Apple SNOW LEOPARD 10.6 User Manual
Mac OS X Server
Advanced Server Administration
Version 10.6 Snow Leopard
Apple Inc. K
© 2009 Apple Inc. All rights reserved.
The owner or authorized user of a valid copy of
Mac OS X Server software may reproduce this
publication for the purpose of learning to use such
software. No part of this publication may be reproduced
or transmitted for commercial purposes, such as selling
copies of this publication or for providing paid-for
support services.
Every eort has been made to ensure that the
information in this manual is accurate. Apple is not
responsible for printing or clerical errors.
Apple
1 Innite Loop
Cupertino, CA 95014-2084
www.apple.com
The Apple logo is a trademark of Apple Inc., registered
in the U.S. and other countries. Use of the “keyboard”
Apple logo (Option-Shift-K) for commercial purposes
without the prior written consent of Apple may
constitute trademark infringement and unfair
competition in violation of federal and state laws.
Apple, the Apple logo, AirPort, AirPort Express, AirPort
Extreme, Apple Remote Desktop, AppleScript, Bonjour,
the Bonjour logo, iCal, iPod, iPhone, Mac, Macintosh,
Mac OS, QuickTime, Safari, Snow Leopard, Tiger,
Time Capsule, Time Machine, Xcode, Xgrid, Xsan,
and Xserve are trademarks of Apple Inc., registered in
the U.S. and other countries.
Finder, QuickTime Broadcaster are trademarks of
Apple Inc.
This product includes BSD (4.4 Lite) developed by
the University of California, Berkeley, FreeBSD, Inc.,
The NetBSD Foundation, Inc., and their respective
contributors.
Intel, Intel Core, and Xeon are trademarks of Intel Corp.
in the U.S. and other countries.
OpenSSL is software developed by the OpenSSL
Project for use in the OpenSSL Toolkit
(http://www.openssl.org/).
UNIX® is a registered trademark of The Open Group.
X Window System is a trademark of the Massachusetts
Institute of Technology.
Other company and product names mentioned herein
are trademarks of their respective companies. Mention
of third-party products is for informational purposes
only and constitutes neither an endorsement nor a
recommendation. Apple assumes no responsibility with
regard to the performance or use of these products.
019-1410/2009-08-15
Contents
11 Preface: About This Guide
11 What’s in This Guide
12 Using Onscreen Help
13 Document Road Map
14 Viewing PDF Guides Onscreen
14 Printing PDF Guides
15 Getting Documentation Updates
15 Getting Additional Information
16 Chapter 1: System Overview and Supported Standards
16 System Requirements for Installing Mac OS X Server v10.6
17 What’s New in Mac OS X Server v10.6
18 What’s New in Server Admin
18 Understanding Server Conguration Methods
20 Supported Standards
23 Mac OS X Server’s UNIX Heritage
24 Chapter 2: Planning Server Usage
24 Determining Your Server Needs
25 Determining Whether to Upgrade or Migrate
25 Setting Up a Planning Team
26 Identifying Servers to Set Up
26 Determining Services to Host on Each Server
28 Dening a Migration Strategy
28 Upgrading and Migrating from an Earlier Version of Mac OS X Server
28 Migrating from Windows
28 Dening an Integration Strategy
29 Dening Physical Infrastructure Requirements
29 Dening Server Setup Infrastructure Requirements
31 Making Sure Required Server Hardware Is Available
31 Minimizing the Need to Relocate Servers After Setup
31 Dening Backup and Restore Policies
32 Understanding Backup and Restore Policies
3
33 Understanding Backup Types
34 Understanding Backup Scheduling
34 Understanding Restores
35 Other Backup Policy Considerations
36 Command-Line Backup and Restoration Tools
36 Understanding Time Machine as a Server Backup Tool
38 Chapter 3: Administration Tools
38 Server Admin
38 Opening and Authenticating in Server Admin
39 Server Admin Interface
40 Customizing the Server Admin Environment
41 Server Assistant
42 Server Preferences
42 Workgroup Manager
43 Workgroup Manager Interface
44 Customizing the Workgroup Manager Environment
44 Server Monitor
46 iCal Service Utility
46 iCal Service Utility Interface
47 System Image Management
47 Media Streaming Management
48 Command-Line Tools
48 Server Status Widget
48 RAID Admin
49 Podcast Capture, Composer, and Producer
49 Xgrid Admin
50 Apple Remote Desktop
51 Chapter 4: Enhancing Security
51 About Physical Security
52 About Network Security
52 Firewalls and Packet Filters
52 Network DMZ
53 VLANs
53 MAC Filtering
54 Transport Encryption
54 Payload Encryption
55 About File Security
55 File and Folder Permissions
55 About File Encryption
56 Secure Delete
56 About Authentication and Authorization
4 Contents
58 Single Sign-On
59 About Certicates, SSL, and Public Key Infrastructure
59 Public and Private Keys
60 Certicates
60 About Certicate Authorities (CAs)
61 About Identities
61 About Self-Signed Certicates
61 About Intermediate Trust
62 Certicate Manager in Server Admin
64 Readying Certicates
65 Creating a Self-Signed Certicate
65 Requesting a Certicate from a Certicate Authority
66 Creating a Certicate Authority
68 Using a CA to Create a Certicate for Someone Else
68 Importing a Certicate Identity
69 Managing Certicates
69 Editing a Certicate
70 Distributing a CA Public Certicate to Clients
70 Deleting a Certicate
71 Renewing an Expiring Certicate
71 Replacing an Existing Certicate
71 Using Certicates
72 SSH and SSH Keys
72 Key-Based SSH Login
72 Generating a Key Pair for SSH
74 Administration Level Security
74 Setting Administration Level Privileges
75 Service Level Security
75 Setting SACL Permissions
76 Security Best Practices
77 Password Guidelines
78 Creating Complex Passwords
79 Chapter 5: Installation and Deployment
79 Installation Overview
81 System Requirements for Installing Mac OS X Server
81 Hardware-Specic Instructions for Installing Mac OS X Server
81 Gathering the Information You Need
82 Setting Up Network Services
82 Connecting to the Directory During Installation
82 SSH During Installation
82 About the Server Install Disc
83 Preparing an Administrator Computer
Contents 5
84 About Starting Up for Installation
84 Before Starting Up
85 Starting Up from the Install DVD
85 Starting Up from an Alternate Partition
88 Remotely Accessing the Install DVD
90 About Server Serial Numbers for Default Installation Passwords
90 Identifying Remote Servers When Installing Mac OS X Server
91 Starting Up from a NetBoot Environment
92 Preparing Disks for Installing Mac OS X Server
93 Choosing a File System
99 Installing Server Software Interactively
100 Installing Locally from the Installation Disc
101 Installing Remotely with Server Assistant
102 Installing Remotely with Screen Sharing and VNC
103 Changing a Remote Computer’s Startup Disk
104 Using the installer Command-Line Tool to Install Server Software
106 Installing Multiple Servers
107 Upgrading a Computer from Mac OS X to Mac OS X Server
107 How to Keep Current
108 Chapter 6: Initial Server Setup
108 Information You Need
108 Postponing Server Setup Following Installation
109 Connecting to the Network During Initial Server Setup
109 Conguring Servers with Multiple Ethernet Ports
109 About Settings Established During Initial Server Setup
110 Specifying Initial Open Directory Usage
111 Not Changing Directory Usage When Upgrading
112 Setting Up a Server as a Standalone Server
112 Binding a Server to Multiple Directory Servers
113 Setting up Servers Interactively
115 Using Automatic Server Setup
116 Creating and Saving Setup Data
118 Using Encryption with Setup Data Files
118 How a Server Searches for Saved Setup Data Files
119 Setting Up Servers Automatically Using Data Saved in a File
120 Setting a Mac OS X Server Serial Number from the Command Line
121 Handling Setup Errors
122 Setting Up Services
122 Adding Services to the Server View
123 Setting Up Open Directory
123 Setting Up User Management
123 Setting Up All Other Services
6 Contents
124 Chapter 7: Ongoing System Management
124 Computers You Can Use to Administer a Server
124 Setting Up an Administrator Computer
125 Using a Non-Mac OS X Computer for Administration
126 Using the Administration Tools
126 Working with Pre-v10.6 Computers from v10.6 Servers
127 Ports Used for Administration
127 Ports Open By Default
128 Server Admin Basics
128 Adding and Removing Servers in Server Admin
129 Grouping Servers Manually
129 Grouping Servers Using Smart Groups
130 Working with Settings for a Specic Server
132 Understanding Changes to the Server IP Address or Network Identity
133 Understanding Mac OS X Server Names
133 Understanding IP Address or Network Identity Changes on Infrastructure Services
136 Understanding IP Address or Network Identity Changes on Web and Wiki Services
137 Understanding IP Address or Network Identity Changes on File Services
138 Understanding IP Address or Network Identity Changes on Mail Services
139 Understanding IP Address or Network Identity Changes on Collaboration Services
141 Understanding IP Address or Network Identity Changes on Podcast Producer
142 Understanding IP Address or Network Identity Changes on Other Services
144 Changing the IP Address of a Server
144 Changing the Server’s DNS Name After Setup
144 Changing the Server’s Computer Name and the Local Hostname
145 Administering Services
146 Adding and Removing Services in Server Admin
146 Importing and Exporting Service Settings
147 Controlling Access to Services
148 Using SSL for Remote Server Administration
148 Managing Sharing
149 Tiered Administration Permissions
150 Dening Administrative Permissions
150 Workgroup Manager Basics
151 Opening and Authenticating in Workgroup Manager
151 Administering Accounts
151 Working with Users and Groups
153 Dening Managed Preferences
154 Working with Directory Data
154 Customizing the Workgroup Manager Environment
155 Service Conguration Assistants
155 Critical Conguration and Data Files
159 Improving Service Availability
Contents 7
159 Eliminating Single Points of Failure
160 Using Xserve for High Availability
161 Using Backup Power
161 Setting Up Your Server for Automatic Restart
162 Ensuring Proper Operational Conditions
162 Providing Open Directory Replication
163 Link Aggregation
164 About the Link Aggregation Control Protocol (LACP)
164 Link Aggregation Scenarios
166 Setting Up Link Aggregation in Mac OS X Server
167 Monitoring Link Aggregation Status
168 Load Balancing
169 Daemon Overview
169 Viewing Running Daemons
169 Using launchd for Daemon Control
171 Chapter 8: Monitoring Your System
171 Planning a Monitoring Policy
171 Planning Monitoring Response
172 Using with Server Status Widget
172 Using Server Monitor
173 Using RAID Admin for Server Monitoring
173 Using Console for Server Monitoring
173 Using Disk Monitoring Tools
174 Using Network Monitoring Tools
175 Using Server Status Notication in Server Admin
175 Monitoring Server Status Overviews Using Server Admin
176 Using Remote Kernel Core Dumps
178 Setting Up a Core Dump Server
179 Setting Up a Core Dump Client
180 Conguring Common Core Dump Options
180 About Simple Network Management Protocol (SNMP)
181 Enabling SNMP reporting
181 Conguring snmpd
183 Additional Information about SNMP
183 Tools to Use with SNMP
183 About Notication and Event Monitoring Daemons
185 Logging
185 Syslog
186 Directory Service Debug Logging
186 Open Directory Logging
187 AFP Logging
187 Additional Monitoring Aids
8 Contents
188 Chapter 9: Push Notication Server
188 About Push Notication Server
189 Starting and Stopping Push Notication
190 Changing a Service’s Push Notication Server
191 Index
Contents 9
10 Contents
About This Guide
This guide provides a starting point for administering
Mac OS X Server v10.6 using its advanced administration
tools. It contains information about planning, practices, tools,
installation, deployment, and more by using Server Admin.
