|Exam Name||:||Mac OS X Server Command and Line Install and Configuration v10.4|
|Questions and Answers||:||67 Q & A|
|Updated On||:||April 24, 2019|
|PDF Download Mirror||:||Pass4sure 9L0-614 Dump|
|Get Full Version||:||Pass4sure 9L0-614 Full Version|
Exam Questions Updated On :
9L0-614 exam Dumps Source : Mac OS X Server Command and Line Install and Configuration v10.4
Test Code : 9L0-614
Test Name : Mac OS X Server Command and Line Install and Configuration v10.4
Vendor Name : Apple
Q&A : 67 Real Questions
Can I get latest dumps with real Q & A of 9L0-614 exam?
As I long long past through the street, I made heads turn and each single person that walked past me changed into lookingat me. The purpose of my sudden recognition changed into that I had gotten the fine marks in my Cisco check and all of us was bowled over at it. I used to be astonished too but I knew how such an fulfillment modified intopossible for me without killexams.com QAs and that became all because of the preparatory instructions that I took in thiskillexams.com. They were perfect sufficient to make me perform so suitable.
9L0-614 actual query bank is real have a look at, authentic result.
I am now 9L0-614 certified and it could not be possible without killexams.com 9L0-614 exam simulator. killexams.com exam simulator has been tailored keeping in brain the requirements of the students which they confront at the time of taking 9L0-614 exam. This exam simulator is very much exam focus and every topic has been addressed in detail just to keep apprised the students from each and every information. killexams.com team knows that this is the way to keep students confident and ever ready for taking exam.
simply those 9L0-614 ultra-modern dumps and take a look at manual is needed to pass the take a look at.
i used to be in a rush to pass the 9L0-614 exam due to the fact I needed to submit my 9L0-614 certificates. I shouldattempt to search for some on-line help concerning my 9L0-614 test so I began looking. i discovered this killexams.com and turned into so hooked that I forgot what i was doing. in the end it became not in useless seeing thatthis killexams.com were given me to skip my test.
Here we are! Exact study, Exact Result.
First of all I want to mention Thanks to you people. I have cleared 9L0-614 Exam by way of subscribing to your examine material. So I wanted to share my fulfillment in your website. Thank you once again. Thank you very much to your extremely good assist. I even have cleared my 9L0-614 with 90%.
Take a smart circulate, attain these 9L0-614 questions and answers.
I had taken the 9L0-614 practise from the killexams.com as that turned into a nice platform for the education and that had in the end given me the satisfactory degree of the education to get the first-class scores inside the 9L0-614 test tests. I genuinely enjoyed the manner I were given the matters completed in the interesting way and via the help of the equal; I had sooner or later were given the issue on the line. It had made my instruction tons less complicated and with the assistof the killexams.com I had been capable of grow nicely in the life.
it is simply brilliant help to have 9L0-614 state-of-the-art dumps.
I although that if I may additionally want to clear our 9L0-614 check and sure this is as soon as I got here to recognise with my antique top class buddy that killexams.com is the one that would be the boon for me because it were given me my intelligence finally again which I had misplaced for some time and that i desire that this may in no manner get over for me getting my 9L0-614 check cleared in the end.
terrific idea to prepare 9L0-614 real exam questions.
Yes, very useful and i used to be able to score 80 % inside the 9L0-614 exam with five days practise. Particularly the facility of downloading as PDF documents on your bundle gave me a fantastic room for effective exercise coupled with online test - no constrained attempts limit. Solutions given to each query by the use of you is one hundred% correct. Thanks lots.
much less effort, fantastic expertise, assured success.
I dont experience by myself a mid tests any longer in light of the fact that i have a beautiful examine partner as this killexams.com dumps. I am quite appreciative to the educators right right here for being so extraordinary and rightly disposed and assisting me in clearing my distinctly exam 9L0-614. I solved all questions in exam. This equal course turned into given to me amid my exams and it didnt make a difference whether or not or no longer it have become day or night, all my questions have been spoke back.
Do a clever move, prepare these 9L0-614 Questions and solutions.
I have been so susceptible my entire way yet I know now that I had to get a skip in my 9L0-614 and this can make me popular probable and yes I am quick of radiance but passing my exams and solved nearly all questions in just 75 minutes with killexams.com dumps. A couple of splendid guys cant bring a alternate to planets manner but they can just permit you to recognize whether or not youve got been the principle fellow who knew a way to try this and I want to be acknowledged on this global and make my personal precise imprint.
surprised to peer 9L0-614 actual test questions!
A portion of the classes are extraordinarily intricate but I understand them utilizing the killexams.com Q&A and exam Simulator and solved all questions. basically attributable to it; I breezed via the test horribly essentially. Your 9L0-614 dumps Product are unmatchable in exceptional and correctness. all of the questions to your object were in the checkas well. i was flabbergasted to check the exactness of your material. a lot obliged another time for your help and all theassist that you provided to me.
Apple has posted a help observe titled “prepare for alterations to macOS Server,” and boy are they not kidding about big alterations coming. In an replace to macOS Server due in “spring 2018,” Apple will deprecate ten capabilities via hiding them on new installations. if you’ve already configured some of the deprecated functions, you’ll be able to keep using it in that replace.
In a future liberate of macOS Server, Apple will go extra and take away the deprecated capabilities wholly. The writing is on the wall — it’s time to birth discovering options.
The deprecated capabilities are:
For each, Apple’s help note links to options, youngsters I’m sure the Mac admin group can have further tips and suggestions. in case you’re now not already in a single of those companies, i like to recommend the MacEnterprise mailing checklist and the MacAdmins Slack group.
If I’m diffing appropriately, the features with a purpose to remain in macOS Server consist of these three (Apple didn’t call out software update for removing, nonetheless it’s already hidden, so it appears destined for the reducing block as smartly):
That list is in response to Apple’s remark that “macOS Server is changing to focus extra on administration of computer systems, devices, and storage to your network.”
Over at Krypted, Charles area has been preserving a web page that tracks the ebb and movement of services in Server over time. The number peaked fairly a few revisions in the past and has been losing ever on the grounds that. partly, that’s as a result of Apple has moved a number of features into macOS for all to use, certainly content material Caching and Time computer Server.
as a result of Apple’s obtrusive lack of hobby in macOS Server in recent years, few americans are surprised via Apple’s announcement. although, many are distressed by using it since it sends a troubling message to small companies that have long relied on OS X Server and macOS Server. Consultants and IT admins who informed, put in, and maintained these macOS Server setups are involved about having to analysis, install, and sustain with the vast diversity of apps critical to substitute all the capabilities that macOS Server offered in a single coherent package. and naturally, despite the fact that the alternate options are more suitable technically, relocating to them will require non-trivial investments of time and cash.
Are you the usage of OS X Server or macOS Server now? What’s your plan for coping with losing these capabilities? tell us in the comments.
The ninth main liberate of Apple’s server working system is as massive a change as the exchange from Mac OS X Server 1.0 to Mac OS X Server 10.0. (Readers with longish reminiscences may additionally be aware that OS X Server had a pre-10.0 edition, which become called version 1.0.) in many techniques, Mac OS X Lion Server (edition 10.7; Mac App shop link) succeeds, nonetheless it’s hampered by means of UI annoyances and inconsistencies so one can doubtless be fixed in future updates. but right now, the usage of Lion Server is a tad more maddening than it will be.Welcome Server.app; good-bye Server Admin—sort of
There’s a new kid on the town for managing Lion Server, and it’s known as Server.app. I’m certain that this new server-management software will in the future absolutely take over all the features of the conventional Server Admin software, however at the moment it doesn’t, which effects in a a little bit tedious little bit of hopping backward and forward between applications to get issues performed. as an example, Server.app handles handle booklet, File Sharing, iCal, iChat, Mail, and different carrier settings. Server Admin handles DHCP, DNS, NetBoot, software update, and others.
