Mac OS X Server
Advanced Server Administration
Version 10.6 Snow Leopard
KKApple Inc.
© 2009 Apple Inc. All rights reserved.
The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such
software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services.
Every effort has been made to ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors.
Apple
1 Infinite Loop
Cupertino, CA 95014-2084 www.apple.com
The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws.
Apple, the Apple logo, AirPort, AirPort Express, AirPort Extreme, Apple Remote Desktop, AppleScript, Bonjour, the Bonjour logo, iCal, iPod, iPhone, Mac, Macintosh, Mac OS, QuickTime, Safari, Snow Leopard, Tiger,
Time Capsule, Time Machine, Xcode, Xgrid, Xsan,
and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries.
Finder, QuickTime Broadcaster are trademarks of Apple Inc.
This product includes BSD (4.4 Lite) developed by the University of California, Berkeley, FreeBSD, Inc., The NetBSD Foundation, Inc., and their respective contributors.
Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries.
OpenSSL is software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
UNIX® is a registered trademark of The Open Group.
X Window System is a trademark of the Massachusetts Institute of Technology.
Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products.
019-1410/2009-08-15
11 Preface: About This Guide
11What’s in This Guide
12Using Onscreen Help
13Document Road Map
14Viewing PDF Guides Onscreen
14Printing PDF Guides
15Getting Documentation Updates
15Getting Additional Information
16Chapter 1: System Overview and Supported Standards
16System Requirements for Installing Mac OS X Server v10.6
17What’s New in Mac OS X Server v10.6
18What’s New in Server Admin
18 Understanding Server Configuration Methods
20 Supported Standards
23Mac OS X Server’s UNIX Heritage
24Chapter 2: Planning Server Usage
24Determining Your Server Needs
25Determining Whether to Upgrade or Migrate
25Setting Up a Planning Team
26Identifying Servers to Set Up
26 Determining Services to Host on Each Server
28 Defining a Migration Strategy
28Upgrading and Migrating from an Earlier Version of Mac OS X Server
28Migrating from Windows
28Defining an Integration Strategy
29Defining Physical Infrastructure Requirements
29 Defining Server Setup Infrastructure Requirements
31Making Sure Required Server Hardware Is Available
31Minimizing the Need to Relocate Servers After Setup
31Defining Backup and Restore Policies
32Understanding Backup and Restore Policies
3
33Understanding Backup Types
34Understanding Backup Scheduling
34Understanding Restores
35Other Backup Policy Considerations
36Command-Line Backup and Restoration Tools
36 Understanding Time Machine as a Server Backup Tool
38 Chapter 3: Administration Tools
38 Server Admin
38Opening and Authenticating in Server Admin
39Server Admin Interface
40Customizing the Server Admin Environment
41Server Assistant
42Server Preferences
42Workgroup Manager
43Workgroup Manager Interface
44Customizing the Workgroup Manager Environment
44Server Monitor
46iCal Service Utility
46iCal Service Utility Interface
47System Image Management
47Media Streaming Management
48Command-Line Tools
48Server Status Widget
48RAID Admin
49Podcast Capture, Composer, and Producer
49Xgrid Admin
50Apple Remote Desktop
51 Chapter 4: Enhancing Security
51About Physical Security
52About Network Security
52Firewalls and Packet Filters
52Network DMZ
53VLANs
53MAC Filtering
54Transport Encryption
54Payload Encryption
55About File Security
55File and Folder Permissions
55About File Encryption
56Secure Delete
56 About Authentication and Authorization
4 |
Contents |
|
|
58Single Sign-On
59About Certificates, SSL, and Public Key Infrastructure
59Public and Private Keys
60Certificates
60About Certificate Authorities (CAs)
61About Identities
61About Self-Signed Certificates
61About Intermediate Trust
62Certificate Manager in Server Admin
64Readying Certificates
65Creating a Self-Signed Certificate
65Requesting a Certificate from a Certificate Authority
66Creating a Certificate Authority
68Using a CA to Create a Certificate for Someone Else
68Importing a Certificate Identity
69Managing Certificates
69Editing a Certificate
70Distributing a CA Public Certificate to Clients
70Deleting a Certificate
71Renewing an Expiring Certificate
71Replacing an Existing Certificate
71Using Certificates
72SSH and SSH Keys
72Key-Based SSH Login
72Generating a Key Pair for SSH
74Administration Level Security
74Setting Administration Level Privileges
75Service Level Security
75Setting SACL Permissions
76Security Best Practices
77Password Guidelines
78Creating Complex Passwords
79 Chapter 5: Installation and Deployment
79 Installation Overview
81 System Requirements for Installing Mac OS X Server
81Hardware-Specific Instructions for Installing Mac OS X Server
81Gathering the Information You Need
82Setting Up Network Services
82Connecting to the Directory During Installation
82SSH During Installation
82About the Server Install Disc
83Preparing an Administrator Computer
Contents |
5 |
|
|
84About Starting Up for Installation
84Before Starting Up
85Starting Up from the Install DVD
85 Starting Up from an Alternate Partition
88 Remotely Accessing the Install DVD
90About Server Serial Numbers for Default Installation Passwords
90Identifying Remote Servers When Installing Mac OS X Server
91Starting Up from a NetBoot Environment
92Preparing Disks for Installing Mac OS X Server
93Choosing a File System
99Installing Server Software Interactively
100Installing Locally from the Installation Disc
