Inside Mac OS X 10.7 Lion Server: remote lock, disk wipe and administration
In Mac OS X Lion Server, Apple brings iOS-like remote management features to the Mac, including "Find My Mac," remote wipe, and remote software and profile settings via push notifications.
Find and destroy my Mac
A related "Find My Mac" feature is rumored to be present on Lion in a developmental status (showing up as the FindMyMacd process), allowing users to remotely locate a missing notebook, for example, just as they can already use to locate an iPod touch, iPhone, or iPad.
A Lion Mac using a File Vault encrypted disk, just like the hardware encrypted iPhone 3GS and later iOS devices, will also facilitate remote wipe features similar to those that are already in place for mobile devices tied to MobileMe, enabling a user who has lost his or her MacBook to remotely destroy its contents before malicious thieves could even attempt to recover data from it.
While Apple hasn't yet officially revealed plans to add remote find/wipe/lock services for Lion Macs in MobileMe, it is clear that such a service will be available to Lion Server administrators, enabling them to remotely wipe or lock devices bound to the organization's Directory Server via Profile Server.
Lion Server Profile Manager for remote configuration
Additionally, the discovery of a new Uninstall.framework indicates that new Profile Server remote management tools (a feature of Lion Server for both Mac and iOS clients) will enable network administrators to remotely manage the software installed and removed on an organizations' machines, in addition to managing profiles (configuration files that are currently used to set up new iOS devices, and will in the future be used to set up Lion Macs).
While some of these tasks (including remote software installation) are already possible using Apple's Remote Desktop, the new web based Profile Manager in Lion Server promises to serve as a powerful remote administration solution that will allow companies to manage their mobile iOS devices and Macs using the same tool.
Apple says that its new Profile Manager "delivers simple, profile-based setup and management for Mac OS X Lion, iPhone, iPad, and iPod touch devices. It also integrates with your existing directory services and delivers automatic over-the-air profile updates using the Apple Push Notification service."
This indicates that the Apple Push Notification service foundation support discovered in Lion is not just used by FaceTime, but will also be used to update configuration information for enterprise users. For example, a company could upgrade its security policy for local WiFi networks and then push this configuration change to all of its iOS and Mac users for immediate installation.
Find and destroy my Mac
A related "Find My Mac" feature is rumored to be present on Lion in a developmental status (showing up as the FindMyMacd process), allowing users to remotely locate a missing notebook, for example, just as they can already use to locate an iPod touch, iPhone, or iPad.
A Lion Mac using a File Vault encrypted disk, just like the hardware encrypted iPhone 3GS and later iOS devices, will also facilitate remote wipe features similar to those that are already in place for mobile devices tied to MobileMe, enabling a user who has lost his or her MacBook to remotely destroy its contents before malicious thieves could even attempt to recover data from it.
While Apple hasn't yet officially revealed plans to add remote find/wipe/lock services for Lion Macs in MobileMe, it is clear that such a service will be available to Lion Server administrators, enabling them to remotely wipe or lock devices bound to the organization's Directory Server via Profile Server.
Lion Server Profile Manager for remote configuration
Additionally, the discovery of a new Uninstall.framework indicates that new Profile Server remote management tools (a feature of Lion Server for both Mac and iOS clients) will enable network administrators to remotely manage the software installed and removed on an organizations' machines, in addition to managing profiles (configuration files that are currently used to set up new iOS devices, and will in the future be used to set up Lion Macs).
While some of these tasks (including remote software installation) are already possible using Apple's Remote Desktop, the new web based Profile Manager in Lion Server promises to serve as a powerful remote administration solution that will allow companies to manage their mobile iOS devices and Macs using the same tool.
Apple says that its new Profile Manager "delivers simple, profile-based setup and management for Mac OS X Lion, iPhone, iPad, and iPod touch devices. It also integrates with your existing directory services and delivers automatic over-the-air profile updates using the Apple Push Notification service."
This indicates that the Apple Push Notification service foundation support discovered in Lion is not just used by FaceTime, but will also be used to update configuration information for enterprise users. For example, a company could upgrade its security policy for local WiFi networks and then push this configuration change to all of its iOS and Mac users for immediate installation.
Comments
On Apple's Lion page, it says Server is part of Lion?what does this mean? Can you enable the server features through system preferences even if you don't buy a version that specifically says "server" on it?
If that's right, I'm excited to experiment with it!
(I'd clear this up myself but I don't have access to the beta.)
Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.
You enable the server in the preference pane on Lion.
