Apple has released two documents about Mountain Lion Server ahead of this month’s Mountain Lion (and Mountain Lion Server) launch. The first, a 25 page product guide, offered a some insights into the changes and new features that Apple wants to highlight for customers. The second is Apple’s Advanced Administration guide, an in-depth document that would be nearly 400 pages is it were printed or packaged as a PDF. This guide is the full documentation for Mountain Lion Server and it offers a lot of information about all the changes that Apple has made since Lion Server shipped last summer.
On the surface, these two guides are enough to make longtime OS X Server administrators nervous at Apple’s removal of the advanced admin tools and features that have been in nearly every previous OS X Server release. It’s very easy to look at the contents of the Advanced Administration guide and assume Apple is completing the consumerization of its server platform.
Digging a bit deeper, however, reveals that Apple may actually have a winning strategy in the way that it continues to integrate iOS and Mac management into a single workflow and that not all of the capabilities from previous iterations of OS X Server have been scrapped.
Let’s start with the bad news. Server Admin and Workgroup Manager are indeed gone. The Server app and web-based Profile Manager, both introduced in Lion Server, are now the primary administration tools.
The long running Mac client management system known as Manager Preferences, which was largely administered using Workgroup Manager, appears to be gone as well.
All in all, it looks like the OS X Server that many Mac IT folks are familiar with is gone and isn’t coming back. Without a doubt the familiar tools and user interfaces are gone, but much of the functionality still seems to be there.
One of the biggest questions is whether or not Apple has ditched Open Directory, the native directory service in OS X. With the push for Active Directory integration and the apparent focus of Mountain Lion Server as a small business tool, a natural assumption is that Open Directory might be deprecated and its functionality significantly reduced. That doesn’t seem to be the case. The guide contains references to all the advanced capabilities of Open Directory including support directory replication and locales (both major enterprise features), the ability to create multiple domains and multi-domain search policies, and the ability for Mac clients to be integrated with both Open Directory and Active Directory domains.
Profile Manager is the new Workgroup Manager. That seems pretty clear from looking at both documents from Apple. Many of the options that were previously set using Workgroup Manager (such as removable media access restrictions, Dock settings, and a custom login window on managed Macs) are now listed as items that can be set using Profile Manager. That implies that one of the tasks Apple did between Lion and Mountain Lion was shifting the client management data out of Open Directory and into Profile Manager. That would be a logical process (and one assumes straightforward) since Managed Preferences data is stored as XML data and that Configuration Profiles created and used by Profile Manager are essentially just XML files.
Centralizing Mac client and iOS device management in a single tool makes a great deal of sense. It allows administrators to visualize and work with user, group, device, and Mac policies in a single interface. That eliminates a lot of redundancy and makes it easier to avoid and troubleshoot mistakes.
Profile Manager has two other big advantages over Workgroup Manager. Being web-based, Profile Manager allows IT professionals to administer Mac client and iOS device management from virtually any computer or device they want. A Mac admin workstation is no longer required.
The second bit advantage is that Apple developed a self-service portal for users as part of Profile Manager. That means an administrator can create the needed profiles and associate them with user accounts, Macs, or iOS devices (or groups of them) and users can enroll whatever devices they want to use for work. Any settings, apps, or restrictions are then propagated without no further effort on the part of IT.
Some enterprise services are still there, but somewhat disguised. One example is RADIUS authentication. RADIUS is a network service that allows users to connect to Wi-Fi networks using the username and password. That makes life easier for users, but it has a lot of value as a security tool because there is no single password that is shared with everyone who uses the network. In the Advanced Administration guide, RADIUS is referenced, but its initial reference is described as “Manage Wi-Fi” – that’s something easily missed if you’re looking for the name RADIUS.
In the end, the story of Mountain Lion Server may not be about Apple hobbling of its server platform by removing its enterprise capabilities. Instead, it might be about how Apple has taken those capabilities and created a new interface that makes them much more accessible.