Making Leopard servers simple

Editor’s Note: This story is excerpted from Computerworld. For more Mac coverage, visit Computerworld’s Macintosh Knowledge Center.

Leopard Server, the newest version of Mac OS X Server, sports many updated features. One of the most innovative is a new interface that simplifies server setup and management. This interface is designed primarily for small businesses or small workgroups within a larger organization that need server functionality but don’t have the resources to hire a full-time systems administrator.

This new approach doesn’t offer access to all of Leopard Server’s features, but it does offer an intuitive and easy-to-use interface for some of the most common server needs. Services that are available when using Leopard Server’s new user-friendly simplified setup modes include the following:

Streamlined server setup

The actual install process of Leopard Server is largely the same, regardless of whether or not you want use the simplified setup modes. The process involves booting the server from the install DVD (or using a second Mac in Target Disk Mode if the server lacks a DVD drive), choosing a language and installation volume (such as hard drive, partition or RAID array), and optionally customizing the install by eliminating additional language translations and printer drivers. The install process can be performed locally on the server or remotely by using the Server Assistant application.

Once the install process is complete, the server reboots and launches Server Assistant and guides the user through the process of defining the initial server configuration. Again, this can be performed locally or remotely by launching the Server Assistant on any Macintosh running Mac OS X Leopard. Remote installation and setup relies on Secure Shell (SSH) and uses the first eight characters of the server’s hardware serial number as a password or the numerical sequence 12345678 if there is no serial number. The act of connecting using Server Assistant is similar to previous generations of Mac OS X Server; full documentation accompanies the Leopard Server install DVD.

During initial setup, you will be asked to choose one of three server modes: standard, workgroup or advanced. Standard and workgroup are both examples of the simplified setup. Standard is designed for small organizations that do not have an existing infrastructure. Workgroup is for departments within a company or school that already have an existing infrastructure and network user accounts.

Advanced provides the traditional Mac OS X Server tools (all of which have been updated in Leopard Server) and the full range of functionality, much of which requires a more detailed knowledge or servers and networking as a whole and/or Mac OS X Server as a platform. For this reason, I’ll be focusing mostly on standard and workgroup in the rest of this article.

Once you have chosen either standard or workgroup, you will be asked to provide basic information to configure the server. An easy-to-follow worksheet is included as a PDF file on the install DVD that new users can fill out prior to installation to ensure that all the correct information is included.

Key choices in the setup process are:

  • Language and keyboard layout
  • Mac OS X Server serial number (license key)
  • Setup of the initial server administrator account (the password of which is also set as the root password for the server)
  • Network/Internet configuration for each available Ethernet port
  • Network name, including the name that clients use to identify the server for file sharing as well as the Domain Name System name/address, which can be set by automatic lookup from a DNS server
  • Time zone and network time server
  • Server backup options using Leopard’s Time Machine (Note: Time Machine can only be used to back up Leopard Server in standard and workgroup modes because it is not designed to be an enterprise backup system for larger environments.)
  • Options for e-mail services, including the designation of a specific host to relay outgoing mail (if required by your Internet service provider) and a welcome message for new users
  • The option to enable VPN access
  • The option to allow client computers to use the server as a Time Machine backup location and to designate where backups will be stored
  • Options for setting up the server as an Internet gateway or router

At the end of the setup process, you can create new user accounts. This is optional, and you can skip this step and create them later using the Server Preferences application. Once the interactive setup process is complete, Server Assistant will attempt to verify that all network and related information is accurate. If there are problems with network or Internet connectivity, it will alert you and give you the option to go back and correct them.

Overall, the setup process is as user-friendly as one could expect Apple to make it. Most questions are asked in a straightforward manner, and there is on-screen help available at each step. Some information, particularly regarding network and Internet configurations, may still appear a little intimidating to nontechnical users. But there is little that can be done to avoid that. The included worksheet can help users without technical skills research and record most information ahead of time. Most experienced Mac technicians or power users will have no issues.

One thing that is important to keep in mind is that some DNS configuration may need to be done at the network or Internet provider level, particularly if you plan to offer services through an Internet connection. Again, experienced technicians and power users will probably have few issues with this. Less-experienced computer users, however, may find this to be the most intimidating piece of using Leopard Server, simplified setup or not. If services are not going to be provided beyond a local network, however, these issues may not be relevant.

Standard mode vs. workgroup mode

As I already mentioned, simplified setup is available in both standard and workgroup modes. The setup process and server management are largely the same from both modes. Standard mode is intended for when there is no larger infrastructure present (such as in a single office), while workgroup is designed to integrate with a larger network that contains a directory services infrastructure such as Apple’s Open Directory or Microsoft’s Active Directory.

In a larger networked environment, directory services store shared-user accounts that can be used to log into multiple servers (and often workstations) throughout the network. Most directory services also provide single-sign-on support where users are asked to only enter their usernames and passwords during log-in.

