Mountain Lion Server May Look Limited, But It Still Has Enterprise Bones [Feature]

Mountain Lion Server May Look Limited, But It Still Has Enterprise Bones [Feature]

Appearances can be deceiving. Mountain Lion Server still has solid enterprise capabilities.

Apple has released two documents about Mountain Lion Server ahead of this month’s Mountain Lion (and Mountain Lion Server) launch. The first, a 25 page product guide, offered a some insights into the changes and new features that Apple wants to highlight for customers. The second is Apple’s Advanced Administration guide, an in-depth document that would be nearly 400 pages is it were printed or packaged as a PDF. This guide is the full documentation for Mountain Lion Server and it offers a lot of information about all the changes that Apple has made since Lion Server shipped last summer.

On the surface, these two guides are enough to make longtime OS X Server administrators nervous at Apple’s removal of the advanced admin tools and features that have been in nearly every previous OS X Server release. It’s very easy to look at the contents of the Advanced Administration guide and assume Apple is completing the consumerization of its server platform.

Digging a bit deeper, however, reveals that Apple may actually have a winning strategy in the way that it continues to integrate iOS and Mac management into a single workflow and that not all of the capabilities from previous iterations of OS X Server have been scrapped.

Let’s start with the bad news. Server Admin and Workgroup Manager are indeed gone. The Server app and web-based Profile Manager, both introduced in Lion Server, are now the primary administration tools.

The long running Mac client management system known as Manager Preferences, which was largely administered using Workgroup Manager, appears to be gone as well.

All in all, it looks like the OS X Server that many Mac IT folks are familiar with is gone and isn’t coming back. Without a doubt the familiar tools and user interfaces are gone, but much of the functionality still seems to be there.

One of the biggest questions is whether or not Apple has ditched Open Directory, the native directory service in OS X. With the push for Active Directory integration and the apparent focus of Mountain Lion Server as a small business tool, a natural assumption is that Open Directory might be deprecated and its functionality significantly reduced. That doesn’t seem to be the case. The guide contains references to all the advanced capabilities of Open Directory including support directory replication and locales (both major enterprise features), the ability to create multiple domains and multi-domain search policies, and the ability for Mac clients to be integrated with both Open Directory and Active Directory domains.

Profile Manager is the new Workgroup Manager. That seems pretty clear from looking at both documents from Apple. Many of the options that were previously set using Workgroup Manager (such as removable media access restrictions, Dock settings, and a custom login window on managed Macs) are now listed as items that can be set using Profile Manager. That implies that one of the tasks Apple did between Lion and Mountain Lion was shifting the client management data out of Open Directory and into Profile Manager. That would be a logical process (and one assumes straightforward) since Managed Preferences data is stored as XML data and that Configuration Profiles created and used by Profile Manager are essentially just XML files.

Centralizing Mac client and iOS device management in a single tool makes a great deal of sense. It allows administrators to visualize and work with user, group, device, and Mac policies in a single interface. That eliminates a lot of redundancy and makes it easier to avoid and troubleshoot mistakes.

Profile Manager has two other big advantages over Workgroup Manager. Being web-based, Profile Manager allows IT professionals to administer Mac client and iOS device management from virtually any computer or device they want. A Mac admin workstation is no longer required.

The second bit advantage is that Apple developed a self-service portal for users as part of Profile Manager. That means an administrator can create the needed profiles and associate them with user accounts, Macs, or iOS devices (or groups of them) and users can enroll whatever devices they want to use for work. Any settings, apps, or restrictions are then propagated without no further effort on the part of IT.

Some enterprise services are still there, but somewhat disguised. One example is RADIUS authentication. RADIUS is a network service that allows users to connect to Wi-Fi networks using the username and password. That makes life easier for users, but it has a lot of value as a security tool because there is no single password that is shared with everyone who uses the network. In the Advanced Administration guide, RADIUS is referenced, but its initial reference is described as “Manage Wi-Fi” – that’s something easily missed if you’re looking for the name RADIUS.

In the end, the story of Mountain Lion Server may not be about Apple hobbling of its server platform by removing its enterprise capabilities. Instead, it might be about how Apple has taken those capabilities and created a new interface that makes them much more accessible.

  • Daniel Sutton

    Aepxc has a point here. Yes, Apple periodically “breaks” their products, and then builds them back up to be even more flexible and powerful than they were before. This prevents many problems with legacy software and hardware that would be extremely problematic if they were left intact. I believe that Mountain Lion Server is the model for what server OSes will be in the future, rather than a “gimped” OS.

    Also, from what I read of the Advanced Administration Guide, this version of the document explains how to administer a Lion Server from a Mountain Lion client. This is not the administration guide for Mountain Lion Server. That will be introduced when the server OS is released to the public.

  • MrPeabody

    Uh hu, right, okay – I guess we’ll see what we see.

    The overtone of the article sounds like wishful thinking to me.

    Not a word about XSAN.

  • NedLudd

    Uh hu, right, okay – I guess we’ll see what we see.

    The overtone of the article sounds like wishful thinking to me.

    Not a word about XSAN.

    What about these headings in the document? Did you even look at it? (http://bit.ly/LkyXph)

    Xsan
    Upgrade from a previous version of Xsan
    Manage SAN Storage
    Manage clients and users
    Manage metadata controllers
    Manage SANs
    Monitor SAN status

  • Andrew Love

    No mention of how the ability to manange DHCP through the UI was stripped out of this so-called “feature packed” release? :-\

About the author

Ryan FaasRyan Faas is a technology journalist and consultant living in upstate New York who has written extensively about Apple, business and enterprise IT, and the mobile industry. In addition to writing for Cult of Mac, he is a contributor to Computerworld, InformIT, and Peachpit Press. In a previous existence he was a healthcare IT director as well as a systems and network administrator. Follow Ryan on Twitter and Google +

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , , , , , , |