Apple SNOW LEOPARD 10.6 User Manual

4.7 (3)
Apple SNOW LEOPARD 10.6 User Manual

Mac OS X Server

Advanced Server Administration

Version 10.6 Snow Leopard

KKApple Inc.

© 2009 Apple Inc. All rights reserved.

The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such

software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services.

Every effort has been made to ensure that the information in this manual is accurate. Apple is not responsible for printing or clerical errors.

Apple

1 Infinite Loop

Cupertino, CA 95014-2084 www.apple.com

The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws.

Apple, the Apple logo, AirPort, AirPort Express, AirPort Extreme, Apple Remote Desktop, AppleScript, Bonjour, the Bonjour logo, iCal, iPod, iPhone, Mac, Macintosh, Mac OS, QuickTime, Safari, Snow Leopard, Tiger,

Time Capsule, Time Machine, Xcode, Xgrid, Xsan,

and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries.

Finder, QuickTime Broadcaster are trademarks of Apple Inc.

This product includes BSD (4.4 Lite) developed by the University of California, Berkeley, FreeBSD, Inc., The NetBSD Foundation, Inc., and their respective contributors.

Intel, Intel Core, and Xeon are trademarks of Intel Corp. in the U.S. and other countries.

OpenSSL is software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

UNIX® is a registered trademark of The Open Group.

X Window System is a trademark of the Massachusetts Institute of Technology.

Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products.

019-1410/2009-08-15

Contents

11 Preface:  About This Guide

11What’s in This Guide

12Using Onscreen Help

13Document Road Map

14Viewing PDF Guides Onscreen

14Printing PDF Guides

15Getting Documentation Updates

15Getting Additional Information

16Chapter 1:   System Overview and Supported Standards

16System Requirements for Installing Mac OS X Server v10.6

17What’s New in Mac OS X Server v10.6

18What’s New in Server Admin

18 Understanding Server Configuration Methods

20 Supported Standards

23Mac OS X Server’s UNIX Heritage

24Chapter 2:   Planning Server Usage

24Determining Your Server Needs

25Determining Whether to Upgrade or Migrate

25Setting Up a Planning Team

26Identifying Servers to Set Up

26 Determining Services to Host on Each Server

28 Defining a Migration Strategy

28Upgrading and Migrating from an Earlier Version of Mac OS X Server

28Migrating from Windows

28Defining an Integration Strategy

29Defining Physical Infrastructure Requirements

29 Defining Server Setup Infrastructure Requirements

31Making Sure Required Server Hardware Is Available

31Minimizing the Need to Relocate Servers After Setup

31Defining Backup and Restore Policies

32Understanding Backup and Restore Policies

3

33Understanding Backup Types

34Understanding Backup Scheduling

34Understanding Restores

35Other Backup Policy Considerations

36Command-Line Backup and Restoration Tools

36 Understanding Time Machine as a Server Backup Tool

38 Chapter 3:   Administration Tools

38 Server Admin

38Opening and Authenticating in Server Admin

39Server Admin Interface

40Customizing the Server Admin Environment

41Server Assistant

42Server Preferences

42Workgroup Manager

43Workgroup Manager Interface

44Customizing the Workgroup Manager Environment

44Server Monitor

46iCal Service Utility

46iCal Service Utility Interface

47System Image Management

47Media Streaming Management

48Command-Line Tools

48Server Status Widget

48RAID Admin

49Podcast Capture, Composer, and Producer

49Xgrid Admin

50Apple Remote Desktop

51 Chapter 4:   Enhancing Security

51About Physical Security

52About Network Security

52Firewalls and Packet Filters

52Network DMZ

53VLANs

53MAC Filtering

54Transport Encryption

54Payload Encryption

55About File Security

55File and Folder Permissions

55About File Encryption

56Secure Delete

56 About Authentication and Authorization

4

Contents

 

 

58Single Sign-On

59About Certificates, SSL, and Public Key Infrastructure

59Public and Private Keys

60Certificates

60About Certificate Authorities (CAs)

61About Identities

61About Self-Signed Certificates

61About Intermediate Trust

62Certificate Manager in Server Admin

64Readying Certificates

65Creating a Self-Signed Certificate

65Requesting a Certificate from a Certificate Authority

66Creating a Certificate Authority

68Using a CA to Create a Certificate for Someone Else

68Importing a Certificate Identity

69Managing Certificates

69Editing a Certificate

70Distributing a CA Public Certificate to Clients

70Deleting a Certificate

71Renewing an Expiring Certificate

71Replacing an Existing Certificate

71Using Certificates

72SSH and SSH Keys

72Key-Based SSH Login

72Generating a Key Pair for SSH

74Administration Level Security

74Setting Administration Level Privileges

75Service Level Security

75Setting SACL Permissions

76Security Best Practices

77Password Guidelines

78Creating Complex Passwords

79 Chapter 5:   Installation and Deployment

79 Installation Overview

81 System Requirements for Installing Mac OS X Server

81Hardware-Specific Instructions for Installing Mac OS X Server

81Gathering the Information You Need

82Setting Up Network Services

82Connecting to the Directory During Installation

82SSH During Installation

82About the Server Install Disc

83Preparing an Administrator Computer

Contents

5

 

 

