Review: Mac OS X 10.6 Server
At a Glance
Apple has made much of how Mac OS X 10.6 ( ) is a tuning of the operating system, removing older cruft, but not really adding new features to the OS other than some plumbing upgrades and Exchange 2007 support. The same cannot be said about Mac OS X 10.6 Server, however. The latest version of Apple’s server OS boasts rather a lot of changes, designed to help boost Server’s attractiveness in the small-to-medium business, (SMB) market. Oh, and like Mac OS X 10.6, Mac OS X 10.6 Server is Intel-only.
While not perhaps as dirt cheap as Mac OS X 10.6’s $29 upgrade pricing, Apple has both simplified your options for Mac OS X 10.6 Server, and cut the price. The ten-client version is gone, and now there is one option: Unlimited. So no more odd simultaneous access limitations on some file sharing and other services. You want Mac OS X 10.6 Server, you get Unlimited. Along with simplifying the options for Server, Apple cut the price in half, from $999 for Unlimited to $499. Get more, pay less. Wait, is this Apple?
If Apple had only cut the price in half, and kept the core OS improvements for Mac OS X 10.6 Server, it would be an OK upgrade. But that’s not the case by a long shot. Apple has added quite a few brand new features that move this from an OK upgrade to an excellent one. There are some minor issues that keep it from being outstanding, but those issues won’t affect everyone.
Address Book Server is a new way of dealing with the problem that networked contacts can create. Mac OS X Server has had a global contact list for some time now, thanks to the LDAP back end for its Open Directory service. But LDAP is really not suited for the kinds of things a lot of companies want to do nowadays. While LDAP is great for a “master” contact list (a global address list [GAL] in Microsoft-ese), if you want to allow people to make custom networked address books, or shared networked address books, it gets squishy. First, LDAP is read-optimized. It’s really good at letting you look up and get information from even a huge number of records in a hurry. But it was not designed to have hundreds or thousands of users modifying it throughout the day. It’s tedious to properly secure LDAP implementations so that only those who should be modifying it and it’s terribly easy to make a mistake that affects the entire directory.
To deal with this, Apple has Address Book Server, which is based on the CardDAV IETF Draft. Just like CalDAV is a set of iCal-specific extensions to the WebDAV standard to make group calendaring easier without being tied to a specific vendor (a la Exchange or Notes), CardDAV hopes to do the same thing for Contacts. Address Book Server implements CardDAV in front of Open Directory, so that users can create their own server-side contacts that exist outside of their local Mac, and can be used by Mail, iCal, etc. Since CardDAV is based on WebDAV, providing secure access outside of a company firewall is no harder than securing any HTTP-based service, and by acting as a limited-access front end to your LDAP store, Address Book Server helps you keep your LDAP data safer from prying eyes.
The downside to this is the same downside that greeted iCal Server/CalDAV when Leopard was released: outside of Apple, support for this standard is spotty at best. Even years later, CalDAV support is still missing from Outlook--the biggest groupware client on the planet--and the state of many other CalDAV clients, like Sunbird is not good for non-technical users.
Address Book Server is a big win if you’re in an shop that’s all or mostly Mac, and you’re going to move to Mac OS X 10.6 in a short timeframe. If Macs are in the minority on your network, or you aren’t moving to Mac OS X 10.6 soon, Address Book Server is less enticing. According to Apple, there aren’t any public APIs for those looking to base custom in-house solutions that use Address Book server.
A feature that isn’t as client-dependent as Address Book Server is the Mobile Access Server, also new in Mac OS X 10.6 Server. Mobile Access Server is a way to provide secure access to common internal services like Web, e-mail, calendaring and contacts, without having to set up full VPN access or create multiple VPN profiles. According to Apple, Mobile Access Server is a reverse SSL proxy, a.k.a. “clientless” VPN. You set it up to provide access to Web pages, e-mail servers, CalDAV servers, Address Book server, and the like. Users can then connect, securely, to those servers without having to start up a separate VPN client first.
True, you can set up all those services with SSL, and connect securely, but this provides you with a layer between critical servers, like your e-mail server and the public Internet, always a good idea. This isn’t just for connecting to Apple servers, though. You can use it as a front end for any company’s Web and e-mail server. For anyone trying to provide simple secure access and dreading having to deal with VPN clients, Mobile Access Server could be a good answer.
While everyone loves new stuff, the truth is, a lot of the reason for upgrading a server is for improvements in the stuff you’re already using, and in this area, Mac OS X 10.6 Server does really well. Of particular interest to me and anyone using Portable Home Directories are the extensive improvements in home directory syncing. In Mac OS X 10.6 Server, Apple has separated out login and logout syncing, so in cases where there’s no reason to sync in both cases, (for example, a user with a desktop Mac that’s not doing any work after they log out at the end of the day probably doesn’t have a huge need to sync anything when they log back in, whereas a laptop user who works outside the office a lot would need login syncing more), an administrator can more intelligently tune their sync setup.
Along with that, the sync process itself has been tuned and improved so that it moves along more smoothly. In my tests on a fast network, from start to finish with a MacBook Pro, I was able to consistently sync 4GB to 5GB of data in about 5 minutes or so, as compared to two to three times that with Mac OS X 10.5 and Mac OS X 10.5 Server.
iCal Server and the Mac OS X 10.6 Server e-mail server got some upgrades as well, with iCal server gaining an improved Web client and the ability to invite people outside of your organization to meetings via e-mail. The e-mail server picks up out-of-office messages, and more importantly, a more friendly way to set server-side e-mail rules. Server-side e-mail rules gain importance when you consider that it’s not uncommon to check your e-mail from one or more computers and an iPhone or some other device. Unlike client-based rules that can only run if a specific e-mail client is running and checking your e-mail, server rules run on the server, without regard for any specific client. Both the e-mail and iCal servers gain push capabilities in Snow Leopard, so you no longer have to use someone else’s mail server if you want push features on your iPhone.
Macworld’s buying advice
With Mac OS X 10.6 Server, Apple has made significant improvements to their server OS. Major new features like Address Book Server and Mobile Access Server complement the solid improvements in existing services. The addition of Push services for e-mail and calendaring finally allow Apple to more properly support its own iPhone product.
Ironically, Apple is so far ahead of most everyone else in supporting things like CalDAV and CardDAV that trying to use non-Apple clients with iCal and Address Book server is a mess of unfriendly clients, or random third party plugins to Outlook et al, and unfortunately, Apple isn’t much help for Mac OS X 10.6 Server administrators trying to deal with this problem. Hopefully that will improve over time, but for anyone supporting non-Mac clients, keep in mind that you may have some interesting times ahead of you with Mac OS X 10.6 Server.
With the significant price cut, new features, and improvements to existing features, Mac OS X 10.6 Server is a solid product. For an all or mostly-Mac network, this isn’t an if upgrade, but a when, especially if you have iPhone users clamoring for push services. If you have significant amounts of non-Mac users, you’ll want to move slower, in particular for iCal and Address Book services, as the non-Mac clients on those are not as consistent as Apple’s.
[John C. Welch is a senior systems administrator for The Zimmerman Agency, and a long-time Mac IT pundit.]