I think the ida of the article is as flowed as Microsoft's laptop hunters adds. You pay less for Apple server, but you don't get the same thing.
Apple is at least a decade away from challenging Windows Server directly. I am not sure Apple really cares at this point. If you look at Apple and Microsoft, one of the big differences is that Apple carefully selects the markets it wants to compete, then focuses it's resources there. They are aware that they are not the sun and they can not shine all over the world. Microsoft lost it's focus for a while now. It is very nervous and tries to kill/bye/copy any company which succeeds in certain areas or gets recognition for being market leader for certain services. I am amazed Balmer have not tried to challenge Coca Cola yet by trying to acquire Pepsi or something.
Then, it helps to remember how Microsoft get there. 15 years ago most of the IT admins would argue that a server does not need a GUI and that a GUI is actually a bad thing, because it eats hardware resources. The real pro works from command line.
When Windows became a dominant OS and the first WIndows-grown IT generation came into power, they preferred something familiar. Windows server was extending it's capabilities and the IT admins grew with it.
Apple may chose a similar route to the enterprise. It can not do it the way it did with the iPod and the iPhone, putting up a killer product instantly.
A decade ago Apple was considered a dying company, Mac were considered a toy and Mac users were considered somewhat inferior, those who are not mature enough to use a real OS and use an OS for dummies instead, just because it is simple, not more capable. One could read a full issue of computer related magazine without a single mention of a Mac, especially outside US. Today Apple is big. There is no consensus whether Mac OS is superior or not, but it is recognized as a mature and powerful OS. When Vista came out one could hardly find an article on Vista without mention of the Mac OS.
There is a new Apple generation. Apple is common in many households and some small companies. Small Apple-centric shops (e.g pre-press or small Mac/iPhone software companies, or otherwise Mac dominated) may not need a complicated enterprise setup and may not have full-time system administrator. They need a file server at first, then they will want more, but relatively basic services. For this kind of companies Mac OS Server, as it is now, might be a better choice. From here on Apple can grow and extend the server OS capabilities, slowly extending it's user base. In a decade or two without much fanfare it can become a real power in the enterprise.
Remember that most of the technologies in Mac OS Server are not Apple development but open source projects. Those will continue to develop over time and help make the Mac OS server more competitive. If you extrapolate the pace of development at Microsoft vs Apple and open source, you will find that at some point MS could be left behind.
The craziest part about all this is even this article stopped way short of what else you get with OS X Server.
- RADIUS authenticated wifi
- Great VPN solution
- Opensource MySql database server
- Full fledged imaging server (netboot friggin rocks! Good luck figuring out windows sysprep if you are a small business owner)
- Podcast producer
- Quicktime streaming
- Xgrid (also friggin rocks!)
$29,238 comes in way short when you start looking at costs for a Cisco WCS solution for wifi + the $450 a pop for aironet access points ($100 for airport express, & you don't even need physical cables to extend your network) We haven't even scratched the surface in this comparison.
The comparison of sharepoints isn't just talking about the wiki feature on OS X, give me a break. For a small business who wants something simple to set up yet as powerful as an AD/Exchange/sharepoint solution it should be a no brainer. Even if your clients run windows it is still going to save you a lot of money to go with an Apple solution.
Also, lets not forget that Microsoft doesn't even have a comparable service to the last 3 I listed up there!
If you're a big business with lots & lots of servers then it does make sense to have windows/AD solutions, but as a small business...don't waste your money.
By the way, the Linux comparison is a joke. If you are a small business the support is every bit as important as the hardware/software itself. No small business owner wants to learn how to be a Linux programmer, that actually hurts their productivity & can even increase their costs if they have to pay outside sources for all service to their server.
Linux ain't a joke. It would work fine for basic LDAP support (user home directories etc) and basic SAMBA support. OSX Server and Linux have the Same SAMBA directory support; which is OSX Server and Linux is seen as a Windows NT 4.0 server by Windows Server machines. SAMBA 3.0 alpha apparently can finally emulate Active Directory on a Windows 2000 server level.
The VPN built into OSX is a joke. Basic L2P2 support, no AES encryption, no RSA Support, no Deffie-Helmin support. This means OSX Server built in VPN is only DES encryption, which was cracked LONG ago. Now if you combine it with VPN Tracker Server and put your mac on the parameter of your network (not recommended) then you have a powerful solution with XAuth, RSA key support etc. YOu really don't NEED Cisco equipment with a Windows setup. Cisco in my opinion is a rip off; I would rather go with Nortel or ZyXEL for enterprise equipment. NetGears ProSafe routers work very well with VPN Tracker for OSX. Their FVS338 and FVX538 routers have support for like 100 VPN tunnels, have powerful CPUs and support AES-256 bit encryption for the VPNs.
