In-Depth with Mac OS X Lion Server
by Andrew Cunningham on August 2, 2011 8:00 AM ESTVPN
There’s nothing that can make setting up VPN (Virtual Private Networking, which allows access to your network from other networks) truly simple, but Lion Server includes an L2TP VPN host that tries very hard - flip the switch, set a password, and determine what IP addresses will be used for connecting clients. By default, it takes 30 addresses from the high 200s, addresses that are unlikely to be in use on a small network. Make sure that your IP settings won’t conflict with addresses used by local clients.
You’ll also need to make sure that your router is configured to forward the correct ports - I can tell you that, according to Apple’s list of ports used by OS X, the VPN service uses UDP 500, UDP 1701, TCP 1723, and UDP 4500, and I can tell you that this site is a good resource to use if you’re new to port forwarding. You’re on your own for the rest.
From here, you can setup clients to connect manually, or save a mobile configuration profile that can be used by Lion and iOS clients. Both OS X and iOS have their own built-in VPN clients that can use these profiles, and any Windows client that supports L2TP (or PPTP, if it’s enabled) should be able to connect as well.
VPN is a service that can be very useful in multiple settings, whether you’re a business user who needs access to files or systems from home, or a home user who wants to be able to remote into their home computer from work or a public Wi-Fi hotspot. While it does take some intermediate skills to setup, Lion Server’s VPN solution is relatively simple and sufficiently functional to serve most purposes.
Web
Configurable only via Server.app, the Web service (which uses an Apache backend) allows you to create multiple websites with customizable domain names, port numbers, and access permissions, and you’re also given the option to choose where the files are stored on the server.
“Web service uses Apache server. You can customize Apache settings by editing configuration files or creating web app plist files.”
Hardly user-friendly.
This is a far cry from the Web service in Snow Leopard server, which gave you a GUI for enabling and disabling modules, setting up aliases, and other advanced functionality. Comparatively speaking, Web server in Lion seems mostly content to provide a backend for things like Wiki, Mail, iCal and Profile Manager without doing a whole lot by itself.
It’s frustrating to see Apple do this to one of its services, especially when (for example) the Mail service maintains both its simplified Server.app administration panel and its advanced Server Admin counterpart. Advanced controls for the Web service already existed in Server Admin prior to Lion, and keeping them would have required little extra work on Apple’s part. Now, if you make heavy use of the Web service in your organization, you’re going to have to tool around in Terminal to perform many advanced functions, which runs counter to the simplification present in most of the other services.
Wiki
The Wiki service is similarly simplified in Lion, at least as far as Server.app is concerned - you can turn it on/off and manage what users can make wikis, but that’s just about it.
The meat of the Wiki service is accessed via your web browser, where users with the appropriate permissions can both create personal wiki entries and create new general-use wikis.
I’m not a particularly authoritative source on wiki software, so I’m not really comfortable comparing the Wiki service in Lion Server to other Wiki products, but I can say that the Lion service seems to do the job reasonably well as long as you're not doing anything too advanced. The appeal for a small business is that Wiki is a simple-to-setup service that can host easily-edited internal documentation, or perhaps information and progress reports on ongoing projects, or maybe even meeting notes - the service is there to use, but as always your wiki is only as good as the information you put into it.
Facebook
Twitter
RSS
77 Comments
View All Comments
HMTK - Wednesday, August 3, 2011 - link
OK so you can definitely run a Mac OS X vm on vSphere 5 but only on Apple hardware. What a joke! Probably Apple idiocy rather than a technical limitation.Spazweasel - Wednesday, August 3, 2011 - link
Apple is a hardware company. OS/X and iOS exist to make hardware sales possible (thus the cost of development is included in the pricing for Apple hardware, something the Apple haters conveniently overlook) Allowing the running of OS/X on non-Apple hardware reduces Apple hardware sales, so they don't do it."Idiocy"? Yeah, sure, whatever.
