Tag Archives: mountain lion server

Apple’s Profile Manager And The Future Of Mac Management [Feature]

Mountain Lion Server’s Profile Manager illustrates the future of Mac and iOS management.

Since the release of Snow Leopard Server three years ago, Apple has been steering its server platform away from large enterprise deployments. Instead Apple has redesigned OS X Server to meet the needs of the small to mid-size business market as well as the needs of Apple-centric departments or workgroups in larger organizations. That focus is very clear if you download and install Mountain Lion Server or look through the Mountain Lion Server documentation from Apple.

One of the transitions that Apple began in Lion and Lion Server, which were released last summer, was a move away from the traditional Mac management architecture that Apple has provided in OS X Server since it launched the platform more than a decade ago. In its place, Apple has built a management system for Macs that is very similar to the mobile management features available in iOS.

Apple hasn’t left Mac systems administrators and other IT professionals completely in the lurch. The company quietly released a Mountain Lion compatible version of Workgroup Manager, the traditional tool for creating and managing user accounts, groups, and Mac workstations. More importantly, the under-the-hood Mac client and user management system referred to as Managed Preferences is also still available as part of Apple’s Open Directory architecture (the Mac equivalent of Windows Server’s Active Directory) in Mountain Lion and Mountain Lion Server.

This means that Mountain Lion Server can still provide all the user and client management capabilities that have been part of OS X and OS X Server for many years. That’s important because the new system of configuration profiles that Apple is moving towards can only be used to manage Macs that are running Lion or Mountain Lion. Macs running Snow Leopard or any earlier OS X release can’t be effectively managed using configuration profiles.

The option to use Workgroup Manager and Managed Preferences was unexpected based on Apple’s documentation and it gives longtime Mac systems administrators some breathing room. Even for organizations that are going all Mountain Lion, making a transition from an existing Managed Preferences setup to configuration profiles requires planning, testing, and actually making the switch from one architecture to another.

A quick look at the Mountain Lion version of Workgroup Manager, however, makes it clear that this is a stop-gap measure. Virtually nothing in Workgroup Manager has been updated from the Lion release last summer. Proving how long in the tooth the tool has become, there’s still an option to manage the Classic environment that Apple created to Mac OS 9 apps under OS X – a feature that Apple killed off with the transition to Intel Macs and the release of Leopard.

Managed Preferences vs. Configuration Profiles

What are the differences between the traditional Managed Preferences and Configuration Profiles? The truth is that the two approaches are very similar. Both rely on XML data to define things like system and application preferences, security requirements, user access restrictions, and network resources within an organization.

If you look at Workgroup Manager and Profile Manager running on Mountain Lion Server, it’s obvious that both tools work with the same management options and XML data. Most of the Mac management options in Profile Manager are exact matches to management options in Workgroup Manager though some are grouped together in differing categories. Both tools even include an option to configure and manage any application (Apple or third-party) by defining custom XML data based on the application’s preferences.

The app management options in Profile Manager mirror the options in Workgroup Manager.

The real difference between the two is in how the management data is communicated to and stored on Mac clients.

Managed Preferences stores its various administrator-defined settings in records within Open Directory (or Active Directory if you’re feeling adventurous and are comfortable altering/extending the Active Directory schema). Those settings can be stored in user, group, computer, and computer group records. When a Mac is joined to an Open Directory domain, it reads and applies any computer or computer group configurations that apply to it. When a user logs into that Mac, it reads and applies any settings defined in the user’s account along with the user’s group memberships and associated settings.

Configuration profiles work a bit differently. Each profile contains one or more managed settings or access restrictions. Profiles are stored as XML files with a .mobileconfig extension. Opening a profile on a Lion or Mountain Lion Mac offers the option to install the profile. Once installed, the Mac will read and apply any data in the profile. Profiles can be manually managed in System Preferences from a Profiles pane that appears if profiles have been installed. Like iOS devices you can distribute Mac configuration profiles by email, posting them to a website, or manually copying them to a Mac.

Ensuring profiles are installed and preventing users from disabling them requires a more proactive mechanism. As with iOS, Apple supports the use of mobile management tools, including Mountain Lion Server’s Profile Manager, to take on this challenge. In such instances, the management tool lets you create/manage multiple configuration profiles, enroll devices, and push changes out to managed Macs.