You can run Radius on Windows Server using Internet Authentication Server. It's free; not the greatest solution, but works fine for our VPN combined with our fvx538.
OSX Server (currently) is not acceptable for collaboration compared to Exchange. Still no full web access like OWA (well for e-mail there is basic SquirrelMail) and no smart phone full support (remote wipe, remote install etc). Even for small business they are still not there, I will have to agree with hezekiahb, Apple really is 10 years behind Microsoft in this regard. 15 years ago MS was behind Novell significantly (no true LDAP support, Active Directory didn't exist at the time).
If a small shop wanted to go the OSX Server route I would recommend they go with a hosted Exchange setup for collaboration and use OWA or Entourage. Entourage still sucks compared to Outlook, but it's allot more complete than Apple Mail and contacts. The new Beta version (of Entouage shows allot of progress because they have ditched WEBDav, which is much slower than RPC used by Outlook, though you need Exchange 2007 to take advantage of the new beta. Apple needs full cross-platform support to really compete with Exchange.
I do like Netboot. It's nice for updating images and maintaining updates. I have no experience with XGrid, we don't need it for our setup. MySQL is nice for saving money on the database end, though you can also do that on Windows Server. mySQL and SQL are NOT the same and applications are not cross-compatible.
I use WSUS for updating windows clients (which unlike Software Update Server it automatically installs updates, rather than relying on custom setups in Apple Remote Desktop to send UNIX commands or by manually updating on each machine) and Group POlicy to install Updates. IMages are maintained by Acronis True Image Server, which works just fine for updating images on machines.
Linux ain't a joke. It would work fine for basic LDAP support (user home directories etc) and basic SAMBA support. OSX Server and Linux have the Same SAMBA directory support; which is OSX Server and Linux is seen as a Windows NT 4.0 server by Windows Server machines. SAMBA 3.0 alpha apparently can finally emulate Active Directory on a Windows 2000 server level.
The VPN built into OSX is a joke. Basic L2P2 support, no AES encryption, no RSA Support, no Deffie-Helmin support. This means OSX Server built in VPN is only DES encryption, which was cracked LONG ago. Now if you combine it with VPN Tracker Server and put your mac on the parameter of your network (not recommended) then you have a powerful solution with XAuth, RSA key support etc. YOu really don't NEED Cisco equipment with a Windows setup. Cisco in my opinion is a rip off; I would rather go with Nortel or ZyXEL for enterprise equipment. NetGears ProSafe routers work very well with VPN Tracker for OSX. Their FVS338 and FVX538 routers have support for like 100 VPN tunnels, have powerful CPUs and support AES-256 bit encryption for the VPNs.
You can run Radius on Windows Server using Internet Authentication Server. It's free; not the greatest solution, but works fine for our VPN combined with our fvx538.
OSX Server (currently) is not acceptable for collaboration compared to Exchange. Still no full web access like OWA (well for e-mail there is basic SquirrelMail) and no smart phone full support (remote wipe, remote install etc). Even for small business they are still not there, I will have to agree with hezekiahb, Apple really is 10 years behind Microsoft in this regard. 15 years ago MS was behind Novell significantly (no true LDAP support, Active Directory didn't exist at the time).
If a small shop wanted to go the OSX Server route I would recommend they go with a hosted Exchange setup for collaboration and use OWA or Entourage. Entourage still sucks compared to Outlook, but it's allot more complete than Apple Mail and contacts. The new Beta version (of Entouage shows allot of progress because they have ditched WEBDav, which is much slower than RPC used by Outlook, though you need Exchange 2007 to take advantage of the new beta. Apple needs full cross-platform support to really compete with Exchange.
I do like Netboot. It's nice for updating images and maintaining updates. I have no experience with XGrid, we don't need it for our setup. MySQL is nice for saving money on the database end, though you can also do that on Windows Server. mySQL and SQL are NOT the same and applications are not cross-compatible.
I use WSUS for updating windows clients (which unlike Software Update Server it automatically installs updates, rather than relying on custom setups in Apple Remote Desktop to send UNIX commands or by manually updating on each machine) and Group POlicy to install Updates. IMages are maintained by Acronis True Image Server, which works just fine for updating images on machines.
