Planning Your Deployment

Think about what Mac OS X Server can dooffer various services such as file sharing, storing user data, and running a Web serverand then think about what you want it to do. Table 1.1 lists the possible services that Mac OS X Server offers, to help you choose the ones you wish to implement.

Table 1.1. Major Mac OS X server services
SERVICE	DESCRIPTION	YOU MIGHT IMPLEMENT THIS SERVICE WHEN...
Application Server	Runs Java servlet or Tomcat applications directly from the server	You have qualified applications that must run from the server.
AFP File Sharing	Shares files over the Apple Filing Protocol to other Macintosh computers	Users need to share files with both older and newer Macintosh operating systems.
DHCP Server	Offers IP addresses and associated information to other computers and devices	Mac OS X Server is needed to offer addresses to all other devices, regardless of operating system.
Domain Name Server	Directs requests for listed fully qualified domain names to be directed to given IP addresses	You want the server to have a fully qualified domain name, such as afp548.com.
Firewall	Protects the server and network from possible attacks	Protection of the server is paramount.
FTP File Sharing	Allows access to the server via the ubiquitous File Transfer Protocol	Users must transfer files to your server from a variety of operating systems and you aren't too concerned about security.
iChat server	Permits the running of a Jabber server	You want an internal iChat server to which iChat clients can connect.
Kerberos Key Distribution Center	Allows authorization of services without sending the password across the network	The services you wish to offer allow Kerberized connections, thus increasing security.
LDAP Directory Server	Holds user information such as long name, short name, user ID, and preference settings	You want greater management capabilities over all your users.
Mail Server	Used to send and/or receive mail	Users need to send and receive mail.
NetBoot Server	Allows qualified Macintosh computers on the network to boot from a disk image on the server	You have a lab setting and want to boot and/or reconfigure disks on several Macintosh computers at once.
Network Address Translation Service	Acts as a router, sending information from one network to another	You have two network cards pointing to two different networks.
NFS File Sharing	Facilitates sharing with Unix machines	You need to share files with Linux or other Unix machines.
Printer Server	Creates and manages printer queues and quotas	Control over printers is required.
QuickTime Streaming Server	Streams live or prerecorded audio and video content	Video/audio files need to be seen by others locally and over the Internet.
SMB File Sharing	Shares files with Windows computers	Users need to share files with Windows computers.
Software Update Server	Controls Apple Software Updates internally	You want users to have to connect to the internal Software Update server to reduce the load on the outside connection.
Virtual Private Network Server	Permits the secure connection of remote clients	Remote clients need to log in to your server in a secure fashion.
WebObjects	Deploys WebObjects applications	You want to run your custom-built WebObjects applications from this server.
Web Server	Serves up Web sites	There is at least one Web site you want others to have access to.
Xgrid Server	Controls distributed computing to Xgrid clients	Leverage idle computers' CPU cycles to decrease time spent rendering or computing projects.

Keep in mind that all these available services tax your RAM, CPU, and hard disk(s). If you have a newer computer, you could run several of these services on one machine; but with older computers, you're more limited. Your budget may only allow for a single Mac OS X Server, or you may have been asked to install Mac OS X Server on a much older Macintosh with just the bare system requirements. In later chapters, we discuss which services tax server hardware the most and which are likely to work fine on older Macintosh computers.

As you saw in Table 1.1, a variety of services can be run on Mac OS X Server. Some of the more popular implementations of Mac OS X Server are as a Lightweight Directory Access Protocol (LDAP) directory server and Kerberos Key Distribution Center; as an Apple Filing Protocol (AFP), a Server Message Block (SMB), a File Transfer Protocol (FTP) file server; or possibly as a print and iChat server. Other, older, more entrenched servers handle the duties of Domain Name Server (DNS), Dynamic Host Configuration Protocol (DHCP), Web, and email services. It's also likely that a separate server or other network device, such as a dedicated device designed just to protect your network, is providing security services, such as a firewall, network address translation, and/or a proxy service. Other servers probably provide secure remote logins and run as application servers. This doesn't mean you're limited in your deployment of Mac OS X Server. Should you wish to use your server in this fashion, an excellent tool called the Gateway Setup Assistant walks you through those options.

Before you go hog wild, decide carefully what you want to run on your server. Overloading a new server with several services at once makes troubleshooting difficult. Don't misunderstand: Mac OS X Server on a multiprocessor G5 Xserve with 2 GB of RAM can handle just about anything thrown at it. But turning on services without proper planning can lead to a nonsecure server and possible conflicts later.

Throughout this book you'll find discussions about which services demand more of the server than others. Should this server be elevated in the hierarchy of computers in your organization, you might want to utilize a second network card so that you can connect your server to another network, something that is standard on the G5 Xserve and was optional on the G4 Xserve. If you choose to have Mac OS X Server become your Domain Name Server, take great pains to understand the ramifications involved: Incorrectly implementing the DNS can cause many services not to function properly, as you'll see in Chapters 3 ("Open Directory") and 6 ("Network Services Options"). Often an existing DNS is present; making the Mac OS X Server a secondary DNS is an excellent idea in case the first one fails. Allowing your Mac OS X Server to be the path between your local area network inside and the brutally nonsecure and hostile world of the outside Internet requires some education about firewall rules, discussed in Chapter 10 ("Security").