Advanced Server Administration is not the only guide you need when administering
advanced mode server, but it gives you a basic overview of planning, installing,
and maintaining Mac OS X Server using Server Admin.
What’s in This Guide
This guide includes the following chapters:
Chapter  1, “ System Overview and Supported Standards,” provides an overview of
Mac OS X Server systems and standards.
Chapter  2, “ Planning Server Usage,” gives you advice for planning Mac OS X Server
deployment.
Chapter  3, “ Administration Tools,” is a reference guide for the tools used to
administer servers.
Chapter  4, “ Enhancing Security,” is a brief guide to security policies and practices.
Chapter  5, “ Installation and Deployment,” is an installation guide for Mac OS X Server.
Chapter  6, “ Initial Server Setup,” provides a guide to setting up your server after
installation.
Chapter  7, “Ongoing System Management,” explains how to work with
Mac OS X Server and services.
Chapter  8, “ Monitoring Your System,” shows you how to monitor and log into
Mac OS X Server.
Preface
Note: Because Apple periodically releases new versions and updates to its software,
images shown in this book may be dierent from what you see on your screen.
11
Using Onscreen Help
You can get task instructions onscreen in Help Viewer while you’re managing
Mac OS X Server v10.6. You can view help on a server or an administrator computer.
(An administrator computer is a Mac OS X computer with Mac OS X Server v10.6
administration software installed on it.)
To get the most recent onscreen help for Mac OS X Server v10.6:
Open Server Admin or Workgroup Manager and then: m
Use the Help menu to search for a task you want to perform. Â
Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse Â
and search the help topics.
The onscreen help contains instructions taken from Advanced Server Administration
and other advanced administration guides described later.
To see the most recent server help topics:
Make sure the server or administrator computer is connected to the Internet while m
you’re getting help.
Help Viewer automatically retrieves and caches the most recent server help topics
from the Internet. When not connected to the Internet, Help Viewer displays cached
help topics.
12 Preface About This Guide
Introduction to
Command-Line
Administration
Explains how to use
UNIX shell commands to
configure and manage
servers and services.
Server
Administration Guides
Each guide covers using
Server Admin and
command-line tools to
configure advanced
settings for a particular
service.
Advanced Server
Administration
Describes using Server
Admin to install, configure,
and administer server
software and services.
Includes best practices and
advice for system planning,
security, backing up,
and monitoring.
Server Admin Help
Provides onscreen
instructions and answers
when you’re using Server
Admin to manage servers.
Also contains the latest
documentation updates.
Server
Preferences Help
Provides onscreen
instructions and answers
when you’re using
Server Preferences
to manage servers.
Getting Started
Covers basic installation,
setup, and management
using Server Preferences
instead of Server Admin.
Recommended for
novice administrators.
Information
Technologies
Dictionary
Provides onscreen
definitions of
server terminology.
Document Road Map
Mac OS X v10.6 has a suite of guides which can cover management of individual
services. Each service may be dependent on other services for maximum utility.
The road map below shows some related documentation that you may need to fully
congure your desired service to your specications. You can get these guides in
PDF format from the Mac OS X Server documentation website:
www.apple.com/server/resources/
Preface About This Guide 13
Viewing PDF Guides Onscreen
While reading the PDF version of a guide onscreen:
Show bookmarks to see the guide’s outline, and click a bookmark to jump to the Â
corresponding section.
Search for a word or phrase to see a list of places where it appears in the document. Â
Click a listed place to see the page where it occurs.
Click a cross-reference to jump to the referenced section. Click a web link to visit the Â
website in your browser.
Printing PDF Guides
If you want to print a guide, you can take these steps to save paper and ink:
Save ink or toner by not printing the cover page. Â
Save color ink on a color printer by looking in the panes of the Print dialog for an Â
option to print in grays or black and white.
Reduce the bulk of the printed document and save paper by printing more than Â
one page per sheet of paper. In the Print dialog, change Scale to 115% (155%
for Getting Started). Then choose Layout from the untitled pop-up menu. If your
printer supports two-sided (duplex) printing, select one of the Two-Sided options.
Otherwise, choose 2 from the Pages per Sheet pop-up menu, and optionally choose
Single Hairline from the Border menu. (If you’re using Mac OS X v10.4 or earlier, the
Scale setting is in the Page Setup dialog and the Layout settings are in the Print
dialog.)
You may want to enlarge the printed pages even if you don’t print double sided,
because the PDF page size is smaller than standard printer paper. In the Print dialog
or Page Setup dialog, try changing Scale to 115% (155% for Getting Started, which has
CD-size pages).
14 Preface About This Guide
Getting Documentation Updates
Periodically, Apple posts revised help pages and new editions of guides. Some revised
help pages update the latest editions of the guides.