The influence is that Server Admin handles what Server.app doesn’t—but there are cases if you should use both purposes, similar to for the Mail server and the Podcast server. Server Admin has entry to greater settings than Server.app does, so that they complement each and every different. but when both applications manipulate the identical settings, similar to host identify or SSH enabling, it’s basically demanding.Server.app is the main software used to control Lion Server, replacing the Server Admin application in previous OS X Servers.
Apple did the same component to the Workgroup supervisor application, which was used for consumer/computing device/neighborhood/ listing administration. In Lion Server, listing Utility now handles the directory-management initiatives. in case you need to edit the LDAP info for Open directory in a more direct style than the standard UI allows you to, you now try this in directory Utility. Of course, which you could additionally edit and create users in Server.app. That’s easy.
Why have 4 functions doing the work of two? It’s a bit like being nibbled to demise by child geese. It’s certainly not some return-to-Unix concept where each software has a specific focal point. Server.app is the rest however that. The answer I consider lies in Profile manager, Apple’s new device for managing Macs and iOS contraptions (greater on that later). whilst you use Server.app to installation Profile manager, lots of the specific managing work is done by way of an internet interface. That’s no longer a foul idea; managing a server is some thing that, on the GUI stage, will also be handled reasonably neatly via a web UI. (The UI usually contains picking out from a list, getting into textual content, and settling on radio buttons, and checkboxes. Does it basically count number if those controls are offered by the use of Cocoa or HTML?)
besides the fact that children, the tools are very much a piece in growth. Apple hasn’t even come near an internet UI yet—if it's, basically, the end goal for this. in consequence, there are more equipment than ever to control Lion Server, and given the radical alterations Apple has made to these equipment (above all in Server.app), it basically makes managing Lion Server extra work than Mac OS X 10.6 Server ( ).where did the controls go?
The other challenge with Server.app is that, for the most half, there isn’t a lot there. for instance, not like OS X 10.6 Server’s Server Admin utility, which means that you can do a lot of the configuration tasks for the internet server, Lion Server’s Server.app definitely doesn’t will let you do a great deal more than add sites, specify the ports and the internet root directory, and install some fundamental entry controls. anything else more than that, and also you’re going to have to use and stay with the command line.
In and of itself, here's nothing new. even though Apple provided a GUI for DNS, if you wanted to do the rest apart from the absolute fundamentals, you had to learn the guts of DNS within the command line. For things like SNMP, all the GUI ever did was mean you can turn it on. All submit-enablement SNMP configuration occurs in textual content info and the command line. In some instances, chiefly with the net server, here is a little of a shock, because the differences within the GUI between versions 10.6 and 10.7 are fairly massive. in the case of iChat server, the variations are quite minor.
the inability of a GUI is upsetting, but in mild of what Apple thinks of as its main consumer base, this makes some experience. for instance, in case you make the effort to examine how Lion Server works and what it does with Apache and internet services, it’s evident that Apple looks at Apache as a means to get things achieved. Apache gives the returned end for the web UI in things like Profile supervisor; you need it for the Wiki service, file sharing for iOS devices, and other functions. For web publishing, it’s clear that Apple needs you to use the Wiki/weblog carrier built into Lion Server, in place of construct websites the average way. Apple’s element here seems to be, when it involves issues like pure internet hosting, there’s no longer a lot of talents to the use of OS X Server. It doesn’t provide you with any longer capability than you’re going to get off of different structures like Linux, BSD, or home windows. truly, if you delivery speakme about a lot of internet systems, it’s obtrusive that the most effective purpose OS X is mentioned is since it’s in keeping with Unix, and so that you can use Unix tools with out loads of work. however is there some advantage to OS X Server for accepted services like internet hosting? now not in fact. It’s wonderful that Lion Server offers this, but when you predict Apple to move after Linux’s market share as an business net hosting platform, you might possibly be confusing Apple with any other enterprise.
one other problem with Lion Server is that so little of here is documented. Apple’s server documentation for Lion Server is, to be charitable, thin. Apple moved some of the documentation to the net, however you could’t get to all of it from the main documentation website. You must be in Server.app to get to materials of the documentation, such because the Profile supervisor—extra particularly, you open Server.app and then click on on the link to the Profile supervisor net UI (or go to https://serverdnsname/profilemanager), log in, and then, from the drop-down menu within the upper correct, click on on assist. with a view to take you to http://help.apple.com/profilemanager/mac/10.7/, which is an Apple webpage. in case you go to http://aid.apple.com, you’ll discover that nothing about Lion Server exists as a direct hyperlink from that page.
this is the situation I actually have with Lion Server as an entire: even though Apple has made a lot of alterations to OS X Server, the whole kit is so definitely a piece in growth. Take a simple task like file sharing: You go to the File Sharing area to allow sharing, and you may set some basic permissions, but when you need to set the rest beyond study best, write most effective, or examine-write, then you need to go to the hardware settings, then storage, and then that you could set extra-detailed ACLs. It’s a remarkably kludgy equipment; why no longer have all of the file-sharing settings in a single location, you recognize, beneath, maybe, the File Sharing area?
For Apple, the state of the server-administration GUIs is unhealthy, almost drawing near appalling. because of this, the pretty brilliant new facets in Lion Server aren’t as cool as they may be.Whither Samba
previous to Lion Server, OS X used Samba, a superb open-supply project that permits non-windows platforms to both access and serve info as a windows server. prior to Lion Server, Samba turned into how OS X Server dealt with home windows file- and print-serving projects.
In July of 2007, the Samba group introduced that it could be moving to edition 3 of the Free utility basis’s generic Public License. Some points of the GPL three created issues for Apple, so rather than continue with a lifeless edition of Samba in OS X Server, Apple eliminated Samba and wrote its personal SMB customer and server for Lion Server. the entire SMB help in OS X Server from that point on out has come from Apple.
Lion Server provides handiest fundamental file sharing. home windows NT area aid is long gone, but Vista works with NT domains simplest with some tweaking, and home windows 7 won’t work with NT domains at all, so here is now not a big problem. Microsoft has been working away from NT four domains because 2000.What about print sharing?
Print sharing is still in Lion Server, but Apple now not has any variety of customized GUI for it. as an alternative, you utilize the CUPS interface, which is a web UI at http://localhost:631. You not want a different program to set up print sharing, which is an advantage. The draw back is that while CUPS has thorough documentation, it’s no longer precisely geared towards learners, and with out Samba, print sharing to home windows consumers is a whole lot trickier.
if you must do lots of wide print sharing, believe preserving your print server at version 10.6, and let Apple know you really need better print serving capabilities to upgrade thoroughly to Lion Server.MySQL
MySQL is gone, changed by way of PostgreSQL. Why? Apple isn’t telling. If I had to guess, I’d say it comes all the way down to licensing. Oracle’s licensing for MySQL is a little of a multitude; the license you’re issued depends upon the way you utilize MySQL. PostgreSQL is under a BSD license, which is whatever Apple favors way more.
in case you already have MySQL records or binaries, Lion Server doesn’t delete them, but Lion Server doesn’t provide even the rudimentary controls for MySQL that OS X 10.6 Server provided, and if you want to use PostgreSQL, any customization you are looking to do have to be performed by way of the command line or third-party tools.Profile supervisor
Profile supervisor is the one shining superstar in Lion Server. Profile manager lets you eventually manipulate iOS gadgets from an Apple server OS (what a concept!), and it does so in a method that's a good option, smartly notion out, and fairly pleasant to both IT professionals and clients.
Going forward, Profile supervisor is how Apple needs you to manipulate users, user corporations, Macs, companies of Macs, iOS gadgets, and companies of iOS contraptions. It’s essentially a web-primarily based implementation with a focus on self-carrier. clients can go to an internet portal (https://serverdnsname/mydevices), log in with their directory credentials, after which add their Mac or iOS device into management. I haven’t had an opportunity to do lots of work with the Mac side of things in Profile manager, but the iOS aspect works definitely well.Used to manage users, consumer companies, Macs, groups of Macs, iOS instruments, and organizations of iOS contraptions, Profile supervisor is the shining famous person in Lion Server.
