AFP548 Lion Server Review

Hi, folks! A lot has been going on here recently: Lion has been released, I've been playing with Final Cut Pro X, and I've migrated TASB — and all my other web sites as well — to a new hosting provider. Posts are in the pipe for all these things, and I'll post them as soon as I can. But I wanted to post a link to this Lion Server Review as it's really the only comprehensive thing I've seen regarding the new release. It's a quick read, so if you're interested in what's changed but don't have the time or inclination or need to actually purchase the software and try it out, I recommend the article.

My takeaway from reading this — and mind you, I have not seen the software yet — is that it's another step towards the convergence of the Mac OS and iOS. There are a lot of iOS configuration tools, and lot of simplification, and even the removal of some GUI configuration tools. Most surprising to me is that for any sort of web server customization you'll need to use the command-line; the GUI tools are gone:

"There is something odd going on here though. Go take a look at the web service pane in Server App. Let’s see, on/off; make PHP go and folder paths. That’s it! There isn’t a web service module in Server Admin anymore either. So, um, yeah. What’s up with that?

"What’s up is that it’s all about the command line again. Need a web redirect or an alias? Command line. Need to enable some Apache modules? Command line again. In all this madness is something pretty cool though for web apps."

Apparently they also removed Windows PDC functionality. I can see no technical reason for these removals, frankly. They seem to be all about communication. They seem to be Apple saying, yet again, we're moving towards less Professional, less customizable, simpler, more iOS- and consumer-focused products. Get used to it.

Nevertheless, some of the simplifying sounds good to me; it's ease-of-use that made Mac OS X Server such a fine product. I don't think I would have ever used it for a web server anyway. Still, it's worrisome to see things removed for no particular reason.

My guess is that some version of Mac OS X Server will be around for a while. But more and more it will be focused on iOS device configuration and, perhaps (I hope), user management, which is what I always used it for.

Still, as I've been saying in the comments lately, it's probably a good time for Mac Admins to start learning some Linux, or dare I say, even some Windows.

Check out the article and let me know what you think. Or, if you have some experience on Lion Server, I'd love to hear about it.

Looking Forward to Lion

I admit it: I'm an OS nerd. I get very excited about new OS releases, particularly (okay, only) those of my OS of choice, Mac OS X.

Mac OS X 10.7 — or Lion as it's affectionately codenamed — is certainly no exception. In fact, Lion looks to be a very exciting release, both for its wealth of new features and for its refinements to Apple's already sparkling OS.

It's an exciting time to be an OS junkie, really. Snow Leopard was a wonderful release that brought stability and refinement to what can finally be called a mature Mac OS X. From here on out OS development seems to be less about making Mac OS X work quickly and succinctly — less about the guts of the OS —  and more about making it work well. That is, from here on out, Mac OS X developers are concentrating on making the Mac OS X experience a wonderful one. And that means even further refinement to an already polished OS, with maybe a dash of experimentation thrown in for good measure, thanks to convergence with Apple's mobile OS.

I haven't installed the beta, but I've read as much as I've been able to find. Here are some images and links, with just a dash of commentary from yours truly thrown in.

Mac OS X Server

One of the shockers about this release is that Mac OS X Server will be included, for free, with the standard Lion DVD. It will be a separate install, but has been discontinued as a separate, paid release. Looks like Apple's professional server platform is dead, but I'm glad it will live on in some form, at least for the time being.

Images Via AppleInsider

 

Administrative Tools and Goodies

One of the great things about OS updates — particularly the latest Mac OS X updates — has been further expansion and refinement of any and all administrative tools. This is, needless to say, of particular interest to SysAdmins like us. Here are some updates that Lion brings to the table baked right into the About This Mac window.

Images Via AppleInsider

The Finder

Of course I'm always, always, always happy to see Finder improvements and refinements, and it looks like there will be plenty in Lion.

We have some new and potentially very useful Finder views, though I must admit to not being a great fan of the iOS-like buttons in the toolbar. The sidebar is also toned down (a-la iTunes) and features some new and potentially useful items.

Image Via AppleInsider

Spotlight in The Finder is now smarter and more useful.

Image Via AppleInsider

And my favorite Finder view, column view, even receives some love.

Image Via AppleInsider

And finally, the big Finder news: windows can now be resized from any edge. Just like in Windows.

Image Via TheAppleBlog

 

Other Improvements

There are a bunch of additional refinements to the core OS. One of my favorites is support for automatically saving documents, or Auto Save as they're calling it.

Images Via AppleInsider

Auto Save is accessed just like Time Machine, which is just brilliant.

 

A signature capture utility also makes its way into Preview, allowing you to sign digital documents using that app and your built-in iSight camera.

Image Via 9to5Mac

 

Dock and Exposé get refinements as well.

Images Via Engadget

 

Even Spotlight gets better, with larger icons and inline previews.

Image Via AppleInsider

 

All-in-all, from what I've sen so far, Lion is shaping up to be a very nice release. I'm sure there will be under-the-hood improvements that will add performance gains as well. I am, as always, really looking forward to using Apple's next OS release.

Satellite Home Directories

There are three basic methods in use today for hosting home accounts on networks in such a way that users have a single home account that follows them from computer to computer, giving them the same environment no matter where they log in. None of these three strategies works in a way that reflects how most people in the lab I currently work in — nor many of the labs I've freelanced for — use their computers and access their data. So I'd like to propose a third strategy that does.

Let's start with a rundown of the existing approaches.

Roaming Profiles

The approach Windows computers use is called Roaming Profiles. The way Roaming Profiles work is pretty simple. Users' home account data is stored on a centralizd server. When the user logs in to a client system her data is downloaded from the server to the client machine. She will access her data locally for the duration of the session. When she logs out the data will be synced back up to the server. The advantage of this approach is that the user has local access to her data and isn't beholden to the network while actually working. This makes data access generally faster and more reliable. The big disadvantage here is that if the user makes any big changes or creates any big files, a large data transfer will happen at log out, and then again at login to subsequent machines that aren't yet synced to the server. This both slows down the login/logout process and places an often undue burden on the network.

Because of the sorts of environments I tend to work in — data-intensive, video and image oriented facilities that create a lot of data — my experience with Roaming Profiles has been fairly poor. For my uses they've required a lot of management and have been somewhat unreliable. But, for the purpose of maintaining a user environment across multiple networked systems, they work well enough if you understand and plan for their inherent limitations.

Network Home Accounts

The method used by *NIX systems, Mac OS X included, for time in memorial, is generally referred to these days as Network Home Accounts. In the Network Home Account model, as with Roaming Profiles, the user's home account data is stored on a server. But when the user logs in using Network Home Accounts no data transfer occurs. Instead, the home account data is accessed directly from the server: new files are written directly to the server; settings files are read directly from the server; everything happens over the network and the network share that contains the user's home account data is treated just like a local volume. The speed advantage over Roaming Profiles at login and logout is obvious; there's simply no lag time as data gets transferred between the client and the server, because there simply is no data transfer. On the other hand, accessing your entire home account over the network can be slower than a local account even on the speediest of networks. And on slower networks, or networks with a great deal of traffic, you'll definitely notice the slowdown. There are also potential problems due to the constant reliance on the network and server. If the network becomes congested or the share becomes unavailable even for a second you're liable to feel the pain. If either goes down you're dead in the water until they've returned to service.

As network home account models go, I like this one the best. I've used it a great deal in educational settings in which resources are almost completely shared and it's fairly reliable and usable. But even this model can be frustrating and is less than ideal when compared to working from a local home account.

Portable Home Directories

The final model is called Portable Home Directories. Devised by Apple for laptop computers with occasional — but not constant — access to the network hosting home account data, Portable Home Directories attempts to combine the best of the Roaming Profile and Network Home models by providing finer-grained control over the sync process in what is otherwise a Roaming Profile approach. So, Portable Homes sync to specific data at specified times when they're on the network. Fine-grained control over what is synced and when is intended to mitigate performance issues at login and logout.

My main problem with this approach is that, in my admittedly limited tests, it doesn't seem to work very well. I also don't like the level of management required. The other models, once set, require little if any tweaking whatsoever. But I could see spending a great deal of time and effort getting my Portable Home Directory settings just so.

The Problem

But my overarching beef with all these models is that they don't really jive with the way most people in most of the environments I've encountered actually use their computers. This makes them use system resources less efficiently and yields a poorer user experience than if they did.

So how do most people work? Well, what I've tended to see in the media-based environments in which I've worked is that users are generally assigned a single computer. It's this computer from which they work almost all the time. Indeed, this is how I work in my current job. I'm almost always working from the computer in my cubicle. Almost.

Every now and then, however, I need to work from a different machine, and there are often times when I'm doing this that I realize that it would be extremely handy to have my entire home account — all my environment settings, files and folders — available to me on this other machine. But I don't. They're over there, on my cubicle machine. If only I could use the home account on my main computer directly, as thought it were a Network Home Account.

And this is the basic idea behind Satellite Home Accounts.

Satellite Home Directories

All the current models rely on the user's data being stored on and accessed from a centralized server. But why? Why can't the server be the user's main computer? In the Satellite Home Account model, the user's primary computer becomes the home account server for any user that sets her account as a Satellite Home Directory.

The way I envision it, it would actually be quite simple to set up. In the Accounts preference for the user would a be a tickbox to activate Satellite Home Directories. Once activated, the user's system would begin broadcasting Satellite Home Directory information, just like Mac OS X broadcasts Network Home Account info. The user would then work locally as normal, but when logging into another system on the network — a system that's listening for SHDs — the user would be presented with her home account over the network, shared directly from her primary system rather than from a centralized server. Simple.