84About Starting Up for Installation

84Before Starting Up

85Starting Up from the Install DVD

85 Starting Up from an Alternate Partition

88 Remotely Accessing the Install DVD

90About Server Serial Numbers for Default Installation Passwords

90Identifying Remote Servers When Installing Mac OS X Server

91Starting Up from a NetBoot Environment

92Preparing Disks for Installing Mac OS X Server

93Choosing a File System

99Installing Server Software Interactively

100Installing Locally from the Installation Disc

101Installing Remotely with Server Assistant

102Installing Remotely with Screen Sharing and VNC

103Changing a Remote Computer’s Startup Disk

104Using the installer Command-Line Tool to Install Server Software

106Installing Multiple Servers

107Upgrading a Computer from Mac OS X to Mac OS X Server

107How to Keep Current

108 Chapter 6:   Initial Server Setup

108 Information You Need

108Postponing Server Setup Following Installation

109Connecting to the Network During Initial Server Setup

109Configuring Servers with Multiple Ethernet Ports

109About Settings Established During Initial Server Setup

110Specifying Initial Open Directory Usage

111Not Changing Directory Usage When Upgrading

112Setting Up a Server as a Standalone Server

112Binding a Server to Multiple Directory Servers

113Setting up Servers Interactively

115Using Automatic Server Setup

116Creating and Saving Setup Data

118 Using Encryption with Setup Data Files

118How a Server Searches for Saved Setup Data Files

119Setting Up Servers Automatically Using Data Saved in a File

120Setting a Mac OS X Server Serial Number from the Command Line

121Handling Setup Errors

122Setting Up Services

122Adding Services to the Server View

123Setting Up Open Directory

123 Setting Up User Management

123 Setting Up All Other Services

6

Contents

 

 

124 Chapter 7:   Ongoing System Management

124Computers You Can Use to Administer a Server

124Setting Up an Administrator Computer

125Using a Non-Mac OS X Computer for Administration

126Using the Administration Tools

126Working with Pre-v10.6 Computers from v10.6 Servers

127Ports Used for Administration

127Ports Open By Default

128Server Admin Basics

128Adding and Removing Servers in Server Admin

129Grouping Servers Manually

129Grouping Servers Using Smart Groups

130Working with Settings for a Specific Server

132Understanding Changes to the Server IP Address or Network Identity

133Understanding Mac OS X Server Names

133 Understanding IP Address or Network Identity Changes on Infrastructure Services

136Understanding IP Address or Network Identity Changes on Web and Wiki Services

137Understanding IP Address or Network Identity Changes on File Services

138Understanding IP Address or Network Identity Changes on Mail Services

139Understanding IP Address or Network Identity Changes on Collaboration Services

141Understanding IP Address or Network Identity Changes on Podcast Producer

142Understanding IP Address or Network Identity Changes on Other Services

144Changing the IP Address of a Server

144Changing the Server’s DNS Name After Setup

144Changing the Server’s Computer Name and the Local Hostname

145Administering Services

146Adding and Removing Services in Server Admin

146Importing and Exporting Service Settings

147Controlling Access to Services

148Using SSL for Remote Server Administration

148Managing Sharing

149Tiered Administration Permissions

150Defining Administrative Permissions

150Workgroup Manager Basics

151Opening and Authenticating in Workgroup Manager

151Administering Accounts

151Working with Users and Groups

153Defining Managed Preferences

154Working with Directory Data

154Customizing the Workgroup Manager Environment

155Service Configuration Assistants

155Critical Configuration and Data Files

159Improving Service Availability

Contents

7

 

 

159Eliminating Single Points of Failure

160Using Xserve for High Availability

161Using Backup Power

161Setting Up Your Server for Automatic Restart

162Ensuring Proper Operational Conditions

162Providing Open Directory Replication

163Link Aggregation

164About the Link Aggregation Control Protocol (LACP)

164Link Aggregation Scenarios

166Setting Up Link Aggregation in Mac OS X Server

167Monitoring Link Aggregation Status

168Load Balancing

169Daemon Overview

169Viewing Running Daemons

169Using launchd for Daemon Control

171 Chapter 8:   Monitoring Your System

171Planning a Monitoring Policy

171Planning Monitoring Response

172Using with Server Status Widget

172Using Server Monitor

173Using RAID Admin for Server Monitoring

173Using Console for Server Monitoring

173Using Disk Monitoring Tools

174Using Network Monitoring Tools

175Using Server Status Notification in Server Admin

175Monitoring Server Status Overviews Using Server Admin

176Using Remote Kernel Core Dumps

178Setting Up a Core Dump Server

179Setting Up a Core Dump Client

180Configuring Common Core Dump Options

180About Simple Network Management Protocol (SNMP)

181Enabling SNMP reporting

181 Configuring snmpd

183 Additional Information about SNMP

183 Tools to Use with SNMP

183 About Notification and Event Monitoring Daemons

185 Logging

185Syslog

186Directory Service Debug Logging

186Open Directory Logging

187AFP Logging

187 Additional Monitoring Aids

8

Contents

 

 

188 Chapter 9:   Push Notification Server

188About Push Notification Server

189Starting and Stopping Push Notification

190Changing a Service’s Push Notification Server

191Index

Contents

9

 

 

10

Contents

 

 

About This Guide

Preface

This guide provides a starting point for administering Mac OS X Server v10.6 using its advanced administration

tools. It contains information about planning, practices, tools, installation, deployment, and more by using Server Admin.

Advanced Server Administration is not the only guide you need when administering advanced mode server, but it gives you a basic overview of planning, installing, and maintaining Mac OS X Server using Server Admin.

What’s in This Guide

This guide includes the following chapters:

ÂÂ Chapter 1,“System Overview and Supported Standards,” provides an overview of Mac OS X Server systems and standards.

