In-Depth with Mac OS X Lion Server
by Andrew Cunningham on August 2, 2011 8:00 AM ESTWe’ve now covered every service manageable by Server.app, which addresses the core of OS X Server’s functionality. As we mentioned before, though, the Server Admin Tools still expose quite a bit of extra functionality that Server.app still doesn’t manage, and I’ll do my best to cover the services still managed by Server Admin, as well as the rest of the Tools.
There are a few services I’m not going to go over in very much depth: DHCP, DNS, Firewall, NAT, and RADIUS. Below is a very basic explanation of what it is they do, but if you need more information, you can check out the Snow Leopard Server documentation for them. These services are basically unchanged from their earlier implementation, and the documentation is far more thorough than I could hope to be.
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
DHCP
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
Firewall
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
NAT
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
RADIUS
Remote Authentication Dial-in User Service provides an extra level of authentication and logging to your network, though the service's insistence on AirPort base stations will probably limit its usefulness for most. Basically, once its setup, it allows you to control access to your wireless network using Open Directory user credentials. Handy if you can use it, inconsequential otherwise.
Facebook
Twitter
RSS
77 Comments
View All Comments
ex2bot - Friday, August 5, 2011 - link
Upgrading OS X is not much of a pain, as Repo says. Plus, it's practical to skip at least every other upgrade. So, upgrading every four years (2 + 2) at $60 isn't a big deal and the improvements are worth it.I especially appreciate Expose', Time Machine, Spotlight, and Quick Look and use them regularly And every Mac user has benefitted from Quartz GL (uses 3d graphics card to speed up screen draws).. There have been myriad "invisible" or subtle improvements as well. See Apple's "Mac OS X" section for details.
Four years between OS upgrades is not bad, as I said. Longhorn was supposed to come out about 4 or 5 years after XP. Microsoft just had eyes bigger than its stomach and it was delayed. But Windows 7 was worth the wait. Especially features like the display compositor + aesthetically pleasing UI + improved security (and no more yellow speech bubbles popping up all the time)
Ex2bot
Automated System Process
ex2bot - Friday, August 5, 2011 - link
BTW, Expose's successor is called "Mission Control."Sahrin - Tuesday, August 2, 2011 - link
a reduction in advertising, if you guys are going to do all these paid reviews for Apple.Johnmcl7 - Tuesday, August 2, 2011 - link
It's getting a bit of a joke these days that anything with the Apple badge will get a news article, preview, in depth review the moment it's out dwarfing everything else which barely seems to get a look-in. I get that Anand likes Apple stuff and if I don't I should go elsewhere but I like the non-Apple reviews when they do occasionally get published.John
ex2bot - Friday, August 5, 2011 - link
It's no joke. Check Anand's mailbox some time*.Ex2bot
*Crazies, please don't mess with his mailbox.
ex2bot - Friday, August 5, 2011 - link
I know for a fact that Apple employees stuff money into Anand's mailbox*. Lots and lots of money. They use $20s and $50s straight from Jobs' car, who burns them to light his cigs.Ex2bot
Currency Calculating Mac Fanbot
* Anand, I don't really believe this. I was kidding, as I'm sure you've figured out. Actually, I'm sure they are $100s, not $20s and $50s. After all, he's a Billionaire.
the_engineer - Tuesday, August 2, 2011 - link
Thanks for this great in-depth look at Lion Servers new & continued functionality, I learned a lot reading this. However, I'm still very confused at where XSAN fits into the picture. As a storage power-user I've used software Linux raid, semi-hardware windows raid (Intel, Highpoint), and I've lately dabbled into ZFS because it seems like it's really got everything I could ever want as far as straight storage capabilities are concerned (I'm running a raidz6 with 6 750GB drives currently running on Nexenta). I'd really like to put Lion Server on a mac and install a generic SATA card and add 6 3TB hard drives and do a great big raid5 in a mac pro, but am very confused as to whether or not this will work. I was very hopeful that Lion Server would integrate 'software' RAID5 or similar functionality, but it's not clear anywhere whether it does this or not. Simply put, Do I still need to buy a dedicated raid5 card to have a redundant array of inexpensive disks on a mac or am I missing something still?-Looking for a great user experience AND a ton of redundant storage
HMTK - Wednesday, August 3, 2011 - link
Why not set up a NAS with iSCSI or NFS ?the_engineer - Wednesday, August 3, 2011 - link
LONG story short, geting a deidciated NAS box means spending more money than ought to be necessary at this point (I have an i7 desktop and a core2 desktop, both capable of running Lion, Windows, FreeBSD, you name it... Just fine, as well as plenty of vanilla SATA ports & cards available). I'm Trying to weigh all purely software options available to me, with ZFS/BSD sitting on top of the heap for storage features but OSX sitting on top of the heap from a usability standpoint. The longer I look at it the more likely I am to end up running one huge 20-drive ZFS based NAS under FreeBSD but was trying to avoid getting to this point.HMTK - Wednesday, August 3, 2011 - link
If you put it on the network you can access it with all decent OS's. I've got a little HP mini proliant just for that.