In-Depth with Mac OS X Lion Server
by Andrew Cunningham on August 2, 2011 8:00 AM ESTWe’ve now covered every service manageable by Server.app, which addresses the core of OS X Server’s functionality. As we mentioned before, though, the Server Admin Tools still expose quite a bit of extra functionality that Server.app still doesn’t manage, and I’ll do my best to cover the services still managed by Server Admin, as well as the rest of the Tools.
There are a few services I’m not going to go over in very much depth: DHCP, DNS, Firewall, NAT, and RADIUS. Below is a very basic explanation of what it is they do, but if you need more information, you can check out the Snow Leopard Server documentation for them. These services are basically unchanged from their earlier implementation, and the documentation is far more thorough than I could hope to be.
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
DHCP
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
Firewall
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
NAT
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
RADIUS
Remote Authentication Dial-in User Service provides an extra level of authentication and logging to your network, though the service's insistence on AirPort base stations will probably limit its usefulness for most. Basically, once its setup, it allows you to control access to your wireless network using Open Directory user credentials. Handy if you can use it, inconsequential otherwise.
Facebook
Twitter
RSS
77 Comments
View All Comments
jedimed - Thursday, August 4, 2011 - link
Does anyone know if Lion Server supports any DLNA media streaming?jay2901 - Saturday, August 6, 2011 - link
sorry if this has been answered already...but if you aren't interested in legacy nt domain controller functionality, can you join a windows 7 pc to lion server's open directory? would love to use this in a mixed (50-50) environment with mac/pcs without needing active directory.ATOmega - Monday, August 8, 2011 - link
Such a limiting selection of hardware and functionality.Running a server, it makes more sense to take advantage of the strong updates and packages in Debian/Ubuntu and just run with that.
I mean, if you're crazy about the Apple hardware, go nuts! But it's clear what Apple really does with server is integrate a handful of half baked UIs with otherwise free software packages. Calling it a "server edition" changes little from an existential perspective.
I'll never understand the appeal of paying up to 3x more to get the same if not less...
tumme_totte - Tuesday, August 9, 2011 - link
Andrew, you say that Windows computers can't join the OD since a Lion OD Master can't be Primary Domain Master for Windows. But in the documentation Apple says something else:https://help.apple.com/advancedserveradmin/mac/10....
Can this be verified? Windows 7 machines can't be joined to Leopard Server (neither Server 2008) and I was hoping Lion would solve this.
Te-Moz - Sunday, August 14, 2011 - link
Andrew, you can set up device management with a self signed SSL certificate.Obviously it's 'nicer' to have one that's authority signed, but for us, we just need Lion server to control our Macs and iPads, push updates and provide some shared storage. (Educational setting)
Great article, and if you wanted to do one on setting up a golden triangle with Lion Server OD and Win AD, then I'm sure a lot of folk would fine that really helpful also. ;)
reese637 - Saturday, December 24, 2011 - link
Hi all. I'm a young tech enthusiast who likes to get his hands dirty in networks and servers and what not. As of now, I've been running our home network with two Time Capsule routers (acting as access points, web servers, backup drives, and file sharing), and many mac desktops and laptops (I believe four MacBooks and two iMacs). For a while now, I've been interested in upgrading to the Server edition of OSX, but I was afraid that it had too many requirements such as xserves, server domains, etc. Now that Lion Server seems to be a bit more consumer friendly and a lot cheaper, I was seriously thinking in upgrading. Would any of you please be able to let me know if there is anything else I need to buy/do in order for OSX Lion Server to actually work in my home? Thank you.Ron Blatto - Thursday, February 2, 2012 - link
I'm new to using any kind of server software and your guide is exactly what I was looking for.