ÂÂ Chapter 2,“Planning Server Usage,” gives you advice for planning Mac OS X Server

 

deployment.

ÂÂ Chapter 3,“Administration Tools,” is a reference guide for the tools used to

 

administer servers.

ÂÂ

Chapter 4,“Enhancing Security,” is a brief guide to security policies and practices.

ÂÂ

Chapter 5,“Installation and Deployment,” is an installation guide for Mac OS X Server.

ÂÂ Chapter 6,“Initial Server Setup,” provides a guide to setting up your server after installation.

ÂÂ Chapter 7,“Ongoing System Management,” explains how to work with Mac OS X Server and services.

ÂÂ Chapter 8,“Monitoring Your System,” shows you how to monitor and log into Mac OS X Server.

Note: Because Apple periodically releases new versions and updates to its software, images shown in this book may be different from what you see on your screen.

11

Using Onscreen Help

You can get task instructions onscreen in Help Viewer while you’re managing

Mac OS X Server v10.6. You can view help on a server or an administrator computer. (An administrator computer is a Mac OS X computer with Mac OS X Server v10.6 administration software installed on it.)

To get the most recent onscreen help for Mac OS X Server v10.6: mm Open Server Admin or Workgroup Manager and then:

ÂÂ Use the Help menu to search for a task you want to perform.

ÂÂ Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse and search the help topics.

The onscreen help contains instructions taken from Advanced Server Administration and other advanced administration guides described later.

To see the most recent server help topics:

mm Make sure the server or administrator computer is connected to the Internet while you’re getting help.

Help Viewer automatically retrieves and caches the most recent server help topics from the Internet. When not connected to the Internet, Help Viewer displays cached help topics.

12

Preface    About This Guide

 

 

Document Road Map

Mac OS X v10.6 has a suite of guides which can cover management of individual services. Each service may be dependent on other services for maximum utility.

The road map below shows some related documentation that you may need to fully configure your desired service to your specifications.You can get these guides in

PDF format from the Mac OS X Server documentation website:

www.apple.com/server/resources/

Getting Started

Covers basic installation, setup, and management using Server Preferences instead of Server Admin.

Recommended for novice administrators.

Server

Preferences Help

Provides onscreen instructions and answers when you’re using Server Preferences to manage servers.

Information

Advanced Server

Administration

Technologies

Describes using Server

Dictionary

Admin to install, configure,

Provides onscreen

and administer server

definitions of

software and services.

server terminology.

Includes best practices and

 

advice for system planning,

 

security, backing up,

 

and monitoring.

Introduction to

 

Command-Line

 

Administration

 

Explains how to use

 

UNIX shell commands to

 

configure and manage

 

servers and services.

 

Server

Administration Guides

Each guide covers using Server Admin and command-line tools to configure advanced settings for a particular service.

Server Admin Help

Provides onscreen instructions and answers when you’re using Server Admin to manage servers. Also contains the latest documentation updates.

Preface    About This Guide

13

 

 

Viewing PDF Guides Onscreen

While reading the PDF version of a guide onscreen:

ÂÂ Show bookmarks to see the guide’s outline, and click a bookmark to jump to the corresponding section.

ÂÂ Search for a word or phrase to see a list of places where it appears in the document. Click a listed place to see the page where it occurs.

ÂÂ Click a cross-reference to jump to the referenced section. Click a web link to visit the website in your browser.

Printing PDF Guides

If you want to print a guide, you can take these steps to save paper and ink: ÂÂ Save ink or toner by not printing the cover page.

ÂÂ Save color ink on a color printer by looking in the panes of the Print dialog for an option to print in grays or black and white.

ÂÂ Reduce the bulk of the printed document and save paper by printing more than one page per sheet of paper. In the Print dialog, change Scale to 115% (155%

for Getting Started). Then choose Layout from the untitled pop-up menu. If your printer supports two-sided (duplex) printing, select one of the Two-Sided options. Otherwise, choose 2 from the Pages per Sheet pop-up menu, and optionally choose Single Hairline from the Border menu. (If you’re using Mac OS X v10.4 or earlier, the Scale setting is in the Page Setup dialog and the Layout settings are in the Print dialog.)

You may want to enlarge the printed pages even if you don’t print double sided, because the PDF page size is smaller than standard printer paper. In the Print dialog or Page Setup dialog, try changing Scale to 115% (155% for Getting Started, which has CD-size pages).

14

Preface    About This Guide

 

 

Getting Documentation Updates

Periodically, Apple posts revised help pages and new editions of guides. Some revised help pages update the latest editions of the guides.

ÂÂ To view new onscreen help topics for a server application, make sure your server or administrator computer is connected to the Internet and click “Latest help topics” or “Staying current” in the main help page for the application.

ÂÂ To download the latest guides in PDF format, go to the Mac OS X Server documentation website:

www.apple.com/server/resources/

ÂÂ An RSS feed listing the latest updates to Mac OS X Server documentation and onscreen help is available. To view the feed use an RSS reader application, such as Safari or Mail:

feed://helposx.apple.com/rss/snowleopard/serverdocupdates.xml

Getting Additional Information

For more information, consult these resources:

ÂÂ Read Me documents—get important updates and special information. Look for them on the server discs.

ÂÂ Mac OS X Server website (www.apple.com/server/macosx/)—enter the gateway to extensive product and technology information.

ÂÂ Mac OS X Server Support website (www.apple.com/support/macosxserver/)—access hundreds of articles from Apple’s support organization.

ÂÂ Apple Discussions website (discussions.apple.com/)—share questions, knowledge, and advice with other administrators.