Third-party tools

There are a handful of third-party solutions on the market that plug into Apple’s Managed Preferences architecture to provide the same Mac management capabilities as OS X Server and Workgroup Manager. They can add Mac management to predominantly Windows organizations and offer a range of additional enterprise features including mass deployment tools. Products of this type include Centrify’s DirectControl for Mac, Thursby’s ADmit Mac, and JAMF’s Casper Suite.

More recently, companies that develop mobile management tools have announced support for Mac management. Since Lion and Mountain Lion configuration profiles are essentially a variation on iOS configuration profiles, it’s relatively easy and straightforward for mobile management vendors supporting iPhones and iPads to expand to include support for managing Mac workstations. AirWatch already supports Mac management, for example, and MobileIron has announced that it will be adding Mac management capabilities in the near future.

One advantage to this new approach is that it encourages one-stop shopping for enterprise management solutions. A single product and a single interface can consistently manage Macs, iPads, Android phones, and a range of other devices and platforms. That streamlines expenses and administrative tasks. The downside, however, is still the relative newness of configuration profiles compared to Managed Preferences and the fact that older Macs or those running older OS X versions aren’t supported.

The road ahead

Ultimately the changes that Apple is making in OS X Server and Mac management are a positive. Small businesses that are Apple-focused have an excellent and extremely inexpensive option in Mountain Lion Server. Enterprises have a growing range of options for managing Macs, iPhones and iPads, and other mobile device easily and efficiently. The transition, while jarring for some organizations, preserves the core functionality that Managed Preferences have always offered but in a way that is more flexible, easier to implement, and requires minimal infrastructure additions or changes. Despite the transitions that may be involved, that is ultimately good for Apple, business users, and Mac IT professionals.




Apple Continues To Support Traditional Mac Management In Mountain Lion Server

Workgroup Manager and Managed Preferences are alive and kicking in Mountain Lion Server.

In addition to launching Mountain Lion Server last week, Apple rather quietly released a Mountain Lion Server version of Workgroup Manager – the traditional Mac management tool included in previous releases of OS X Server. The move was unexpected after Apple released the Advanced Administration guide for Mountain Lion Server, which implied that administrators would need to begin an almost-immediate shift to Mountain Lion Server’s Profile Manager.

The move is good news for many organizations that have an existing investment in OS X Server and Mac clients. Although Mountain Lion Server’s Profile Manager is arguably a more modern and enterprise-friendly solution, it only supports Macs running Lion and Mountain Lion. Any schools or businesses with clients still on Leopard or Snow Leopard would be out of luck if Profile Manager were the only available option.

While the move is good news, there is very real probability that the Mountain Lion release of Workgroup manager is meant to offer a stop-gap measure for organizations that still rely heavily on Managed Preferences. Given that Workgroup Manager isn’t mentioned in Apple’s advanced admin documentation and the emphasis that the company is placing on Profile Manager and configuration profiles, it seems likely that Apple won’t provide Workgroup Manager and related features in whatever OS X Server release follows Mountain Lion Server.

Apple’s move to an annual release cycle for OS X (and presumably OS X Server) means that Workgroup Manager and Managed Preferences could be gone for good within a year. Following the cancellation of the Xserve and what could be called the consumerization of OS X Server since the release of Snow Leopard Server three years ago, many organizations dependent on OS X Server, Open Directory, Managed Preferences, and other enterprise-focused technologies have wisely begun to consider their options moving forward.

Lion Server could be seen as a nudge to prompt organizations to seriously consider if a release of OS X Server more oriented to small businesses or workgroups would meet their needs and to evaluate and implement alternative enterprise solutions if it isn’t.

Mountain Lion Server, with its more polished and production-ready capabilities certainly poses that same question and it should motivate Mac IT professionals working with OS X Server to really look at the release and the management capabilities of Profile Manager as well as third-party alternatives. That investigation will likely lead to developing a strategic plan for Mac management and/or support that extends further than the next six to twelve months (at least).