The setup for managing Macs, iOS contraptions, or both is similar to the iPhone Configuration Utility that Apple used to make use of as its fundamental configuration device for iOS contraptions. Configuration profiles are disbursed as digitally signed XML .mobileconfig files by way of a few strategies, and it works basically neatly.
With Profile supervisor, Apple is taking the cell machine management (MDM) idea it first utilized for iOS gadgets and widening the scope to encompass belongings you used to do by means of Workgroup supervisor and MCX. here is a boon to directors, notably if you’re attempting to manage iOS contraptions and also you don’t need to write your personal setup from scratch, or pay a lot of money to a third celebration just to manage Apple contraptions. should far flung-wipe an iPad? that you may try this from Profile manager. need to force complex passphrases for your iPhones? that you may do this from Profile supervisor. Even the documentation for Profile supervisor, when you get to it, is solid.
Profile manager is an instance of just how smartly Apple can do issues, which is maybe why the circumstance of the rest of Lion Server’s tools and documentation is so irritating. when you see whatever done correct, it lowers your tolerance for inferior fine, chiefly when it’s within the equal package.Be organized
In Lion Server, Apple has reached farther than it has given that version 10.0. With all the changes, every administrator the usage of a outdated version of OS X Server must think carefully earlier than moving to Lion Server. I’ve migrated a couple of test servers, and while it wasn’t as easy as, say, edition 10.5 to 10.6, and even from 10.four to 10.5, it’s no longer unattainable. however you need to plan extra carefully than you’ve needed to plan for an Apple server edition upgrade in the past. I’ve heard the cries for support from people who determined to upgrade on a whim, and they aren’t fairly.
Lion Server has some main bugs, like a problem with authentication against OpenLDAP directories, and a series of concerns with lively listing integration. relocating to Lion Server in these environments is not an excellent concept presently.
there's a lot to like about Lion Server, including its fee, Profile supervisor, and far more advantageous push guide for issues like Mail, iCal, and iOS gadgets. but the decent is continually overshadowed by means of the undeniable fact that you have to jump between multiple equipment and that the documentation is skimpy, if not quite simply poor. And there’s at all times bugs that happen with every primary unencumber of the OS and the server types.
In time, Lion Server can be solid. youngsters, as reviewed (edition 10.7.1), Lion Server wants lots of work, and i would suppose very, very carefully before upgrading.Macworld’s buying suggestions
unlike outdated models of Mac OS X Server, Lion Server isn't an easy upgrade. despite the rate of this server package, the huge changes at every level of Lion Server—including the removing of some elements valued clientele depend on—make this improve one you’ll are looking to believe hard about, inspite of price. The documentation and fit-and-conclude issues will additionally assist sway your decision on no matter if to upgrade or no longer.To touch upon this text and different Macworld content material, consult with our fb page or our Twitter feed.
While it is hard errand to pick solid certification questions/answers assets regarding review, reputation and validity since individuals get sham because of picking incorrectly benefit. Killexams.com ensure to serve its customers best to its assets as for exam dumps update and validity. The greater part of other's sham report objection customers come to us for the brain dumps and pass their exams cheerfully and effortlessly. We never bargain on our review, reputation and quality because killexams review, killexams reputation and killexams customer certainty is imperative to us. Extraordinarily we deal with killexams.com review, killexams.com reputation, killexams.com sham report grievance, killexams.com trust, killexams.com validity, killexams.com report and killexams.com scam. On the off chance that you see any false report posted by our rivals with the name killexams sham report grievance web, killexams.com sham report, killexams.com scam, killexams.com protestation or something like this, simply remember there are constantly terrible individuals harming reputation of good administrations because of their advantages. There are a great many fulfilled clients that pass their exams utilizing killexams.com brain dumps, killexams PDF questions, killexams rehearse questions, killexams exam simulator. Visit Killexams.com, our example questions and test brain dumps, our exam simulator and you will realize that killexams.com is the best brain dumps site.
Killexams EC0-479 study guide | Killexams 74-100 Practice test | Killexams 101-350 exam questions | Killexams HP0-S14 free pdf | Killexams 4A0-M02 Practice Test | Killexams 00M-242 practice questions | Killexams QQ0-400 test prep | Killexams 1Y0-A11 real questions | Killexams 920-197 braindumps | Killexams ST0-072 practice test | Killexams 190-805 examcollection | Killexams PEGACSA71V1 questions answers | Killexams ST0-086 test questions | Killexams C2010-651 dumps | Killexams M5050-716 study guide | Killexams HP0-087 pdf download | Killexams 000-545 exam prep | Killexams 9A0-411 bootcamp | Killexams HP0-S29 dumps questions | Killexams 000-M41 exam prep |
Pass4sure 9L0-614 real question bank
killexams.com offer bleeding edge and refreshed Practice Test with Actual Exam Questions and Answers for new syllabus of Apple 9L0-614 Exam. Practice our Real Questions and Answers to Improve your know-how and pass your exam with High Marks. We ensure your accomplishment in the Test Center, covering the majority of the points of exam and fabricate your Knowledge of the 9L0-614 exam. Pass 4 beyond any doubt with our right questions.
If you are searching for Pass4sure Apple 9L0-614 Dumps containing real exams questions and answers for the Mac OS X Server Command and Line Install and Configuration v10.4 Exam preparation, we give most updated and quality wellspring of 9L0-614 Dumps that is http://killexams.com/pass4sure/exam-detail/9L0-614. We have aggregated a database of 9L0-614 Dumps questions from real exams with a specific end goal to give you a chance to get ready and pass 9L0-614 exam on the first attempt.
killexams.com Huge Discount Coupons and Promo Codes are as under;
WC2017 : 60% Discount Coupon for all exams on website
PROF17 : 10% Discount Coupon for Orders greater than $69
DEAL17 : 15% Discount Coupon for Orders greater than $99
DECSPECIAL : 10% Special Discount Coupon for All Orders
if you are searching for Pass4sure 9L0-614 Practice Test containing Real Test Questions, you are at ideal place. We have assembled database of questions from Actual Exams with a specific end goal to enable you to plan and pass your exam on the first attempt. All preparation materials on the site are Up To Date and verified by our specialists.
We give latest and updated Pass4sure Practice Test with Actual Exam Questions and Answers for new syllabus of Apple 9L0-614 Exam. Practice our Real Questions and Answers to Improve your insight and pass your exam with High Marks. We guarantee your achievement in the Test Center, covering every one of the points of exam and construct your Knowledge of the 9L0-614 exam. Pass 4 beyond any doubt with our precise questions.
killexams.com 9L0-614 Exam PDF contains Complete Pool of Questions and Answers and Dumps verified and certified including references and clarifications (where material). Our objective to gather the Questions and Answers isn't just to pass the exam at first attempt however Really Improve Your Knowledge about the 9L0-614 exam themes.