ÂÂ Apple Mailing Lists website (www.lists.apple.com/)—subscribe to mailing lists so you can communicate with other administrators using email.

ÂÂ AppleTrainingandCertificationwebsite (www.apple.com/training/)—hone your server administration skills with instructor-led or self-paced training, and differentiate yourself with certification.

Preface    About This Guide

15

 

 

System Overview and Supported

1

Standards

Mac OS X Server gives you everything you need to provide standards-based workgroup and Internet services — delivering a world-class UNIX server solution that’s easy to deploy and easy to manage.

This chapter contains information to make decisions about where and how you deploy

Mac OS X Server. It contains general information about configuration options, standard protocols used, its UNIX roots, and network and firewall configurations necessary for

Mac OS X Server administration.

System Requirements for Installing Mac OS X Server v10.6

The Macintosh desktop computer or server onto which you install Mac OS X Server v10.6 must have:

ÂÂ An Intel processor

ÂÂ At least 2 gigabytes (GB) of random access memory (RAM) ÂÂ At least 10 gigabytes (GB) of available disk space

ÂÂ A new serial number for Mac OS X Server v10.6

The serial number used with any previous version of Mac OS X Server will not allow registration for v10.6.

A built-in DVD drive is convenient but not required.

A display and keyboard are optional. You can install server software on a computer that has no display and keyboard by using an administrator computer. For more information, see “Setting Up an Administrator Computer” on page 124.

If you’re using an installation disc for Mac OS X Server v10.6, you can control installation from another computer using VNC viewer software. Open-source VNC viewer software is available. Apple Remote Desktop, described on “Apple Remote Desktop” (page 50), includes VNC viewer capability.

16

What’s New in Mac OS X Server v10.6

Mac OS X Server v10.6 offers major enhancements in several key areas:

ÂÂ Address Book Server

Mac OS X Server v10.6 introduces the first open standards-based Address Book Server Based on the emerging CardDAV specification, which uses WebDAV to exchange vCards, sharing contacts across multiple computers.

ÂÂ Remote Access

Mac OS X Server v10.6 delivers push notifications to users outside your firewall, and a proxy service gives them secure remote access to email, address book contacts, calendars, and specified internal websites.

ÂÂ Collaboration services improvements

Mac OS X Server v10.6 augments collaboration features with wiki and blog templates optimized for viewing on iPhone; provides content searching across multiple wikis; and enables attachment viewing in Quick Look. It also introduces My Page, which gives users one convenient place to access web applications, receive notifications, and view activity streams across wikis.

ÂÂ iCal Server 2

Mac OS X Server v10.6 has a new iCal Server which includes shared calendars, push notifications, the ability to send email invitations to non-iCal Server users, and a browser-based application for using calendars with many supported browsers.

ÂÂ Podcast Producer 2

Mac OS X Server v10.6 has a new Podcast Producer which features an intuitive new workflow editor, support for dual-video source capture, and Podcast Library, which lets you host locally stored podcasts and make them available for subscription by category via Atom web feeds.

ÂÂ Mail Server improvements

Mac OS X Server v10.6 mail service increases its performance and scalability using a new engine designed to handle thousands of simultaneous connections. Mail services have been enhanced to include server-side email rules and vacation messages.

ÂÂ Multicore optimizations

Mac OS X Server v10.6 supports “Grand Central,” a new set of built-in technologies that makes all of Mac OS X Server multicore aware and optimizes it for allocating tasks across multiple cores and processors.

ÂÂ 64-bit support

Mac OS X Server v10.6 use 64-bit kernel technology to support up to 16 TB of memory.

Chapter 1    System Overview and Supported Standards

17

 

 

ÂÂ OpenCL support

Mac OS X Server v10.6 supports OpenCL and makes it possible for developers to use the GPU for general computational tasks.

What’s New in Server Admin

Included with Mac OS X Server v10.6 is Server Admin, Apple’s powerful, flexible, fullfeatured server administration tool. Server Admin is reinforced with improvements in standards support and reliability. Server Admin also delivers a number of enhancements:

ÂÂ Newly refined, streamlined, and integrated Server Assistant

ÂÂ Smoother interaction with Server Preferences settings ÂÂ Improved user interface

Understanding Server Configuration Methods

You can configure and manage Mac OS X Server using two configuration

methods: Server Preferences, or the advanced configuration tool suite, which includes

Server Admin and its command-line utilities.

Servers administered using the advanced tool suite are the most flexible and require the most skill to administer. Servers administered by Server Preferences have fewer configuration options, but most configuration details are set by Server Preferences, without additional skill or labor. You can customize your server for a variety of purposes using either method.

Using Server Admin and the rest of the advanced configuration tool suite, the experienced system administrator has complete control of each service’s configuration to accommodate a wide variety of needs. After performing initial setup with Setup Assistant, you use powerful administration applications such as Server Admin and

Workgroup Manager, or command-line tools, to configure advanced settings for services the server must provide.

Using Server Preferences, you can get standard configurations of Mac OS X Server features using automated setup and simplified administration. For more information about using Server Preferences to administer your server, see Getting Started.

You can switch between Server Admin and Server Preferences. The setting changes in one application are reflected in the other’s settings. However, some advanced or custom configurations can’t be inspected or changed in Server Preferences, due to Server Preferences’simplified interface.

18

Chapter 1    System Overview and Supported Standards

 

 

The following table highlights the capabilities of each configuration tool.

