Leopard Server can run on a wide variety of hardware, on anything from a Power PC Mac mini right through the highest-end Xserve. This, combined with the platform's extensive support for Windows PC clients and Windows Server environments, may well mean a broader customer base for Leopard Server.
Leopard Server provides easy-setup servers for many small businesses, and includes a new simplified setup process and systems management interface. This new interface is available in two modes: standard -- for single-server use in a small business environment -- and workgroup -- for use as a workgroup or departmental server in an enterprise infrastructure.
Both sets of tools offer an easy-to-use interface to several of Leopard Server's features and allow users with limited or no server experience to successfully deploy and manage Leopard Server. When used in workgroup mode, Leopard Server can take advantage of network user accounts already being used within the larger corporate network.
The entire range of Leopard Server features is not available in the new simplified setup modes (most likely Apple limited the features to those that it could successfully engineer for automatic configuration and simple management from within Server Admin).
Because of the complex nature of many Leopard Server features, Apple has included only those that could be successfully engineered for the simplified setup modes. Although this may sound limiting, the services included are among the most commonly used by small businesses or by individual departments within a large company or school.
These include file and printer sharing for both Macs and Windows PCs, e-mail, access to Leopard's new collaborative tools, remote access using VPN, internal instant messaging via iChat Server, shared calendars, and the ability to establish server and client backups using Apple's new Time Machine.
For larger organizations that have more robust server needs and can employ a staff of experienced server administrators, Leopard Server continues to provide services for networks of virtually any size and complexity.
When used in advanced administration mode, Leopard Server remains a highly stable and scalable platform for supporting Mac, Windows and Unix/Linux clients, and fully interoperates with Windows Server and Microsoft's Active Directory. For these environments, Leopard Server represents a significant increase in scalability, increased multiplatform support, more flexible administration and new collaborative tools.
New administration tools
For experienced administrators and other IT professionals who choose to use Leopard Server's advanced mode and larger tool set, Apple has redesigned its server administration tools -- Server Admin, Workgroup Manager and System Image Utility. All have received major facelifts and each change seems to have been aimed at making administration simple and more logical.
One of the most notable changes is that file-sharing administration, previously performed in Workgroup Manager, has been moved to Server Admin. Workgroup Manager is now exclusively used for user, group and computer account management and the administration of managed preferences.
This is a logical move that in some ways should have been done sooner because the management of network accounts -- whether they are stored in Apple's Open Directory or another LDAP-based directory system -- is not specific to a single server. Network account management typically requires connection to the master server for a directory domain.
Meanwhile, file-sharing administration must be done at the level of the server hosting individual share points.
One major change for account management in Workgroup Manager is that the concept of computer lists has been replaced with computer accounts and computer groups. Lists were used to manage preferences and to restrict access in previous versions of Mac OS X Server. Using accounts and groups instead allows individual computers to be managed with greater granularity. For instance, computer groups can be nested within each other for more flexible management options.
Enhanced directory services
Open Directory, the native directory service in Mac OS X, has gotten several major updates in Leopard Server as well as some significant under-the-hood changes for Leopard clients. The first of these server updates is two-tiered replication. This replaces the hub-and-spoke system of replication used in previous releases -- that's where a single Open Directory master issued updates to one or more replicas.
Note: The major under-the-hood change in Leopard is that Apple has retired the use of the outdated NetInfo technology as a mechanism for storing local user accounts and related information, and has replaced the NetInfo database with a series of property list (.plist files). We'll have more coverage of this in upcoming stories.
Two-tiered or cascading replication now allows for a single Open Directory master server to have up to 32 replicas that can each have up to 32 replicas of their own. This allows for richer replication topologies and increases performance of the Open Directory master, and as a result, the entire infrastructure in networks with large numbers of replicas. It also means that existing networks with more than 32 replicas will need to be redesigned.
Another important point is that all Open Directory servers within a network will need to be upgraded at the same time because replication between Leopard Server and Tiger Server is not supported.
Open Directory now supports cross-domain authorization. This allows an Open Directory master to be bound to another LDAP-based directory server, including Active Directory. The Open Directory master can then authorize access to services for users whose accounts reside in the directory system to which it is connected via Kerberos.
This feature allows for enhanced integration with other directory systems within a network, and allows Mac OS X Server to function as a middleman for directory services. This should permit simpler support for Mac OS X in a dual-platform network with Windows Server and Active Directory.
In fact, Active Directory support has been improved on both the client and server side of Leopard. Active Directory authentication now fully supports digital signing and all Windows 2003 Server security options. The process by which Mac OS X discovers Active Directory domain controllers has also been updated so that it behaves more like a Windows client when working with Active Directory site topologies.