This summer should be a very fun one.
are you sure about this? it would be really great fun to have server as an option without buying server software separately.
@MobileMe
are you sure about this? it would be really great fun to have server as an option without buying server software separately.
It's on Apple's Lion page.
It's on Apple's Lion page.
i see it now, thanks.
I hope someone can clear up a question I have?
On Apple's Lion page, it says Server is part of Lion?what does this mean? Can you enable the server features through system preferences even if you don't buy a version that specifically says "server" on it?
If that's right, I'm excited to experiment with it!
(I'd clear this up myself but I don't have access to the beta.)
While the OS install is part of the same image, no one is really sure if you server features are optional add-ons or require a full re-install. Currently, it's the latter, though I think the former would be much easier in the long run for end-users to handle.
I hope Lion includes a Time Machine update to allow incremental backups of the encrypted disk. Otherwise this is just adding salt to the wound.
While the OS install is part of the same image, no one is really sure if you server features are optional add-ons or require a full re-install. Currently, it's the latter, though I think the former would be much easier in the long run for end-users to handle.
Ah, I see! Either way, it should be easy enough to set up as a server when you do the initial setup, right? I mean, if you're already upgrading your computer, you would think users wouldn't mind a little extra time to make it server, even if you do need a full reinstall.
Remote wipe....that won't come back to bite them if they release it to John Q Public.
Couldn't you get Apple Remote Desktop if you were "John Q Public" anyway?
You would think that remote wipe requires some type of authentication on both server and client.
@autism
Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.
You enable the server in the preference pane on Lion.
You know, I actually thought this was the way Apple was heading with Mac OS X Server. With the server functionality built into all Macs it would mean you could set up centralised iTunes etc and share all the data with iPads and iPhones.
It started to make sense when Apple release Apple TV 2 and the new Mac Mini Server. DHCP isn't really an issue with that largely being handled by the wireless routers and if they implemented some sort of Citrix style remote application running you could Remote Desktop into the Mac and run applications that require a desktop app not available on the iPad yet like internal software.
I'm really looking forward to seeing what Apple does over the next couple of Mac OS X releases. I do think they will kill off Server and implement more of Server's features into the desktop OS and make servers easy.
Apple doesn't do enterprise because there is no money to be made in the enterprise market. There are many that would disagree but the enterprise market is generally tighter than a virgin on her wedding day. They hate spending money and Apple likes to find markets that do like to spend money.
That's the consumer market (rather apt name really) and when you look at the consumer market they are not all that tech savvy so making a really powerful OS super simple to use will allow Apple to roll in new features that will make a truly interconnected world like in the sci-fi movies we see.
I can't wait. It is going to be an interesting 5 years.
I can't wait. It is going to be an interesting 5 years.
In 5 years we con't be running anything more than a terminal to the Apple server farm, cloud if you like.
In 5 years we con't be running anything more than a terminal to the Apple server farm, cloud if you like.
If there was the remotest chance of being able to hold you to that thought, I would. In 5 years I intend to still be using my existing Macbook air and iMac, personally speaking....
@autism
Mac os x Lion and Mac os x Lion Server are now combined....... which means that you will not have to buy a server edition of Lion.
You enable the server in the preference pane on Lion.
Not quite so easy, you do have to specifically add the software via a custom install during the initial install process. There might be a way os subsequently adding it to the install from teh CD (USB disk/whatever it is shipped on) but the application installer method for the Dev Preview cannot be used to add it post-install. I forgot to check it, and need to re-install to get at it. After this, the features probably appear in the Pref panes.
While the encrypted disk and remote wipe sound cool, this ignores File Vault's existing limitations. Every new Mac entices the owner to enable File Vault without warning them that this will make incremental backups impossible, including with Time Machine. Add to that the risk of complete data loss if a single sector of the encrypted volume is corrupted.
I hope Lion includes a Time Machine update to allow incremental backups of the encrypted disk. Otherwise this is just adding salt to the wound.
Because it is "whole disk" the OS is effectively unaware that is is encrypted. TM will now work happily. See the other thread more specifically on Encryption for more commentary
In 5 years I intend to still be using my existing Macbook air and iMac, personally speaking....
If you had a 5 year old iMac or Macbook now then it wouldn't run snow leopard. Some 5 year old software won't even run on snow leopard. So in 5 years time I would say your iMac and Macbook Air will be useless for anything new, not to mention the battery in your Macbook Air unless you get it replaced will be dead by then. They'll still be nice machines but Apple make all their money from selling new hardware and traditionally care very little about supporting anything over 3 years old.