When Apple Computer Inc. ships Panther Server on Friday, IT professionals can expect to see over 150 new features and enhancements made to the server software — and those are not the same new features found in the client edition of Panther. The overwhelming theme to this major operating system update is integration using open source and open standards.
“We are talking about this operating system as ‘open source made easy,’ Apple’s director of Server Software, Tom Goguen, told MacCentral. “We’ve done a lot of work in the past year and a good amount of time was spent doing some innovative things with open source technologies.”
One of the biggest changes users will see is with the mail server technology. The mail server included with Panther Server is actually made up of six separate open source projects: Postfix, a mail transport agent; Cyrus, a project out of Carnegie Mellon for Pop and IMAP support; OPEN SSL for secure transport from the client to the server and server to client; Mailman, to support mailing lists; Squirrel mail, a webmail solution; and Berkeley DB for indexing of mail messages on the server.
At the request of developers, Apple has also added the ability to run J2EE applications by implementing JBoss, which is built into the platform as of the Panther release. Apple made sure that the WebObjects deployment environment works on top of JBoss, so users get a higher level of application support.
Updated Directory Services
Panther Server will ship with several huge enhancements for mixed computing environments. New to the platform will be integrated support for Active Directory and authentication against Active Directory accounts.
“There are a lot people out there who need Active Directory to help them try to reduce the cost of supporting their Windows environment, so they’ve taken on the chore of using Active Directory,” said Goguen. “In those cases we wanted to make sure they could still take advantage of the Mac platform.”
Goguen said he always prefers the open standards approach, but didn’t want to leave customers using Active Directory without options. Panther Server will be a plug and play experience for operating systems that use open standards like Linux or Sun ONE.
“We are trying to do open standards and open source technology, making it accessible and useful to people that don’t necessarily have or even desire to have a strong Unix background,” said Goguen.
Open Directory, Kerberos and Samba 3
Panther Server will include a completely new implementation of Open Directory, which Apple calls Open Directory 2.0. Open Directory, which is based on the open source technology Open LDAP, runs on Berkely DB, a high performance database used in directory service environments.
Apple combined the new version of Open Directory with an authentication authority, adding support for MIT’s Kerberos KDC. Goguen said that Apple is recommending that all of their customers look at Kerberos as the infrastructure for authentication on their networks.
Replication is another new open source technology found in Panther Server that works with Open Directory. With Replication you can designate servers in an organization to be replicas of the master directory server. The technologies can be set up so people will login to different servers, essentially offering load balancing — if one of the servers fails it will try to authenticate on one of the other remaining servers.
The amount of passwords needed in a typical corporate environment these days causes all kinds of security risks, according to Goguen. Apple has come up with a solution that it calls Single Sign-in.
“From a security standpoint having multiple passwords is worse than having a single password,” said Goguen. “What people tend to do is write down the passwords and stick them under the keyboard or on their monitor so they don’t forget them. This leads to all sorts of security risks.”
With Single Sign-in, which uses Kerberos, a user can login with a username and password, and get secure authenticated access to all of the network services without ever entering the password again.
Apple integrated its support for Samba 3 into Open Directory so users on the system only need one user account. If a user on a network uses a Mac and a Windows-based PC, they can use the same username and password, and the system will automatically mount the network home directory — for the PC it also maps it to a drive letter.
In addition, the user can also setup login scripts to customize the network on the platform they are using. For instance, a user could remap the MyDocuments folder on a Windows machine to go to the documents folder in the home directory on the network — the same directory they would go to if they logged-in from their Macintosh.
“We think this is an awesome solution for businesses that are looking for a way to upgrade their aging Windows machines — I’m telling them upgrade to a Mac,” said Goguen.
Interface gets spruced up
In addition to all of the changes made to underlying technologies in Mac OS X Panther Server, Apple also made a few interface changes to the operating system.
Two applications found in Jaguar Server have been combined into one server management tool in Panther Server. Server Settings and Server Status have become Server Admin in Panther Server — the new application also adds some new features like a DNS configuration tool, which puts a GUI on the backend Unix files.
Like the Xcode development team, the Panther Server team utilized the design of iTunes for their new Server Admin application. The left hand side of the application has a list of servers that, when clicked, will show the user all of the services currently running on that server.
How automatic is Automatic Setup
In this case automatic really does mean automatic — setting up a server may never have been so easy.
When you setup Mac OS X Server and enter your network configuration, Panther can save that as a configuration file on a hard drive, like an iPod. If another server is added to the rack, you plug in the iPod to the new server and it will automatically discover and mount the iPod, find the configuration file, load it and reboot itself and then its ready to go. The entire procedure takes about two minutes.
The process is much the same if an organization is deploying 40 or 50, or even 1000 servers and using LDAP. The configuration file is saved to the LDAP directory and when the servers boot for the first time the servers will get an IP address from DHCP, discover the directory server, probe the LDAP server, download the configuration file, reconfigure themselves and reboot.
“This shows some of Apple’s ability to innovate in this space and provide some really cool solutions to help people get the servers into production quickly,” said Goguen.
One big change for Panther Server will be its support for the G5. Mac OS X Jaguar Server does not support the G5 and Goguen confirmed that Apple would not upgrade Jaguar Server to support the G5 in the future.
Currently, Apple’s rackmount server, the Xserve, is still running a G4 processor, but organizations could take advantage of the G5 optimizations in Panther Server if they had a cluster or similar setup. Of course, Apple will upgrade the Xserve with the G5 at some point in the future, but no timeframe has been set.
For the time being, Apple will ship the Xserve with Jaguar Server and Panther Server for those organizations that need a bit more time before they upgrade.
“This reflects the need of some organizations that have standardized on Jaguar Server and may not upgrade to Panther Server as their standard deployment for a few months,” said Goguen.
Will organizations switch?
Even with a product like Panther Server, which offers seamless integration into mixed networking environments and many new open source technologies, adoption is not a sure thing.
“Apple’s late entrance into the server market presents a significant obstacle to its server business, Technology Business Research analyst, Tim Deal, told MacCentral. “Apple entered the market at a time when product loyalties were firmly drawn and regardless of the quality of its hardware and the increased functionality of Panther Server, Apple has to convince some of the most diehard technophiles in the industry to take a chance and “switch.”
While Apple tries to make inroads into other server markets they should be able to count on their core customers for support, which is where Deal thinks the operating system will be the most popular.
“Panther Server will most likely be used in workgroup environments withinApple’s core verticals: design, education, scientific, film and video,” said Deal.