It’s worth noting, however, that Mountain Lion’s focus on configuration profiles has led mobile management vendors to add Mac management as an option right next to iOS, Android, and other mobile platform management tools. Mobile management vendor AirWatch, for example, already supports Mac management and rival MobileIron plans  to integrate Mac management into a seamless administration console and workflows. That gives Mac IT pros more choices than ever before as they consider what solutions will be best for their organizations going forward.

Source: Apple

Via: MacWindows




Apple Releases Feature Packed Mountain Lion Server For Just $20 In The Mac App Store

Apple launches Mountain Lion Server for the bargain price of $19.99.

In addition to Mountain Lion, Apple today launched the latest generation of its OS X Server platform known as Mountain Lion Server. The release includes several new features that will appeal to small business and larger enterprises alike.

Like Mountain Lion, Mountain Lion Server is available from the Mac App Store. The  $19.99 price tag is a huge bargain given Mountain Lion Server’s feature set.

The release functions as an add-on to Mountain Lion in the same way that Lion did last summer. That means that you will need have Mountain Lion installed before you can purchase and download Mountain Lion Server.

According to Apple’s OS X Server upgrade page, if you’re upgrading a system running Lion Server to Mountain Lion Server, you’ll need to follow the same two-step process. First, install Mountain Lion and then install Mountain Lion Server. You can also upgrade from Snow Leopard Server to Mountain Lion Server provided you have the latest Snow Leopard Server release, which is 10.6.8.

As with Lion Server, purchasing Mountain Lion Server will download an app called Server from the Mac App Store. Server allows you to install Mountain Lion Server. The Server app can also be run on any Mac running Mountain Lion and used you to administer Mountain Lion Server remotely. The first time you launch Server on a Mac, you’ll be given the option to install OS X Server or to use the app to manage a remote server.

As we’ve highlighted over the past few weeks, Mountain Lion Server is much more polished and cohesive that Lion Server. Despite a simpler interface that makes server management easier for non-technical users, it still has many enterprise bones and features. It also offers several new and updated features that can make Mountain Lion Server an excellent choice for small to mid-size organizations as well as for departments and workgroups in larger organizations.

One of the biggest changes from Lion Server is the expansion of Profile Manager, which now delivers all the Mac management capabilities of older OS X Servers releases with a more lightweight approach that makes them easier to configure and require fewer resources to implement Mac management in a Windows Server/Active Directory environment.

Apple has provided additional Mountain Lion Server details and resources in a 25 page product guide and a complete advanced administration guide (much of which is available through the Server app’s help menu). Additional details are also available in the Mac App Store.

Source: Apple


How To Deploy Mountain Lion In Business And Education The Right Way [Feature]

Deploying Mountain Lion across dozens, hundreds, or even thousands of Mac can be easy and efficient if you do it the right way.

Among Mountain Lion’s more than 200 new features are many that have distinct appeal for business users. AirPlay Mirroring, the ability to share items with colleagues, secure and unified messaging across Macs and iOS devices, one-step encryption of hard drives and flash drives, Reminders, Notification Center, VIP prioritization in Mail, and dictation are just handful of the Mountain Lion features that are poised to become great business and education tools.

With so many great features, IT departments big and small are likely to hear requests for Mountain Lion from employees, managers, educators, and even students. While Mountain Lion may be an easy and painless upgrade for consumers, any major OS upgrade poses challenges and concerns for technology professionals and Mountain Lion is no different. In this guide, we’ll show you how to prepare for Mountain Lion, test it for compatibility issues, and plan a successful roll out.

Test and Research

First and foremost, ensure that Mountain Lion will run in your environment without issues. That process begins with verifying that the Macs in your organization can run Mountain Lion. To find out, you can check our list of supported Mac models. Additionally, you’ll need to make sure that those supported Macs have the minimum 2GB of RAM that Mountain Lion requires – 4GB or more is strongly suggested (if you do need to consider deploying to system with just 2GB, do a test install to ensure adequate performance before deployment). Lastly, you’ll need to ensure that each Mac has 8GB of free drive space for Mountain Lion.

Once you know which Macs can run Mountain Lion, you’ll need to ensure that all critical applications used by your organization are compatible with Mountain Lion. You may need to upgrade apps for Mountain Lion compatibility or find alternative applications if some apps aren’t Mountain Lion compatible. If a vendor plans to add compatibility at a later date, your best choices are to not include that app in your Mountain Lion deployment and push the app out when a Mountain Lion version is released or to delay a Mountain Lion deployment until all critical apps are available and tested. You’ll also want to research Mountain Lion compatibility with various peripherals that are commonly used within your organization.