Service

Set in initial server

Server Preferences

Server Admin

 

setup

 

 

Address book

Optional

Yes

Yes

 

 

 

 

Backup your data

No

No, use command-line

No, use command-line

(websites, databases,

 

tools and third-party

tools and third-party

calendar files, etc.)

 

backup solutions

backup solutions

 

 

 

 

Computer account

No

Use Workgroup

Use Workgroup

and computer group

 

Manager

Manager

management

 

 

 

 

 

 

 

DHCP, DNS, NAT

Automatic

No

Yes

 

 

 

 

File sharing (AFP and

Optional

Yes

Yes

SMB protocols)

 

 

 

 

 

 

 

File sharing (FTP and

No

No

Yes

NFS protocols)

 

 

 

 

 

 

 

Firewall (application

Automatic

Use System Preferences

Use System Preferences

firewall)

 

 

 

 

 

 

 

Firewall (IP firewall)

Automatic

Yes

Yes

 

 

 

 

Gateway (NAT, DNS,

Optional

No

Yes

DHCP)

 

 

 

 

 

 

 

iCal (calendar sharing,

Optional

Yes

Yes

event scheduling)

 

 

 

 

 

 

 

iChat (instant

Optional

Yes

Yes

messaging)

 

 

 

 

 

 

 

Mail with spam and

Optional

Yes

Yes

virus filtering

 

 

 

 

 

 

 

Mobile access

No

No

Yes

 

 

 

 

MySQL

No

No

Yes

 

 

 

 

NetBoot and NetInstall

No

No

Yes

(system imaging)

 

 

 

 

 

 

 

Network time

Automatic

No

Yes

 

 

 

 

Network management

No

No

Yes

(SNMP)

 

 

 

 

 

 

 

NFS

No

No

Yes

 

 

 

 

Chapter 1    System Overview and Supported Standards

19

 

 

Service

Set in initial server

Server Preferences

Server Admin

 

setup

 

 

Open Directory master

Optional

Optional

Yes

(user accounts and

 

 

 

other data)

 

 

 

 

 

 

 

Podcast Producer

No

No

Yes

 

 

 

 

Policies and managed

No

Use Workgroup

Use Workgroup

preferences

 

Manager

Manager

 

 

 

 

Print

No

No

Yes

 

 

 

 

Push notification

Automatic

Automatic

Yes

 

 

 

 

QuickTime Streaming

No

No

Yes

 

 

 

 

RADIUS

No

No

Yes

 

 

 

 

Remote login (SSH)

Optional

Use System Preferences

Yes

 

 

 

 

Software update

No

No

Yes

 

 

 

 

Time Machine backup

Optional

Yes

Yes

of client Macs

 

 

 

 

 

 

 

Time Machine backup

No

Use System Preferences

Use System Preferences

of server

 

 

 

 

 

 

 

User and Group

Optional

Yes

Yes

creation

 

 

 

 

 

 

 

VPN (secure remote

No

Yes

Yes

access)

 

 

 

 

 

 

 

Web (wikis, blogs,

Optional

Yes

Yes

webmail)

 

 

 

 

 

 

 

Xgrid (computational

No

No

Yes, and also use Xgrid

clustering)

 

 

Admin

 

 

 

 

Xserve diagnostics

No

Use Server Monitor

Use Server Monitor

 

 

 

 

Supported Standards

Mac OS X Server provides standards-based workgroup and Internet services. Instead of developing proprietary server technologies, Apple has built on the best open source projects: Samba 3, OpenLDAP, Kerberos, Dovecot, Apache, Jabber, SpamAssassin, and more. Mac OS X Server integrates these robust technologies and enhances them with a unified, consistent management interface.

Because it is built on open standards, Mac OS X Server is compatible with existing network and computing infrastructures. It uses native protocols to deliver directory services, file and printer sharing, and secure network access to Mac,Windows, and

Linux clients.

20

Chapter 1    System Overview and Supported Standards

 

 

A standards-based directory services architecture offers centralized management of network resources using any LDAP server–even proprietary servers such as Microsoft Active Directory. The open source UNIX foundation makes it easy to port and deploy existing tools to Mac OS X Server.

The following standards-based technologies power Mac OS X Server:

ÂÂ Kerberos: Mac OS X Server integrates an authentication authority based on MIT’s Kerberos technology (RFC 1964) to provide users with single sign-on access to secure network resources.

Using strong Kerberos authentication, single sign-on maximizes the security of network resources while providing users with easier access to a broad range of Kerberos-enabled network services.

For services that have not yet been Kerberized, the integrated SASL service negotiates the strongest possible authentication protocol.

ÂÂ OpenLDAP: Mac OS X Server includes a robust LDAP directory server and a secure Kerberos password server to provide directory and authentication services to Mac, Windows, and Linux clients.

Apple has built the Open Directory server around OpenLDAP, the most widely deployed open source LDAP server, so it can deliver directory services for both Mac-only and mixed-platform environments.

LDAP provides a common language for directory access, enabling administrators to consolidate information from different platforms and define one namespace for all network resources. This means there is a single directory for all Mac, Windows, and Linux systems on the network.

ÂÂ RADIUS: Remote Authentication Dial-In User Service (RADIUS) is an authentication, authorization, and accounting protocol used by the 802.1x security standard for controlling network access by clients in mobile or fixed configurations. Mac OS X

Server uses RADIUS to integrate with AirPort Base Stations serving as a central MAC address filter database. By configuring RADIUS and Open Directory, you can control who has access to your wireless network.