If you could read my mind you would have realized that by saying Linux is a joke I was referring to the part of using it in small business where you don't have the luxury of hiring your own IT staff. I'm a Mac guy primarily because I was a Linux guy before that, just can't get a lot of the apps I run on Mac or Windows for Linux so I bit the bullet & got a Mac. Love it, have no reason to switch back as I can get a lot of my Linux favs on the Mac as well.
Look, Linux is the bomb from a geeky standpoint but it is not for the faint of heart, even with all it's advances towards user friendliness just in the past 5 or so years.
As far as windows RADIUS? It's far from a no brainer configuration & can be quite a pain to manage for someone who is only mildly tech savvy. This topic was trying to get at costs for a small business & why for most Apple would be a better solution.
In our current environment we have 2 VMWare ESX clusters, one consisting of 4 hosts & one of 2. Our network is composed of somewhere around 100 Cisco switches all of which authenticate RADIUS to a Windows 2003 server. Our Firewall is a Cisco ASA cluster & of course we use Cisco VPN. Don't think for a minute I don't understand the limitations of OS X server compared to the type of network infrastructure we have at my place of employment. But what we have is crazy overkill for any business under 100 employees (in some ways it is a little overkill for us at 350+).
OS X server uses 3DES for VPN, which is still not the greatest but certainly better than standard DES (which I took you were implying was what it used). For small business I think they would find themselves quite safe trusting in 3DES, but I do hope Apple updates this with 10.6.
Yes you can authenticate against Windows for wifi RADIUS but you still have to have some sort of centralized management piece for the APs themselves, that is if you want people to be able to walk from one side of the building to the other on wifi & not have hiccups in connection as they switch physical access points.
XGrid I'll admit is a nitch tool. You can basically setup your server to host a grid & then pair other Macs (or a stack of Linux boxes) to the grid. It effectively lets you offload processing to those computers (used a lot in scientific calculating or as render farm for video).
As far as software updates go, Apple sells remote Desktop which lets you manage some similar tasks as WSUS on your Macs. One of those is pushing out packages & system updates. We use WSUS by the way. Bought it, deployed it, learned it has tons of issues with supporting XP & so we ended up also going ahead & making the move to Vista. I'll be the first to say that Vista is not as bad as the hype, but they definitely didn't finish optimizing the kernel before release.
Apple needs a cross platform solution to compete with exchange??? Am I hearing that right? Don't get me started on exchange. Exchange is very powerful, I grant you that, but man is it ever finicky. As far as cross compatibility, well Entourage quite simply is a joke. I too am running the beta using RPC & love the increased speed. However, I find it a bit ridiculous that Outlook 2001 for OS 9 was more compatible with exchange then Entourage currently is. Are they ever going to build in some of the basics like support for distribution lists in your personal contacts?!! As far as OWA, sounds like 10.6 is going to bring possibly some OWA type capabilities. If what they bring with 10.6 comes anywhere close to what I get with mobileme it will rock (OWA standpoint I mean).
OS X server is a great all around, all in one, small business, full package solution. Can you get something better? Yeah, but you pay a heck of a lot more, would likely need IT staff, & you'd have to use Windows.
If you could read my mind you would have realized that by saying Linux is a joke I was referring to the part of using it in small business where you don't have the luxury of hiring your own IT staff. I'm a Mac guy primarily because I was a Linux guy before that, just can't get a lot of the apps I run on Mac or Windows for Linux so I bit the bullet & got a Mac. Love it, have no reason to switch back as I can get a lot of my Linux favs on the Mac as well.
Look, Linux is the bomb from a geeky standpoint but it is not for the faint of heart, even with all it's advances towards user friendliness just in the past 5 or so years.
As far as windows RADIUS? It's far from a no brainer configuration & can be quite a pain to manage for someone who is only mildly tech savvy. This topic was trying to get at costs for a small business & why for most Apple would be a better solution.
In our current environment we have 2 VMWare ESX clusters, one consisting of 4 hosts & one of 2. Our network is composed of somewhere around 100 Cisco switches all of which authenticate RADIUS to a Windows 2003 server. Our Firewall is a Cisco ASA cluster & of course we use Cisco VPN. Don't think for a minute I don't understand the limitations of OS X server compared to the type of network infrastructure we have at my place of employment. But what we have is crazy overkill for any business under 100 employees (in some ways it is a little overkill for us at 350+).
OS X server uses 3DES for VPN, which is still not the greatest but certainly better than standard DES (which I took you were implying was what it used). For small business I think they would find themselves quite safe trusting in 3DES, but I do hope Apple updates this with 10.6.