9L0-614 exam Questions and Answers are Printable in High Quality Study Guide that you can download in your Computer or some other gadget and begin setting up your 9L0-614 exam. Print Complete 9L0-614 Study Guide, convey with you when you are at Vacations or Traveling and Enjoy your Exam Prep. You can get to updated 9L0-614 Exam Q&A from your online record whenever.
killexams.com Huge Discount Coupons and Promo Codes are as under;
WC2017: 60% Discount Coupon for all exams on website
PROF17: 10% Discount Coupon for Orders greater than $69
DEAL17: 15% Discount Coupon for Orders greater than $99
DECSPECIAL: 10% Special Discount Coupon for All Orders
Killexams A2040-922 sample test | Killexams 500-052 pdf download | Killexams C9050-041 study guide | Killexams 310-301 dumps | Killexams 650-157 dumps questions | Killexams SSCP study guide | Killexams BI0-132 test prep | Killexams C9510-317 questions and answers | Killexams 00M-233 exam prep | Killexams VCA410-DT practice questions | Killexams HP2-B118 braindumps | Killexams 1Z0-105 cheat sheets | Killexams 000-750 free pdf | Killexams HP0-S43 examcollection | Killexams HPE2-T27 test prep | Killexams 1Z0-151 practice test | Killexams MSNCB free pdf download | Killexams C2020-706 questions and answers | Killexams 920-432 exam prep | Killexams 1Z0-050 free pdf |
Killexams 000-741 examcollection | Killexams HP0-678 sample test | Killexams C2020-011 practice test | Killexams NS0-121 brain dumps | Killexams 1Z0-479 free pdf | Killexams HP2-K26 braindumps | Killexams HP2-B118 test prep | Killexams MB4-212 questions answers | Killexams HP2-Z28 practice questions | Killexams NS0-150 test questions | Killexams A2010-005 brain dumps | Killexams C2090-619 dumps questions | Killexams 117-300 study guide | Killexams HP2-Z37 questions and answers | Killexams HP0-J22 exam questions | Killexams 000-904 test prep | Killexams HP2-B75 practice questions | Killexams 1Y0-614 practice exam | Killexams HPE2-K43 real questions | Killexams DP-023W practice test |
OpenVPN is famously difficult to get up and running, but the truth is that it needn’t be. In this second and concluding OpenVPN article I am going to go through what it takes to get an OpenVPN Ethernet tunnel set up between a laptop computer and an office or home machine acting as an OpenVPN server.Downloading and Installing OpenVPN
Before you can get OpenVPN running on any computer you need to download and install it:Creating a Public Key Infrastructure
Once you’ve got OpenVPN successfully installed, it’s time to build the public key infrastructure needed for certificate-based authentication. If you don’t know what this means, don’t worry: just follow the instructions. A fuller explanation can be found at http://openvpn.net/index.php/documentation/howto.html#pki
To get started, you’ll need to use the Easy-RSA PKI suite.
On Windows machines you’ll find it at: C:Program FilesOpenVPNeasy-rsa
On Linux machines this will probably be installed in an easy-rsa directory machines at /usr/share/doc/packages/opevpn or /usr/share/doc/openvpn-2.0, but it’s a good idea to move this to /etc/openvpn to prevent it getting overwritten by future updates.Generating the Master Certificate Authority (CA) Certificate & Key
Windows: From the Start button select cmd, and in the command window type:
cd "C:Program FilesOpenVPNeasy-rsa
Linux/BSD/UNIX: Open a terminal window and type
(assuming you have moved the easy-rsa directory to this location)
Then type the following commands, followed by return:
Windows:init-config vars clean-all build-ca
Linux/BSD/UNIX:./init-config ./vars ./clean-all ./build-ca
The last command will invoke a window which will ask for a series of values. You can press the return key to enter the default values for all of these except the value for Common Name. For this, type: TestVPNGenerating the Server and Client Certificates and Keys
Then next step is to generate a server certificate and key, again using the Easy-RSA suite. The command for this is:
In the interactive session that follows, simply press Enter to provide the default value each time, until you are asked for a Common Name. For Common Name enter “server” , then continue entering the default values until prompted to sign the certificate. Answer “y” to this question and to the following one to finish.
Then generate the certificate and key for your client machine. The process is similar to the one for building the server certificate and key, but this time enter client1 as the common name.
If you think you may want to access the OpenVPN server from more than one laptop, repeat the process, replacing client2 or client3 for client1 each time.
The final step is to generate Diffie-Hellman parameters for key exchange:
You’ll find the results of all this work in a subfolder called keys in the easy-rsa folder, and the final task is to move the client key and certificate to your client device. The files in question are client1.key and client1.crt. (If you have created more than one client certificate key and certificate, move the client2.key and client2.crt files to the second machine, and so on.)
Your public key infrastructure is now set up.Creating the OpenVPN Configuration Files
When OpenVPN runs it reads a configuration file at c:Program FilesOpenVPNconfig (Windows) or in /etc/openvpn (Linux/BSD/Unix). This text file contains all the information OpenVPN needs to know to make or receive a connection, so it’s crucial that these files are correct.
The easiest way to get OpenVPN working in the way we want is to edit the highlighted lines in the following config files to match your network setup, save them as a text file and copy them to the appropriate location.
Server configuration file:#server config file start
local 192.168.1.15 # Change this address to the IP address of the network card attached to your router. To ensure this does not change you need either to have a static local IP address, or to configure your router to always assign this local IP address to your server.
port 1194 # This is the port OpenVPN will run on. Change it to a different port if you prefer
push "dhcp-option DNS XXX.XXX.XXX.XXX" # Replace the Xs with the IP address of the DNS server for your network
push "dhcp-option DNS YYY.YYY.YYY.YYY" # Replace the Xs with the IP address of the secondary DNS server for your network
ca "C:\Program Files\OpenVPN\easy-rsa\keys\ca.crt" #change this location to /etc/openvpn (without quotation marks) for Linux/BSD/Unix systems
cert "C:\Program Files\OpenVPN\easy-rsa\keys\server.crt" #change this location to /etc/openvpn for Linux/BSD/Unix systems
key "C:\Program Files\OpenVPN\easy-rsa\keys\server.key" #change this location to /etc/openvpn for Linux/BSD/Unix systems
dh "C:\Program Files\OpenVPN\easy-rsa\keys\dh1024.pem" #change this location to /etc/openvpn for Linux/BSD/Unix systems
server 192.168.10.0 255.255.255.128 # This will be the virtual IP address and subnet of the server’s OpenVPN connection. Change it to something similar like 192.168.11.0 if this subnet is already in useifconfig-pool-persist ipp.txt push "redirect-gateway def1" keepalive 10 120
cipher BF-CBC # Blowfish (default)If you prefer, you can use one of the two ciphers listed below (which must be the same as the client)#cipher AES-128-CBC # AES #cipher DES-EDE3-CBC # Triple-DES comp-lzo max-clients 3 # Change the 3 to the number of client keys you have created persist-key persist-tun status openvpn-status.log # user nobody # remove the # at the start of the line for Linux/BSD/Unix systems # group nobody # remove the first # at the start of the line for Linux/BSD/Unix systems verb 1 #config file ends
Save this file as server.ovpn, and move it to c:Program FilesOpenVPNconfig (Windows) or /etc/openvpn (Linux/BSD/Unix)What to Do If You Don’t Have a Static Public IP Address
OpenVPN clients connect to the OpenVPN server using a public IP address or host name that needs to be entered into the client config file. If your ISP provides your business or home network with a dynamic IP address that changes each time an Internet connection is reset then your client config will no longer work after a reconnection. To get round this you can get a free hostname from DynDNS which automatically points to your dynamic IP address, even when it changes. To get a dynamic host name (such as myhost.dyndns.org) visit http://www.dyndns.com.
Editor's Note: Since this story was posted, Oracle has updated its Web site to clarify that VirtualBox is for use only with Snow Leopard Server. Apple's EULA for Snow Leopard allows the installation of one copy of OS X on one Apple-branded computer, while Snow Leopard Server allows additional copies of Mac OS X Server on the same computer, as long as you have licenses for each of these copies. The article has since been updated to reflect this clarification.
On Monday Oracle released version 3.2 of their VirtualBox software, which it now own as part of its recent acquisition of Sun Microsystems. The update changes the developer references in the program, but also brings another bout of enhancements and optimizations, one of which is support for virtualizing OS X (Apple allows virtualization of the Server OS only). Seeing this as a feature, I couldn't resist giving it a shot to see how it runs.
Before testing the software out, I made sure to check the EULA requirements for OS X Snow Leopard Server to see if this venture was acceptable. Apple is fairly stringent on where they allow their OS to be used, so I went ahead and read the full EULA (that long legal paper we usually bypass and shrug off when installing most software) to see the details.