To view new onscreen help topics for a server application, make sure your server or Â
administrator computer is connected to the Internet and click “Latest help topics” or
“Staying current” in the main help page for the application.
To download the latest guides in PDF format, go to the Mac OS X Server Â
documentation website:
www.apple.com/server/resources/
An RSS feed listing the latest updates to Mac OS X Server documentation and Â
onscreen help is available. To view the feed use an RSS reader application, such as
Safari or Mail:
feed://helposx.apple.com/rss/snowleopard/serverdocupdates.xml
Getting Additional Information
For more information, consult these resources:
 Read Me documents—get important updates and special information. Look for them
on the server discs.
 Mac OS X Server website (www.apple.com/server/macosx/)—enter the gateway to
extensive product and technology information.
 Mac OS X Server Support website (www.apple.com/support/macosxserver/)—access
hundreds of articles from Apple’s support organization.
 Apple Discussions website (discussions.apple.com/)—share questions, knowledge,
and advice with other administrators.
 Apple Mailing Lists website (www.lists.apple.com/)—subscribe to mailing lists so you
can communicate with other administrators using email.
 Apple Training and Certication website (www.apple.com/training/)—hone
your server administration skills with instructor-led or self-paced training,
and dierentiate yourself with certication.
Preface About This Guide 15
System Overview and Supported
Standards
1
Mac OS X Server gives you everything you need to provide
standards-based workgroup and Internet services —
delivering a world-class UNIX server solution that’s easy to
deploy and easy to manage.
This chapter contains information to make decisions about where and how you deploy
Mac OS X Server. It contains general information about conguration options, standard
protocols used, its UNIX roots, and network and rewall congurations necessary for
Mac OS X Server administration.
System Requirements for Installing Mac OS X Server v10.6
The Macintosh desktop computer or server onto which you install
Mac OS X Server v10.6 must have:
An Intel processor Â
At least 2 gigabytes (GB) of random access memory (RAM) Â
At least 10 gigabytes (GB) of available disk space Â
A new serial number for Mac OS X Server v10.6 Â
The serial number used with any previous version of Mac OS X Server will not allow
registration for v10.6.
A built-in DVD drive is convenient but not required.
A display and keyboard are optional. You can install server software on a computer
that has no display and keyboard by using an administrator computer. For more
information, see “Setting Up an Administrator Computer” on page 12 4 .
If you’re using an installation disc for Mac OS X Server v10.6, you can control
installation from another computer using VNC viewer software. Open-source VNC
viewer software is available. Apple Remote Desktop, described on “Apple Remote
Desktop” (page 50), includes VNC viewer capability.
16
What’s New in Mac OS X Server v10.6
Mac OS X Server v10.6 oers major enhancements in several key areas:
Address Book Server Â
Mac OS X Server v10.6 introduces the rst open standards-based Address Book
Server Based on the emerging CardDAV specication, which uses WebDAV to
exchange vCards, sharing contacts across multiple computers.
Remote Access Â
Mac OS X Server v10.6 delivers push notications to users outside your rewall, and
a proxy service gives them secure remote access to email, address book contacts,
calendars, and specied internal websites.
Collaboration services improvements Â
Mac OS X Server v10.6 augments collaboration features with wiki and blog
templates optimized for viewing on iPhone; provides content searching across
multiple wikis; and enables attachment viewing in Quick Look. It also introduces
My Page, which gives users one convenient place to access web applications,
receive notications, and view activity streams across wikis.
iCal Server 2 Â
Mac OS X Server v10.6 has a new iCal Server which includes shared calendars, push
notications, the ability to send email invitations to non-iCal Server users, and a
browser-based application for using calendars with many supported browsers.
Podcast Producer 2 Â
Mac OS X Server v10.6 has a new Podcast Producer which features an intuitive new
workow editor, support for dual-video source capture, and Podcast Library, which
lets you host locally stored podcasts and make them available for subscription by
category via Atom web feeds.
Mail Server improvements Â
Mac OS X Server v10.6 mail service increases its performance and scalability using
a new engine designed to handle thousands of simultaneous connections. Mail
services have been enhanced to include server-side email rules and vacation
messages.
Multicore optimizations Â
Mac OS X Server v10.6 supports “Grand Central,” a new set of built-in technologies
that makes all of Mac OS X Server multicore aware and optimizes it for allocating
tasks across multiple cores and processors.
64-bit support Â
Mac OS X Server v10.6 use 64-bit kernel technology to support up to 16 TB of
memory.
Chapter 1 System Overview and Supported Standards 17
OpenCL support Â
Mac OS X Server v10.6 supports OpenCL and makes it possible for developers to use
the GPU for general computational tasks.
What’s New in Server Admin
Included with Mac OS X Server v10.6 is Server Admin, Apple’s powerful, exible, full-
featured server administration tool. Server Admin is reinforced with improvements
in standards support and reliability. Server Admin also delivers a number of
enhancements:
Newly rened, streamlined, and integrated Server Assistant Â
Smoother interaction with Server Preferences settings Â
Improved user interface Â
Understanding Server Conguration Methods
You can congure and manage Mac OS X Server using two conguration
methods: Server Preferences, or the advanced conguration tool suite, which includes
Server Admin and its command-line utilities.
Servers administered using the advanced tool suite are the most exible and require
the most skill to administer. Servers administered by Server Preferences have fewer
conguration options, but most conguration details are set by Server Preferences,
without additional skill or labor. You can customize your server for a variety of
purposes using either method.