For some, this will be the first time you've installed a server of any kind. Others may be adding Mac OS X Server to a network with existing servers that run a variety of software. Let's look at some popular scenarios that exist today.

A Bit about Unix and Mac OS X Server

Mac OS X and Mac OS X Server were built on top of Unix. This book isn't intended to teach you Unix; however, you should know some basics before you dive into Mac OS X Server. Planning your installation with a nod toward optional Unix administration makes good sense.

Mac OS X Server was designed to be administered either locally or remotely with a few main tools, as you'll see in the next chapter. It was also designed with the option to be administered almost totally from the command line. Understanding a few fundamentals of the command-line structure will help you better manage Mac OS X Server.

The structure of Unix lends itself to the path style of naming, such as /Applications/iTunes, where Applications is a folder and iTunes is the item within that folder. If the folder begins with a slash (/), then you can assume the folder is sitting on the top level of the hard disk or volume. In this book, we'll use this method to describe the location of items.

The main application used to launch a command-line interface is the Terminal, which is located inside /Applications/Utilities. After Mac OS X Server has been configured, the Terminal is automatically placed in the Dock for you.

If you can use a command-line interface while sitting in front of a computer, you can use that interface to manage any other Mac OS X and/or Mac OS X Server system by remotely accessing that computer. Mac OS X Server has a command-line process (a process is an application that, in this case, has no user interface) called the ssh daemon (sshd for short) running automatically. This process allows a user to log in to the server from a remote location.

It's easy to log in to your Mac OS X Server from a remote machine. Open the Terminal application, type ssh server-administrator's-short-name@ip-address-of-the-server, and press Return. Answer yes to the next question about setting up a key, press Return again, and enter the server administrator's password.

You're now logged in to your Mac OS X Server from where you sit, and you can manage things remotely with several command-line tools at your disposal. These tools take a bit of getting used to, but they can often save you a trip to the location of the server to change a setting.

Secondary server scenario

The most common scenario is where one serverin this case, an Active Directory serveris already in place (we'll discuss Active Directory in Chapter 3). The Active Directory server is the primary DNS and the directory data store for the organization. It may also be the application server, the DHCP server, and the print server. Mac OS X Server can fit perfectly into this network by providing file-sharing and chat services for both the Macintosh and Windows computers on the network. Mac OS X Server can also do the following:

Control how the Mac OS X client computer's preferences are handled
Hold the folders where users store their data
Function as an internal Web server (possibly running WebDAV)
Run as a NetBoot server to allow the lab Macintosh computers to boot off an identical system disk every time
Utilize the Software Update Server service to permit Macintosh computers on your network to pull Apple software updates off the internal server, reducing throughput on your precious outside connection

See Table 1.1 for a brief explanation of the services in this list.

AppleShare IP server upgrade scenario

Another common scenario involves upgrading an AppleShare IP (ASIP) server to or replacing it with Mac OS X Server. In this case, the Mac OS X Server is king of the hill, responsible for the directory data store, domain name service, file and print services, DHCP, mail, software updates, and more. The server will likely have more services running than the ASIP server it's replacing, and it will be busy handling requests for all sorts of data. In this case, a fast connection utilizing the Macintosh's Gigabit Ethernet network card(s) will serve you best, because if you have a G5 Xserve, both network interfaces are probably active and can be joined together to provide even more aggregate bandwidth.

NetBoot and Software Update Server scenario

This scenario involves setting up a Mac OS X Server as a school's NetBoot and Software Update Server to provide the initial startup image. It erases the internal hard disk on each machine in the school's labs, and it copies customized, bootable images; each lab receives the appropriate image for its particular task that day.

The server also does double duty as a Software Update Server, providing Apple software updates internally. As an added bonus, this server may also act as the directory data store, allowing students to log in from anywhere in the school and see their home folder.

Megabit and Gigabit

Newer Macintosh computers can communicate with other devices on the network much faster than older ones. Whereas older computers started transferring data at 10 megabits per second, 100 megabits per second soon became the standard. Now, any PowerMac or Xserve you purchase can transfer data at 1000 megabits per second! This transfer rate is called 1 Gigabit per second; and since it's done over the Ethernet interface, it's commonly referred to Gigabit Ethernet.

QuickTime Streaming Server scenario

In this scenario, a server has been set up as a QuickTime Streaming Server and possibly a QuickTime Broadcaster Server. This server's job is to take live input from a camera and stream it out to all employees, allowing them to watch the CEO's latest company announcements. It also streams audio and video content stored as movie files (mandatory safety videos, human resource updates, and meetings recorded earlier so that attendees can gather information they missed) on the server to employees' desktops. All these audio and video streams are, of course, logged to a file so that human resources can document who watched what video and when. The result is a reduction in the amount of time employees spend away from their desks engaging in such mandatory activities.

Each of these scenarios takes proper planning to set up, deploy, and install Mac OS X Server, and they are by no means the only uses of Mac OS X Server. Nor are you pigeonholed into a particular scenario, running only the configurations mentioned here. The bottom line is that you must carefully evaluate your needs, the role Mac OS X Server will play with respect to those needs, and how Mac OS X Server will grow and possibly take over the duties of some lesser servers.