101Installing Remotely with Server Assistant
102Installing Remotely with Screen Sharing and VNC
103Changing a Remote Computer’s Startup Disk
104Using the installer Command-Line Tool to Install Server Software
106Installing Multiple Servers
107Upgrading a Computer from Mac OS X to Mac OS X Server
107How to Keep Current
108 Chapter 6: Initial Server Setup
108 Information You Need
108Postponing Server Setup Following Installation
109Connecting to the Network During Initial Server Setup
109Configuring Servers with Multiple Ethernet Ports
109About Settings Established During Initial Server Setup
110Specifying Initial Open Directory Usage
111Not Changing Directory Usage When Upgrading
112Setting Up a Server as a Standalone Server
112Binding a Server to Multiple Directory Servers
113Setting up Servers Interactively
115Using Automatic Server Setup
116Creating and Saving Setup Data
118 Using Encryption with Setup Data Files
118How a Server Searches for Saved Setup Data Files
119Setting Up Servers Automatically Using Data Saved in a File
120Setting a Mac OS X Server Serial Number from the Command Line
121Handling Setup Errors
122Setting Up Services
122Adding Services to the Server View
123Setting Up Open Directory
123 Setting Up User Management
123 Setting Up All Other Services
6 |
Contents |
|
|
124 Chapter 7: Ongoing System Management
124Computers You Can Use to Administer a Server
124Setting Up an Administrator Computer
125Using a Non-Mac OS X Computer for Administration
126Using the Administration Tools
126Working with Pre-v10.6 Computers from v10.6 Servers
127Ports Used for Administration
127Ports Open By Default
128Server Admin Basics
128Adding and Removing Servers in Server Admin
129Grouping Servers Manually
129Grouping Servers Using Smart Groups
130Working with Settings for a Specific Server
132Understanding Changes to the Server IP Address or Network Identity
133Understanding Mac OS X Server Names
133 Understanding IP Address or Network Identity Changes on Infrastructure Services
136Understanding IP Address or Network Identity Changes on Web and Wiki Services
137Understanding IP Address or Network Identity Changes on File Services
138Understanding IP Address or Network Identity Changes on Mail Services
139Understanding IP Address or Network Identity Changes on Collaboration Services
141Understanding IP Address or Network Identity Changes on Podcast Producer
142Understanding IP Address or Network Identity Changes on Other Services
144Changing the IP Address of a Server
144Changing the Server’s DNS Name After Setup
144Changing the Server’s Computer Name and the Local Hostname
145Administering Services
146Adding and Removing Services in Server Admin
146Importing and Exporting Service Settings
147Controlling Access to Services
148Using SSL for Remote Server Administration
148Managing Sharing
149Tiered Administration Permissions
150Defining Administrative Permissions
150Workgroup Manager Basics
151Opening and Authenticating in Workgroup Manager
151Administering Accounts
151Working with Users and Groups
153Defining Managed Preferences
154Working with Directory Data
154Customizing the Workgroup Manager Environment
155Service Configuration Assistants
155Critical Configuration and Data Files
159Improving Service Availability
Contents |
7 |
|
|
159Eliminating Single Points of Failure
160Using Xserve for High Availability
161Using Backup Power
161Setting Up Your Server for Automatic Restart
162Ensuring Proper Operational Conditions
162Providing Open Directory Replication
163Link Aggregation
164About the Link Aggregation Control Protocol (LACP)
164Link Aggregation Scenarios
166Setting Up Link Aggregation in Mac OS X Server
167Monitoring Link Aggregation Status
168Load Balancing
169Daemon Overview
169Viewing Running Daemons
169Using launchd for Daemon Control
171 Chapter 8: Monitoring Your System
171Planning a Monitoring Policy
171Planning Monitoring Response
172Using with Server Status Widget
172Using Server Monitor
173Using RAID Admin for Server Monitoring
173Using Console for Server Monitoring
173Using Disk Monitoring Tools
174Using Network Monitoring Tools
175Using Server Status Notification in Server Admin
175Monitoring Server Status Overviews Using Server Admin
176Using Remote Kernel Core Dumps
178Setting Up a Core Dump Server
179Setting Up a Core Dump Client
180Configuring Common Core Dump Options
180About Simple Network Management Protocol (SNMP)
181Enabling SNMP reporting
181 Configuring snmpd
183 Additional Information about SNMP
183 Tools to Use with SNMP
183 About Notification and Event Monitoring Daemons
185 Logging
185Syslog
186Directory Service Debug Logging
186Open Directory Logging
187AFP Logging
187 Additional Monitoring Aids
8 |
Contents |
|
|
188 Chapter 9: Push Notification Server
188About Push Notification Server
189Starting and Stopping Push Notification
190Changing a Service’s Push Notification Server
191Index
Contents |
9 |
|
|
10 |
Contents |
|
|
About This Guide
Preface
This guide provides a starting point for administering Mac OS X Server v10.6 using its advanced administration
tools. It contains information about planning, practices, tools, installation, deployment, and more by using Server Admin.
Advanced Server Administration is not the only guide you need when administering advanced mode server, but it gives you a basic overview of planning, installing, and maintaining Mac OS X Server using Server Admin.
This guide includes the following chapters:
ÂÂ Chapter 1,“System Overview and Supported Standards,” provides an overview of Mac OS X Server systems and standards.