Workgroup mode allows you to “import” user accounts from a directory services system in addition to creating users on the server. You can import individual users from a directory services environment, or you can import all users that are members of groups that exist in the directory.

This import process creates accounts on the server that provide access to services hosted on that server for file sharing, instant messaging, shared calendars, etc. However, the usernames and passwords for these imported accounts are actually managed by the directory services system that they originally came from—Open Directory or Active Directory, in other words. Leopard Server will periodically check to ensure that its password information is synced with the larger directory services framework.

To facilitate functionality with directory services, during setup you will be asked to specify a directory server as well as the username and password of an account that has permission to query the directory server. You will also be asked to choose which services to provide. Finally, in addition to being able to create new accounts, you will also be asked if you want to import accounts from the directory server before completing setup.

Workgroup mode offers an unusual mix of functionality. On the one hand, it does allow users in a larger environment to use the same username and password for a departmental or workgroup server that they do for other services within a network. On the other hand, it also keeps the new server somewhat separate from the larger network in that only a subset of users will be able to log in and access resources hosted by the server.

One situation in which this could be particularly attractive is in a Windows Server/Active Directory environment where only a single department uses Macs. A power user or technician can provide Mac users with server support without the need for exceptional effort on the part of the Windows systems administration staff, which might not have the knowledge or desire to offer much Mac server support. In that situation, server or network managers don’t need to put in a lot of effort to serve users.

It seems a little less practical to implement a workgroup server in an environment where services are being provided by an advanced Mac OS X Server/Open Directory infrastructure or an integrated Active Directory/Open Directory environment. In these cases, it would seem more logical to provide services using Leopard Server’s advanced mode. There are, however, some situations in which workgroup mode might useful within an Open Directory environment. One possibility is where a satellite office or remote department might not have sufficient technical staffers to set up and manage Mac OS X servers.

Management via Server Preferences

When operating in standard or workgroup mode, Leopard Server is managed using the Server Preferences utility, either locally on the server or remotely on a Mac running Leopard. As you can see, the design of Server Preferences borrows many elements from the System Preferences utility used in Mac OS X. Server Preferences is divided into sections for managing users and groups, available services and system-level tools.

User management is extremely simple and is, again, almost identical to its counterpart in System Preferences—the Accounts pane in Mac OS X. Four simple tabs allow identification and editing of a user’s account information, contact information, any services that the user is allowed to access and groups to which the user belongs.

When a user is selected in the Accounts pane in Server preferences, the Accounts tab for that user allows you to perform the majority of administrative tasks, including designating if the user is allowed server administration capabilities. You can also insert a picture used in various places throughout the Mac OS X interface—including the log-in window and iChat instant messenger icon—and reset the user’s password. (Password reset offers an assistant to help choose secure passwords.) Group management is equally simple, with two tabs: one for settings such as group names and enabled services that include a shared folder, mailing and mailing list Web archive, Web calendar and group wiki and blog; and another tab for viewing and modifying group membership.

Service settings are also very simple, and each service includes a large on/off switch for enabling or disabling the service. Configuring file sharing is exceedingly simple and is strikingly similar to the file-sharing portion of Leopard client’s System Preferences Sharing pane.

The iCal Service offers two simple options for limiting the data size used by individual events or whole calendars. IChat, also simple, offers check boxes for automatically creating buddy lists of all users, enabling communication with external Jabber servers including Google’s GTalk. IChat also allows chat logging and archiving. The Mail service provides an easy-to-use slider and check box for configuring junk mail and virus filtering. This is in addition to outgoing e-mail relay, which is also offered in the setup process.

The Web service offers an option to define a home page for the server. This can either be a page created and stored on the server, or it can be easily set to a wiki page that allows access to all collaborative Web tools. Web services can also enable wikis for groups and can provide Web mail and blogs for users. Each option includes a link to view the appropriate Web service or page in a browser.

The VPN service provides fields for defining the IP address range to be used by VPN clients and is probably the single most complex item in Server Preferences. There’s an option for changing and viewing the service’s shared secret that is used to establish trust and encryption keys with clients, and a button creates a file that can be used to automatically configure Mac OS X access to the VPN server. (Note: Shared secret is where both the client and server possess a shared string of characters to establish trust between them and then generate an encryption key.)

Standard mode supports only shared secrets for securing VPN access and supports only the Layer 2 Transport Protocol (L2TP) for connections.

The System section of Server Preferences includes three items that display information about the server. Information shows licensing data, IP address, and file sharing and DNS names. The Logs section, the least user-friendly part of Server Preferences for novice administrators, provides access to the various service logs available for standard and workgroup mode services. This includes some of the traditional Mac OS X Server directory services logs.

1 2 Page 1
Page 1 of 2
Shop Tech Products at Amazon