An Apple a Day: Planning and Implementing Macintosh OS X

Apple is famous for creating simple, streamlined, and straightforward products like the iPod and the iMac. Apple's OS X operating system takes after these easy-to-use products, with its stable Unix core and shiny interface. Until the OS X Server was available, Windows NT or 2000 Server was the most commonly used operating system to set up a server-based Macintosh network. Now with the company's OS X server, wrapped in the distinct Macintosh interface and offering a simplified setup and configuration, you don't have to use Windows to run a Mac network. We'll take you through the process of setting up OS X Server on your own network.

With the introduction of the Macintosh OS X Server, a new (at least to the Macintosh) network architecture called Open Directory was introduced. Open Directory is a great example of how Apple assembled a set of relatively complex technologies in an easy-to-use package. The latest version of Open Directory includes Kerberos, a complex user authentication scheme developed at MIT; OpenLDAP, an open, standards-based directory services technology; and Rendezvous , Apple's resource discovery protocols. These tools are available outside of OS X, but require significant effort to install, configure, and maintain. With the OS X Server, these technologies are much easier to setup and use.

In practice, Open Directory is a powerful way to create server-centric Macintosh networks, much like Windows Server allows for server-centric Windows networks. Open Directory allows you to create a set of user accounts and network shares on the server, and lets you set up client Macintosh computers to use these resources to authenticate users and share data. At its core, Open Directory is an implementation of a set of open standards-based software -- including Kerberos and OpenLDAP -- integrated into the OS X Server user interface.

The biggest benefit to Open Directory is its ability to create, configure, and host user accounts on the server, allowing users to log on from any properly configured Macintosh computer on the network. Once users are logged in, they're presented with their usual desktop and home directory, as though their account were on the local machine. This can simplify support, improve the user experience, and increase security.

For more information on OS X Server's full capabilities check out the official Apple documentation, available on the OS X Server media or from Apple's Web site .

Why not Microsoft Windows Server?

Until OS X Server was available, Windows NT or 2000 Server was the most commonly used operating system to set up a server-based Macintosh network. While Windows Services for Macintosh provides excellent print and file services and allows for user account-based permissions to network resources, OS X Server has the same capabilities -- but, with the inclusion of Open Directory. That means you can manage all aspects of user accounts from the server, as opposed to just network file and print services as Windows lets you do. Keep in mind that Windows Server is still the lower-cost solution (especially with Windows Server donations available at TechSoup Stock). For organizations with a limited budget that need only file and print sharing, a Windows-based server may be the better option.

Planning

Even with all of its pretty Macintosh styling, Open Directory is a complex technology that requires significant planning to implement properly. Compared to other Macintosh technologies, it's much less forgiving of mistakes. So take your time and read the manual. Apple includes this page ofexcellent set of references with the OS X Server software and it's worth your time to pour through them.

When planning your implementation, start with the hardware. Because the OS X Server has a very heavy footprint, you'll want a Macintosh computer with at least 700 MHz G4 CPU and 512 MB of RAM. As with all servers, we recommend setting them up with mirrored drives partitioned with the operating system (OS) and applications separate from the data storage and user directories.

Client computers should be running OS X 10.1, at a minimum. Though almost all "modern" Macintoshes (iMac and later) can run OS X, we recommend at least a 600 MHz G3 processor and 256 MB RAM in order to get reasonable desktop performance.

For an Open Directory network to function properly, you'll need a TCP/IP-based network, at a minimum a 10baseT Ethernet , preferably a 100baseT switched Ethernet. (TCP/IP is a protocol for communication between PCs and it's used as a standard for sending data over networks.) And if you have a large network with lots of clients, a gigabit connection to the server may be appropriate.

Using a static IP address for the server will greatly simplify configuration. Plus, this is a much more robust way to configure your network. We recommend using DHCP for the network configuration of the client computers, as this is a quick and easy way to set up the networking. OS X Server has an integrated DHCP server.

One of the big advantages to Open Directory is the very robust security it can provide. But to make good use of this security, an organization needs to adopt user accounts for each user, and implement user groups to organize these accounts. When properly configured, it's nearly impossible to log into a networked Macintosh without a valid username and password. This is may be a big change for most Macintosh users, but security precautions are no longer a luxury, they're a necessity.

As with any other file server, the OS X Server is capable of creating as many file shares as you want. But too many shares can create confusion for users, so plan out how you want to setup the server's file shares. See this article,TechSoup article , for pointers in planning out your file-sharing scheme.

And finally, don't forget to set create a backup system. One of the big disadvantages to a server-based network is that all the organization's data will be concentrated in one place: the server. Though this makes management easier, it also means that if the server fails, you risk losing all of your organization's data.

Implementation and Installation

The OS X Server implementation process is relatively simple and if you need help, step-by-step directions are included with the software. However, the documentation assumes that the installation is taking place in a complete and robust networking environment, which is often not the case in most small networks. So there are some important precautions to take during the installation.

As with most Macintosh software installations, the process is all point-and-click. Insert the CD, reboot, and the installation process starts. For the most part, the default options at this point will be appropriate for most networks, so just follow the onscreen prompts. Once the OS is installed, the computer will reboot into OS X Server.

At this point, almost all services are turned off by default. You will need to use the Server Admin tool to configure the services you want to use, which most commonly include DHCP, DNS, Open Directory, file services, and NAT. One nice thing about OS X Server is that the administrative tools can all be run on any Macintosh on the network, so you don't actually have to sit at the server to configure and manage it.

There is one aspect of service setup that is very important and easily overlooked. The DNS service must be properly configured before activating Open Directory. This means you need to create a DNS domain for your internal network and setup entries for your server in this domain, and make sure the server is referencing this domain in it's TCP/IP setup. Be sure that forward and reverse lookups for the server's address are working properly from the server before configuring and activating Open Directory. The DNS server included with OS X Server is relatively easy to use and configure, and the documentation for this service is reasonably clear. But be sure to double-check these settings. Because if DNS is not setup right when you attempt to start up Open Directory, it will fail, and cannot be repaired without re-installing the operating system. Yep, that's right, re-installing the software, so please be careful.

Once the services you need are configured, you can use the Workgroup Manager tool to setup user accounts, user group, and file shares. A key part of this is configuring home directories. There are a number of different options for this, so read the documentation and setup the home directories as appropriate for your organization.

Once the server is up and running, with services configured and user accounts setup, you can get started with the client computer configuration, which is pretty straightforward. Install OS X on each machine, if you haven't already done so. The default settings are fine for the most part. Configure the network services, making sure that the client computers are using the server for DNS. Make sure the clocks are synchronized between the client computers and the server, which is easiest to do by checking the "Set Date and Time automatically" box in the Date and Time pane in the System Preferences. Kerberos logins will fail if the time between the server and clients varies too much.

To integrate the client computers with the Open Directory on the server, start the Directory Access application located in the Utilities folder within the Applications folder. Check the box next to LDAPv3 to enable LDAP support, and then click the Configure button to configure the service. You can use DHCP to set the LDAP server, or enter the server in manually. Reboot the computer and users with Open Directory accounts should be able to log on.

OS X is a really solid network operating system that smoothly integrates with Macintosh desktop computers, something that's been missing up until now. It greatly simplifies Macintosh network setup, configuration, and maintenance. Server-based user accounts can allow for a very flexible work environment, especially useful if you have more staff than computers. And like all Macintosh technologies, it's comparatively easy-to-use, allowing organizations with limited technical resources to make use of top quality, secure, and robust technologies.