In the previous version of Apple Mac OS X Server (10.2), service parameters were managed through a graphical user interface (GUI) tool called Server Settings, while log files for each of those services were read using a tool called Server Status. For the latest X Server release, Version 10.3, or Panther, the functionality of both of those tools, plus a bit more, has been combined into a single utility called Server Admin. What follows is a look at the new GUI, with screenshots and explanations of what I believe are the best new features.
The Server Admin tool is configured much like the Server Status tool was, except that “chicklets” now replace the tab selectors — a stylistic change that reflects the updated look of Panther. Also, the last option under each tab allows you to alter the settings for the corresponding service. Convenient.
On the general tab, two improvements stick out for me. The first is the addition of a filter option that allows for quick sifting of a log file for a specific text string. For those looking for a single user log-on after several days of access, this is a welcome feature. The general tab also provides access to the software update feature, allowing administrators to remotely update their server without logging in (and oftentimes without restarting the entire box).
Nothing has changed in the AFP options from Jaguar, except for a secure connections checkbox. Application Server manages the JBoss and Tomcat services used in serving applets to Web clients.
The DHCP server is much improved. In the previous release, I had the unfortunate experience where my DHCP server would get an IP request, decide that the client should actually be requesting a different IP and then deny the client request. Nothing more could be done, and the client wouldn’t get an IP until I changed the machine name. I’m happy to say that that bug has been squashed in Panther, and even if I restart a client 500 times in a short period and/or boot 20 clients with the same DHCP name (and then change them to individual names), the DHCP server handles the work gracefully. On the administration side, the only major change to DHCP service management is the addition of a WINS tab. This is needed to support Windows primary domain controller (PDC) emulation, but it also makes the Panther server a better corporate citizen in the primarily Windows-based corporate environment.
The DNS tab has been greatly revised from Jaguar, where it was simply an on/off switch, with configuration done manually in the .conf files. This iteration sports a new GUI for setting up various zones and automatically generates reverse lookup zones and records. I have had some issues getting zone transfers to work when setting up my server as a slave domain, a problem I didn’t have under Windows 2000. (If anyone has been successful in doing this, let me know.)
The firewall control is much improved, allowing for the configuration of multiple subnets and interfaces all from the GUI. In addition, many more preset ports have been added to the predefined ports, including certain Apple-specific ports that were previously undefined and required for network log-on. The advanced tab is where specific rules can be set up for each of the interfaces and ports. Although I would like to see a filter option in this log — just the like the general tab — overall, the firewall interface is much easier to manage and represents a welcome upgrade.
The FTP service is also unchanged. I would have liked for SFTP connections to register in the FTP log rather than the server log, and I would love it if SFTP connections could be subject to the same rules as FTP connections. But I realize that this issue relates to the nature of those services. Still, perhaps the engineering geniuses in Apple’s server group will eventually find a way to do this.
Since I don’t run a separate mail server from the university, I can’t comment on the stability or interconnectivity of the mail server. But the GUI indicates to me that there are many more features in this release, including the ability to block anonymous relay and set up mailing lists. And there’s support for nearly all standard mail protocols and authentication methods.
The NAT setting isn’t really featured and is probably aimed at very small office groups where the server represents the only Internet connection. Still, I would advise against using your server as a NAT gateway. Get a router with NAT from your ISP if addresses are an issue.
Netboot really works in Panther and is finally ready for prime time deployment, but is too involved to get into here. Please let me know if there’s interest in such a report. If there is, I’ll set up a test lab and report back.
The NFS tab is designed for monitoring the service, while the Open directory tab takes on the functionality of the Open Directory Manager in the previous version of X Server. It allows you to select the type of server you are running (master, backup or stand-alone). You can also configure the LDAP and NetInfo settings here. The advanced tab provides a place to check master settings for the accounts that override the setup in the workgroup manager. Use these as your minimum settings, and then you can be more stringent for specific groups in the workgroup manager if needed. I’m glad Apple added a lockout threshold in this iteration. The only things missing are a setting for the time before the wrong-password count resets and a way to automatically have the account unlock after a certain period of time.
Printing is much the same as before, though I’m not sure if quotas actually work in Panther. My guess is that they will.
Quicktime streaming is greatly enhanced in this release. Both the publishing and management have been made dramatically easier; I will cover those in my next article.
VPN services make their debut, but at this time don’t seem to be fully functional. I hear that the engineers are working furiously on this and will have it all working by the 10.3.2 release.
Web services are mostly unchanged, except for the ability to activate or deactivate modules through the GUI rather than the .conf files. This represents another welcome enhancement.
Finally, we come to Windows services. This iteration of Apple Server offers the ability to emulate a Windows PDC. This feature is most welcome in those environments that are primarily Mac-based but need a way to serve Windows clients and provide directory information. This may also provide a hook for the Apple server to participate in the Windows domain and appear just like a Windows server to the other PCs. Extensive testing is needed, but the functionality should give enterprise IT managers yet another reason to seriously consider the Apple Server as a viable player in the corporate environment.
So there you have a quick look at some of the changes and improvements in Panther Server. I suggest you get your own copy and begin experimenting to see how well it works and in the meantime I’ll continue to explore the features of this latest release and report back. Feel free to send me your questions, comments and curses. As always, I welcome your feedback to y.kossovsky@ieee.org.