RoaringApps has a great list of third-party Mac apps and their current Lion/Mountain Lion compatibility status to get you started in this process.

The bulk of compatibility checking can be done by research, but you’ll still need to test Mountain Lion even if everything appears to check out fine. In that process, you’ll want to configure test systems with the full load of applications and configuration options in place for your organization. That means running through each app, each in-app feature, and multi-app workflows that commonly utilized by your users (asking some tech-savvy users to help vet apps is a great way to ensure functionality in real-world use). You’ll also need to check network connectivity and access to internal network resources as well as public web/cloud tools.

One thing that is crucial to test is Mountain Lion’s integration with directory services and other enterprise systems. For most businesses, that means integration with Microsoft’s Active Directory using either Apple’s built-in Active Directory client or third-party solutions like those from Centrify and Thursby. Beyond directory services, you’ll want to test Exchange integration (with Apple’s Mail, Contacts, and Calendar apps or Outlook for Mac) and access to any other internal or cloud systems like SharePoint.

Once you’ve vetted Mountain Lion completely, you can then move on to planning a production deployment though you may want to do a series of test deployments to ensure that your chosen deployment mechanisms and workflows function as intended.

Clean Install vs. In-Place Upgrade

Since the release of Snow Leopard three years ago, Apple has been focused on in-place OS upgrades. The process is simpler for most users, generally works with few issues, and fits well with Apple’s decision to make Lion and Mountain Lion available via the Mac App Store. In many workplaces and schools, however, there’s still merit to the idea of doing a clean install of the OS rather than an in-place upgrade.

The first benefit to come to mind for most people is a good spring cleaning that gets rid of outdated preferences, application support files, account settings, unused apps, or other flotsam and jetsam that accumulates over time. Doing so may help you avoid some technical issues down the road and it will likely free up some disk space. It can also ensure that any personal data (Facebook and Twitter credentials, cookies and web history, personal documents, and so on) gets removed in case Macs are shifted around during your Mountain Lion roll out or when new Macs are deployed and older ones are repurposed.

There is a bigger advantage, however. A clean install is generally easier to automate, particularly using network-based mass deployment tools. Beyond simplifying the mass deployment process to the point where it’s almost entirely a no-touch process, a clean install ensures a consistent user experience across all Macs in an organization or, more likely, all Macs within a given department (or grade level or job function).

Create Bootable Diagnostic/Install Drives

Any IT department should have emergency boot drives on hand. Those drives typically include a range of diagnostic tools and repair utilities. Apps on these drives can include Apple tools like Disk Utility as well as third-party diagnostic and maintenance solutions like Carbon Copy Cloner, TechTool Pro, DiskWarrior, and Drive Genius, and one or more anti-malware tools like Intego’s VirusBarrier (as of this writing,only Carbon Copy Cloner has declared Mountain Lion compatibility). They can also include a copy of the Mountain Lion installer or a copy of the master disk image(s) used to deploy Mountain Lion (both of which can be created with Carbon Copy Cloner). As such, they can be used to perform a quick recovery option by reimaging a Mac to the state it was in when it was initially deployed. Smaller organizations or companies that have a limited Mac population can even use such drives as a deployment method rather than automated and/or network deployment options.

Backup/Cleanup User Data

Whatever method you use to deploy Mountain Lion, you’ll want to ensure that any user data is backed up before the deployment. Depending on your environment, this may be a minimal issue or a difficult challenge. If you use network accounts and network home folders, the majority of user documents along with user preferences and user-specific account details should be stored in those network home folders and shouldn’t impact deployment in any real way. If you have portable Macs using mobile accounts (where a network user account and home folder are synced to a Mac notebook), you will want to ensure all users have manually synced data or have experienced an automatic sync before deployment.

If you have Macs with local user accounts on them, the process won’t be as simple. Here you have a couple of choices. You can make a network share available and tell users to copy anything they need to it. Another option is to have IT staff manually backup user accounts and files to an external hard drive or network share, which requires touching each device. Neither solution is ideal although both do give you the chance to migrate to network or mobile accounts.

