First Look: Leopard preview: What's new with Mac OS X Server
The client version of OS X 10.5 won’t be the only version of Leopard to spring into action on October 26. Apple also plans to release Mac OS X Leopard Server, potentially the biggest update ever to its server-side software.
The feature list for this upgrade to Mac OS X Server is vast, as extensive as the changes announced for the user version of Mac OS X 10.5. What follows is an overview of the major features as detailed on Apple’s Leopard Server site, with some additional details along the way.
One thing that all administrators deal with is setting up a server—a tedious process at best, and, at worst, a nightmare. Previous versions of Mac OS X Server tried to avoid the nightmare scenario with varying success. However, Apple has done a lot of work in Leopard Server to help make setting up Mac OS X Server easier across all uses.
For those administrators who just want to get their server up and running in a hurry, there are the new Standard and Workgroup options. These are designed for servers in a standalone—that is, simple file and print—configuration or as a part of an existing network providing departmental services.
Standard and Workgroup setups allow the administrator to automate much of the process of service setup. For example, to set up the iCal Server, you need not only the iCal service, but specific Web services as well. With the new simplified setup, you only need enable iCal, and all of this is handled for you. If you are a part of an existing directory service—say Active Directory—you can import users and or groups into Mac OS X Server and give them access to iCal, iChat, or any other service the administrator needs in just a few steps.
Leopard Server gives you two new configuration options—Standard and Workgroup—to go with the Advanced setup.
For those requiring more advanced services, such as DHCP, or DNS, there is the Advanced setup, which allows total control over Mac OS X Server’s services and features. This uses the redesigned Server Admin application, which now provides primary control over sharing features, previously part of Workgroup Manager. Workgroup Manager is still retained for fine-grained control of user and machine management and the implementation of Managed Client (MCX) policies (similar to Windows Group Policies).
However, even with a server OS as reliable as Mac OS X Server, you still need to be able to monitor the server. To make that easier, Apple has added Dashboard widgets that allow you to track service status, CPU utilization, network load and other statistics.
One of the biggest features in Leopard Server is the new iCal server. This plugs a huge hole in Apple’s server offering, particularly in the Small to Medium Business (SMB) market. Rather than license someone else’s proprietary protocol, Apple instead is basing iCal server on the open CalDAV standard. CalDAV is primarily run by the CalConnect Consortium, which includes, along with Apple, companies like IBM, Novell, Google, Oracle, Sun, and notably, Microsoft.
On the client side, Apple has beefed up iCal so that it can connect to iCal server, and provide things like online meeting management, room reservation, free/busy status, and more. Since iCal Server is based on open standards, Apple has offered up the complete source code to iCal Server, a decision that will make it much easier for third parties to extend iCal Server’s functionality beyond what Apple provides.
Arranging meetings isn’t the entire collaboration story. Even in the SMB market, there’s a need for an easy way to post information, documentation, and create common areas for multiple people to work together. The obvious way to implement this kind of collaboration is via a blog/wiki system. While most blog systems are fairly easy to setup and use for a single user, setting up company-wide blogs can get rather tedious in short order. Wikis, even when set up, can be intimidating due to the arcane Wiki codes that are used.
Apple has improved on the blog system introduced in Mac OS X 10.4 Server, and added a Wiki in Leopard. Along with improved themes, the Wiki is a Web-based WYSIWYG wiki with RSS support, and doesn’t require the manual entry of codes. Apple has tied the blog/wiki system into other services, so that group calendars can be accessed from the wiki, mailing lists, podcasts, and so forth.
Podcast Producer is a way to centrally manage podcast production, so that podcast workflows become efficient and easy. Once a podcast is created, Podcast Producer handles workflow integration, encoding, and publishing. Podcast Producer workflows give you the ability to automate tasks like archiving, custom titles, watermarks, and such. The “hard” part about podcasts has always been everything that happens after you record the actual ’cast, and this is where Podcast Producer lives.
The ability to log and archive chats—among other new features—makes the Leopard version of iChat Server much more appealing to corporate users.
iChat Server in Mac OS X 10.4 was a good start, but it had some issues—the inability to log chats, the lack of federation, and the inability to share documents, to name three—that made it hard to use in a corporate environment.