Yes you can authenticate against Windows for wifi RADIUS but you still have to have some sort of centralized management piece for the APs themselves, that is if you want people to be able to walk from one side of the building to the other on wifi & not have hiccups in connection as they switch physical access points.
XGrid I'll admit is a nitch tool. You can basically setup your server to host a grid & then pair other Macs (or a stack of Linux boxes) to the grid. It effectively lets you offload processing to those computers (used a lot in scientific calculating or as render farm for video).
As far as software updates go, Apple sells remote Desktop which lets you manage some similar tasks as WSUS on your Macs. One of those is pushing out packages & system updates. We use WSUS by the way. Bought it, deployed it, learned it has tons of issues with supporting XP & so we ended up also going ahead & making the move to Vista. I'll be the first to say that Vista is not as bad as the hype, but they definitely didn't finish optimizing the kernel before release.
Apple needs a cross platform solution to compete with exchange??? Am I hearing that right? Don't get me started on exchange. Exchange is very powerful, I grant you that, but man is it ever finicky. As far as cross compatibility, well Entourage quite simply is a joke. I too am running the beta using RPC & love the increased speed. However, I find it a bit ridiculous that Outlook 2001 for OS 9 was more compatible with exchange then Entourage currently is. Are they ever going to build in some of the basics like support for distribution lists in your personal contacts?!! As far as OWA, sounds like 10.6 is going to bring possibly some OWA type capabilities. If what they bring with 10.6 comes anywhere close to what I get with mobileme it will rock (OWA standpoint I mean).
OS X server is a great all around, all in one, small business, full package solution. Can you get something better? Yeah, but you pay a heck of a lot more, would likely need IT staff, & you'd have to use Windows.
Impressive network setup there sir. That's strong security if you are using radius on the network (ethernet) level as well as for Wifi and VPN. I personally never had issues with IAS and users roaming to other access points and it wasn't too hard for me to get up and running. Users still would have to understand things like shared secrets and how to point their access points/routers to the server etc. Radius is definitely harder than straight WPA or WPA2 setups.
I use IAS to authenticate RADIUS to our FVX538 for VPN support (works very well) and for wifi signon. All my machines support WPA2, so I just use that with Radius and a self-signed certificate.
When I discovered Apple Remote Desktop back in the day it was a godsend. I also use Apple Remote Desktop, but for things like Firefox, Camino, Roxio Toast etc updates. It's a great way to keep the machines totally up to date.
I've personally had issues with Netboot in 10.4. It seems that Apple broke some of the functionality when they upgraded past 10.4.8. Netboot is finicky in our setup. I don't use it to refresh images, I use it to do new installs or to fix a machine if it gets hosed (prohibitory sign, weird kernal panics etc which happen rarely but have happened). I haven't tried 10.5 server netboot, so maybe they have fixed those issues. Apple Support Forums are littered with people complaining about issues with 10.5 server, so I have been very learly about moving us to 10.5 server. Our shop still needs OS 9 support, so moving our clients to 10.5 is not going to happen anytime soon. Sheepshaver is a possibility (which I have deployed on our two Intel Macbook Pros), but it's stability issues and networking issues make it unacceptable for everyday use (you can't choose printers in the finder, there is no USB printing support apparently as well) and the uy from the Netherlands who was working on it has abandoned development.
What's nice about WSUS and Apple SUS is that I can get the machines to check updates and then deploy the Apple updates that I need. WSUS or Systems Management Server is nice because unlike Apple SUS there is a Database backend. I like being able to run reports from the WSUS console; it's easier to see my status on my machines.
ARD does have some support for checking what updates are needed, but isn't complete as with WSUS. Apple needs to make SUS use a mySQL database for reporting purposes. It would also be nice if you could deploy packages directly from SUS and auto-install updates.
The article really should highlight what's new about SL Server. Without using a VPN, Leopard Server already provides the bulk of what's mentioned: secure IMAP, POP, SMTP, and HTTP. Will SLS just be adding SSL encryption to iCal?
iCal 3 (in Leopard) already does SSL encryption. I'm using it that way right now with a Zimbra server; Google also requires https for its CalDAV access, and supports iCal 3.0.
Like you, I'm puzzled about the benefits of this, except if it's really supposed to be a sort of proxy to internal services, not hosted on the SLS, that can't (easily) be set up to use secure protocols natively.
There is one gaping hole in this, and it is support for Windows desktop users. Unless Apple provides cross-platform versions of Mail & iCal, OR Snow Leopard Server support for Outlook (i.e. Exchange emulation), even in iPhone heavy shops they will still need to pay for an Exchange Server, unless they are also a 100% Mac, which is rare.