Mass Deployment Options

There are a range of mass deployment tools on the market, including Apple’s NetInstall in Mountain Lion Server and the command line Apple Software Restore (asr) tool that ships on every Mac. Third-party options include the following tools.

Beyond choosing a deployment tool, you’ll want to decide the deployment method. During the lead up to Mountain Lion, Apple seems to be pushing the concept of thin imaging. Thin imaging allows you to deploy a very basic system image that is then customized using installer packages, configuration profiles, and directory services to meet the needs of your users. The approach can be automated using various tools that we covered earlier this year. It allows your initial deployment image to be pretty small (and thus quick to deploy). You can, in fact, use the standard Mountain Lion install as your image and layer in applications and settings into a deployment or post-deployment workflow. You can also do more granular app deployment after the fact to only those Macs/users than need a particular application – an approach that often helps conserve application licenses and thus reduces costs.

The more longstanding technique, known as monolithic imaging, involves loading a Mac with Mountain Lion and applications and setting various system-level configuration options. Once a source Mac is configured you can create a disk image of that Mac’s startup drive and deploy that image to other Macs. That tends to create very large system images and makes every Mac identical – an option that may be preferable for student workstations or notebooks in a school environment.

This decision isn’t a strict one way or the other choice. You can build workflows that rely on a relatively complete system image that gets customized or provisioned with specific tools during the deployment process by install packages, configuration profiles, scripts, and Automator workflows.

Mac Management With Profile Manager Or Third-Party Tools

Apple introduced Profile Manager last summer in Lion Server. As we’ve reported previously, Apple has significantly increased Profile Manager’s capabilities in Mountain Lion Server and is now promoting Profile Manager as a replacement for the Managed Preferences architecture and Workgroup Manager administration app from previous OS X Server releases. Profile Manager has a lot to offer including the ability to manage Macs and iOS devices, a self-servicing portal that let’s users enroll their Macs and devices without IT intervention, and it is a lightweight and simple Mac management and security solution for non-Apple environments.

If you are planning a switch to Mountain Lion Server and Profile Manager, you’ll want to plan that transition before your Mountain Lion roll out. That way you’ll have access to the full range of configuration options in Mountain Lion’s version of Profile Manager. This can, however, broaden the scope of your deployment and require testing of Mountain Lion Server and Profile Manager in addition to Mountain Lion itself.

There are also third-party options on the market for Mac management, several of which interoperate with other enterprise systems like Active Directory and/or mobile management consoles. Some third-party options to consider include the following tools.

Ultimately, a Mountain Lion deployment doesn’t need to be difficult or painful experience. Ensuring that you’ve gotten all the information you need, tested Mountain Lion in your environment, and are comfortable with your deployment tool(s) of choice will go a long way to making the actual deployment run smoothly.

 

 

 




10 Reasons Why Your Business Needs Mountain Lion Server [Feature]

Profile Manager is a killer feature in Mountain Lion Server, but it isn’t the only killer feature.

Apple is expected to launch Mountain Lion next week. At the same time, the company will be launching Mountain Lion Server. The new edition of Apple’s server platform is revolutionary in a lot of ways, not the least of which is its $19.99 price tag.

Mountain Lion Server includes the basic server functionality that you’d expect from a product intended for the small to mid-size business (SMB) market. That means features like file sharing, network printing, client backups, website hosting, VPN, email services, centralized contacts for an organization, and shared calendaring. All of that is important and Mountain Lion Server seems destined to make those services easy to set up and manage.

In addition to those basic capabilities, however, Mountain Lion Server comes with some pretty incredible functionality for businesses or workgroups of any size or type. Here are ten of the big money features that are easy to overlook.

Profile Manager – Profile Manager is easily Mountain Lion Server’s killer app for small business (or when supporting Macs in a larger Windows-centric environment). Profile Manager offers inexpensive and lightweight mobile management capabilities for iOS devices. It also offers the ability to manage Macs using the same approach and interface.

Profile Manager lets administrators fully configure the Mac user experience – the items in the Dock, user account information, applications that a user is allowed to access, and pretty much anything else. Profile Manager also offers easy access to all of the mobile management features that Apple makes available in iOS. All of that can be configured and update on the Mac running Mountain Lion Server or from any web-capable device. Even when enterprise systems like Active Directory are used to manage user account, Mountain Lion Server can provide Mac and iOS device management.

