Planning Your Deployment

Think about what Mac OS X Server can dooffer various services such as file sharing, storing user data, and running a Web serverand then think about what you want it to do. Table 1.1 lists the possible services that Mac OS X Server offers, to help you choose the ones you wish to implement. With all these services available to you, keep in mind that they tax your RAM, CPU, and hard disk(s). If you have a newer computer, you could run several of these services on one machine, but with older computers you're more limited. Your budget may only allow for a single Mac OS X Server, or you may have been asked to install Mac OS X Server on a much older Macintosh with just the bare system requirements. In later chapters, we discuss which services tax server hardware the most and which are likely to work fine on older Macintosh computers.

Table 1.1. Major Mac OS X Server Services
SERVICE	DESCRIPTION	YOU MIGHT IMPLEMENT THIS SERVICE WHEN...
Application Server	Runs Java servlet or Tomcat applications directly from the server	You have qualified applications that must run from the server
AFP File Sharing	Shares files over the Apple Filing Protocol to other Macintosh computers	Users need to share files with both older and newer Macintosh operating systems
DHCP Server	Offers IP addresses and associated information to other computers and devices	Mac OS X Server is needed to offer addresses to all other devices, regardless of operating system
Domain Name Server	Directs requests for listed fully qualified domain names to be directed to given IP addresses	You want the server to have a fully qualified domain name, such as applecore.com
Firewall	Protects the server and network from possible attacks	Protection of the server is paramount
FTP File Sharing	Allows access to the server via the ubiquitous File Transfer Protocol	Users must transfer files to your server from a variety of operating systems and you aren't too concerned about security
Kerberos Key Distribution Services	Allows authorization of services without sending the password across the network	The services you wish to offer allow Kerberized connections, thus increasing security
LDAP Directory Server	Holds user information such as long name, short name, user ID, and preference settings	You want greater management capabilities over all your users
Mail Server	Used to send and/or receive mail	Users need to send and receive mail
NetBoot Server	Allows qualified Macintosh computers on the network to boot from a disk image on the server	You have a lab setting and want to boot and/or reconfigure disks on several Macintosh computers at once
Network Address Translation Service	Acts as a router, sending information from one network to another	You have two network cards pointing to two different networks
NFS File Sharing	Facilitates sharing with Unix machines	You need to share files with Linux or other Unix machines
Printer Server	Creates and manages printer queues and quotas	Control over printers is required
QuickTime Streaming Server	Streams live or prerecorded audio and video content	Video/Audio files need to be seen by others locally and over the Internet
SMB File Sharing	Shares files with Windows computers	Users need to share files with Windows computers
Virtual Private Network Server	Permits the secure connection of remote clients	Remote clients need to log in to your server in a secure fashion
Web Server	Serves up Web sites	There is at least one Web site you want others to have access to

As you saw in Table 1.1, a variety of services can be run on Mac OS X Server. Some of the more popular implementations of Mac OS X Server are as a Lightweight Directory Access Protocol (LDAP) directory server; as an Apple Filing Protocol (AFP), a Server Message Block (SMB), and/or a File Transfer Protocol (FTP) file server; or possibly as a print server. Other, older, more entrenched servers handle the duties of Domain Name Server (DNS), Dynamic Host Configuration Protocol (DHCP), Web, and email services. It's also likely that a separate server or other network device, such as a dedicated device designed just to protect your network, is providing security services, such as a firewall, network address translation, and/or a proxy service. Other servers probably provide secure remote logins and run as application servers.

Decide carefully what you want to run on your server. Overloading a new server with several services at once makes troubleshooting difficult. Don't misunderstand: Mac OS X Server on a multiprocessor G5 Xserve with 2 GB of RAM can handle just about anything thrown at it. But turning on services without proper planning can lead to an insecure server and possible conflicts later.

Throughout, this book will discuss which services demand more of the server than others. Should this server be elevated in the hierarchy of computers in your organization, you might want to utilize a second network card so you can connect your server to another network, something that is standard on the G5 Xserve and was optional on the G4 Xserve. If you choose to have Mac OS X Server become your domain name server, take great pains to understand the ramifications involved: Incorrectly implementing the domain name server can cause many services not to function properly, as you'll see in Chapters 3 ("Open Directory") and 6 ("Network Configuration Options"). Often an existing domain name server is present, so making the Mac OS X Server a secondary domain name server is an excellent idea in case the first one fails. Allowing your Mac OS X Server to be the path between your local area network inside and the brutally insecure and hostile world of the outside Internet requires some education about the firewall rules, discussed in Chapter 10 ("Security").

For some, this will be the first time you've installed a server of any kind. Others may be adding Mac OS X Server to a network with existing servers that run a variety of software. Let's look at some popular scenarios that exist today.

