What’s gone
While the absence of Xgrid cluster support
will be felt by only a few users, the removal of the IP filter software
firewall that was found in earlier Apple server systems is a more significant
casualty. Whilst the vast majority of Server users will have superior firewalls
in their Internet routers, this loss may require some – such as those who park
their servers in the ‘DMZ’ to provide internet services, as well as serving
clients to reconfigure their networks.
High
profile: User profiles are managed centrally from here, but stored on devices,
so iOS users who rarely connect to your network are catered for. This makes OS
X Server a basis for managing 1:1 iPad use schemes, for example
What’s hidden
Server.app has expanded its powers greatly
since Lion Server, but it may still not be ideal for administering users and
groups. For those struggling with this, Apple has compromised by providing
Workgroup Manager 10.8, but only if you choose to install it, as explained in
links from support.apple.com/kb/DL1567.
This utility edits records in Open and
Active Directory, which are server-based, thus rooted in the classical static
network model as managed preferences. Take that Mac or iOS device away and join
it to a different network, and it may be given completely different managed
preferences.
Within Server.app, Profile Manager edits
XML property lists that are configuration profiles, with the .mobileconfig
extension. Those are installed on your devices, and can be controlled locally
through System Preferences, letting you change profiles according to where you
are and what you’re doing.
Mail remains much the same in Server 2.2,
providing a very usable interface to an array of services
Profiles can be pushed out to clients using
a range of methods, and are thoroughly decentralized. This makes them much
better suited to laptops, iPhones, and iPads, which may spend little time
connected to the local network. Although there aren’t many third party products
that currently work with Apple’s configuration profiles, Air-Watch
(air-watch.com/solutions/macosx), MobileIron (www.mobileiron.com/en/multi-os-management/os-x-management)
and others are moving in quickly.
Having the option of local managed
preferences via Workgroup Manager and Open Directory, and mobile configuration
profiles via Profile Manager in Server.app from version 2.1.1, you still can’t
run DHCP and operate Internet Sharing at the same time, and merely turning on
Internet Sharing wipes and existing DHCP configuration. Not that you’ll find
these details in Server’s online documentation or Advanced Administration
guide, which seem to lag updates badly and are far below the quality and
coverage you need to administer a server. Apple excels at making products that
genuinely require no manual, but server administration is not a good candidate
for this approach.
What’s stayed
Mail, together with File Sharing, Profile
Manager, Time Machine, and VPN, remains essentially the same in Server 2.2.
this is a very usable interface to what is in fact a complex array of services,
including Dove-cot (providing IMAP and POP), Postfix (SMTP mail transfer
agent), Amavis (virus scanner), ClamAV (another virus scanner), SpamAssassin
(anti-spam filter), and Post-master (webmail option).
The Mailman mailing list manager has gone,
but can be installed using instructions found at
livetime.com/mountain-li-on-mailman-mailing-list/. Losing Server Admin’s
finer-grained control over these components means sysadmins who need more
detail than is offered in Server.app will have to access them through
Terminal’s command line; the command sudo serveradmin settings mail will reveal
how extensive these are. If you can, keep to Server.app’s simple interface.
Mail
model: Managing your mail server is impressively straightforward, with features
like anti-spam integrated into OS X Server’s single, friendly user interface
Several services have been renamed. What
was called Address Book in Lion Server is now known as Contacts, and uses the
Card-DAV service together with LDAP information. What was called iCal is now
Calendar (another change familiar from basic OS X), continuing to use Apple’s
standard CalDAV service, with very little in the way of configuration or
service options.
However, you can establish network-wide
locations and renamed from Web, and remains based on the industry standard
Apache 2 web server, gaining an informative Python Web App demo. While this
ships with version 1.8.7 of Ruby, Perl remains stuck at version 5.12.4, albeit
with patches, rather than the current 5.16.1. This remains a surprising
decision on Apple’s part and because of Server 2.2’s new package architecture
is very hard to rectify yourself.
If you’re looking to deliver content out to
the internet from your Mac server, you may prefer to go with a server package
incorporating the latest version of Perl, although Apple’s installation is fine
for those accessed only within local networks.
Site
specific: If you need to host websites, the built-in Apache installation is
fine for most intranet purposes but its ageing Perl version is not ideal for
internet-facing websites
What’s moved
Among the several services that have been
rescued from Server Admin and added to Server.app, FPT is probably going to be
the least used. With AFP available for Macs, SM B/CIFS for Windows systems,
WebDAV for iPads, and NFS for Unix/Linux, FTP is left as a last resort for
moving files around a network. This has been a valuable option, though, when
there have been problems with SM B, which have troubled some previous versions
of OS X Server. Controls in Server.app are straightforward and complete.
Messages are similar to eth iChat service
provided previously, and use Jabber, the independent instant messaging
technology. What’s slightly confusing here is that the Messages service is not
the same as (iCloud) Messages on a client. When delivered by Server 2.2, the
Messages service keeps a transcript, and can’t currently cross over into
iCloud, but works on local and remote systems that are recognized by its Jabber
service. iCloud Messages don’t appear in any transcripts, and work between
systems that are connected to iCloud accounts, via iCloud, and independently of
local Jabber.
Start
me up: NetInstall allows client Macs to boot up from a served image or be
restore to a fixed state
It might have been better for Apple to have
stuck with the original iChat name to distinguish the two services.
DNS may prove the most controversial of
Mountain Lion Server’s features, despite being based on the standard bind
9.8.3-P1. Professional sysadmins have been less than enthusiastic at Apple’s
efforts to fit NDS management into a friendly interface. In the past, settings
generated in the GUI have trampled over those crafted manually, and vice versa.
Although Server.app’s interface seems simple, and should normally initialize to
a safe and functional default, a little patience will reveal it’s quite capable
of handling common setups. Most should be content with serving only systems on
the local network, to ensure that other services work properly.
NetInstall includes services for starting
up from a served image (NetBoot) and for restoring clients to a fixed state
(Net-Restore), and it’s won for making multiple installs easier. Server.app
leaves most of the hard work here to System Image Utility, the tool used to
create the disk images that it serves.
These haven’t changed a great deal since
Lion Server, but in the downside Server.app doesn’t yet seem to offer diskless
NetBoot directly, for which administrators may need to follow the workaround
offered by Charles Edge at
krypted.com/mac-os-x-server/allowdiskelss-netboot-from-the-command-line/. Once
again, that requires use of the command line, so it’s a feature that might be
added to Server.app in future if Apple intends to make this fully integrated
interface.
Local
hero: Software Update on each Mac can link to your server rather than the App
Store, and you can pick how to manage Apple updates
Software Update promises great savings in
downloads, but hasn’t always made the administrator’s life better. Earlier
implementations were all-or-nothing: you either kept local copies of every
update provided by Apple, or none at all. There’s now an intermediate option
that lets you choose which updates to store and provide, which could be an
ideal compromise.
Integration with Mountain Lion’s new
reliance on the App Store for all Apple updates is managed by configuring the
client’s Software Update pane to point at your local server, which in Server
2.2 can now act as a caching service for updates to purchased apps as well as
regular Apple products.
While Open Directory has proved itself to
be an import service in medium-sized and larger networks, Apple seems to be
testing the water to see how popular it will be with the typical OS X Server
2.2 network admin. Thus Server.app provides another minimalist interface that
simply assigns which server does what. If you want to do anything more, you’ll
need to turn to Directory Utility more, you’ll need to turn to Directory
Utility and Workgroup Manager.
With the latter being steadily supplanted
by configuration profiles and Profile Manager, at least for mobile devices, it
may well be that Open Directory is on the decline, and will eventually be
abandoned.