Mac OS X Server uses the FreeRADIUS Server Project. FreeRADIUS supports the requirements of a RADIUS server, shipping with support for LDAP, MySQL,

PostgreSQL, Oracle databases, EAP, EAP-MD5, EAP-SIM, EAP-TLS, EAP-TTLS, EAP-PEAP, and Cisco LEAP subtypes. Mac OS X Server supports proxying, with failover and load balancing.

ÂÂ Mail Service: Mac OS X Server uses robust technologies from the open source community to deliver comprehensive, easy-to-use mail server solutions. Full support for Internet mail protocols—Internet Message Access Protocol (IMAP), Post Office

Protocol (POP), and Simple Mail Transfer Protocol (SMTP)—ensures compatibility with standards-based mail clients on Mac, Windows, and Linux systems.

Chapter 1    System Overview and Supported Standards

21

 

 

ÂÂ Web Technologies: Mac OS X Server is a complete AMP stack (a bundle of integrated Apache-MySQL-PHP/Perl/Python software). Mac OS X Server web technologies are based on the open source Apache web server, the most widely used HTTP server on the Internet.

With performance optimized for Mac OS X Server, Apache provides fast, reliable web hosting and an extensible architecture for delivering dynamic content and sophisticated web services. Because web service in Mac OS X Server is based on Apache, you can add advanced features with plug-in modules.

Mac OS X Server includes everything professional web masters need to deploy sophisticated web services: integrated tools for collaborative publishing, inline scripting, Apache modules, custom CGIs, and JavaServer Pages and Java Servlets. Database-driven sites can be linked to the included MySQL database. ODBC and JDBC connectivity to other database solutions is also supported.

Web service also includes support for Web-based Distributed Authoring and Versioning, known as WebDAV.

ÂÂ File Services: You can configure Mac OS X Server file services to allow clients to access shared files, applications, and other resources over a network. Mac OS X

Server supports most major service protocols for maximum compatibility, including:

ÂÂ Apple Filing Protocol (AFP), to share resources with clients who use Macintosh computers.

ÂÂ Server Message Block (SMB), a protocol to share resources with clients who use Windows computers. This protocol is provided by the Samba open source project.

ÂÂ Network File System (NFS), to share files and folders with UNIX clients.

ÂÂ File Transfer Protocol (FTP), to share files with anyone using FTP client software.

ÂÂ IPv6 (RFC 2460): IPv6 is the Internet’s next-generation protocol designed to replace the current Internet Protocol, IPv4 (or IP).

IPv6 improves routing and network autoconfiguration. It increases the number of network addresses to over 3 x1038, and eliminates the need for NAT-provided addressing. IPv6 is expected to gradually replace IPv4 over a number of years, with the two coexisting during the transition.

Mac OS X Server’s network services are fully IPv6 capable and ready to transition to the next generation addressing as well as being fully able to operate with IPv4.

ÂÂ SNMP: Simple Network Management Protocol (SNMP) is used to monitor networkattached devices’ operational status. It is a set of IETF-designed standards for network management, including an Application Layer protocol, a database schema, and a set of data objects.

Mac OS X Server uses the open source net-snmp suite to provide SNMPv3 (RFCs 3411-3418) service.

22

Chapter 1    System Overview and Supported Standards

 

 

ÂÂ XMPP: Extensible Messaging and Presence Protocol (XMPP) is an open XML-based messaging protocol used for messaging and presence information. XMPP serves as the basis for Mac OS X Server’s Push Notification service, as well as iChat Server, and all publish and subscribe functions for the server.

Mac OS X Server’s UNIX Heritage

Mac OS X Server has a UNIX foundation built around the Mach microkernel and the latest advances from the Berkeley Software Distribution (BSD) open source community. This foundation provides Mac OS X Server with a stable, high-performance, 64-bit computing platform for deploying server-based applications and services.

Mac OS X Server is built on an open source operating system called Darwin, which is part of the BSD family of UNIX-like systems. BSD is a family of UNIX variants descended from Berkeley’s version of UNIX. Also, Mac OS X Server incorporates more than

100 open source projects in addition to proprietary enhancements and extended functionality created by Apple.

The BSD portion of the Mac OS X kernel is derived primarily from FreeBSD, a version of 4.4BSD that offers advanced networking, performance, security, and compatibility features.

In general, BSD variants are derived (sometimes indirectly) from 4.4BSD-Lite Release 2 from the Computer Systems Research Group (CSRG) at the University of California at Berkeley.

Although the BSD portion of Mac OS X is primarily derived from FreeBSD, some changes have been made.To find out more about the low-level changes made, see Apple’s Developer documentation for Darwin.

Chapter 1    System Overview and Supported Standards

23

 

 

Planning Server Usage

2

 

 

 

Before installing and setting up Mac OS X Server do a little planning and become familiar with your options.

The major goals of the planning phase are to make sure that:

ÂÂ Server user and administrator needs are addressed by the servers you deploy

ÂÂ Server and service prerequisites that affect installation and initial setup are identified

Installation planning is especially important if you’re integrating Mac OS X Server into an existing network, migrating from earlier versions of Mac OS X Server, or preparing to set up multiple servers. But even single-server environments can benefit from a brief assessment of the needs you want a server to address.

Use this chapter to stimulate your thinking. It doesn’t present a rigorous planning guide, nor does it provide the details you need to determine whether to implement a particular service and assess its resource requirements. Instead, view this chapter as an opportunity to think about how to maximize the benefits of Mac OS X Server in your environment.

Planning, like design, isn’t necessarily a linear process. The sections in this chapter don’t require you to follow a mandatory sequence. Different sections in this chapter present suggestions that could be implemented simultaneously or iteratively.