Here is the full EULA for Snow Leopard Server: http://images.apple.com/legal/sla/docs/macosx106.pdf
Overall, Apple currently allows for one installation of Snow Leopard Server per purchased license, and requires that the OS be installed on Apple hardware. In addition, it requires that you do not in any way modify the operating system code. Note that the client version of OS X may only be installed on one computer system at a time, and while at times people have multiple installations for troubleshooting purposes, to regularly use several working copies of the OS X client on one machine is against Apple's EULA.The installation has optional command-line tools, but does not require a restart. (click for larger view)
With all this in mind, I decided to gather everything together, get the latest version of VirtualBox, and get started:
1. Download and Install VirtualBox
The program is a relatively small 73MB download from the VirtualBox website, and installing is straightforward. After mounting the disk image you double-click the installer package and proceed with a basic installation. The program will install some kernel extensions and startup items, along with optional command-line utilities for managing your VMs. Once the installation is complete, you do not need to restart the system in order to run it.
2. Create a new Virtual MachineWhen the VM is set up, you will see a summary window. (click for larger view)
With the program now open it's time to set up a new Virtual Machine. Clicking the small blue "New" icon in the toolbar brings up the virtual machine wizard, where the program runs you through the steps to configure a VM. The wizard prompts you for a VM name, and depending on what you enter will automatically select the operating system type and version. In this case, entering "OS X Snow Leopard" had it select Mac OS X for both the system and version; however, the version list has the option for selecting the 64-bit version (if you plan on running OS X in 64-bit kernel mode). I selected this option, and proceeded with the configuration.
The wizard will create a default 20GB expandable drive for you, and eventually display the whole VM summary before completion. When it is finished you will see the new VM in your VM list, and it will be ready to power up.
3. Enable optional settingsChange VM settings, especially the amount of video RAM, for optimal performance. (click for larger view)
While the VM will work in its default configuration, you may want to optimize it a little by changing a few settings. These include maximizing video RAM and enabling 3D acceleration for optimal video performance. The OS X interface runs off OpenGL and Quartz which require some graphical acceleration for good performance, so I enabled these options in the settings.
In addition you can change the amount of RAM for the VM, and if you dedicate more than 4GB to the machine you might consider changing the OS version to 64-bit. The default number of CPUs used is one; however, you can increase this if you would like. Keep in mind that maximizing the CPUs will reduce the resources available to the host operating system, which may slow things down a bit.
Lastly, change the boot settings. In the "General" settings tab for the VM, uncheck the option for a "Floppy" drive, and then go to the "Storage" settings and select the CD drive. On the right side of the window you will see a drop-down menu that contains a list of attached CD devices, and an option to use an iso disk image as an optical device. Select your CD drive, and then click "OK" to close the settings.
4. Run the installationRunning the installation may look odd at first, since you will see the OS loading every item for the installer. The GUI will load soon after this. (click for larger view)
With the VM all set up, you are ready to install Snow Leopard. Insert your installation disc and wait for it to mount on the desktop. Then click go to VirtualBox, select your VM, and click the start arrow to launch.
Since the system is not running through the virtualized environment you will not see the grey Apple logo screen. Instead, you will see the system loading and configuring itself, and displaying the output similar to when booting OS X in verbose mode. Eventually the OS X installer will load.
Select your language and continue the installation according to your preferences. I did a minimal install to speed things up (disabling X11, fonts, languages, and printers) but ultimately I am not sure how beneficial this is to the installation time. When the installation runs, it may seem to hang at times; however, it will be progressing. My installation took around 35 minutes to complete.
5. Installation completeThe installation is complete, and OS X is running nicely. (click for larger view)
Once the installation finishes, the system reboots and presents the user registration. Oddly there was no introduction video with the spinning multilingual "welcome" words, but that may be due to limited system resources for the VM.
The first bootup is a little slow, and the system lags a bit but upon checking Activity Monitor the single CPU is running a maximum while Spotlight indexes the drive. This takes around 15 minutes to complete, and when it does the system becomes a bit more responsive. Applications launch nicely (though the Dock does run in slow-motion), and moving items around on screen is pretty snappy.
Oddly, while my machine is a 2.66GHz Core2 Duo processor with 1067MHz DDR RAM, the VM reports it as having a 2.79GHz CPU with 1600MHz RAM. In addition, Apple's "Ink" handwriting recognition system is active and available in the system preferences, even though I do not have a tablet connected. I figure these discrepancies are to be expected in the experimental VM setup, and so far have not shown any undesired behavior.
Questions? Comments? Post them below or email us!Be sure to check us out on Twitter and the CNET Mac forums.
Pity the small office when it comes to technology. With anywhere from several to several dozen employees, there's often no budget for an IT director to manage all the network services required for a modern company of any size. Offices may need to handle email, file-sharing, calendar and contacts hosting, collaboration tools, and other matters. Especially in this economy, how can an office of that size—perhaps your office?—afford the technician needed to install and keep a Microsoft Server 2008 installation on the rails, plus the initial cost in per-seat licenses. Unix and Linux distributions may be free or have relatively inexpensive purchase and service contracts, but you pay for that in requiring more expertise in house or on demand.
That may lead firms to Google's door, turning to Web hosted services via Google Apps. But the $50 per-user, per-year fee can add up, and Google Apps doesn't offer everything a small business needs. Some companies may not want to go this route, or may be subject to regulatory issues that prevent proprietary or confidential data from being located offsite with Google—or anyone. That seems to leave a large niche in which companies want an affordable product that runs on commodity hardware and doesn't need the constant ministrations of an IT expert, even if one's required to set it up.
Apple has such a product, Mac OS X Server, but has been weak at exploiting this niche despite the server's long history. Apple has focused instead on support for large corporations' enterprise networks, data center and cluster use, and academic deployments. Releases before version 10.6 (Snow Leopard) had numerous difficulties for those who couldn't quickly fire up a command line and start entering commands from memory. Further, OS X Server was often too focused on providing services for networks mostly comprised of Macs; a lot of lip service was paid to Windows support, but it's only seemingly fully matured in 10.6.
But what makes OS X Server 10.6 a perfectly reasonable choice for small-to-medium-sized businesses is new pricing coupled with a custom Mac mini configuration. For $999, you can buy a perfectly speedy office server with a full, unlimited-seat license.
In this review, I look at a few specific aspects of the Mac mini server model and OS X Server as they relate to sub-enterprise-scale networks, especially where IT staff help isn't assumed. I also offer you two key tips for fixing problems in OS X Server that tripped me up during testing.
(This is not a full review of OS X Server, which would take many tens of thousands of words and months of testing, much like John Siracusa's in-depth OS X client reviews.)Hardware, OS, and Pricing
The Mac mini server—its full name is the Mac mini with Snow Leopard Server—brings together two separate developments: a substantial price cut for OS X Server and increasingly powerful Mac mini models that have the gumption to work as servers.
Before 10.6, Apple charged $999 for its unlimited user license, and $499 for a 10-user version. The 10-user limit, however, applied only to simultaneous logins for certain kinds of services, including AFP (Apple Filing Protocol), Apple's native file-sharing service. The 10.6 release threw that pricing out the window. There's one version of OS X Server 10.6: $499 for an unlimited user version. OS X Server can be installed on nearly any system capable of running the regular version of Snow Leopard (which itself costs $29 for a 10.5 Leopard upgrade version that could be used for a full installation). OS X Server since 10.5 can also be virtualized with one paid license per virtualization; the $499 price makes virtualization cheaper, too.
By comparison, Windows Small Business Server 2008 comes in two editions (naturally) for either $1,089 (standard) or $1,899 (premium) with five client licenses, and charges $77 or $189 respectively for each additional client license. The premium version includes Microsoft SQL Server 2008 for small businesses, and, because MySQL is included with OS X Server, one could argue the premium version is most comparable.
The Mac mini Server ($999) is the other development. Before this particular model, Apple shipped only one standard server system in multiple configurations with a full software license included: its rack-mounted Xserve (starting at $2,999), designed for server rooms and data centers. Until an update in March 2009, the Mac mini was too underpowered to handle multiple server tasks, although the mini was often found in data centers.