ÂÂ Chapter 2,“Planning Server Usage,” gives you advice for planning Mac OS X Server
|
deployment. |
ÂÂ Chapter 3,“Administration Tools,” is a reference guide for the tools used to |
|
|
administer servers. |
ÂÂ |
Chapter 4,“Enhancing Security,” is a brief guide to security policies and practices. |
ÂÂ |
Chapter 5,“Installation and Deployment,” is an installation guide for Mac OS X Server. |
ÂÂ Chapter 6,“Initial Server Setup,” provides a guide to setting up your server after installation.
ÂÂ Chapter 7,“Ongoing System Management,” explains how to work with Mac OS X Server and services.
ÂÂ Chapter 8,“Monitoring Your System,” shows you how to monitor and log into Mac OS X Server.
Note: Because Apple periodically releases new versions and updates to its software, images shown in this book may be different from what you see on your screen.
11
You can get task instructions onscreen in Help Viewer while you’re managing
Mac OS X Server v10.6. You can view help on a server or an administrator computer. (An administrator computer is a Mac OS X computer with Mac OS X Server v10.6 administration software installed on it.)
To get the most recent onscreen help for Mac OS X Server v10.6: mm Open Server Admin or Workgroup Manager and then:
ÂÂ Use the Help menu to search for a task you want to perform.
ÂÂ Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse and search the help topics.
The onscreen help contains instructions taken from Advanced Server Administration and other advanced administration guides described later.
To see the most recent server help topics:
mm Make sure the server or administrator computer is connected to the Internet while you’re getting help.
Help Viewer automatically retrieves and caches the most recent server help topics from the Internet. When not connected to the Internet, Help Viewer displays cached help topics.
12 |
Preface About This Guide |
|
|
Mac OS X v10.6 has a suite of guides which can cover management of individual services. Each service may be dependent on other services for maximum utility.
The road map below shows some related documentation that you may need to fully configure your desired service to your specifications.You can get these guides in
PDF format from the Mac OS X Server documentation website:
www.apple.com/server/resources/
Getting Started
Covers basic installation, setup, and management using Server Preferences instead of Server Admin.
Recommended for novice administrators.
Server
Preferences Help
Provides onscreen instructions and answers when you’re using Server Preferences to manage servers.
Information |
Advanced Server |
|
Administration |
||
Technologies |
Describes using Server |
|
Dictionary |
||
Admin to install, configure, |
||
Provides onscreen |
||
and administer server |
||
definitions of |
software and services. |
|
server terminology. |
Includes best practices and |
|
|
advice for system planning, |
|
|
security, backing up, |
|
|
and monitoring. |
|
Introduction to |
|
|
Command-Line |
|
|
Administration |
|
|
Explains how to use |
|
|
UNIX shell commands to |
|
|
configure and manage |
|
|
servers and services. |
|
Server
Administration Guides
Each guide covers using Server Admin and command-line tools to configure advanced settings for a particular service.
Server Admin Help
Provides onscreen instructions and answers when you’re using Server Admin to manage servers. Also contains the latest documentation updates.
Preface About This Guide |
13 |
|
|
While reading the PDF version of a guide onscreen:
ÂÂ Show bookmarks to see the guide’s outline, and click a bookmark to jump to the corresponding section.
ÂÂ Search for a word or phrase to see a list of places where it appears in the document. Click a listed place to see the page where it occurs.
ÂÂ Click a cross-reference to jump to the referenced section. Click a web link to visit the website in your browser.
If you want to print a guide, you can take these steps to save paper and ink: ÂÂ Save ink or toner by not printing the cover page.
ÂÂ Save color ink on a color printer by looking in the panes of the Print dialog for an option to print in grays or black and white.
ÂÂ Reduce the bulk of the printed document and save paper by printing more than one page per sheet of paper. In the Print dialog, change Scale to 115% (155%
for Getting Started). Then choose Layout from the untitled pop-up menu. If your printer supports two-sided (duplex) printing, select one of the Two-Sided options. Otherwise, choose 2 from the Pages per Sheet pop-up menu, and optionally choose Single Hairline from the Border menu. (If you’re using Mac OS X v10.4 or earlier, the Scale setting is in the Page Setup dialog and the Layout settings are in the Print dialog.)
You may want to enlarge the printed pages even if you don’t print double sided, because the PDF page size is smaller than standard printer paper. In the Print dialog or Page Setup dialog, try changing Scale to 115% (155% for Getting Started, which has CD-size pages).
14 |
Preface About This Guide |
|
|
Periodically, Apple posts revised help pages and new editions of guides. Some revised help pages update the latest editions of the guides.
ÂÂ To view new onscreen help topics for a server application, make sure your server or administrator computer is connected to the Internet and click “Latest help topics” or “Staying current” in the main help page for the application.
ÂÂ To download the latest guides in PDF format, go to the Mac OS X Server documentation website:
www.apple.com/server/resources/
ÂÂ An RSS feed listing the latest updates to Mac OS X Server documentation and onscreen help is available. To view the feed use an RSS reader application, such as Safari or Mail:
feed://helposx.apple.com/rss/snowleopard/serverdocupdates.xml
For more information, consult these resources:
ÂÂ Read Me documents—get important updates and special information. Look for them on the server discs.
ÂÂ Mac OS X Server website (www.apple.com/server/macosx/)—enter the gateway to extensive product and technology information.
ÂÂ Mac OS X Server Support website (www.apple.com/support/macosxserver/)—access hundreds of articles from Apple’s support organization.
ÂÂ Apple Discussions website (discussions.apple.com/)—share questions, knowledge, and advice with other administrators.