Using Server Admin and the rest of the advanced conguration tool suite, the
experienced system administrator has complete control of each service’s conguration
to accommodate a wide variety of needs. After performing initial setup with Setup
Assistant, you use powerful administration applications such as Server Admin and
Workgroup Manager, or command-line tools, to congure advanced settings for
services the server must provide.
Using Server Preferences, you can get standard congurations of Mac OS X Server
features using automated setup and simplied administration. For more information
about using Server Preferences to administer your server, see Getting Started.
You can switch between Server Admin and Server Preferences. The setting changes
in one application are reected in the other’s settings. However, some advanced or
custom congurations can’t be inspected or changed in Server Preferences, due to
Server Preferences’ simplied interface.
18 Chapter 1 System Overview and Supported Standards
The following table highlights the capabilities of each conguration tool.
Service Set in initial server
setup
Address book Optional Yes Yes
Backup your data
(websites, databases,
calendar les, etc.)
Computer account
and computer group
management
DHCP, DNS, NAT Automatic No Yes
File sharing (AFP and
SMB protocols)
File sharing (FTP and
NFS protocols)
Firewall (application
rewall)
Firewall (IP rewall) Automatic Yes Yes
Gateway (NAT, DNS,
DHCP)
iCal (calendar sharing,
event scheduling)
iChat (instant
messaging)
Mail with spam and
virus ltering
Mobile access No No Yes
MySQL No No Yes
NetBoot and NetInstall
(system imaging)
Network time Automatic No Yes
Network management
(SNMP)
NFS No No Yes
No No, use command-line
No Use Workgroup
Optional Yes Yes
No No Yes
Automatic Use System Preferences Use System Preferences
Optional No Yes
Optional Yes Yes
Optional Yes Yes
Optional Yes Yes
No No Yes
No No Yes
Server Preferences Server Admin
No, use command-line
tools and third-party
backup solutions
Manager
tools and third-party
backup solutions
Use Workgroup
Manager
Chapter 1 System Overview and Supported Standards 19
Service Set in initial server
setup
Open Directory master
(user accounts and
other data)
Podcast Producer No No Yes
Policies and managed
preferences
Print No No Yes
Push notication Automatic Automatic Yes
QuickTime Streaming No No Yes
RADIUS No No Yes
Remote login (SSH) Optional Use System Preferences Yes
Software update No No Yes
Time Machine backup
of client Macs
Time Machine backup
of server
User and Group
creation
VPN (secure remote
access)
Web (wikis, blogs,
webmail)
Xgrid (computational
clustering)
Xserve diagnostics No Use Server Monitor Use Server Monitor
Optional Optional Yes
No Use Workgroup
Optional Yes Yes
No Use System Preferences Use System Preferences
Optional Yes Yes
No Yes Yes
Optional Yes Yes
No No Yes, and also use Xgrid
Server Preferences Server Admin
Use Workgroup
Manager
Manager
Admin
Supported Standards
Mac OS X Server provides standards-based workgroup and Internet services. Instead of
developing proprietary server technologies, Apple has built on the best open source
projects: Samba 3, OpenLDAP, Kerberos, Dovecot, Apache, Jabber, SpamAssassin, and
more. Mac OS X Server integrates these robust technologies and enhances them with
a unied, consistent management interface.
Because it is built on open standards, Mac OS X Server is compatible with existing
network and computing infrastructures. It uses native protocols to deliver directory
services, le and printer sharing, and secure network access to Mac, Windows, and
Linux clients.
20 Chapter 1 System Overview and Supported Standards
A standards-based directory services architecture oers centralized management of
network resources using any LDAP server–even proprietary servers such as Microsoft
Active Directory. The open source UNIX foundation makes it easy to port and deploy
existing tools to Mac OS X Server.
The following standards-based technologies power Mac OS X Server:
 Kerberos: Mac OS X Server integrates an authentication authority based on MIT’s
Kerberos technology (RFC 1964) to provide users with single sign-on access to
secure network resources.
Using strong Kerberos authentication, single sign-on maximizes the security of
network resources while providing users with easier access to a broad range of
Kerberos-enabled network services.
For services that have not yet been Kerberized, the integrated SASL service
negotiates the strongest possible authentication protocol.
 OpenLDAP: Mac OS X Server includes a robust LDAP directory server and a secure
Kerberos password server to provide directory and authentication services to Mac,
Windows, and Linux clients.
Apple has built the Open Directory server around OpenLDAP, the most widely
deployed open source LDAP server, so it can deliver directory services for both
Mac-only and mixed-platform environments.
LDAP provides a common language for directory access, enabling administrators to
consolidate information from dierent platforms and dene one namespace for all
network resources. This means there is a single directory for all Mac, Windows, and
Linux systems on the network.
 RADIUS: Remote Authentication Dial-In User Service (RADIUS) is an authentication,
authorization, and accounting protocol used by the 802.1x security standard for
controlling network access by clients in mobile or xed congurations. Mac OS X
Server uses RADIUS to integrate with AirPort Base Stations serving as a central MAC
address lter database. By conguring RADIUS and Open Directory, you can control
who has access to your wireless network.
Mac OS X Server uses the FreeRADIUS Server Project. FreeRADIUS supports
the requirements of a RADIUS server, shipping with support for LDAP, MySQL,
PostgreSQL, Oracle databases, EAP, EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP,
and Cisco LEAP subtypes. Mac OS X Server supports proxying, with failover and load
balancing.