If you're weren't racking your server, then an iMac or Mac Pro could serve, but both models can be overkill. The Mac Pro can be purchased in a build-to-order configuration starting at $2,999 with OS X Server installed, but the Mac Pro has a strong graphics orientation, designed to be best used by 2D, 3D, and video professionals. An iMac can handle OS X Server, too, but you're paying for a built-in monitor you likely don't need.
The March 2009 Mac mini update gave the tiny desktop real performance, bringing it reasonably close to iMac system specs. The October 2009 Mac mini update bumped specs and made the server pricing work with Mac mini server.
For $999, you get a 2.53 GHz Intel Core Duo, 4GB of 1066 MHz DDR3 RAM, two 500GB drives, one FireWire 800 port and five USB 2.0 ports, gigabit Ethernet, Bluetooth 2.1+EDR, and Wi-Fi (802.11n).
The server flavor omits an internal CD/DVD drive, which Apple sells as a USB attachment for $99; the second 500GB hard drive fills the optical drive's space. Instead of the external optical drive, you can use the networked CD/DVD feature—Remote Disc—that was added for the MacBook Air. Mount a disc on computer elsewhere on the network with CD/DVD sharing enabled—separate software for Windows or via the Sharing system preference pane in Mac OS X—and the mini can mount it and even install a new operating system from it.Two mistakes
Apple made only two missteps on system specs. First, a server nearly always does better with more memory, and while 4GB isn't unreasonable, an 8GB top limit would have been better if it were possible. Several Mac tech sites have tested putting in 8GB without any trouble, but Apple doesn't support such a configuration, which means future versions of Snow Leopard could unintentionally cause trouble. (The worst trouble I have had in 9 years of running OS X has been with system updates and incompatible third-party RAM.)
The second stumble is by limiting the Mac mini to 5400 rpm drives, the same as are used on the low end in laptops, instead of widely available 7200 rpm drives. Servers benefit from faster drives because disk i/o runs continuously with many different sizes and types of file operations.
It may have been a heat issue, because the retail difference in price can be as little as $20 to $30 per drive, and Apple would pay some fraction of that. However, it likely would have boosted the mini's street price by $50 to $100, and that may have been seen as unacceptable.
The issue of RAM and drive speed are interrelated. More RAM would increase caching and reduce disk accesses; a faster drive would make a system with less RAM work more efficiently.
Apple should consider offering a higher-end mini for what would likely be $1,299 to $1,399 with two 7200 rpm drives and 8GB.
When I spoke to Apple about drive performance, product managers noted that the unit includes a FireWire 800 port. Several of my colleagues who have tested similar configurations say that external FireWire 800 drives could outperform an internal drive. Apple is offering the Promise SmartStor DS4600 RAID system alongside the mini for $799 with four 7200-rpm 1 TB drives, and two FireWire 800 ports. The device can be hardware-configured for mirroring, performance, or redundancy.
For networked Time Machine backups across an office network, this add-on might solve two problems reasonably affordably. Four 1TB drives purchased separately can cost as much as $350 to $450 with no cases and without hardware RAID support.Booting up for the first time
I have the advantage in this review of testing two separate Mac mini servers. One I purchased days after the release of the model when it appeared as if a Mac mini I use for handling backups of Linux servers via Retrospect—don't ask—had given up the ghost. I had wanted to consolidate mail service, DNS, and a handful of other services onto a newer system, moving the functions from a Linux server, so I took the plunge. (My older Mac mini wasn't dead, only resting.)
How Apple Tries to Make It Easy
The other system was a short-term loan from Apple, which let me compare and contrast a machine I'd configured to run with a pristine installation. In both cases, I didn't migrate any files from other systems, just test functions.
The Mac mini server is precisely like its non-server brethren. It's a squat square. You unpack it, plug in a power supply and an included mini-DVI to DVI adapter, hook up a monitor, keyboard, and mouse, and you're ready to go.
Set-up for a preinstalled copy of OS X Server is very much like the first boot for a client OS X system. You walk through a very small number of settings, enter registration information, and create an account that can be used to administer the system. OS X Server, like all of Apple's business and professional products, has a serial number that must be entered; it's then confirmed with Apple over the Internet. As part of setup, you answer a very few questions about what services you want to use, but you can change those choices later.
It's most likely that a server won't have a permanent "head" or monitor, so after the initial start up, I activate my MobileMe account in system preferences and turn on Back to My Mac, as well as Screen Sharing in the Sharing preference pane. (Back to My Mac only works with a single MobileMe account, so it's not ideal for situations in which you have multiple people who need remote access. Screen Sharing otherwise requires a publicly reachable IP address or port mapping that connects a public IP on a router to your server's screen-sharing port.)Server Preferences
Mac OS X Server has always been a bit of a bear to manage. Apple uses largely open-source and free software packages which the firm overlays with what can sometimes be a thin layer of graphical interface. OS X Server splits management between Server Admin, which handles software services, log files, and the like, and Workgroup Manager, which controls users and groups, and the policies that relate to them.
In the 10.5 server release, Apple tried to make simple server setup even more straightforward by offering a control panel interface for all the basics, called Server Preferences. You could start with Server Preferences, and graduate to Server Admin if simple wasn't enough. But there was a catch: once you started using the more sophisticated management interface, you could never use Server Preferences again.This cousin of System Preferences provides simple options for configuring powerful services. But it may not be enough.
In 10.6, Apple remedied this. You can use either configuration tool interchangeably. The bigger difference between the two is that Server Preferences works only locally on the computer on which it's running; Server Admin and Workgroup Manager connect via an IP address or hostname regardless of the machine on which they operate.
To use Server Preferences, just click the icon in the dock. Server Admin is in the Server folder also located on the dock to the right. You can download server tools separately for any computer from Apple, or install from a disk included with the server. Launch Server Admin, enter the server's IP or domain name, and an administrative username and password to connect, while optionally storing the data for later use.
Server Preferences requires that you trust Apple on its default settings, especially regarding security, although that may not be a bad bet to make. For local network iChat, Address Book, iCal, and other settings, that's not a terrible idea. For Mail, it can be a problem, and firewall settings of any real scope can't be set within Server Preferences.
I do, however, recommend setting up accounts and groups via the Users and Groups preferences in Server Preferences. The alternative is to use Workgroup Manager, which I still find difficult to use and which generates unpredictable results years after I've been wrestling with it. Workgroup Manager provides access to more varied and deep settings that most humans never need see, but it also works erratically.
OS X Server requires you to use Open Directory, a way of confederating accounts across systems and offering LDAP-based directory information to Address Book and other applications. You can also set up the system to work on a standalone basis, where account information is stored in a local directory. After my experiences, I'd suggest going with the Apple flow, even though it may appear overkill.
Here's my first tip that will save you heartache should it happen to you. I had switched to use standalone local Open Directory authentication on my co-lo Mac mini server. After a restart when installing updates to Java and Safari, accounts other than the one set up at startup no longer accepted password authentication.
Fast forward four hours after consulting as many experts and sources as I could, and using Workgroup Manager to change passwords and check authentication settings. I had my hair pulled out when I decided to try the lowly System Preferences, because local account information is shown there as well. Sure enough, changing the password there reset authentication systemwide.Setting up clients
When first setting up client Macs, OS X Server 10.6 has a neat trick. You can match identical account names that you add on the server to those of clients on the network. With the server active, a Mac OS X 10.6 client on startup or login with the same name as any server account will be prompted to accept an invitation.OS X 10.6 automatically recognizes a server invite for same-named accounts, and can offer to set up several services.
If the client does accept, 10.6 configures itself with information from the server for all local services, like Address Book, iCal, Mail, iChat, and others. This can also be done manually by sending an invitation to a user from the Users pane in Server Preferences. Older Macs and Windows systems will need to enter values manually in many cases; Apple's Mail software can often configure itself, however.