ÂÂ Apple Mailing Lists website (www.lists.apple.com/)—subscribe to mailing lists so you can communicate with other administrators using email.
ÂÂ AppleTrainingandCertificationwebsite (www.apple.com/training/)—hone your server administration skills with instructor-led or self-paced training, and differentiate yourself with certification.
Preface About This Guide |
15 |
|
|
System Overview and Supported |
1 |
Standards |
Mac OS X Server gives you everything you need to provide standards-based workgroup and Internet services — delivering a world-class UNIX server solution that’s easy to deploy and easy to manage.
This chapter contains information to make decisions about where and how you deploy
Mac OS X Server. It contains general information about configuration options, standard protocols used, its UNIX roots, and network and firewall configurations necessary for
Mac OS X Server administration.
The Macintosh desktop computer or server onto which you install Mac OS X Server v10.6 must have:
ÂÂ An Intel processor
ÂÂ At least 2 gigabytes (GB) of random access memory (RAM) ÂÂ At least 10 gigabytes (GB) of available disk space
ÂÂ A new serial number for Mac OS X Server v10.6
The serial number used with any previous version of Mac OS X Server will not allow registration for v10.6.
A built-in DVD drive is convenient but not required.
A display and keyboard are optional. You can install server software on a computer that has no display and keyboard by using an administrator computer. For more information, see “Setting Up an Administrator Computer” on page 124.
If you’re using an installation disc for Mac OS X Server v10.6, you can control installation from another computer using VNC viewer software. Open-source VNC viewer software is available. Apple Remote Desktop, described on “Apple Remote Desktop” (page 50), includes VNC viewer capability.
16
Mac OS X Server v10.6 offers major enhancements in several key areas:
ÂÂ Address Book Server
Mac OS X Server v10.6 introduces the first open standards-based Address Book Server Based on the emerging CardDAV specification, which uses WebDAV to exchange vCards, sharing contacts across multiple computers.
ÂÂ Remote Access
Mac OS X Server v10.6 delivers push notifications to users outside your firewall, and a proxy service gives them secure remote access to email, address book contacts, calendars, and specified internal websites.
ÂÂ Collaboration services improvements
Mac OS X Server v10.6 augments collaboration features with wiki and blog templates optimized for viewing on iPhone; provides content searching across multiple wikis; and enables attachment viewing in Quick Look. It also introduces My Page, which gives users one convenient place to access web applications, receive notifications, and view activity streams across wikis.
ÂÂ iCal Server 2
Mac OS X Server v10.6 has a new iCal Server which includes shared calendars, push notifications, the ability to send email invitations to non-iCal Server users, and a browser-based application for using calendars with many supported browsers.
ÂÂ Podcast Producer 2
Mac OS X Server v10.6 has a new Podcast Producer which features an intuitive new workflow editor, support for dual-video source capture, and Podcast Library, which lets you host locally stored podcasts and make them available for subscription by category via Atom web feeds.
ÂÂ Mail Server improvements
Mac OS X Server v10.6 mail service increases its performance and scalability using a new engine designed to handle thousands of simultaneous connections. Mail services have been enhanced to include server-side email rules and vacation messages.
ÂÂ Multicore optimizations
Mac OS X Server v10.6 supports “Grand Central,” a new set of built-in technologies that makes all of Mac OS X Server multicore aware and optimizes it for allocating tasks across multiple cores and processors.
ÂÂ 64-bit support
Mac OS X Server v10.6 use 64-bit kernel technology to support up to 16 TB of memory.
Chapter 1 System Overview and Supported Standards |
17 |
|
|
ÂÂ OpenCL support
Mac OS X Server v10.6 supports OpenCL and makes it possible for developers to use the GPU for general computational tasks.
Included with Mac OS X Server v10.6 is Server Admin, Apple’s powerful, flexible, fullfeatured server administration tool. Server Admin is reinforced with improvements in standards support and reliability. Server Admin also delivers a number of enhancements:
ÂÂ Newly refined, streamlined, and integrated Server Assistant
ÂÂ Smoother interaction with Server Preferences settings ÂÂ Improved user interface
You can configure and manage Mac OS X Server using two configuration
methods: Server Preferences, or the advanced configuration tool suite, which includes
Server Admin and its command-line utilities.
Servers administered using the advanced tool suite are the most flexible and require the most skill to administer. Servers administered by Server Preferences have fewer configuration options, but most configuration details are set by Server Preferences, without additional skill or labor. You can customize your server for a variety of purposes using either method.
Using Server Admin and the rest of the advanced configuration tool suite, the experienced system administrator has complete control of each service’s configuration to accommodate a wide variety of needs. After performing initial setup with Setup Assistant, you use powerful administration applications such as Server Admin and
Workgroup Manager, or command-line tools, to configure advanced settings for services the server must provide.
Using Server Preferences, you can get standard configurations of Mac OS X Server features using automated setup and simplified administration. For more information about using Server Preferences to administer your server, see Getting Started.
You can switch between Server Admin and Server Preferences. The setting changes in one application are reflected in the other’s settings. However, some advanced or custom configurations can’t be inspected or changed in Server Preferences, due to Server Preferences’simplified interface.
18 |
Chapter 1 System Overview and Supported Standards |
|
|
The following table highlights the capabilities of each configuration tool.