Secondary server scenario

Let's examine a common scenario where one serverin this case, an Active Directory serveris already in place (we'll discuss Active Directory in Chapter 3). The Active Directory server is the primary domain name server and the directory data store. It may also be the application server, the DHCP server, and the print server. Mac OS X Server can fit perfectly into this network by providing file-sharing services for both the Macintosh and Windows computers on the network. Mac OS X Server can also control how the Mac OS X client computer's preferences are handled, hold the folders where users store their data, function as an internal Web server (possibly running WebDAV), and run as a NetBoot server to allow the lab Macintosh computers to boot off an identical system disk every time (see Table 1.1 for a brief explanation of the services in this paragraph).

AppleShareIP server upgrade scenario

Another common scenario involves upgrading an AppleShareIP server to or replacing it with Mac OS X Server. In this case, the Mac OS X Server is king of the hill, responsible for the directory data store, domain name service, file and print services, DHCP, mail, and more. The server will likely have more services running than the ASIP server it's replacing, and it will be busy handling requests for all sorts of data. In this case, a fast connection utilizing the Macintosh's Gigabit Ethernet network card(s) will serve you best, because if you have a G5 Xserve, both network interfaces are likely to be active. If you're doing the upgrade on a PowerMac, you'll probably have one network interface that will be utilized to its full potential.

Megabit and Gigabit

Newer Macintosh computers can communicate with other devices on the network much faster than older ones. Whereas older computers started transferring data at 10 megabits per second, 100 megabits per second soon became the standard. Now, any PowerMac or Xserve you purchase can transfer data at 1000 megabits per second! This transfer rate is called 1 Gigabit per second; and since it's done over the Ethernet interface, it's commonly referred to Gigabit Ethernet.

A Bit about Unix and Mac OS X Server

Mac OS X and Mac OS X Server were built on top of Unix. This book isn't intended to teach you Unix; however, you should know some basics before you dive into Mac OS X Server. Planning your installation with a nod toward optional Unix administration makes good sense.

With that in mind, know that Mac OS X Server was designed to be administered either locally or remotely with a few main tools, as you'll see in the next chapter. It was also designed with the option to be administered almost totally from the command line. Understanding a few fundamentals of the command-line structure will help you better manage Mac OS X Server.

The structure of Unix lends itself to the path style of naming, such as /Applications/iTunes, where Applications is a folder and iTunes is the item within that folder. If the folder begins with a slash (/), then you can assume the folder is sitting on the top level of the hard disk or volume. In this book, we'll use this method to describe the location of items.

The main application used to launch a command-line interface is the Terminal, which is located inside /Applications/Utilities. After Mac OS X Server has been configured, the Terminal is automatically placed in the Dock for you.

If you can use a command-line interface while sitting in front of a computer, you can use that interface to manage any other Mac OS X and/or Mac OS X Server system by remotely accessing that computer. Mac OS X Server has a command-line process (a process is an application that, in this case, has no user interface) called the ssh daemon (sshd for short) running automatically. This process allows a user to log in to the server from a remote location.

It's easy to log in to your Mac OS X Server from a remote machine. Open the Terminal application, and type the following: ssh server-administrator's-short-name@ip-address-of-the-server and press Return. Answer yes to the next question about setting up a key, press Return again, and enter the server administrator's password.

You're now logged in to your Mac OS X Server from where you sit, and you can manage things remotely with several command-line tools at your disposal. These tools take a bit of getting used to, but they can often save you a trip to the location of the server to change a setting.

NetBoot server scenario

This scenario involves setting up a Mac OS X Server as a school NetBoot server. This server provides the initial startup image. It erases the internal hard disk on each machine in the school's various labs and copies customized, bootable images; each lab receives the appropriate image for its particular task that day. This server may also act as the directory data store, allowing students to log in from anywhere in the school and see their home folder.

QuickTime Streaming server scenario

In this scenario, a server has been set up as a QuickTime Streaming server and possibly a QuickTime Broadcaster server. This server's job is to take live input from a camera and stream it out to all employees, allowing them to watch the CEO's latest company announcement. When it isn't being used as a live streaming server, it streams audio and video content stored as movie files on the server to employees' desktops. These files consist of mandatory safety videos, human resource updates, and meetings recorded earlier so that attendees can gather information they missed in the initial meeting. All these audio and video streams are, of course, logged to a file so human resources can document who watched what safety video and when. The result is a reduction in the amount of time employees spend away from their desks engaging in such mandatory activities.

Each of these scenarios takes proper planning to set up, deploy, and install Mac OS X Server, and they are by no means the only uses of Mac OS X Server. Nor are you pigeonholed into a particular scenario, running only the configurations mentioned here. The bottom line is to carefully evaluate your needs, what role Mac OS X Server will play with respect to those needs, and how Mac OS X Server will grow and possibly take over the duties of some lesser, inferior servers.