(Another tip: This auto-configure option will fail if you haven't given a real domain name—one that resolves via DNS from your local DNS servers or global DNS servers—to your Mac mini when you first set it up. Either set up a real name and enter it while configuring the Mac mini, or use the OS X Server as the DNS server for client computers to avoid this problem.)Security
I'm not a paranoid guy, but I have grown to believe that every service available for remote connection should be secured by SSL/TLS. That's nearly always possible these days, and—with the exception of FTP—OS X Server lets you quite simply use a single server certificate to protect everything it offers over a local network and the Internet.
This starts with OS X Server generating a self-signed certificate as part of the setup process after you give the server a local or fully qualified domain name. (A local name would be put into the local side of a DNS server for local resolution; a fully qualified name can be found in public DNS, and looked up from anywhere. As noted above, I recommend you figure this out before the initial OS X Server setup.)
A self-signed cert has a lot of limitations, of course, because it requires that every client connection from every program that uses SSL/TLS has to accept that the certificate is valid. Third-party certificate authority (CA) signed certificates are automatically validated because the CA authority certificate signatures are built into the operating system or client software.A self-signed certificate has to be trusted since there's no third party that's validating whether it's what it claims to be.
However, for local networks, that may not be that big of a bar. Apple has long offered system-wide trust of self-signed certificates. Once a cert is trusted, it can be used throughout Mac OS X. You can also get a free valid certificate from StartSSL, if you don't want to pay a recurring yearly fee for a LAN server's certificate.
You can add as many certificates as you want to OS X Server, installing and managing them in a limited fashion in Server Preferences, and with much greater ease in Server Admin. It's safe to say that if you want to use two or more certificates, you need to use Server Admin to configure the secure portions of services like Mail.
Apple made it vastly easier to import certificates in OS X Server 10.6 with improvements on the back-end and the graphical presentation in Server Admin and Server Preferences. In 10.5, you had to navigate file paths. I've never cursed as much as when trying to get OS X Server 10.5 to accept certificates. Here's an actual log entry I made in progress report for a publication site I help manage: "GAAAAAAAA! Server Admin!!! GAAAAH."
Apple tweaked this process to make it work as a drag-and-drop operation in 10.6, where it also conveniently doesn't fail. An SSL/TLS certificate comprises your private key (which must be unencrypted for import), the server certificate provided by the CA, and sometimes a chain certificate for CAs that have authority provided from another organization.
With those three files on hand, you simply drag the items in. In Server Preferences, click Information, click the Edit button to the right of SSL Certificate, and select the pop-up menu item Certificate Import > Import Certificate. In Server Admin, click the server's name, click the Certificates icon at top, click the + sign below the certificate list, and choose Import a Certificate Identity. Drag the appropriate items into the box. The elements light up as you add them. Click Import. Voila.OS X Server 10.6's simplified certificate import is a huge improvement over the previous version, and easy for those without certificate knowledge to use.
All your SSL/TLS certificates are available for selection from all the services which allow certificate-based tunneling for security. This includes Address Book, Web, and Mail, among others.FTP and firewalls
One omission is FTP. Apple supports plain FTP and Secure FTP (SFTP). Plain FTP servers accept a user name and password in the clear along with all data, but a server administrator can limit access to specific directories by user login, much as with AFP (Apple Filing Protocol) and Samba file sharing. SFTP is related to SSH (Secure Shell), and it allows secure file access, but to any file to which a user logging in over SSH would have access. This can be quite insecure on some systems. (I recommend limiting SSH access, too, only to those who need it. Per-service account restrictions are set by clicking the server's name in Server Admin, then selecting Access.)
Apple should support FTP over SSL/TLS, which wraps normal FTP within a secure tunnel, and is well supported by FTP client software on every platform. It's an odd omission, and I confirmed with Apple's server team that the company doesn't include it. FTP can seem like a fussy old great-aunt of a protocol, but it's still commonly used.
In addition to using certificate-based security, I believe that every server should have an active firewall to prevent accidental access to resources that weren't intentionally made widely available. One could call this the Google index problem, after all the documents that Google has snarfed for its index through carelessly exposed Web servers.
Unfortunately, Apple's firewall service is difficult to use except for advanced users who may need to resort to the command line for more information or configuration.
From Server Preferences, you can enable a quite simple version of the Firewall via the Security pane. Apple lets you take control of one of its models of Wi-Fi base station on the network if you're using that as your path to the Internet, setting up port-based restrictions there with little fuss. Or you can use its firewall security where the servers locally set firewall parameters.The simplified firewall probably isn't enough for robust protection, while Server Admin's controls are too confusing for those without deep expertise.
Switching to Server Admin is more satisfying, but also more complicated. If you've never had any low-level firewall experience, figuring out which services to allow open access to using ports and interface numbers, the interface doesn't provide enough cues to set things up correctly.
After turning on the firewall for my co-lo mini server, I found that Retrospect 8 backups from clients at the co-lo failed. An ancient entry in the simplified Services tab—which shows a long list of services with descriptions and checkboxes to turn on and off—was labeled Dantz Retrospect (the Dantz name is years out of date as owners have changed). It seemed to open the correct port—497—but clients still couldn't connect.
I enabled logging for denied packets, and saw that the server was rejecting inbound packets on the right port. That meant I had to go to the Advanced tab and use a special dialog to configure inbound access. This dialog has long been a problem because it features popup menus which, after you set all values and click OK, show different values or no values at all when edited, even though the entry is apparently correct and functioning. (This can be confirmed via the command line.)
Apple has quite a bit of room for improvement here to lock down a server well, allow better entry and editing, and make it clearer precisely what's happening—perhaps with a way to test a rule live or automatically troubleshoot failing operations without resorting to a log file.
With a bit of extra knowledge, you can use DHCP, NAT, and the Firewall service to set up the Mac mini as a real firewall, too. While the mini server only includes a single gigabit Ethernet port, Apple sells a $29 USB 10/100Mbps Ethernet adapter, which works nicely in one of the five USB ports on the back.
The 10/100Mbps port could be connected to the broadband connection, and have restrictive firewall policies on that interface, while routing data through to the gigabit built-in port connected to your office network.
This would require a firewall savant, however, with perhaps a few hours of consulting time to set up, and some detailed instructions on making changes without breaking your network later.Mail Handling Common Business Hosted Services in Mac OS X Server
Here's what I and every company want out of an email server. We want it to block spam and viruses, even when Macs are clients. We want secure connections without much fuss. We want it to work every time. Apple has achieved some of these goals, and I've worked out a solution for some others.
The heavy lifting on a server for any moderately sized business is going to be incoming and outgoing email. Snow Leopard Server definitely improves on its predecessors for GUI-based email configuration, although you must use Server Admin for the full benefits.
Apple packages together ClamAV for anti-virus, Spamassassin for spam filtering, Spamhaus for real-time blacklisting, Postfix as a mail delivery agent, Dovecot for IMAP and POP3, and, as a hidden option, Squirrelmail for Webmail.
For the most part, this combination is fine, and works well. Apple's client Mail application, along with most modern email software, has no trouble talking to the Mail service through any means. I recommend bypassing Server Preferences and going straight to Server Admin for configuration even if you never use Server Admin for any other purpose.
What's nice about the Mail service's setup is that you don't need to enter or change values for the most part; you can pick and choose a few critical changes. Your ISP or a consultant can provide specific settings for such things as the values for the Relay tab. (Apple automatically includes zen.spamhaus.org in the "junk mail rejection servers" list; that exquisite service lets your mail server not receive email from constantly changing lists of IPs that spew gunk.)
Where I would focus particularly is in the Filters tab and the Advanced tabs' Security pane. Filters control the spam-filtering and virus-checking behavior; Security sets encryption and authentication options for connections.
In Filters, you check Enable Junk Mail Filtering to turn on spamassassin, an open-source effort to score attributes of email for spamminess, which OS X Server then uses to block or accept email. You set a threshold score using a slider from Cautious (where little mail is bounced) to aggressive. Apple lets you delete, archive, or label messages over the threshold.