 Mail Service: Mac OS X Server uses robust technologies from the open source
community to deliver comprehensive, easy-to-use mail server solutions. Full support
for Internet mail protocols—Internet Message Access Protocol (IMAP), Post Oce
Protocol (POP), and Simple Mail Transfer Protocol (SMTP)—ensures compatibility
with standards-based mail clients on Mac, Windows, and Linux systems.
Chapter 1 System Overview and Supported Standards 21
 Web Technologies: Mac OS X Server is a complete AMP stack (a bundle of
integrated Apache-MySQL-PHP/Perl/Python software). Mac OS X Server web
technologies are based on the open source Apache web server, the most widely
used HTTP server on the Internet.
With performance optimized for Mac OS X Server, Apache provides fast, reliable
web hosting and an extensible architecture for delivering dynamic content and
sophisticated web services. Because web service in Mac OS X Server is based on
Apache, you can add advanced features with plug-in modules.
Mac OS X Server includes everything professional web masters need to deploy
sophisticated web services: integrated tools for collaborative publishing, inline
scripting, Apache modules, custom CGIs, and JavaServer Pages and Java Servlets.
Database-driven sites can be linked to the included MySQL database. ODBC and
JDBC connectivity to other database solutions is also supported.
Web service also includes support for Web-based Distributed Authoring and
Versioning, known as WebDAV.
 File Services: You can congure Mac OS X Server le services to allow clients to
access shared les, applications, and other resources over a network. Mac OS X
Server supports most major service protocols for maximum compatibility, including:
 Apple Filing Protocol (AFP), to share resources with clients who use Macintosh
computers.
 Server Message Block (SMB), a protocol to share resources with clients who use
Windows computers. This protocol is provided by the Samba open source project.
 Network File System (NFS), to share les and folders with UNIX clients.
 File Transfer Protocol (FTP), to share les with anyone using FTP client software.
 IPv6 (RFC 2460): IPv6 is the Internet’s next-generation protocol designed to replace
the current Internet Protocol, IPv4 (or IP).
IPv6 improves routing and network autoconguration. It increases the number
of network addresses to over 3 x1038, and eliminates the need for NAT-provided
addressing. IPv6 is expected to gradually replace IPv4 over a number of years, with
the two coexisting during the transition.
Mac OS X Server’s network services are fully IPv6 capable and ready to transition to
the next generation addressing as well as being fully able to operate with IPv4.
 SNMP: Simple Network Management Protocol (SNMP) is used to monitor network-
attached devices’ operational status. It is a set of IETF-designed standards for
network management, including an Application Layer protocol, a database schema,
and a set of data objects.
Mac OS X Server uses the open source net-snmp suite to provide SNMPv3
(RFCs 3411-3418) service.
22 Chapter 1 System Overview and Supported Standards
 XMPP: Extensible Messaging and Presence Protocol (XMPP) is an open XML-based
messaging protocol used for messaging and presence information. XMPP serves as
the basis for Mac OS X Server’s Push Notication service, as well as iChat Server,
and all publish and subscribe functions for the server.
Mac OS X Server’s UNIX Heritage
Mac OS X Server has a UNIX foundation built around the Mach microkernel and the
latest advances from the Berkeley Software Distribution (BSD) open source community.
This foundation provides Mac OS X Server with a stable, high-performance, 64-bit
computing platform for deploying server-based applications and services.
Mac OS X Server is built on an open source operating system called Darwin, which is
part of the BSD family of UNIX-like systems. BSD is a family of UNIX variants descended
from Berkeley’s version of UNIX. Also, Mac OS X Server incorporates more than
100 open source projects in addition to proprietary enhancements and extended
functionality created by Apple.
The BSD portion of the Mac OS X kernel is derived primarily from FreeBSD, a version
of 4.4BSD that oers advanced networking, performance, security, and compatibility
features.
In general, BSD variants are derived (sometimes indirectly) from 4.4BSD-Lite Release 2
from the Computer Systems Research Group (CSRG) at the University of California at
Berkeley.
Although the BSD portion of Mac OS X is primarily derived from FreeBSD, some
changes have been made. To nd out more about the low-level changes made,
see Apple’s Developer documentation for Darwin.
Chapter 1 System Overview and Supported Standards 23
Planning Server Usage
2
Before installing and setting up Mac OS X Server do a little
planning and become familiar with your options.
The major goals of the planning phase are to make sure that:
Server user and administrator needs are addressed by the servers you deploy Â
Server and service prerequisites that aect installation and initial setup are Â
identied
Installation planning is especially important if you’re integrating Mac OS X Server into
an existing network, migrating from earlier versions of Mac OS X Server, or preparing
to set up multiple servers. But even single-server environments can benet from a
brief assessment of the needs you want a server to address.
24
Use this chapter to stimulate your thinking. It doesn’t present a rigorous planning
guide, nor does it provide the details you need to determine whether to implement a
particular service and assess its resource requirements. Instead, view this chapter as an
opportunity to think about how to maximize the benets of Mac OS X Server in your
environment.
Planning, like design, isn’t necessarily a linear process. The sections in this chapter don’t
require you to follow a mandatory sequence. Dierent sections in this chapter present
suggestions that could be implemented simultaneously or iteratively.
Determining Your Server Needs
During the planning stage, determine how you want to use Mac OS X Server and
identify whether there’s anything you need to accomplish before setting it up.
For example, you might want to convert an existing server to v10.6 and continue
hosting directory, le, and mail services for clients on your network.
Before you install server software, you might need to prepare data to migrate to your
new server, and perhaps consider whether it’s a good time to implement a dierent
directory services solution.
