 6 meg ATI chipset (see above post in this thread) is a slug when I need to hit the gui. But I don't. Apple has provied Server Admin Tools with OS X Server, and the tools for Jag run very well under Panther client. These gui tools allow me to add users, manage shares, manage printers, quicktime streaming (if in use), configure Apache to an extent, DHCP, Netboot.... basically, everything you DO with a server that you don't do with client. And the tools can be installed on ANY machine running OS X. Load them up, they ask for a server IP or domain name. Enter it in, it asks for your password for the server (admin accounts only, naturally). And BLAM!

I have complete remote control of all of my server functions from my workstation, and the ones I can't access via the gui tools can be hit through the command line. With the older Server 1.x, you needed a web browser to manage shares, which was both interesting (the convienience) and annoying (security, you needed to be at ANOTHER MACHINE that WASN'T THE SERVER to do it).

Yeah, you can do hardcore awesome amounts of remote management with linux (I recently recompiled a kernel, formatted a RAID array, installed and set up samba, netatalk, and genrally completely configured a linux server from my desktop through a slew of terminal windows. SO SEXY OMG), but the gui tools for OS X are AWESOME for admins with limited command line fu- I got Jaguar Server up and completely configured just how I wanted it without help, compared to both of my monitors being strewn with google searches and man page entries with my linux configuration process. Some people don't want to do it the hard way, and can't afford the new toys. :-)

As for compatability and stability of G3 boards... I only had stability problems if I diddled with the defaults on the control software. So I didn't. I've run OS X, Linux, and MacOS 9.x on g3 upgraded machines, rock solid, without difficulties.

And concerning the 8 gig limit- that only affects Beige G3s and the original iMacs. And only on IDE drives. My workstation had to be partitioned (80g- 8/2/$), my iMac had to be partitioned (60g, 6/54), and my server didn't (9g SCA). It's an IDE thing, not a SCSI thing, and the old beige machines such as the 9600 are SCSI. :-) And I've never had problems with hard drives bigger than 8g running OS X on IDE host adapters- I had 10.1 installed on a 60g in a 9500 awhile back, and it was Just Fine. This is due entirely to the controller- the system sees it as a SCSI drive. :D

Re:MySQL

[moof1138]

There is no UI in ServerAdmin, but there is a GUI tool for MySQL management on OS X Server called 'MySQL Manager.' It is pretty limited in functionality, but it is there.

Note that all XServes ship with X Server, so the cost of the software is only if you are installing it on other hardware.

The features that make the software nicer than Linux (simple setup, integrated password management, easy to use/set up Kerberos, hand holding phone support, etc.) are aimed at a class of people who typically find that it is well worth the $500 they may have paid.

Those who are happy to spend the sea of time and effort reading the docs on configuring a completely integrated PAM/KDC/OpenLDAP/Samba/Apache setup on their choice of Free OS don't appear to be in that target market. IMHO, you can't really sell much in the way of software to people like that, anyway.

Re:Apple the new Sun?

[calyphus]

hmmm...

Sun Fire 15K Server
18 Processor/Memory Boards
72 1.2-GHz UltraSPARC III Cu Processors
8-MB ECC External Cache per Processor
288-GB Memory
2 System Controllers
6 Power Supplies
4 Fan Trays
1 PCI I/O Assemblies
1 Quad FastEthernet PCI Adapter
1 Dual Port LVD SCSI/Dual FastEthernet PCI Adapter
1 Sun StorEdge S1 Disk Array
1 External Expansion Rack
Solaris 9 Operating System Media Kit
Server Installation Service for up to 18 Domains

List Price: $2,661,730.00

Xserve G5
Dual 2GHz PowerPC G5
8GB DDR400 ECC SDRAM - 8x1GB
750GB ADM (3x250GB Serial ATA)
CD-ROM
Fibre Channel PCI card - (lower slot)
Xserve RAID 3500G/14x250G/2x2GB FC
Mac OS X Server, Unlimited License

Subtotal $21,498.00
x 36 (72 G5 CPUs, 288 GB RAM, 126 TB FC RAID storage)
= $ 774,000.00

Just matching number of processors and RAM, that's $2.7 M vs. $0.7 M. Are they fully equivalent? No. Does the G5 at almost a quarter of the price look very attractive? Hell yes. Consider spending the same amount of money on G5s. You'll get 140 of the G5s. Substitute cluster nodes and you can get a whole gross with change left over.

How much does this compare to RH?