Determining Your Server Needs

During the planning stage, determine how you want to use Mac OS X Server and identify whether there’s anything you need to accomplish before setting it up.

For example, you might want to convert an existing server to v10.6 and continue hosting directory, file, and mail services for clients on your network.

Before you install server software, you might need to prepare data to migrate to your new server, and perhaps consider whether it’s a good time to implement a different directory services solution.

24

During the planning stage, you’ll also decide which installation and server setup options best suit your needs. For example, Getting Started contains an example that illustrates server installation and initial setup in a small business scenario with the server in using Server Preferences.

Determining Whether to Upgrade or Migrate

If you’re using a previous version of Mac OS X Server and you want to reuse data and settings, you can upgrade or migrate to v10.6.

You can upgrade to Mac OS X Server v10.6 if you’re using the latest update of

Mac OS X Server v10.5 Leopard or Mac OS X Server v10.4.11 on Mac OS X servers with Intel processors.

Upgrading is simple because it preserves existing settings and data. You can perform an upgrade using any of the installation methods described in this chapter or the advanced methods described in this guide.

If you can’t perform an upgrade, for example when you need to reformat the startup disk or replace your server hardware, you can migrate data and settings to a computer that you’ve installed Mac OS X Server v10.6 on.

Migration is supported from the latest update of Mac OS X Server v10.5 Leopard or Mac OS X Server v10.4.11 Tiger. For complete information about migrating data and settings to a different Mac or Xserve, see the onscreen help or Mac OS X Server

Resources website at www.apple.com/server/macosx/resources/.

Setting Up a Planning Team

Involve individuals in the installation planning process who represent various points of view, and who can help answer the following questions:

ÂÂ What day-to-day user requirements must a server meet? What activities do server users and workgroups depend on the server for?

If the server is used in a classroom, make sure the instructor who manages its services and administers it daily provides input.

ÂÂ What user management requirements must be met? Will user computers be diskless and need to be started up using NetBoot? Will Macintosh client management and network home folders be required?

Individuals with server administration experience should work with server users who might not have a technical background, so they’ll understand how specific services might benefit them.

ÂÂ What existing non-Apple services, such as Active Directory, must the server integrate with?

Chapter 2    Planning Server Usage

25

 

 

If you’ve been planning to replace a Windows NT computer, consider using Mac OS X Server with its extensive built-in support for Windows clients. Make

sure that administrators familiar with these other systems are part of the planning process.

ÂÂ What are the characteristics of the network into which the server will be installed? Do you need to upgrade power supplies, switches, or other network components? Is it time to streamline the layout of facilities that house your servers?

An individual with systems and networking knowledge can help with these details as well as completing the Installation & Setup Worksheet on the Mac OS X Server Install Disc or Administration Tools CD.

Identifying Servers to Set Up

Conduct a server inventory:

ÂÂ How many servers do you have? ÂÂ How are they used?

ÂÂ How can you streamline the use of servers you want to keep?

ÂÂ Do existing servers need to be retired? Which servers can Mac OS X Server replace? ÂÂ Which non-Apple servers will Mac OS X Server need to be integrated with? Why?

ÂÂ Do you have Mac OS X Server computers that need to be upgraded to version 10.6? ÂÂ How many new Mac OS X Server computers will you need to set up?

Determining Services to Host on Each Server

Identify which services you want to host on each Mac OS X Server and non-Apple server you decide to use.

Distributing services among servers requires an understanding of users and services. Here are a few examples of how service options and hardware and software requirements can influence what you put on servers:

ÂÂ Directory services implementations can range from using directories and Kerberos authentication hosted by non-Apple servers to setting up Open Directory directories on servers distributed throughout the world.

Directory services require thoughtful analysis and planning.

The additional information at Mac OS X Server Resources website

at www.apple.com/server/macosx/resources/ can help you understand the options and opportunities.

26

Chapter 2    Planning Server Usage

 

 

ÂÂ Home folders for network users can be consolidated onto one server or distributed among various servers. Although you can move home folders, you might need

to change a large number of user and share point records, so devise a strategy that will persist for a reasonable amount of time. For information about home folders, see Mac OS X Server help or Mac OS X Server Resources website at www.apple.com/server/macosx/resources/.

ÂÂ Some services offer ways to control the amount of disk space used by individual users. For example, you can set up home folder and mail quotas for users. Consider whether using quotas will offer a way to maximize the disk usage on a server that stores home folders and mail databases. The additional information at

Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ describes home folder and user mail quotas, and service-wide mail quotas.

ÂÂ Disk space requirements are also affected by the type of files a server hosts.

Creative environments need high-capacity storage to accommodate large media files, but elementary school classrooms have more modest file storage needs. The additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ describe file sharing.

ÂÂ If you’re setting up a streaming media server, allocate enough disk space to accommodate a specific number of hours of streamed video or audio. For hardware and software requirements and for a setup example, see additional information in online help or at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .

ÂÂ The number of NetBoot client computers you can connect to a server depends on the server’s Ethernet connections, the number of users, the amount of available RAM and disk space, and other factors. DHCP service needs to be available to the clients and can be provided by a different server than the NetBoot server. For

NetBoot capacity planning guidelines, see additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .

ÂÂ Mac OS X Server offers extensive support for Windows users.You can consolidate

Windows user support on servers that provide PDC services, or you can distribute services for Windows users among different servers.

ÂÂ If you want to use software RAID to stripe or mirror disks, you’ll need two or more drives (but not FireWire drives) on a server. For more information, see online Disk Utility Help.