During the planning stage, you’ll also decide which installation and server setup
options best suit your needs. For example, Getting Started contains an example that
illustrates server installation and initial setup in a small business scenario with the
server in using Server Preferences.
Determining Whether to Upgrade or Migrate
If you’re using a previous version of Mac OS X Server and you want to reuse data and
settings, you can upgrade or migrate to v10.6.
You can upgrade to Mac OS X Server v10.6 if you’re using the latest update of
Mac OS X Server v10.5 Leopard or Mac OS X Server v10.4.11 on Mac OS X servers with
Intel processors.
Upgrading is simple because it preserves existing settings and data. You can perform
an upgrade using any of the installation methods described in this chapter or the
advanced methods described in this guide.
If you can’t perform an upgrade, for example when you need to reformat the startup
disk or replace your server hardware, you can migrate data and settings to a computer
that you’ve installed Mac OS X Server v10.6 on.
Migration is supported from the latest update of Mac OS X Server v10.5 Leopard
or Mac OS X Server v10.4.11 Tiger. For complete information about migrating data
and settings to a dierent Mac or Xserve, see the onscreen help or Mac OS X Server
Resources website at www.apple.com/server/macosx/resources/.
Setting Up a Planning Team
Involve individuals in the installation planning process who represent various points of
view, and who can help answer the following questions:
What day-to-day user requirements must a server meet? What activities do server Â
users and workgroups depend on the server for?
If the server is used in a classroom, make sure the instructor who manages its
services and administers it daily provides input.
What user management requirements must be met? Will user computers be diskless Â
and need to be started up using NetBoot? Will Macintosh client management and
network home folders be required?
Individuals with server administration experience should work with server users
who might not have a technical background, so they’ll understand how specic
services might benet them.
What existing non-Apple services, such as Active Directory, must the server integrate Â
with?
Chapter 2 Planning Server Usage 25
If you’ve been planning to replace a Windows NT computer, consider using
Mac OS X Server with its extensive built-in support for Windows clients. Make
sure that administrators familiar with these other systems are part of the planning
process.
What are the characteristics of the network into which the server will be installed? Â
Do you need to upgrade power supplies, switches, or other network components?
Is it time to streamline the layout of facilities that house your servers?
An individual with systems and networking knowledge can help with these details
as well as completing the Installation & Setup Worksheet on the Mac OS X Server
Install Disc or Administration Tools CD.
Identifying Servers to Set Up
Conduct a server inventory:
How many servers do you have? Â
How are they used? Â
How can you streamline the use of servers you want to keep? Â
Do existing servers need to be retired? Which servers can Mac OS X Server replace? Â
Which non-Apple servers will Mac OS X Server need to be integrated with? Why? Â
Do you have Mac OS X Server computers that need to be upgraded to version 10.6? Â
How many new Mac OS X Server computers will you need to set up? Â
Determining Services to Host on Each Server
Identify which services you want to host on each Mac OS X Server and non-Apple
server you decide to use.
Distributing services among servers requires an understanding of users and services.
Here are a few examples of how service options and hardware and software
requirements can inuence what you put on servers:
Directory services implementations can range from using directories and Kerberos Â
authentication hosted by non-Apple servers to setting up Open Directory directories
on servers distributed throughout the world.
Directory services require thoughtful analysis and planning.
The additional information at Mac OS X Server Resources website
at www.apple.com/server/macosx/resources/ can help you understand
the options and opportunities.
26 Chapter 2 Planning Server Usage
Home folders for network users can be consolidated onto one server or distributed Â
among various servers. Although you can move home folders, you might need
to change a large number of user and share point records, so devise a strategy
that will persist for a reasonable amount of time. For information about home
folders, see Mac OS X Server help or Mac OS X Server Resources website at
www.apple.com/server/macosx/resources/.
Some services oer ways to control the amount of disk space used by individual Â
users. For example, you can set up home folder and mail quotas for users. Consider
whether using quotas will oer a way to maximize the disk usage on a server
that stores home folders and mail databases. The additional information at
Mac OS X Server Resources website at www.apple.com/server/macosx/resources/
describes home folder and user mail quotas, and service-wide mail quotas.
Disk space requirements are also aected by the type of les a server hosts. Â
Creative environments need high-capacity storage to accommodate large
media les, but elementary school classrooms have more modest le storage
needs. The additional information at Mac OS X Server Resources website at
www.apple.com/server/macosx/resources/ describe le sharing.
If you’re setting up a streaming media server, allocate enough disk space to Â
accommodate a specic number of hours of streamed video or audio. For
hardware and software requirements and for a setup example, see additional
information in online help or at Mac OS X Server Resources website at
www.apple.com/server/macosx/resources/ .
The number of NetBoot client computers you can connect to a server depends on Â
the server’s Ethernet connections, the number of users, the amount of available
RAM and disk space, and other factors. DHCP service needs to be available to the
clients and can be provided by a dierent server than the NetBoot server. For
NetBoot capacity planning guidelines, see additional information at Mac OS X Server
Resources website at www.apple.com/server/macosx/resources/ .
Mac OS X Server oers extensive support for Windows users. You can consolidate Â
Windows user support on servers that provide PDC services, or you can distribute
services for Windows users among dierent servers.
If you want to use software RAID to stripe or mirror disks, you’ll need two or more Â
drives (but not FireWire drives) on a server. For more information, see online Disk
Utility Help.
Before nalizing decisions about which servers will host specic services, familiarize
yourself with information in the administration guides for the services you want to
deploy.