[mveloso]

How much does redhat cost, now that they've gone to advanced server? Here it is:

item: basic, standard, premium
red hat enterprise, x86: 349, 799, -
red hat advanced, x86: -, $1499, $2499
red hat advanced, pseries: -, $1992, $2998

Not bad, really - it's cheaper than rhas on POWER.

No Windows, No Linux? Very Poor

[stuntshell]

The beauty about the Server Package are the easy to use integrated tools that allow anyone to use this Server in a already implemented Network, Active Directory or LDAP for example. You gotta have other OS's to test and review this.
Afte playing with Panther, you won't go back to another system for Services, it's easy to use and you have all the utilities you normally would use on a Unix environment + Apple Tools.

Re:Maybe

[pudge]

No, I meant Windows is a small corner of the computing world. I never see Windows, so it must be true.

And maybe I am isolated, but the rest of you are jealous. :-)

Re:Apple the new Sun?

[MrChuck]

ummm, Apple and, er, Oranges (or is Sun Yellow :)
36 2x machines is not gonna do what 1 64 CPU machine will do.

1. with Solaris 9's containers, I can partition up a lot of that big machine into controllable sub machines. SGI does this the best, but Solaris A (5.A?? 10 for marketing weenies) takes it steps further - mostly to match some of the LPAR stuff that IBM offers).
2. SATA is simply serial ATA. It's not SCSI.
   On that note, you can drop cost and boost performance buy using a nice Baydel RAID array rather than anything from Sun (I don't buy Kawasaki brand tires; I don't buy Sun brand RAID)
3. Ever run a large Oracle|Sybase database (the main purpose for most monster Sun boxes) across 36 machines? Me neither. I *do* have it on V1280s, however.
4. Sun's also good for many many PCI busses. Not slots but independant busses.
   We can also mention the switched backplanes that expedite processors reaching RAM banks directly - not a shared bus and other things that make this a different class of computer.

Now I'll concur that at the <= 4CPU end, Sun doesn't really offer much. And if SGI weren't tanking for the previous 5 and next 10 years, they'd likely be doing it better (MIPS is whithering, but pluging 6 4x machines together the its craylink to make it into 1 single 24x machine is cost effective scaling.

With Sun, you start with a 32 way machine populated with 4 CPUs and by the time you grow, oh! those 900MHz ultra 3's aren't going to work with our newer 1200MHz chips.

As much as I hate AIX, the Power5 machines are SWEET at the high end.

But this crowd is about 1-4 way machines. Sun offers no reasonable 1Us (V120: 700Mhz Ultra 2 CPUs? with no cache to speak of? Cmon. My abay Wait, looking at Sun they have a 2*1GHz V240 Ultra3 box for "only" $6k. Add a RAID box and you can compete with the $4 DL380g3 (at 3GHz, but only 32bit :).

But Sun ships with apache 1.3.12 and other never updated Open Source Tools...

Compare the right things here...

[kellererik]

First I like the report and wait for part 2 (3??).
To sum up a reply to a lot of the posts here, you should compare an X-Serve with SUN or IBM boxes and the respective OS, or even Windows Server (whatever it may be called at the time of this writing). The X-Serve with unlimited User license out of the box gives the aforementioned systems a run for the money, verbatim.
About a year ago I gave the system a shot and installed Oracle 9i R2 and QuickTime Streaming Server to see how the box performs. I didn't manage to get the CPU load over 60 % while doing three audio streams, users connected to the fileshares (Mac and Windows) and running Oracle with load. The setup was painless and I switched between GUI and CLI to see if it makes a difference. The only thing I could really complain about, but that holds true to some Linux distros as well, is the fact that some GUI tools mess up the config files in /etc.
BTW: I'm a Unix SysAdmin for 17 years by now and went through *NIX systems some of you might not even heard of.

my 2 cents

Re:lDAP auth.

[NatasRevol]

RAID mounting - depends on the RAID. If it's a non-XserveRAID, you need to leave the box 'unlocked'. This is (simple) security so that someone can't come in and reboot with a firewire/cd/ext HD and take over your server. The fact that the key is just an allen wrench is another story.

If it's an XserveRAID, it will mount even when locked. Apple's version of buy-in. Still beats MS by a long shot.

Re:They charge per client?

[NatasRevol]

It does.

Made for Admins...

[zerofoo]

Workgroup Manager uses a lot of terminology that is completely lost on me, and I am not managing any users, really.

You've just missed the boat. User management is the biggest reason to buy an OS X server.

Lots of companies run mixed environments. Here at the school we run Windows, Linux, and OS X. Having our windows domain controllers replicate user lists to OS X servers is a huge deal. Who wants to add 50 new users to three separate systems?

-ted