Leopard’s iChat Server, along with iChat in Leopard, addresses all of those issues. Chats can be archived at the server, (critical for companies under regulations like Sarbanes-Oxley ) and chat rooms are persistent. With Leopard Server, you can federate your iChat Server with other XMPP-based systems, such as Google Talk, and this federation can be encrypted via SSL/TLS. You can also block communication with servers that do not support encrypted chat sessions.
Another new feature in Leopard’s iChat Server is store-and-forward, or the ability to send messages to people who are not online when you are. This can be of great use for people who are working globally, or even across shifts.
While the services that Apache supports on Mac OS X Server have changed radically in Leopard Server, the biggest news for Apache itself is that Apache 2 is now a fully-supported and integrated part of Mac OS X Server. It shipped with Mac OS X Server in Mac OS X 10.4, but was not integrated into things as fully as Apache 1.x. Along with that, some of the core technologies that are used along with Apache have been updated, such as MySQL to version 5.x. The versions used in Mac OS X 10.4 Server had not been updated in a while, which had created functional and security concerns.
As of Leopard, Mac OS X is officially UNIX, not just “Unix- like .”
With Leopard and Leopard Server, Mac OS X is pretty much 64-bit everywhere. Contrary to popular belief, 64-bit is not a magic spell, but for servers, it has definite benefits.
A 64-bit OS can directly access all 32GB of RAM that you can install into an Intel-based Xserve, rather than having to play tricks to use it all. Does this make a huge difference for file and print sharing? No. Does it make a huge difference for databases? Definitely. The more RAM a database process can directly address, the faster it can operate.
Of course, as Steve Jobs has pointed out, unlike Windows, there’s no “64-bit” version of Mac OS X or Mac OS X Server that has to be separately purchased. Every version of Leopard Server is 64-bit, while fully supporting 32-bit applications and processes.
A major Open Directory change in the new version of OS X Server is the integration of Active Directory. With Leopard, Macs binding into Active Directory 2003 or later directory systems will no longer need Active Directory administrators to disable packet signing on those networks. This not only enhances Leopard’s security posture in an Active Directory network, but also removes one more “special thing that has to be done just for Macs” problem.
Finally, integrating Leopard Server into both Open Directory and Active Directory systems has been greatly simplified.
The news in file systems for Leopard is read-only support for Sun’s ZFS file system. ZFS is a high end file system designed primarily for servers. It’s still new, but it is a radical re-thinking of how a file system should work.
In the File Sharing arena, NFS, the grand dame of file sharing protocols gets Kerberos support, which both increases security for the protocol, and makes it easier for NFS users to integrate NFS into Leopard’s and Leopard Server’s support for single-signon environments. As with the changes to Active Directory integration, Leopard now supports SMB packet signing for better security in Windows Server 2003 and later environments. On the Leopard client side, you can finally share any folder you would like, not just the ones that the OS tells you you can.
Directory(.app) is where you manage the underlying setup for Leopard Server’s new Wiki and iCal Server features. Directory allows the creation of shared rooms, resources, group and individual contacts. In addition, you can create maps for rooms, users, or other resources. “My office is 5S244” becomes a lot more useful when you can pull up a map that shows you exactly where that office is.
Finally, Apple has increased security all throughout Leopard and Leopard Server. From things that users will see,—including tagging downloaded applications, which pops a dialog that says “Hey, you downloaded this from <location>, are you sure you want to run this?” when you first run the application; Library Randomization, a much-touted, and very sensible feature of Vista as well; improved Smart Card features; better SSL certificate support; and support for Kerberized printing as well as the aforementioned Kerberized NFS support. In short, Leopard Server has a plethora of real-world security enhancements that will make it easier to safely use in an increasingly hostile world.
I didn’t even come close to either covering all the Leopard Server-related changes, or covering the ones I did mention in any sort of detail. Then there are the features that will only become apparent once the software ships this Friday.
But, most existing Mac IT departments, or IT departments considering Macs, can see that Leopard Server has a host of compelling reasons that make it a slam-dunk upgrade over previous editions.
[ John C. Welch is a Unix/Open Systems Administrator for Kansas City Life Insurance and a long-time Mac IT pundit. ]
This article was reposted at 2:15 p.m. ET on October 23, 2007, to remove a paragraph on DFS support that was erroneously included in the original preview.