Service |
Set in initial server |
Server Preferences |
Server Admin |
|
setup |
|
|
Address book |
Optional |
Yes |
Yes |
|
|
|
|
Backup your data |
No |
No, use command-line |
No, use command-line |
(websites, databases, |
|
tools and third-party |
tools and third-party |
calendar files, etc.) |
|
backup solutions |
backup solutions |
|
|
|
|
Computer account |
No |
Use Workgroup |
Use Workgroup |
and computer group |
|
Manager |
Manager |
management |
|
|
|
|
|
|
|
DHCP, DNS, NAT |
Automatic |
No |
Yes |
|
|
|
|
File sharing (AFP and |
Optional |
Yes |
Yes |
SMB protocols) |
|
|
|
|
|
|
|
File sharing (FTP and |
No |
No |
Yes |
NFS protocols) |
|
|
|
|
|
|
|
Firewall (application |
Automatic |
Use System Preferences |
Use System Preferences |
firewall) |
|
|
|
|
|
|
|
Firewall (IP firewall) |
Automatic |
Yes |
Yes |
|
|
|
|
Gateway (NAT, DNS, |
Optional |
No |
Yes |
DHCP) |
|
|
|
|
|
|
|
iCal (calendar sharing, |
Optional |
Yes |
Yes |
event scheduling) |
|
|
|
|
|
|
|
iChat (instant |
Optional |
Yes |
Yes |
messaging) |
|
|
|
|
|
|
|
Mail with spam and |
Optional |
Yes |
Yes |
virus filtering |
|
|
|
|
|
|
|
Mobile access |
No |
No |
Yes |
|
|
|
|
MySQL |
No |
No |
Yes |
|
|
|
|
NetBoot and NetInstall |
No |
No |
Yes |
(system imaging) |
|
|
|
|
|
|
|
Network time |
Automatic |
No |
Yes |
|
|
|
|
Network management |
No |
No |
Yes |
(SNMP) |
|
|
|
|
|
|
|
NFS |
No |
No |
Yes |
|
|
|
|
Chapter 1 System Overview and Supported Standards |
19 |
|
|
Service |
Set in initial server |
Server Preferences |
Server Admin |
|
setup |
|
|
Open Directory master |
Optional |
Optional |
Yes |
(user accounts and |
|
|
|
other data) |
|
|
|
|
|
|
|
Podcast Producer |
No |
No |
Yes |
|
|
|
|
Policies and managed |
No |
Use Workgroup |
Use Workgroup |
preferences |
|
Manager |
Manager |
|
|
|
|
No |
No |
Yes |
|
|
|
|
|
Push notification |
Automatic |
Automatic |
Yes |
|
|
|
|
QuickTime Streaming |
No |
No |
Yes |
|
|
|
|
RADIUS |
No |
No |
Yes |
|
|
|
|
Remote login (SSH) |
Optional |
Use System Preferences |
Yes |
|
|
|
|
Software update |
No |
No |
Yes |
|
|
|
|
Time Machine backup |
Optional |
Yes |
Yes |
of client Macs |
|
|
|
|
|
|
|
Time Machine backup |
No |
Use System Preferences |
Use System Preferences |
of server |
|
|
|
|
|
|
|
User and Group |
Optional |
Yes |
Yes |
creation |
|
|
|
|
|
|
|
VPN (secure remote |
No |
Yes |
Yes |
access) |
|
|
|
|
|
|
|
Web (wikis, blogs, |
Optional |
Yes |
Yes |
webmail) |
|
|
|
|
|
|
|
Xgrid (computational |
No |
No |
Yes, and also use Xgrid |
clustering) |
|
|
Admin |
|
|
|
|
Xserve diagnostics |
No |
Use Server Monitor |
Use Server Monitor |
|
|
|
|
Mac OS X Server provides standards-based workgroup and Internet services. Instead of developing proprietary server technologies, Apple has built on the best open source projects: Samba 3, OpenLDAP, Kerberos, Dovecot, Apache, Jabber, SpamAssassin, and more. Mac OS X Server integrates these robust technologies and enhances them with a unified, consistent management interface.
Because it is built on open standards, Mac OS X Server is compatible with existing network and computing infrastructures. It uses native protocols to deliver directory services, file and printer sharing, and secure network access to Mac,Windows, and
Linux clients.
20 |
Chapter 1 System Overview and Supported Standards |
|
|
A standards-based directory services architecture offers centralized management of network resources using any LDAP server–even proprietary servers such as Microsoft Active Directory. The open source UNIX foundation makes it easy to port and deploy existing tools to Mac OS X Server.
The following standards-based technologies power Mac OS X Server:
ÂÂ Kerberos: Mac OS X Server integrates an authentication authority based on MIT’s Kerberos technology (RFC 1964) to provide users with single sign-on access to secure network resources.
Using strong Kerberos authentication, single sign-on maximizes the security of network resources while providing users with easier access to a broad range of Kerberos-enabled network services.
For services that have not yet been Kerberized, the integrated SASL service negotiates the strongest possible authentication protocol.
ÂÂ OpenLDAP: Mac OS X Server includes a robust LDAP directory server and a secure Kerberos password server to provide directory and authentication services to Mac, Windows, and Linux clients.
Apple has built the Open Directory server around OpenLDAP, the most widely deployed open source LDAP server, so it can deliver directory services for both Mac-only and mixed-platform environments.
LDAP provides a common language for directory access, enabling administrators to consolidate information from different platforms and define one namespace for all network resources. This means there is a single directory for all Mac, Windows, and Linux systems on the network.
