In-Depth with Mac OS X Lion Server
by Andrew Cunningham on August 2, 2011 8:00 AM ESTWe’ve now covered every service manageable by Server.app, which addresses the core of OS X Server’s functionality. As we mentioned before, though, the Server Admin Tools still expose quite a bit of extra functionality that Server.app still doesn’t manage, and I’ll do my best to cover the services still managed by Server Admin, as well as the rest of the Tools.
There are a few services I’m not going to go over in very much depth: DHCP, DNS, Firewall, NAT, and RADIUS. Below is a very basic explanation of what it is they do, but if you need more information, you can check out the Snow Leopard Server documentation for them. These services are basically unchanged from their earlier implementation, and the documentation is far more thorough than I could hope to be.
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
DHCP
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
Firewall
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
NAT
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
RADIUS
Remote Authentication Dial-in User Service provides an extra level of authentication and logging to your network, though the service's insistence on AirPort base stations will probably limit its usefulness for most. Basically, once its setup, it allows you to control access to your wireless network using Open Directory user credentials. Handy if you can use it, inconsequential otherwise.
Facebook
Twitter
RSS
77 Comments
View All Comments
the_engineer - Thursday, August 4, 2011 - link
Indeed, and that's the plan, assuming nothing else I like more comes along. I was really sort of tantalized by the possibility of software RAID in OSX, and still haven't been able to get a straight answer on it. Currently it is looking like it's a no go.tff - Tuesday, August 2, 2011 - link
As a home user, I've been frustrated by the inability to have two users edit a shared calendar in OS X/iOS without using 3rd party software.How would it differ using Lion server to accomplish this rather than Lion and iOS 5 clients using iCloud?
Typical Mac home user- iPhones, iPads, Mac laptops.
Omegabet - Tuesday, August 2, 2011 - link
You can install server.app on a client. Just copy the app over from the server. The first time you launch it, choose connect to a server. It will then run server.app from your client. Otherwise it will upgrade lion to the server version. This was recommended in the apple documentation (can't remember where though).qiankun - Tuesday, August 2, 2011 - link
One instance I found frustrating is that non-HSF+ volumes like NTFS and exFat cannot be accessed from other computers using SMB or AFP. You can add the volume to the file sharing list, pick whatever protocol you like, but when you try to access it you'll get an error. Same thing applies to the bootcamp partition.I like to use NTFS or exFat on external drives, for simple fact that whenever needed you can simply disconnect them from the mac server and plug into a PC. I know there are software that allows reading HSF+ partitions on windows, but it's not installed everywhere, very unlikely if you want to use the drive on a random computer you or your friend uses.
damianrobertjones - Tuesday, August 2, 2011 - link
Windows Home Server. That's all I have to add.justinf79 - Friday, August 5, 2011 - link
WHS isn't even in the same league...rs2 - Tuesday, August 2, 2011 - link
I've used a number of different wiki solutions, and the one included on OS X Server is a toy compared to most other popular wikis. There's just no comparison between the OS X wiki and something like Confluence or MediaWiki.gamoniac - Tuesday, August 2, 2011 - link
At first glance, this looks impressive, given the price tag and the myriad of features provided. However, the author should note the huge maintenance costs of this at best rudimentary product. Anyone who has used Apache or IIS 7 knows the Lion web server is years away from catching up.What good is a cheap product if you have to to spend, say, 40 hours, trying to get something to work. The TCO is too high even at $10/hour, and even for home users.
gamoniac - Tuesday, August 2, 2011 - link
PS: Good article nonetheless. Thank you AT. Keep them coming!repoman27 - Wednesday, August 3, 2011 - link
What's good about a cheap product with a myriad of features is that if even one or two work as advertised out of the box, it was worth it. If not, you're only out $50. I configured Snow Leopard Client on a MacBook Pro to work as a NetBoot / NetRestore server because I happened to find that functionality useful, and although it was trivial to do so, I'm perfectly inclined to shell out the $50 for Lion Server going forward rather than monkey around with another client version.In general, you're right though, it's stupid to cheap out on a capital expenditure and then spend an order of magnitude more trying to get someone who knows what they're doing to make it work.
Really, though, who doesn't spend at least 40 hours setting up a new server for the first time?