Well, Thunderbird + Lightning/Sunbird could be an option. eM Client may also eventually be a possibility based on the advertised features.
There's also at least one open source project that's trying to get Outlook to talk to CalDAV servers: Open Outlook Connector.
Comments
Apple is at least a decade away from challenging Windows Server directly. I am not sure Apple really cares at this point. If you look at Apple and Microsoft, one of the big differences is that Apple carefully selects the markets it wants to compete, then focuses it's resources there. They are aware that they are not the sun and they can not shine all over the world. Microsoft lost it's focus for a while now. It is very nervous and tries to kill/bye/copy any company which succeeds in certain areas or gets recognition for being market leader for certain services. I am amazed Balmer have not tried to challenge Coca Cola yet by trying to acquire Pepsi or something.
Then, it helps to remember how Microsoft get there. 15 years ago most of the IT admins would argue that a server does not need a GUI and that a GUI is actually a bad thing, because it eats hardware resources. The real pro works from command line.
When Windows became a dominant OS and the first WIndows-grown IT generation came into power, they preferred something familiar. Windows server was extending it's capabilities and the IT admins grew with it.
Apple may chose a similar route to the enterprise. It can not do it the way it did with the iPod and the iPhone, putting up a killer product instantly.
A decade ago Apple was considered a dying company, Mac were considered a toy and Mac users were considered somewhat inferior, those who are not mature enough to use a real OS and use an OS for dummies instead, just because it is simple, not more capable. One could read a full issue of computer related magazine without a single mention of a Mac, especially outside US. Today Apple is big. There is no consensus whether Mac OS is superior or not, but it is recognized as a mature and powerful OS. When Vista came out one could hardly find an article on Vista without mention of the Mac OS.
There is a new Apple generation. Apple is common in many households and some small companies. Small Apple-centric shops (e.g pre-press or small Mac/iPhone software companies, or otherwise Mac dominated) may not need a complicated enterprise setup and may not have full-time system administrator. They need a file server at first, then they will want more, but relatively basic services. For this kind of companies Mac OS Server, as it is now, might be a better choice. From here on Apple can grow and extend the server OS capabilities, slowly extending it's user base. In a decade or two without much fanfare it can become a real power in the enterprise.
Remember that most of the technologies in Mac OS Server are not Apple development but open source projects. Those will continue to develop over time and help make the Mac OS server more competitive. If you extrapolate the pace of development at Microsoft vs Apple and open source, you will find that at some point MS could be left behind.
The craziest part about all this is even this article stopped way short of what else you get with OS X Server.
- RADIUS authenticated wifi
- Great VPN solution
- Opensource MySql database server
- Full fledged imaging server (netboot friggin rocks! Good luck figuring out windows sysprep if you are a small business owner)
- Podcast producer
- Quicktime streaming
- Xgrid (also friggin rocks!)
$29,238 comes in way short when you start looking at costs for a Cisco WCS solution for wifi + the $450 a pop for aironet access points ($100 for airport express, & you don't even need physical cables to extend your network) We haven't even scratched the surface in this comparison.
The comparison of sharepoints isn't just talking about the wiki feature on OS X, give me a break. For a small business who wants something simple to set up yet as powerful as an AD/Exchange/sharepoint solution it should be a no brainer. Even if your clients run windows it is still going to save you a lot of money to go with an Apple solution.
Also, lets not forget that Microsoft doesn't even have a comparable service to the last 3 I listed up there!
If you're a big business with lots & lots of servers then it does make sense to have windows/AD solutions, but as a small business...don't waste your money.
By the way, the Linux comparison is a joke. If you are a small business the support is every bit as important as the hardware/software itself. No small business owner wants to learn how to be a Linux programmer, that actually hurts their productivity & can even increase their costs if they have to pay outside sources for all service to their server.
Linux ain't a joke. It would work fine for basic LDAP support (user home directories etc) and basic SAMBA support. OSX Server and Linux have the Same SAMBA directory support; which is OSX Server and Linux is seen as a Windows NT 4.0 server by Windows Server machines. SAMBA 3.0 alpha apparently can finally emulate Active Directory on a Windows 2000 server level.