Simply put, for many organizations, Profile Manager alone is easily worth the cost of Mountain Lion Server and the hardware to run it.

Collaboration and document/project management – Apple has been building collaborative tools into OS X Server for more than half a decade. The cardinal collaboration tool is Apple’s wiki and blog service. Although often overlooked, Apple’s wiki system offers much of the functionality that Microsoft provides with SharePoint. Administrators and users can create wiki sites for sharing company and project information as well as for project management and updates.

File sharing is the biggest feature that Apple’s wiki service enables. Files can be viewed and commented on right in the browser thanks to Apple’s QuickLook technology. The service provides basic document tracking and, most importantly, file versioning – a feature that ensures previous versions of files can be recovered if needed. A revision history feature shows the changes made to file and documents as well as to wiki content.

For iPad users, the wiki service offers some very powerful features. It has an iPad-optimized view for mobile use. It also includes WebDAV access, which means that users can jump straight from looking at a document to editing it using one of the iWork apps.

All-in-all this often overlooked feature hits a number of business technology needs: document and basic project management, company and departmental resource archives and guides, social interaction between members of a team or an entire company, and a way to capture and preserve institutional knowledge.

Self-servicing portal – Those first two feature come together in Apple’s self-service portal in Mountain Lion Server. The portal allows users to enroll their Macs or iOS devices with Profile Manager. The process is simple, straightforward, and allows users to apply managed profiles and security certificates quickly and easily. It also let’s users remotely lock and wipe a Mac or iOS device that was lost or stolen. All of this can be accomplished without a single call to IT.

Profile Manager’s service portal is an attractive feature on its own, but by combining it with Apple’s wiki service administrators can create a more complete self-service site that offers technology support documents, guides and instructional material, policies, and information about how to contact support professionals – either internal to the company or external providers or contractors. If a company has a web-based help desk system, it can also be integrated into the portal.

All of this combines to offer smaller organizations the ability to easily and inexpensively build a feature set that is usually only found in larger enterprises.

iPad/iWork integration – We’ve already touched on Mountain Lion Server’s iOS integration. Profile Manager and the self-servicing portal make iPhone or iPad configuration and management pretty simple and foolproof. As does the editing capabilities that link iOS devices to the wiki service. In addition, Apple implements WebDAV as a file sharing option in Mountain Lion Server. That file sharing capability integrates with Apple’s iWork apps to allow iPad users to browse, view, and edit documents from their iPad and all with the same file permissions that they would have on a Mac or PC.

Push notifications – Email, shared contacts, and shared calendars are all integrated with Apple’s push notification service in Mountain Lion Server. That means that Mac and iOS device users can be sent real-time notifications of new messages, changes to centralized contacts, and calendar events (including invitations and changes to events). The service runs through the same push notification system that Apple uses for iOS devices and Macs running Mountain Lion. A server can also be configured to alert an administrator, IT professionals, or other staff members in the event of certain problems.

RADIUS for small business – RADIUS is a Wi-Fi technology that simplifies and secures Wi-Fi access. Instead of a single password being used by everyone to access a Wi-Fi network, RADIUS allows each user to connect using their username and password. That eases the process, reduces the chance of unauthorized access, and it allows monitoring of Wi-Fi use. Mountain Lion Server includes a RADIUS service that is incredibly easy to set up. The one limitation is that it only supports managing Apple’s AirPort line of wireless routers. For small to medium offices, however, AirPort base stations and Time Capsule devices can be sufficient solutions.

Streamlined management – Apple has made an effort simplify and streamline service and user management in Mountain Lion Server. This did mean getting ride of some longtime tools, but the result is actually a more focused administration environment. That reduces the learning curve and makes all of the services in Mountain Lion Server accessible to a wider range of users. Overall, Apple seems to have done a good job of delivering a balance of simplicity and flexibility in Mountain Lion Server.