ÂÂ RADIUS: Remote Authentication Dial-In User Service (RADIUS) is an authentication, authorization, and accounting protocol used by the 802.1x security standard for controlling network access by clients in mobile or fixed configurations. Mac OS X
Server uses RADIUS to integrate with AirPort Base Stations serving as a central MAC address filter database. By configuring RADIUS and Open Directory, you can control who has access to your wireless network.
Mac OS X Server uses the FreeRADIUS Server Project. FreeRADIUS supports the requirements of a RADIUS server, shipping with support for LDAP, MySQL,
PostgreSQL, Oracle databases, EAP, EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP subtypes. Mac OS X Server supports proxying, with failover and load balancing.
ÂÂ Mail Service: Mac OS X Server uses robust technologies from the open source community to deliver comprehensive, easy-to-use mail server solutions. Full support for Internet mail protocols—Internet Message Access Protocol (IMAP), Post Office
Protocol (POP), and Simple Mail Transfer Protocol (SMTP)—ensures compatibility with standards-based mail clients on Mac, Windows, and Linux systems.
Chapter 1 System Overview and Supported Standards |
21 |
|
|
ÂÂ Web Technologies: Mac OS X Server is a complete AMP stack (a bundle of integrated Apache-MySQL-PHP/Perl/Python software). Mac OS X Server web technologies are based on the open source Apache web server, the most widely used HTTP server on the Internet.
With performance optimized for Mac OS X Server, Apache provides fast, reliable web hosting and an extensible architecture for delivering dynamic content and sophisticated web services. Because web service in Mac OS X Server is based on Apache, you can add advanced features with plug-in modules.
Mac OS X Server includes everything professional web masters need to deploy sophisticated web services: integrated tools for collaborative publishing, inline scripting, Apache modules, custom CGIs, and JavaServer Pages and Java Servlets. Database-driven sites can be linked to the included MySQL database. ODBC and JDBC connectivity to other database solutions is also supported.
Web service also includes support for Web-based Distributed Authoring and Versioning, known as WebDAV.
ÂÂ File Services: You can configure Mac OS X Server file services to allow clients to access shared files, applications, and other resources over a network. Mac OS X
Server supports most major service protocols for maximum compatibility, including:
ÂÂ Apple Filing Protocol (AFP), to share resources with clients who use Macintosh computers.
ÂÂ Server Message Block (SMB), a protocol to share resources with clients who use Windows computers. This protocol is provided by the Samba open source project.
ÂÂ Network File System (NFS), to share files and folders with UNIX clients.
ÂÂ File Transfer Protocol (FTP), to share files with anyone using FTP client software.
ÂÂ IPv6 (RFC 2460): IPv6 is the Internet’s next-generation protocol designed to replace the current Internet Protocol, IPv4 (or IP).
IPv6 improves routing and network autoconfiguration. It increases the number of network addresses to over 3 x1038, and eliminates the need for NAT-provided addressing. IPv6 is expected to gradually replace IPv4 over a number of years, with the two coexisting during the transition.
Mac OS X Server’s network services are fully IPv6 capable and ready to transition to the next generation addressing as well as being fully able to operate with IPv4.
ÂÂ SNMP: Simple Network Management Protocol (SNMP) is used to monitor networkattached devices’ operational status. It is a set of IETF-designed standards for network management, including an Application Layer protocol, a database schema, and a set of data objects.
Mac OS X Server uses the open source net-snmp suite to provide SNMPv3 (RFCs 3411-3418) service.
22 |
Chapter 1 System Overview and Supported Standards |
|
|
ÂÂ XMPP: Extensible Messaging and Presence Protocol (XMPP) is an open XML-based messaging protocol used for messaging and presence information. XMPP serves as the basis for Mac OS X Server’s Push Notification service, as well as iChat Server, and all publish and subscribe functions for the server.
Mac OS X Server has a UNIX foundation built around the Mach microkernel and the latest advances from the Berkeley Software Distribution (BSD) open source community. This foundation provides Mac OS X Server with a stable, high-performance, 64-bit computing platform for deploying server-based applications and services.
Mac OS X Server is built on an open source operating system called Darwin, which is part of the BSD family of UNIX-like systems. BSD is a family of UNIX variants descended from Berkeley’s version of UNIX. Also, Mac OS X Server incorporates more than
100 open source projects in addition to proprietary enhancements and extended functionality created by Apple.
The BSD portion of the Mac OS X kernel is derived primarily from FreeBSD, a version of 4.4BSD that offers advanced networking, performance, security, and compatibility features.
In general, BSD variants are derived (sometimes indirectly) from 4.4BSD-Lite Release 2 from the Computer Systems Research Group (CSRG) at the University of California at Berkeley.
Although the BSD portion of Mac OS X is primarily derived from FreeBSD, some changes have been made.To find out more about the low-level changes made, see Apple’s Developer documentation for Darwin.
Chapter 1 System Overview and Supported Standards |
23 |
|
|
Planning Server Usage |
2 |
|
|
|
|
Before installing and setting up Mac OS X Server do a little planning and become familiar with your options.
The major goals of the planning phase are to make sure that:
ÂÂ Server user and administrator needs are addressed by the servers you deploy
ÂÂ Server and service prerequisites that affect installation and initial setup are identified
Installation planning is especially important if you’re integrating Mac OS X Server into an existing network, migrating from earlier versions of Mac OS X Server, or preparing to set up multiple servers. But even single-server environments can benefit from a brief assessment of the needs you want a server to address.