HMTK - Wednesday, August 3, 2011 - link
Not allowing Mac OS to run under a hypervisor on non-Apple branded hardware won't help them either. Or do you think a halfway decent IT-department would put a desktop machine or a hard disk posing as a server in a data center? They'd rather pay a few 100 € more for a license if they could run it on ESXi/XenServer/Hyper-V and reliable hardware.Spazweasel - Wednesday, August 3, 2011 - link
Apple makes its money on the desktop, not the server room. I doubt it's worth the effort. OS/X in the server room is a niche product, and Apple know it; it's much more suited as a workgroup/small office server, and those environments do not have ESX or Xen installations.Apple has no incentive to support OS/X in a VM, and plenty of reasons not to. Really, I don't see why this is a surprise.
HMTK - Thursday, August 4, 2011 - link
I'm not saying it's a big surprise, I'm saying it's stupid. why not make good manegement tools for their iOS available in a way that companies can integrate better in their infrastructure?You might be surprised as to how many small shops are going the virtualization route. Even if you have only a single server it makes sense in the long run when the time comes to replace the hardware. Just import the VM on the hypervisor on the new hardware and you're done.
GotThumbs - Tuesday, August 2, 2011 - link
This is an interesting article and I enjoyed the depth of detail. As a builder of my own systems for years, does the use of this software bind you to using only a ready built Apple system? It seems Apple is slowly trying to create a close proprietary system where you have to use apple hardware and apple software. I know their are hackintosh systems but it seems its still going to be quite a bit of effort and so far seems to be a waste of time for me. As the article mentions, there are lots of alternatives available. Apples MO seems to be offering zero options for using outside sources. Apple consumers are being channeled to Itunes and the Mac App Store for all purchases. I'm personally not a fan of that trend and have no intentions of bowing down to that kind of control. I can see where the general consumer who has very little technical knowledge is quite accepting of Apples controls as its a very simple and somewhat brainless system packaged in a slick looking package.GrizzledYoungMan - Tuesday, August 2, 2011 - link
Or is it still something we're all going to pretend works, when it very clearly doesn't out in the real world (If it worked, why would DAVE exist)? I'm referring here to the myriad of permissions issues and oodles of useless garbage sidecar files that pop up after a few days of operation in a mixed environment.Haven't read the article. Probably won't. Sorry. Apple is a joke at anything that designing anything that doesn't fit in your pocket/surrogate vagina of choice.
I get this feeling, deep in my angry muscle, every time some imbecile waves around his iThing, raving about Apple's genius, while I'm thinking about all the time that has been wasted trying to get OS X desktop clients to do things that have worked out in the real world for years now.
blueeyesm - Tuesday, August 2, 2011 - link
Not in Lion, as Samba moved to GPL3 licensing.http://www.appleinsider.com/articles/11/03/23/insi...
GrizzledYoungMan - Tuesday, August 2, 2011 - link
You know what's wild? I should actually be excited they're moving to a new standard - the NAS' I often recommend to clients support SMB2, and see useful performance gains from it.But then I read "Windows networking software developed by Apple" and my heart sinks. Realistically, what are the odds this is going to work?
Honestly, I don't really blame the design teams over there so much as a closed corporate culture that both ignores the feedback of their customers and denies any complaints exist.
They're really missing out on the sorts of improvements that most big software developers make using the information gathered during large, open betas and the like.
repoman27 - Tuesday, August 2, 2011 - link
As the article you linked to points out, since version 10.2 Mac OS X has shipped with Samba, an open-source, reverse engineered version of SMB 1.0. With Lion, Apple dropped Samba and added native support for SMB2 while maintaining the ability to connect with SMB 1.0 machines as long as they use UNICODE and extended security. This means Mac OS X 10.7 can no longer connect out of the box with some SMB 1.0 or Samba machines (which it had done for the last 9 years), but it does have full support for SMB2.As for GrizzledYoungMan's "oodles of useless garbage sidecar files," it's not like Mac users have any use for a thumbs.db file either. Just hide the metadata files, or don't allow write permissions on the folder if you don't want to see that kind of stuff, but these types of files are most likely only going to become more prevalent as time goes by.