Before finalizing decisions about which servers will host specific services, familiarize yourself with information in the administration guides for the services you want to deploy.

Chapter 2    Planning Server Usage

27

 

 

Defining a Migration Strategy

If you’re using Mac OS X Server v10.4–10.5 or a Windows-based server, examine the opportunities for moving data and settings to Mac OS X Server v10.6.

Upgrading and Migrating from an Earlier Version of Mac OS X Server

If you’re using computers with Mac OS X Server v10.4 or v10.5, consider upgrading or migrating them to Mac OS X Server v10.6.

If you’re using Mac OS X Server v10.5 or v10.4 and you don’t need to move to Intelprocessor based hardware, you can perform an upgrade installation. Upgrading is simple because it preserves your existing settings and data.

When you can’t use the upgrade approach, you can migrate data and settings. You’ll need to migrate, not upgrade, when:

ÂÂ A version 10.4 or 10.5 server’s hard disk needs reformatting or the server doesn’t meet the minimum Mac OS X Server v10.6 system requirements. For more information,“System Requirements for Installing Mac OS X Server v10.6” on page 16.

ÂÂ You want to move data and settings you’ve been using on a v10.4 or 10.5 server to different server hardware.

Migration is supported from the latest versions of Mac OS X Server v10.5 and v10.4.

When you migrate, you install and set up Mac OS X Server v10.6, then restore files onto it from the earlier server, and then make manual adjustments as required.

For complete information, read the additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .

Migrating from Windows

Mac OS X Server v10.6 can provide a variety of services to users of Microsoft Windows computers. By providing these services, Mac OS X Server v10.6 can replace Windows servers in small workgroups.

For information about migrating users, groups, files, and more from a Windowsbased server to Mac OS X Server, see the additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ .

Defining an Integration Strategy

Integrating Mac OS X Server into a heterogeneous environment has two aspects:

ÂÂ Configuring Mac OS X Server to take advantage of existing services ÂÂ Configuring non-Apple computers to use Mac OS X Server

28

Chapter 2    Planning Server Usage

 

 

The first aspect primarily involves directory services integration. Identify which

Mac OS X Server computers will use existing directories (such as Active Directory, LDAPv3, and NIS directories) and existing authentication setups (such as Kerberos).

For options and instructions, see the additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ . Integration can be as easy as enabling a Directory Utility option, or it might involve adjusting existing services and Mac OS X Server settings.

The second aspect is largely a matter of determining the support you want

Mac OS X Server to provide to non-Apple computer users. The additional information at Mac OS X Server Resources website at www.apple.com/server/macosx/resources/ tell you what’s available.

Defining Physical Infrastructure Requirements

Determine whether you need to make site or network topology adjustments before installing and setting up servers.

ÂÂ Who will administer the server, and what kind of server access will administrators need?

Classroom servers might need to be conveniently accessible for instructors, while servers that host network-wide directory information should be secured with restricted physical access in a district office building or centralized computer facility.

Because Mac OS X Server administration tools offer complete remote server administration support, there are few times when an administrator should need physical access to a server.

ÂÂ Are there air conditioning or power requirements that must be met? For this kind of information, see the documentation that comes with server hardware.

ÂÂ Are you considering upgrading elements such as cables, switches, and power supplies? Now may be a good time to do it.

ÂÂ Have you configured your TCP/IP network and subnets to support the services and servers you want to deploy?

ÂÂ Are you considering moving your servers to different IP addresses or hostnames?

Now may be a good time to do it.

Defining Server Setup Infrastructure Requirements

The server setup infrastructure consists of the services and servers you set up in advance because other services or servers depend on them.

Chapter 2    Planning Server Usage

29

 

 

For example, if you use Mac OS X Server to provide DHCP, network time, or BootP services to other servers, you should set up the servers that provide these services and initiate the services before you set up servers that depend on those services.

The amount of setup infrastructure you require depends on the complexity of your site and what you want to accomplish. In general, DHCP, DNS, and directory services are recommended or required for medium and large server networks:

ÂÂ The most fundamental infrastructure layer comprises network services like DHCP and DNS.

All services run better if DNS is on the network, and many services require DNS to work properly. If you’re not hosting DNS, work with the administrator responsible for the DNS server you’ll use when you set up your servers. DNS requirements for services are published in the service-specific administration guides.

The DHCP setup reflects your physical network topology.

ÂÂ Another crucial infrastructure component is directory services, required for sharing data among services, servers, and user computers.

The most common shared data in a directory is for users and groups, but configuration information such as mount records and other directory data is also shared. A directory services infrastructure is necessary to host cross-platform authentication and when you want services to share the same names and passwords.

Here’s an example of the sequence in which you might set up a server infrastructure that includes DNS, DHCP, and directory services. You can set up the services on the same server or on different servers:

Setting up basic server infrastructure:

1Set up the DNS server, populating the DNS with the host names of the desired servers and services.

2Set up DHCP, configuring it to specify the DNS server address so it can be served to

DHCP clients.

If desired, set up DHCP-managed static IP address for the servers.

3Set up a directory server, including Windows PDC service if required, and populate the directory with data, such as users, groups, and home folder data.

This process can involve importing users and groups, setting up share points, setting up managed preferences, and so forth.

4Configure DHCP to specify the address of the directory server so it can be served to

DHCP clients.

Your specific needs can affect this sequence. For example, to use VPN, NAT, or IP

Firewall services, include their setup with the DNS and DHCP setups.

30

Chapter 2    Planning Server Usage

 

 

Loading...
+ 167 hidden pages