Use this chapter to stimulate your thinking. It doesn’t present a rigorous planning guide, nor does it provide the details you need to determine whether to implement a particular service and assess its resource requirements. Instead, view this chapter as an opportunity to think about how to maximize the benefits of Mac OS X Server in your environment.
Planning, like design, isn’t necessarily a linear process. The sections in this chapter don’t require you to follow a mandatory sequence. Different sections in this chapter present suggestions that could be implemented simultaneously or iteratively.
During the planning stage, determine how you want to use Mac OS X Server and identify whether there’s anything you need to accomplish before setting it up.
For example, you might want to convert an existing server to v10.6 and continue hosting directory, file, and mail services for clients on your network.
Before you install server software, you might need to prepare data to migrate to your new server, and perhaps consider whether it’s a good time to implement a different directory services solution.
24
During the planning stage, you’ll also decide which installation and server setup options best suit your needs. For example, Getting Started contains an example that illustrates server installation and initial setup in a small business scenario with the server in using Server Preferences.
If you’re using a previous version of Mac OS X Server and you want to reuse data and settings, you can upgrade or migrate to v10.6.
You can upgrade to Mac OS X Server v10.6 if you’re using the latest update of
Mac OS X Server v10.5 Leopard or Mac OS X Server v10.4.11 on Mac OS X servers with Intel processors.
Upgrading is simple because it preserves existing settings and data. You can perform an upgrade using any of the installation methods described in this chapter or the advanced methods described in this guide.
If you can’t perform an upgrade, for example when you need to reformat the startup disk or replace your server hardware, you can migrate data and settings to a computer that you’ve installed Mac OS X Server v10.6 on.
Migration is supported from the latest update of Mac OS X Server v10.5 Leopard or Mac OS X Server v10.4.11 Tiger. For complete information about migrating data and settings to a different Mac or Xserve, see the onscreen help or Mac OS X Server
Resources website at www.apple.com/server/macosx/resources/.
Involve individuals in the installation planning process who represent various points of view, and who can help answer the following questions:
ÂÂ What day-to-day user requirements must a server meet? What activities do server users and workgroups depend on the server for?
If the server is used in a classroom, make sure the instructor who manages its services and administers it daily provides input.
ÂÂ What user management requirements must be met? Will user computers be diskless and need to be started up using NetBoot? Will Macintosh client management and network home folders be required?
Individuals with server administration experience should work with server users who might not have a technical background, so they’ll understand how specific services might benefit them.
ÂÂ What existing non-Apple services, such as Active Directory, must the server integrate with?
Chapter 2 Planning Server Usage |
25 |
|
|
If you’ve been planning to replace a Windows NT computer, consider using Mac OS X Server with its extensive built-in support for Windows clients. Make
sure that administrators familiar with these other systems are part of the planning process.
ÂÂ What are the characteristics of the network into which the server will be installed? Do you need to upgrade power supplies, switches, or other network components? Is it time to streamline the layout of facilities that house your servers?
An individual with systems and networking knowledge can help with these details as well as completing the Installation & Setup Worksheet on the Mac OS X Server Install Disc or Administration Tools CD.
Conduct a server inventory:
ÂÂ How many servers do you have? ÂÂ How are they used?
ÂÂ How can you streamline the use of servers you want to keep?
ÂÂ Do existing servers need to be retired? Which servers can Mac OS X Server replace? ÂÂ Which non-Apple servers will Mac OS X Server need to be integrated with? Why?
ÂÂ Do you have Mac OS X Server computers that need to be upgraded to version 10.6? ÂÂ How many new Mac OS X Server computers will you need to set up?
Identify which services you want to host on each Mac OS X Server and non-Apple server you decide to use.
Distributing services among servers requires an understanding of users and services. Here are a few examples of how service options and hardware and software requirements can influence what you put on servers:
ÂÂ Directory services implementations can range from using directories and Kerberos authentication hosted by non-Apple servers to setting up Open Directory directories on servers distributed throughout the world.
Directory services require thoughtful analysis and planning.
The additional information at Mac OS X Server Resources website
at www.apple.com/server/macosx/resources/ can help you understand the options and opportunities.
26 |
Chapter 2 Planning Server Usage |
|
|
ÂÂ Home folders for network users can be consolidated onto one server or distributed among various servers. Although you can move home folders, you might need
to change a large number of user and share point records, so devise a strategy that will persist for a reasonable amount of time. For information about home folders, see Mac OS X Server help or Mac OS X Server Resources website at www.apple.com/server/macosx/resources/.
ÂÂ Some services offer ways to control the amount of disk space used by individual users. For example, you can set up home folder and mail quotas for users. Consider whether using quotas will offer a way to maximize the disk usage on a server that stores home folders and mail databases. The additional information at
Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ describes home folder and user mail quotas, and service-wide mail quotas.
ÂÂ Disk space requirements are also affected by the type of files a server hosts.
Creative environments need high-capacity storage to accommodate large media files, but elementary school classrooms have more modest file storage needs. The additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ describe file sharing.
ÂÂ If you’re setting up a streaming media server, allocate enough disk space to accommodate a specific number of hours of streamed video or audio. For hardware and software requirements and for a setup example, see additional information in online help or at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .
ÂÂ The number of NetBoot client computers you can connect to a server depends on the server’s Ethernet connections, the number of users, the amount of available RAM and disk space, and other factors. DHCP service needs to be available to the clients and can be provided by a different server than the NetBoot server. For
NetBoot capacity planning guidelines, see additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .
ÂÂ Mac OS X Server offers extensive support for Windows users.You can consolidate
Windows user support on servers that provide PDC services, or you can distribute services for Windows users among different servers.