The VPN built into OSX is a joke. Basic L2P2 support, no AES encryption, no RSA Support, no Deffie-Helmin support. This means OSX Server built in VPN is only DES encryption, which was cracked LONG ago. Now if you combine it with VPN Tracker Server and put your mac on the parameter of your network (not recommended) then you have a powerful solution with XAuth, RSA key support etc. YOu really don't NEED Cisco equipment with a Windows setup. Cisco in my opinion is a rip off; I would rather go with Nortel or ZyXEL for enterprise equipment. NetGears ProSafe routers work very well with VPN Tracker for OSX. Their FVS338 and FVX538 routers have support for like 100 VPN tunnels, have powerful CPUs and support AES-256 bit encryption for the VPNs.
You can run Radius on Windows Server using Internet Authentication Server. It's free; not the greatest solution, but works fine for our VPN combined with our fvx538.
OSX Server (currently) is not acceptable for collaboration compared to Exchange. Still no full web access like OWA (well for e-mail there is basic SquirrelMail) and no smart phone full support (remote wipe, remote install etc). Even for small business they are still not there, I will have to agree with hezekiahb, Apple really is 10 years behind Microsoft in this regard. 15 years ago MS was behind Novell significantly (no true LDAP support, Active Directory didn't exist at the time).
If a small shop wanted to go the OSX Server route I would recommend they go with a hosted Exchange setup for collaboration and use OWA or Entourage. Entourage still sucks compared to Outlook, but it's allot more complete than Apple Mail and contacts. The new Beta version (of Entouage shows allot of progress because they have ditched WEBDav, which is much slower than RPC used by Outlook, though you need Exchange 2007 to take advantage of the new beta. Apple needs full cross-platform support to really compete with Exchange.
I do like Netboot. It's nice for updating images and maintaining updates. I have no experience with XGrid, we don't need it for our setup. MySQL is nice for saving money on the database end, though you can also do that on Windows Server. mySQL and SQL are NOT the same and applications are not cross-compatible.
I use WSUS for updating windows clients (which unlike Software Update Server it automatically installs updates, rather than relying on custom setups in Apple Remote Desktop to send UNIX commands or by manually updating on each machine) and Group POlicy to install Updates. IMages are maintained by Acronis True Image Server, which works just fine for updating images on machines.
Linux ain't a joke. It would work fine for basic LDAP support (user home directories etc) and basic SAMBA support. OSX Server and Linux have the Same SAMBA directory support; which is OSX Server and Linux is seen as a Windows NT 4.0 server by Windows Server machines. SAMBA 3.0 alpha apparently can finally emulate Active Directory on a Windows 2000 server level.
The VPN built into OSX is a joke. Basic L2P2 support, no AES encryption, no RSA Support, no Deffie-Helmin support. This means OSX Server built in VPN is only DES encryption, which was cracked LONG ago. Now if you combine it with VPN Tracker Server and put your mac on the parameter of your network (not recommended) then you have a powerful solution with XAuth, RSA key support etc. YOu really don't NEED Cisco equipment with a Windows setup. Cisco in my opinion is a rip off; I would rather go with Nortel or ZyXEL for enterprise equipment. NetGears ProSafe routers work very well with VPN Tracker for OSX. Their FVS338 and FVX538 routers have support for like 100 VPN tunnels, have powerful CPUs and support AES-256 bit encryption for the VPNs.
You can run Radius on Windows Server using Internet Authentication Server. It's free; not the greatest solution, but works fine for our VPN combined with our fvx538.
OSX Server (currently) is not acceptable for collaboration compared to Exchange. Still no full web access like OWA (well for e-mail there is basic SquirrelMail) and no smart phone full support (remote wipe, remote install etc). Even for small business they are still not there, I will have to agree with hezekiahb, Apple really is 10 years behind Microsoft in this regard. 15 years ago MS was behind Novell significantly (no true LDAP support, Active Directory didn't exist at the time).
If a small shop wanted to go the OSX Server route I would recommend they go with a hosted Exchange setup for collaboration and use OWA or Entourage. Entourage still sucks compared to Outlook, but it's allot more complete than Apple Mail and contacts. The new Beta version (of Entouage shows allot of progress because they have ditched WEBDav, which is much slower than RPC used by Outlook, though you need Exchange 2007 to take advantage of the new beta. Apple needs full cross-platform support to really compete with Exchange.
I do like Netboot. It's nice for updating images and maintaining updates. I have no experience with XGrid, we don't need it for our setup. MySQL is nice for saving money on the database end, though you can also do that on Windows Server. mySQL and SQL are NOT the same and applications are not cross-compatible.
I use WSUS for updating windows clients (which unlike Software Update Server it automatically installs updates, rather than relying on custom setups in Apple Remote Desktop to send UNIX commands or by manually updating on each machine) and Group POlicy to install Updates. IMages are maintained by Acronis True Image Server, which works just fine for updating images on machines.