Among the great benefits of this system are its simplicity and the fact that it requires no server. But the chief advantage comes from the fact that the Satellite Home Directory system works the way users tend to work. When you're on your main computer, which you are 99% of the time, you get a fast, responsive, local home account. When you move temporarily to another system, your environment follows you. It's a bit slower, sure. But hey, it's only temporary. The network overhead is significantly reduced from the other methods, and the user experience is also enhanced. It's win-win.

There's certainly no technical reason an implementation like this would be impossible or even particularly difficult. Most of the technology already exists, either in Mac OS X client or Server. All we need is for someone to program it. And while I doubt there's likely much interest on Apple's part to build something like this, I really think it'd be damn sweet.

And a boy can dream, can't he?

Brilliant

I have no time to write right now, but I just had to acknowledge a couple of the new Apple products quietly released yesterday.

First off, for the server nerds in the house, Apple now officially sanctions using Minis as workgroup servers.

Bargain Server

We've all been doing this for a while now, of course, so it's nice to see Apple finally offering a bundle. Small, cool, headless and powerful enough for most tasks, the Mini is, for many purposes, an excellent server platform. And, with the client license restrictions removed, Mac OS X Server is a flat $499, making the bundle clock in at just under a grand, so they're cheap too.

And, of course, this Magic Mouse is simply brilliant.

Magic

It brings together everything I love about my trackpad and my mouse in one device and solves a bunch of input device problems (like left- or right-handedness, and gunked-up moving parts), all in one fell swoop. I can't wait to get my sweaty mitts on one.

I have to say, I find these surprise product announcements much more thrilling than the usual over-hyped events. I hope to see more of them in the future. This is exciting stuff.

Snow Leopard Server-Related Changes

That title should give you a hint just how much my responsibilities have changed since I took my new job. Yes, I still run a Mac OS X Server, but I no longer get bi-yearly hardware updates. So my server is running a PPC, as is my workstation. So no Snow Leopard Server for me, at least not for a while.

I have noticed (as have many others) a few changes to how Snow Leopard handles certain server-related tasks, and I thought I'd just jot them down for the record — mine as much as yours.

Directory Utility

The first, and possibly weirdest, change is that Directory Utility is no longer a readily available application. It now lives in the very unintuitive /System/Library/Core Services, which tells me that Apple would rather us not use it unless absolutely necessary, which, generally speaking, it should not be, at least not for binding to Open Directory servers. Much of its functionality has moved to other applications and parts of the OS.

OD Server Binding

Curiously, OD binding now happens in the Login Options section of the Accounts preference pane. Even more curiously, you can open the Directory Utility from here as well:

Snow Leopard OD Binding

NFS Mounts

Directory Utility used to have a pane for configuring NFS automounts. That pane has been moved to the arguably more logical Disk Utility application, where you access it under File->NFS Mounts, but it looks pretty much the same as it did before:

Snow Leopard NFS Mounts

Root User

Since 10.5 the root user has also been activated via Directory Utility. I haven't found a new way to do this. It looks like if that's your bag you'll need to either find a way to open Directory Utility, or use the command-line. 'Course, if you know what root is, you shouldn't find either of these things terribly difficult. Especially since I just told you two ways to do the first thing.

Directory

There used to be an app called Directory in the Utilities folder, but it too is gone. I'm assuming some of its functionality has been added to Address Book, which now has its very own Accounts preference pane:

Snow Leopard Addressbook Accounts

And I've read that some of its functionality has been moved to the iCal Server Utility app now included with the 10.6 Server Admin Tools:

iCal Server Utility

I've also read that there is some functionality that is completely gone now.

MCX Cache

A fellow SysAdmin has posted his own groovy list of Snow Leopard changes as well. My favorite:

"New command, mcxrefresh, used for refreshing managed preferences on clients"

Hallelujah! I've bitched frequently about Mac OS X Server's overly aggressive cache. Having a way to clear it makes all the difference.

Conclusion

So we have a bit of a shuffling around here, but overall it looks to me like Apple is trying to keep simplifying the OD binding and setup process in Snow Leopard, as they have done with each iteration of Mac OS X. The most obvious features are in obvious places, whereas the more obscure features have been moved to more obscure locations. Most of these changes make sense, too, though dedicated apps for OD setup make sense on some level too. Must everything be another preference pane? In any case, it's just good to know that all the same stuff is there, it's just been moved around a bit.

On a personal note, it's a bit of a bummer to not get to play with Snow Leopard Server. I may never get the chance, actually. It could be long gone by the time we get new hardware, and we just don't rely on Mac OS X Server like we did at my old job. Ah well life goes on.

If anyone has any Snow Leopard Server stories to share, I'd love to hear them in the comments. As far as reportage goes, though, I'm gonna have to sit this one out.