ÂÂ If you want to use software RAID to stripe or mirror disks, you’ll need two or more drives (but not FireWire drives) on a server. For more information, see online Disk Utility Help.
Before finalizing decisions about which servers will host specific services, familiarize yourself with information in the administration guides for the services you want to deploy.
Chapter 2 Planning Server Usage |
27 |
|
|
If you’re using Mac OS X Server v10.4–10.5 or a Windows-based server, examine the opportunities for moving data and settings to Mac OS X Server v10.6.
If you’re using computers with Mac OS X Server v10.4 or v10.5, consider upgrading or migrating them to Mac OS X Server v10.6.
If you’re using Mac OS X Server v10.5 or v10.4 and you don’t need to move to Intelprocessor based hardware, you can perform an upgrade installation. Upgrading is simple because it preserves your existing settings and data.
When you can’t use the upgrade approach, you can migrate data and settings. You’ll need to migrate, not upgrade, when:
ÂÂ A version 10.4 or 10.5 server’s hard disk needs reformatting or the server doesn’t meet the minimum Mac OS X Server v10.6 system requirements. For more information,“System Requirements for Installing Mac OS X Server v10.6” on page 16.
ÂÂ You want to move data and settings you’ve been using on a v10.4 or 10.5 server to different server hardware.
Migration is supported from the latest versions of Mac OS X Server v10.5 and v10.4.
When you migrate, you install and set up Mac OS X Server v10.6, then restore files onto it from the earlier server, and then make manual adjustments as required.
For complete information, read the additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .
Mac OS X Server v10.6 can provide a variety of services to users of Microsoft Windows computers. By providing these services, Mac OS X Server v10.6 can replace Windows servers in small workgroups.
For information about migrating users, groups, files, and more from a Windowsbased server to Mac OS X Server, see the additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .
Integrating Mac OS X Server into a heterogeneous environment has two aspects:
ÂÂ Configuring Mac OS X Server to take advantage of existing services ÂÂ Configuring non-Apple computers to use Mac OS X Server
28 |
Chapter 2 Planning Server Usage |
|
|
The first aspect primarily involves directory services integration. Identify which
Mac OS X Server computers will use existing directories (such as Active Directory, LDAPv3, and NIS directories) and existing authentication setups (such as Kerberos).
For options and instructions, see the additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ . Integration can be as easy as enabling a Directory Utility option, or it might involve adjusting existing services and Mac OS X Server settings.
The second aspect is largely a matter of determining the support you want
Mac OS X Server to provide to non-Apple computer users. The additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ tell you what’s available.
Determine whether you need to make site or network topology adjustments before installing and setting up servers.
ÂÂ Who will administer the server, and what kind of server access will administrators need?
Classroom servers might need to be conveniently accessible for instructors, while servers that host network-wide directory information should be secured with restricted physical access in a district office building or centralized computer facility.
Because Mac OS X Server administration tools offer complete remote server administration support, there are few times when an administrator should need physical access to a server.
ÂÂ Are there air conditioning or power requirements that must be met? For this kind of information, see the documentation that comes with server hardware.
ÂÂ Are you considering upgrading elements such as cables, switches, and power supplies? Now may be a good time to do it.
ÂÂ Have you configured your TCP/IP network and subnets to support the services and servers you want to deploy?
ÂÂ Are you considering moving your servers to different IP addresses or hostnames?
Now may be a good time to do it.
The server setup infrastructure consists of the services and servers you set up in advance because other services or servers depend on them.
Chapter 2 Planning Server Usage |
29 |
|
|
For example, if you use Mac OS X Server to provide DHCP, network time, or BootP services to other servers, you should set up the servers that provide these services and initiate the services before you set up servers that depend on those services.
The amount of setup infrastructure you require depends on the complexity of your site and what you want to accomplish. In general, DHCP, DNS, and directory services are recommended or required for medium and large server networks:
ÂÂ The most fundamental infrastructure layer comprises network services like DHCP and DNS.
All services run better if DNS is on the network, and many services require DNS to work properly. If you’re not hosting DNS, work with the administrator responsible for the DNS server you’ll use when you set up your servers. DNS requirements for services are published in the service-specific administration guides.
The DHCP setup reflects your physical network topology.
ÂÂ Another crucial infrastructure component is directory services, required for sharing data among services, servers, and user computers.
The most common shared data in a directory is for users and groups, but configuration information such as mount records and other directory data is also shared. A directory services infrastructure is necessary to host cross-platform authentication and when you want services to share the same names and passwords.
Here’s an example of the sequence in which you might set up a server infrastructure that includes DNS, DHCP, and directory services. You can set up the services on the same server or on different servers:
Setting up basic server infrastructure:
1Set up the DNS server, populating the DNS with the host names of the desired servers and services.
2Set up DHCP, configuring it to specify the DNS server address so it can be served to
DHCP clients.
If desired, set up DHCP-managed static IP address for the servers.
3Set up a directory server, including Windows PDC service if required, and populate the directory with data, such as users, groups, and home folder data.
This process can involve importing users and groups, setting up share points, setting up managed preferences, and so forth.
4Configure DHCP to specify the address of the directory server so it can be served to
DHCP clients.
Your specific needs can affect this sequence. For example, to use VPN, NAT, or IP
Firewall services, include their setup with the DNS and DHCP setups.
30 |
Chapter 2 Planning Server Usage |
|
|