If you could read my mind you would have realized that by saying Linux is a joke I was referring to the part of using it in small business where you don't have the luxury of hiring your own IT staff.
Look, Linux is the bomb from a geeky standpoint but it is not for the faint of heart, even with all it's advances towards user friendliness just in the past 5 or so years.
As far as windows RADIUS? It's far from a no brainer configuration & can be quite a pain to manage for someone who is only mildly tech savvy. This topic was trying to get at costs for a small business & why for most Apple would be a better solution.
In our current environment we have 2 VMWare ESX clusters, one consisting of 4 hosts & one of 2. Our network is composed of somewhere around 100 Cisco switches all of which authenticate RADIUS to a Windows 2003 server. Our Firewall is a Cisco ASA cluster & of course we use Cisco VPN. Don't think for a minute I don't understand the limitations of OS X server compared to the type of network infrastructure we have at my place of employment. But what we have is crazy overkill for any business under 100 employees (in some ways it is a little overkill for us at 350+).
OS X server uses 3DES for VPN, which is still not the greatest but certainly better than standard DES (which I took you were implying was what it used). For small business I think they would find themselves quite safe trusting in 3DES, but I do hope Apple updates this with 10.6.
Yes you can authenticate against Windows for wifi RADIUS but you still have to have some sort of centralized management piece for the APs themselves, that is if you want people to be able to walk from one side of the building to the other on wifi & not have hiccups in connection as they switch physical access points.
XGrid I'll admit is a nitch tool. You can basically setup your server to host a grid & then pair other Macs (or a stack of Linux boxes) to the grid. It effectively lets you offload processing to those computers (used a lot in scientific calculating or as render farm for video).
As far as software updates go, Apple sells remote Desktop which lets you manage some similar tasks as WSUS on your Macs. One of those is pushing out packages & system updates. We use WSUS by the way. Bought it, deployed it, learned it has tons of issues with supporting XP & so we ended up also going ahead & making the move to Vista. I'll be the first to say that Vista is not as bad as the hype, but they definitely didn't finish optimizing the kernel before release.
Apple needs a cross platform solution to compete with exchange??? Am I hearing that right? Don't get me started on exchange. Exchange is very powerful, I grant you that, but man is it ever finicky. As far as cross compatibility, well Entourage quite simply is a joke. I too am running the beta using RPC & love the increased speed. However, I find it a bit ridiculous that Outlook 2001 for OS 9 was more compatible with exchange then Entourage currently is. Are they ever going to build in some of the basics like support for distribution lists in your personal contacts?!! As far as OWA, sounds like 10.6 is going to bring possibly some OWA type capabilities. If what they bring with 10.6 comes anywhere close to what I get with mobileme it will rock (OWA standpoint I mean).
OS X server is a great all around, all in one, small business, full package solution. Can you get something better? Yeah, but you pay a heck of a lot more, would likely need IT staff, & you'd have to use Windows.
If you could read my mind you would have realized that by saying Linux is a joke I was referring to the part of using it in small business where you don't have the luxury of hiring your own IT staff.
Look, Linux is the bomb from a geeky standpoint but it is not for the faint of heart, even with all it's advances towards user friendliness just in the past 5 or so years.
As far as windows RADIUS? It's far from a no brainer configuration & can be quite a pain to manage for someone who is only mildly tech savvy. This topic was trying to get at costs for a small business & why for most Apple would be a better solution.
In our current environment we have 2 VMWare ESX clusters, one consisting of 4 hosts & one of 2. Our network is composed of somewhere around 100 Cisco switches all of which authenticate RADIUS to a Windows 2003 server. Our Firewall is a Cisco ASA cluster & of course we use Cisco VPN. Don't think for a minute I don't understand the limitations of OS X server compared to the type of network infrastructure we have at my place of employment. But what we have is crazy overkill for any business under 100 employees (in some ways it is a little overkill for us at 350+).
OS X server uses 3DES for VPN, which is still not the greatest but certainly better than standard DES (which I took you were implying was what it used). For small business I think they would find themselves quite safe trusting in 3DES, but I do hope Apple updates this with 10.6.
Yes you can authenticate against Windows for wifi RADIUS but you still have to have some sort of centralized management piece for the APs themselves, that is if you want people to be able to walk from one side of the building to the other on wifi & not have hiccups in connection as they switch physical access points.
XGrid I'll admit is a nitch tool. You can basically setup your server to host a grid & then pair other Macs (or a stack of Linux boxes) to the grid. It effectively lets you offload processing to those computers (used a lot in scientific calculating or as render farm for video).
