In-Depth with Mac OS X Lion Server
by Andrew Cunningham on August 2, 2011 8:00 AM ESTWe’ve now covered every service manageable by Server.app, which addresses the core of OS X Server’s functionality. As we mentioned before, though, the Server Admin Tools still expose quite a bit of extra functionality that Server.app still doesn’t manage, and I’ll do my best to cover the services still managed by Server Admin, as well as the rest of the Tools.
There are a few services I’m not going to go over in very much depth: DHCP, DNS, Firewall, NAT, and RADIUS. Below is a very basic explanation of what it is they do, but if you need more information, you can check out the Snow Leopard Server documentation for them. These services are basically unchanged from their earlier implementation, and the documentation is far more thorough than I could hope to be.
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
DHCP
In case you don’t know what DHCP is: Dynamic Host Configuration Protocol is responsible for automatically assigning and then keeping track of IP addresses for each device on your network. Without DHCP, you’d have to configure every one of your network-attached devices manually, to say nothing of keeping track of which device uses which IP.
For most home and small business users, your router is going to do this for you - nearly all routers have a basic DHCP service, as well as tools for assigning fixed IP addresses to devices on your network.
If you need something a little more advanced, the DHCP service in Lion Server can create different subnets, map static IP addresses, and provide more detailed logs than many routers.
DNS
DNS (Doman Name System) is also IP address-related, in that it redirects IP addresses to more easily-remembered names. That’s why you can type Anandtech.com into your address bar to get here instead of a 12-digit IP address followed by a five-digit port number.
Firewall
The Firewall service lets you block access to ports on your server, as well as for your network and any computers attached to it. Most home users and enterprises are protected by a firewall at the network level, but this can be useful if you want to explicitly allow or deny access to a particular port or ports.
NAT
The Network Address Translation service handles port forwarding, enabling one IP address to host many different services. This is another service usually handled by routers: it’s the reason why multiple computers and other devices can access the Internet despite having only one IP address (to see your true IP address, as opposed to the IP address assigned to your device by your router, you can use a service like whatismyip.com or IP Chicken).
RADIUS
Remote Authentication Dial-in User Service provides an extra level of authentication and logging to your network, though the service's insistence on AirPort base stations will probably limit its usefulness for most. Basically, once its setup, it allows you to control access to your wireless network using Open Directory user credentials. Handy if you can use it, inconsequential otherwise.
77 Comments
View All Comments
Kristian Vättö - Tuesday, August 2, 2011 - link
Your Twitter was right, this really is endlessCharonPDX - Tuesday, August 2, 2011 - link
It was that pesky loop that started on page 23 that circled you back to page 8. By the time you'd read page 23, you'd forgotten what was on page 8, so you didn't notice you were in a loop until you were at what you thought was page 157...B3an - Tuesday, August 2, 2011 - link
Very in depth article... but i feel you've wasted time on this. No one in there right mind would use OSX as a server. Apart from Apple fanboys that choose an inferior product over better alternatives because it has an Apple logo, but i emphasize the words "right mind".FATCamaro - Tuesday, August 2, 2011 - link
For enterprise work, or a Windows-only network this is certainly true. For SMB, or even 500 mac/mixed users I think it could work if you can provide some glue to handle fail-over.Windows server is better for Office for sure as is Linux for web & applications.
Spivonious - Wednesday, August 3, 2011 - link
I can run a web server on the client version of Windows. It's just not installed by default.mino - Saturday, August 6, 2011 - link
Hint: for how many users/connections ....If it was THAT simple there would be no Web Edition, mind you.
AlBanting - Friday, August 19, 2011 - link
Same thing for client version of Mac OS X. I've done this for years.KPOM - Tuesday, August 2, 2011 - link
True, for an enterprise user. However, a small business or tech-savvy home user trying to manage multiple Windows PCs, Macs, and iOS devices might well be tempted by the $50 price tag.If should be obvious by the price drop and the discontinuation of the XServe that Apple no longer intends to compete with Windows Server or Linux in the enterprise market. They are a consumer-oriented company, and released a server OS intended for a consumer market.
zorxd - Tuesday, August 2, 2011 - link
Tech-savvy home user will run a free linux distro for a server. Plus it will work on any hardware, not only on a Mac. Many use older PCs as servers.Also the Mac Pro is too expensive and the Mac Mini can't even have 3.5" drives which mean that it is a bad solution for a file server.
richardr - Tuesday, August 2, 2011 - link
Actually, I have a real use case, though it may be a bit specialised for your tastes... non-computing departments of universities are full of people with underused desktops running Word, but also have other people doing analyses that take ages to run on their machines. Making them all Macs (you'll never persuade them to use linux) and wiring them up with xgrid and OSX Server is a pretty pain-free way of running my analyses on their machines without too much disruption to their lives...