Next steps advice – Next steps isn’t a huge feature, but it’s a great feature for non-technical users or users that have never dealt with OS X Server. The various Next steps guides are part of the Server app, the primary management tool for Mountain Lion Server. They provide a guide through the processes needed to set up a server and configure each service. The Next steps feature was there in Lion Server, but it looks like Apple may have made the advice given to novice administrators a bit more streamlined and helpful – if only because the Server app is now the only admin tool.

Active Directory integration – As great as Mountain Lion and Mountain Lion Server may be, the simple truth is that they will be used in predominantly Windows environments a large portion of the time. In the business world that means both Mountain Lion Server and Mountain Lion Macs need to integrate with Active Directory (AD).

Mountain Lion offers a range of integration points. First and foremost is user authentication or the ability to login to a Mac using the same Active Directory credentials used to login to a PC. Following that is support for Windows domain security policies and technologies like Kerberos and single sign-on. Mountain Lion is also site-aware meaning that it will respect Active Directory site topologies when selecting which domain controller(s) to use. For Mac notebooks, Mountain Lion can cache network account data locally for use off the company network.

Mountain Lion Server can be joined to a domain as easily as a Mountain Lion Mac. When used in this fashion services can be made available to users via domain credentials and single sign-on. It can also function as a departmental server within an Active Directory environment in which it provides Apple-specific services and functionality to users while passing user authentication off to Active Directory. Finally, as mentioned above, Profile Manager offers lightweight Mac management when used in an Active Directory environment.

Enterprise features – Despite being focused on the small business market more than the enterprise, Mountain Lion Server still packs a range of enterprise capabilities. It can provide common network services (DHCP, DNS, VPN). It can also provide Ethernet Link Aggregation as well as VLAN management and capabilities if run on a Mac with appropriate hardware (essentially the Mac Pro or possibly Sonnet’s xMac mini Server). Like previous OS X Server releases, Mountain Lion Server can host an Open Directory domain (the Apple equivalent of an Active Directory domain) with support for directory service replication and site/location awareness. It also includes robust and easy to use mass deployment capabilities. Finally, Mountain Lion Server can provide SAN management using Apple’s Xsan.

Is Mountain Lion Server the best fit for every organization? No, but it is appropriate for a number of roles in small businesses, schools, and departments within larger organizations. For its price tag, Mountain Lion Server delivers a lot of features, power, and performance.

Image: Apple




Mountain Lion Server May Look Limited, But It Still Has Enterprise Bones [Feature]

Appearances can be deceiving. Mountain Lion Server still has solid enterprise capabilities.

Apple has released two documents about Mountain Lion Server ahead of this month’s Mountain Lion (and Mountain Lion Server) launch. The first, a 25 page product guide, offered a some insights into the changes and new features that Apple wants to highlight for customers. The second is Apple’s Advanced Administration guide, an in-depth document that would be nearly 400 pages is it were printed or packaged as a PDF. This guide is the full documentation for Mountain Lion Server and it offers a lot of information about all the changes that Apple has made since Lion Server shipped last summer.

On the surface, these two guides are enough to make longtime OS X Server administrators nervous at Apple’s removal of the advanced admin tools and features that have been in nearly every previous OS X Server release. It’s very easy to look at the contents of the Advanced Administration guide and assume Apple is completing the consumerization of its server platform.

Digging a bit deeper, however, reveals that Apple may actually have a winning strategy in the way that it continues to integrate iOS and Mac management into a single workflow and that not all of the capabilities from previous iterations of OS X Server have been scrapped.

Let’s start with the bad news. Server Admin and Workgroup Manager are indeed gone. The Server app and web-based Profile Manager, both introduced in Lion Server, are now the primary administration tools.

The long running Mac client management system known as Manager Preferences, which was largely administered using Workgroup Manager, appears to be gone as well.

All in all, it looks like the OS X Server that many Mac IT folks are familiar with is gone and isn’t coming back. Without a doubt the familiar tools and user interfaces are gone, but much of the functionality still seems to be there.

One of the biggest questions is whether or not Apple has ditched Open Directory, the native directory service in OS X. With the push for Active Directory integration and the apparent focus of Mountain Lion Server as a small business tool, a natural assumption is that Open Directory might be deprecated and its functionality significantly reduced. That doesn’t seem to be the case. The guide contains references to all the advanced capabilities of Open Directory including support directory replication and locales (both major enterprise features), the ability to create multiple domains and multi-domain search policies, and the ability for Mac clients to be integrated with both Open Directory and Active Directory domains.