As far as software updates go, Apple sells remote Desktop which lets you manage some similar tasks as WSUS on your Macs. One of those is pushing out packages & system updates. We use WSUS by the way. Bought it, deployed it, learned it has tons of issues with supporting XP & so we ended up also going ahead & making the move to Vista. I'll be the first to say that Vista is not as bad as the hype, but they definitely didn't finish optimizing the kernel before release.
Apple needs a cross platform solution to compete with exchange??? Am I hearing that right? Don't get me started on exchange. Exchange is very powerful, I grant you that, but man is it ever finicky. As far as cross compatibility, well Entourage quite simply is a joke. I too am running the beta using RPC & love the increased speed. However, I find it a bit ridiculous that Outlook 2001 for OS 9 was more compatible with exchange then Entourage currently is. Are they ever going to build in some of the basics like support for distribution lists in your personal contacts?!! As far as OWA, sounds like 10.6 is going to bring possibly some OWA type capabilities. If what they bring with 10.6 comes anywhere close to what I get with mobileme it will rock (OWA standpoint I mean).
OS X server is a great all around, all in one, small business, full package solution. Can you get something better? Yeah, but you pay a heck of a lot more, would likely need IT staff, & you'd have to use Windows.
Impressive network setup there sir. That's strong security if you are using radius on the network (ethernet) level as well as for Wifi and VPN. I personally never had issues with IAS and users roaming to other access points and it wasn't too hard for me to get up and running. Users still would have to understand things like shared secrets and how to point their access points/routers to the server etc. Radius is definitely harder than straight WPA or WPA2 setups.
I use IAS to authenticate RADIUS to our FVX538 for VPN support (works very well) and for wifi signon. All my machines support WPA2, so I just use that with Radius and a self-signed certificate.
When I discovered Apple Remote Desktop back in the day it was a godsend. I also use Apple Remote Desktop, but for things like Firefox, Camino, Roxio Toast etc updates. It's a great way to keep the machines totally up to date.
I've personally had issues with Netboot in 10.4. It seems that Apple broke some of the functionality when they upgraded past 10.4.8. Netboot is finicky in our setup. I don't use it to refresh images, I use it to do new installs or to fix a machine if it gets hosed (prohibitory sign, weird kernal panics etc which happen rarely but have happened). I haven't tried 10.5 server netboot, so maybe they have fixed those issues. Apple Support Forums are littered with people complaining about issues with 10.5 server, so I have been very learly about moving us to 10.5 server. Our shop still needs OS 9 support, so moving our clients to 10.5 is not going to happen anytime soon. Sheepshaver is a possibility (which I have deployed on our two Intel Macbook Pros), but it's stability issues and networking issues make it unacceptable for everyday use (you can't choose printers in the finder, there is no USB printing support apparently as well) and the uy from the Netherlands who was working on it has abandoned development.
What's nice about WSUS and Apple SUS is that I can get the machines to check updates and then deploy the Apple updates that I need. WSUS or Systems Management Server is nice because unlike Apple SUS there is a Database backend. I like being able to run reports from the WSUS console; it's easier to see my status on my machines.
ARD does have some support for checking what updates are needed, but isn't complete as with WSUS. Apple needs to make SUS use a mySQL database for reporting purposes. It would also be nice if you could deploy packages directly from SUS and auto-install updates.
Just some thoughts.
The article really should highlight what's new about SL Server. Without using a VPN, Leopard Server already provides the bulk of what's mentioned: secure IMAP, POP, SMTP, and HTTP. Will SLS just be adding SSL encryption to iCal?
iCal 3 (in Leopard) already does SSL encryption. I'm using it that way right now with a Zimbra server; Google also requires https for its CalDAV access, and supports iCal 3.0.
Like you, I'm puzzled about the benefits of this, except if it's really supposed to be a sort of proxy to internal services, not hosted on the SLS, that can't (easily) be set up to use secure protocols natively.
There is one gaping hole in this, and it is support for Windows desktop users. Unless Apple provides cross-platform versions of Mail & iCal, OR Snow Leopard Server support for Outlook (i.e. Exchange emulation), even in iPhone heavy shops they will still need to pay for an Exchange Server, unless they are also a 100% Mac, which is rare.
Well, Thunderbird + Lightning/Sunbird could be an option. eM Client may also eventually be a possibility based on the advertised features.
There's also at least one open source project that's trying to get Outlook to talk to CalDAV servers: Open Outlook Connector.