Chapter 2 Planning Server Usage 27
Dening a Migration Strategy
If you’re using Mac OS X Server v10.4–10.5 or a Windows-based server, examine the
opportunities for moving data and settings to Mac OS X Server v10.6.
Upgrading and Migrating from an Earlier Version of Mac OS X Server
If you’re using computers with Mac OS X Server v10.4 or v10.5, consider upgrading or
migrating them to Mac OS X Server v10.6.
If you’re using Mac OS X Server v10.5 or v10.4 and you don’t need to move to Intelprocessor based hardware, you can perform an upgrade installation. Upgrading is
simple because it preserves your existing settings and data.
When you can’t use the upgrade approach, you can migrate data and settings.
You’ll need to migrate, not upgrade, when:
A version 10.4 or 10.5 server’s hard disk needs reformatting or the server doesn’t Â
meet the minimum Mac OS X Server v10.6 system requirements. For more
information, “System Requirements for Installing Mac OS X Server v10.6” on page 16 .
You want to move data and settings you’ve been using on a v10.4 or 10.5 server to Â
dierent server hardware.
Migration is supported from the latest versions of Mac OS X Server v10.5 and v10.4.
When you migrate, you install and set up Mac OS X Server v10.6, then restore les onto
it from the earlier server, and then make manual adjustments as required.
For complete information, read the additional information at Mac OS X Server
Resources website at www.apple.com/server/macosx/resources/ .
Migrating from Windows
Mac OS X Server v10.6 can provide a variety of services to users of Microsoft Windows
computers. By providing these services, Mac OS X Server v10.6 can replace Windows
servers in small workgroups.
For information about migrating users, groups, les, and more from a Windows-
based server to Mac OS X Server, see the additional information at Mac OS X Server
Resources website at www.apple.com/server/macosx/resources/ .
Dening an Integration Strategy
Integrating Mac OS X Server into a heterogeneous environment has two aspects:
Conguring Mac OS X Server to take advantage of existing services Â
Conguring non-Apple computers to use Mac OS X Server Â
28 Chapter 2 Planning Server Usage
The rst aspect primarily involves directory services integration. Identify which
Mac OS X Server computers will use existing directories (such as Active Directory,
LDAPv3, and NIS directories) and existing authentication setups (such as Kerberos).
For options and instructions, see the additional information at Mac OS X Server
Resources website at www.apple.com/server/macosx/resources/ . Integration can be
as easy as enabling a Directory Utility option, or it might involve adjusting existing
services and Mac OS X Server settings.
The second aspect is largely a matter of determining the support you want
Mac OS X Server to provide to non-Apple computer users. The additional information
at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/
tell you what’s available.
Dening Physical Infrastructure Requirements
Determine whether you need to make site or network topology adjustments before
installing and setting up servers.
Who will administer the server, and what kind of server access will administrators Â
need?
Classroom servers might need to be conveniently accessible for instructors, while
servers that host network-wide directory information should be secured with
restricted physical access in a district oce building or centralized computer facility.
Because Mac OS X Server administration tools oer complete remote server
administration support, there are few times when an administrator should need
physical access to a server.
Are there air conditioning or power requirements that must be met? For this kind of Â
information, see the documentation that comes with server hardware.
Are you considering upgrading elements such as cables, switches, and power Â
supplies? Now may be a good time to do it.
Have you congured your TCP/IP network and subnets to support the services and Â
servers you want to deploy?
Are you considering moving your servers to dierent IP addresses or hostnames? Â
Now may be a good time to do it.
Dening Server Setup Infrastructure Requirements
The server setup infrastructure consists of the services and servers you set up in
advance because other services or servers depend on them.
Chapter 2 Planning Server Usage 29
For example, if you use Mac OS X Server to provide DHCP, network time, or BootP
services to other servers, you should set up the servers that provide these services and
initiate the services before you set up servers that depend on those services.
The amount of setup infrastructure you require depends on the complexity of your
site and what you want to accomplish. In general, DHCP, DNS, and directory services
are recommended or required for medium and large server networks:
The most fundamental infrastructure layer comprises network services like DHCP Â
and DNS.
All services run better if DNS is on the network, and many services require DNS to
work properly. If you’re not hosting DNS, work with the administrator responsible
for the DNS server you’ll use when you set up your servers. DNS requirements for
services are published in the service-specic administration guides.
The DHCP setup reects your physical network topology.
Another crucial infrastructure component is directory services, required for sharing Â
data among services, servers, and user computers.
The most common shared data in a directory is for users and groups, but
conguration information such as mount records and other directory data is also
shared. A directory services infrastructure is necessary to host cross-platform
authentication and when you want services to share the same names and
passwords.
Here’s an example of the sequence in which you might set up a server infrastructure
that includes DNS, DHCP, and directory services. You can set up the services on the
same server or on dierent servers:
Setting up basic server infrastructure:
1 Set up the DNS server, populating the DNS with the host names of the desired servers
and services.
2 Set up DHCP, conguring it to specify the DNS server address so it can be served to
DHCP clients.
If desired, set up DHCP-managed static IP address for the servers.
3 Set up a directory server, including Windows PDC service if required, and populate the
directory with data, such as users, groups, and home folder data.
This process can involve importing users and groups, setting up share points, setting
up managed preferences, and so forth.
4 Congure DHCP to specify the address of the directory server so it can be served to
DHCP clients.
Your specic needs can aect this sequence. For example, to use VPN, NAT, or IP
Firewall services, include their setup with the DNS and DHCP setups.
30 Chapter 2 Planning Server Usage
Loading...