Profile Manager is the new Workgroup Manager. That seems pretty clear from looking at both documents from Apple. Many of the options that were previously set using Workgroup Manager (such as removable media access restrictions, Dock settings, and a custom login window on managed Macs) are now listed as items that can be set using Profile Manager. That implies that one of the tasks Apple did between Lion and Mountain Lion was shifting the client management data out of Open Directory and into Profile Manager. That would be a logical process (and one assumes straightforward) since Managed Preferences data is stored as XML data and that Configuration Profiles created and used by Profile Manager are essentially just XML files.

Centralizing Mac client and iOS device management in a single tool makes a great deal of sense. It allows administrators to visualize and work with user, group, device, and Mac policies in a single interface. That eliminates a lot of redundancy and makes it easier to avoid and troubleshoot mistakes.

Profile Manager has two other big advantages over Workgroup Manager. Being web-based, Profile Manager allows IT professionals to administer Mac client and iOS device management from virtually any computer or device they want. A Mac admin workstation is no longer required.

The second bit advantage is that Apple developed a self-service portal for users as part of Profile Manager. That means an administrator can create the needed profiles and associate them with user accounts, Macs, or iOS devices (or groups of them) and users can enroll whatever devices they want to use for work. Any settings, apps, or restrictions are then propagated without no further effort on the part of IT.

Some enterprise services are still there, but somewhat disguised. One example is RADIUS authentication. RADIUS is a network service that allows users to connect to Wi-Fi networks using the username and password. That makes life easier for users, but it has a lot of value as a security tool because there is no single password that is shared with everyone who uses the network. In the Advanced Administration guide, RADIUS is referenced, but its initial reference is described as “Manage Wi-Fi” – that’s something easily missed if you’re looking for the name RADIUS.

In the end, the story of Mountain Lion Server may not be about Apple hobbling of its server platform by removing its enterprise capabilities. Instead, it might be about how Apple has taken those capabilities and created a new interface that makes them much more accessible.

Source: Apple




New Guide To Mountain Lion Server Confirms Apple Is Cutting Enterprise Tools And Features

Advanced Admin Guide for Mountain Lion Server confirms Server Admin & Workgroup Manager aren’t included.

Mountain Lion Server is the final chapter in Apple’s march from the enterprise data center – a march that started five years ago when Apple introduced a simplified management interface for small business as part of Leopard Server. The first sure sign that Apple had decided to tailor its server platform only for smaller organizations came with the cancellation of the Xserve.

To experienced OS X Server administrators, Lion Server looked like a patched together product that still had much of its former enterprise capabilities but with advanced administration tools that had been gutted like a fish. All of which pointed to Apple moving forward with its narrower focus and a simplified management app call simply Server.

Recently Apple began letting news about Mountain Lion Server trickle out – first in the form of a 25 page product guide that was focused solely on the Server utility. Longtime advanced admin tools like the venerable Server Admin and Workgroup Manager were conspicuously absent. Some advanced services we added to Server. System Image Utility, which is used to build system configurations for network roll outs of Mac systems and software, is the one remaining advanced server tool.

Today, Apple released its Advanced Administration guide for Mountain Lion Server. It confirms what many Mac IT professionals had already suspected. Server Admin and Workgroup Manager are no longer available as tools and virtually all Mountain Lion Server administration will be done using the Server app.

There is a handful of advanced server functionality in Mountain Lion Server, mostly those that are needed for specific tasks and functionality like internal DNS, Open Directory user management, push notifications, VPN and remote access, shared contacts and calendars, and the included email server.

It seems quite clear that Apple has plans for OS X Server beyond this release, but it also seems clear that it will be for small business environments. Looking through the guide, Mountain Lion Server looks like it ticks all the boxes a smaller organization would need. That isn’t bad in and of itself. For small businesses this could be a killer product. It does, however, seem to signal to larger customers that the time has come to consider a migration plan from OS X Server (if they haven’t done so already).

Check back tomorrow for a more in-depth examination of what Mountain Lion Server offers and what it means for organizations with a large installed base of Macs and other Apple technologies.

Source: Apple