In my years of using spamassassin on a Linux box, I find that the gray area are scores from 5 to 7; mail with a score of 7 is extraordinarily unlikely to be "ham" instead of "spam."
You can focus spamassassin by specifying which languages and countries are most typical that you receive email from. This scores messages outside of those values as much more likely to be spam. I never receive email in, say, Russian or Mandarin, and thus it's nearly 100-percent likely for me that such messages are spam.
After setting up filtering, as well as enabling the simpler checkbox for virus filtering, I turned the firehose that is my personal mailstream at the mini server. I receive tens of thousands of messages daily, largely spam, because some of my addresses have been in use for more than 10 years. That means every spammer tries to send me email. Some of my domains receive dictionary spam, where endless combinations of potential accounts names are emailed.
I immediately discovered that I was receiving 20 times more spam through spamassassin in OS X Server than on my Linux box. This was unacceptable, of course. I found one problem and one bug with Apple's approach in making it all work.
Spamassassin does best when it's trained, which you do by feeding the program good email (ham) along with unsolicited mail. Apple offers two approaches, neither ideal. You can create accounts called junkmail and notjunkmail, and the server software will nightly scan the contents of each for training purposes. However, forwarding individual emails is an ugly approach, and I found that OS X Server wouldn't accept certain email because of bad formatting in the spam message. Further, you must manually delete messages each night, or they accumulate (although they aren't used again for scoring).
The other approach, clearly described by Apple in the manual, is to train the filter by hand, as it were, using the command line. Given that so much of OS X Server lets non-administrators avoid the command line, this is a shame. Apple clearly needs to add a GUI training method, possibly tying in the Junk Mail feature used in training its client Mail program to talk directly to the server. This is a critical part of modern mail serving, and Apple has shirked simplicity here.
I use Mailsmith as my mail client, and it lets me save sets of email in the standard Unix mbox format, which spamassassin can read. I used AFP to save these mailboxes to a directory on the server in order to train the spam filter. The command to use with mbox files is:
sa-learn —spam —mbox _filename_
Substitute -ham for -spam to train good messages. I trained thousands of spams and thousands of hams, and still had way too much spam coming through. SpamSieve, the Mac OS X program that works with many client email programs, was catching well over 99 percent of the spam slipping through, so it wasn't a problem with training. (I've been training SpamSieve for years, too, of course.)
The bug was in a misconfigured spamassassin setup file, true still in OS X Server 10.6.2, and to which I've alerted Apple through its bug-reporting system.
In /etc/mail/spamassassin/, where the system's configuration files live, the configuration file for version 3.2.0 of spamassassin had disabled the TextCat plug-in which activates scoring rules by language, particularly the UNWANTED_LANGUAGE_BODY rule.
In the v320.pre file, I removed the # (hash sign) from in front of the line containing:
This fixed the problem. I also tweaked my own rules from years of using spamassassin on the local.cf file in the same directory, to score mail that was rejected by Spamcop and various spam-tracking indexes higher than the default values:
score RCVD_IN_BL_SPAMCOP_NET 3.000 score RCVD_IN_SORBS_WEB 3.000 score URIBL_SBL 1.500
I also boosted the scores on three rules affecting how well Russian spam was being filtered, which I was seeing in vast quantities:
score MIME_CHARSET_FARAWAY 1.500 score UNWANTED_LANGUAGE_BODY 3.000 score BAYES_00 -1.000
After changing these rules and restarting the Mail service—in Server Admin, choose Server > Restart Service, and click OK—my spam dropped down to just a little bit higher than I was used to. This may seem involved, but it's the explanation that's complicated; the configuration files changes need be applied once, and are worth the effort.
It's a relief, by contrast, to switch to the Advanced tab's Security pane. I prefer to disable all non-secure methods of login, and thus check the top two entries for SMTP and the top three for IMAP/POP. I make sure Login and PLAIN are unchecked. In the SSL section, I choose Use for SMTP and IMAP/POP certificates, and pick the certificate I created with StartSSL and installed earlier.Apple did a lovely job making security settings for email connections a breeze in Server Admin.
The selection of Use instead of Require for SSL/TLS certificates can save you some grief with certain mail clients. Some mail clients use a negotiation process in which it's asked whether a secure connection can be made. If you set the certificate option to Require, this negotiation is bypassed, and the client will fail. With Login and PLAIN unchecked, and only secure connection available, the Use option allows clients of varying kinds to connect without failure.
Apple also includes Webmail, but has hidden away the option, and didn't configure its default to work correctly. First, you have to turn on the Web service, of course. Without getting too bogged down in details here, I set up a secure website from the Web service's Sites view in Server Admin using the default setup which points the index to /Library/WebServer/Documents.
Using a secure site is critical for access because otherwise the password is entered in the clear over a Web connection—which you or a colleague might use at a public location, like a coffeeshop.
Next, back to the command line. The Webmail software, Squirrelmail, needs to be set up to use secure IMAP to reach your messages when you log in. Type:
sudo perl conf.pl
Enter your password when requested. You'll see an uncommon thing these days as a result: a terminal screen based user interface. Enter 2, hit return, enter A, hit return, then:
You can now log in via Squirrelmail by using the URL https://_your_servername_/webmail.
You're welcome!Other services
We've covered all the major points, but there are a pile of other services that might be of interest, and certainly enhance the utility and cost of OS X Server in an office.
Contacts and calendars. Clearly, one of the nicest things about a networked server is a central place to manage contacts and calendars. The Address Book and iCal programs in OS X talk directly to the server, although Apple uses LDAP (a well-established standard) and CalDAV (new and not well supported) to talk to other platforms. For serious enterprises, Apple's contact and calendar support may not meet needs; for the office size I've been talking about this article, there shouldn't be any trouble. (For a differing opinion on iCal service, however, read my colleague Rich Mogull's experience with OS X Server 10.6 for iPhone, Mac, and Web-based shared and local calendars over at TidBITS: Banging My Head against iCal Server's Limitations.)
File service. Using a central file server for storage and file interchange is also a key office task. Apple's support for AFP and SMB are just fine, with a variety of options for user-based sharepoint setup. SMB service includes the ability to set up a WINS Server for Windows systems, and, in conjunction with Open Directory, act as a Primary Domain Controller for logins.
Networked backups. Time Machine in Leopard and Snow Leopard can back up Macs to OS X Server drives, automatically handling all the details. I'd recommend using an external drive, both to swap backups offsite occasionally and prevent using an internal drive so heavily that it's constantly being written.
WPA/WPA2 Enterprise. Wi-Fi logins are one of my bugbears. While you can use a single password (WPA/WPA2 Personal) to allow access to an office's networked, this is a weak method. Each computer has to have the password stored on it, and you can't selectively let others join. With WPA/WPA2 Enterprise, you can let users log into a Wi-Fi network using their server credentials, and each user is assigned a unique encryption key. Accounts can be disabled, or not allowed to log in over Wi-Fi, too. It also increases network accountability along with security. Windows XP and later and OS X 10.3 and later have the necessary Wi-Fi login software or options; there are free Linux downloads, too. (Apple manages this via the RADIUS service, which can automatically reconfigure Apple base stations; or, you can configure non-Apple routers manually.)
Remote VPN access. If you, colleagues, or employees need remote secure access either to your office network, or simply to create security when using non-trusted networks, like Wi-Fi hotspots, the two forms of built-in VPN in OS X Server do the trick. A VPN server sets up encrypted tunnels that pass all data from a remote client to the server. Compatible VPN clients are found in Windows XP and later and Mac OS X 10.2 and later.A Mac mini Home in a Moderate Office
Unbelievably, this article just skims across the many aspects of OS X Server and avoids much more—like the MySQL database server, configuring NAT and DHCP, and using iChat over a local network, some of which may also be useful for smaller-scale business networks.
Is the Mac mini server and OS X Server the right match for your office? It certainly depends. In my weeks with the combo, I found much to praise, and many elements improved significantly over the 10.5 release. For a straightforward start-to-finish setup, this combination seems like a steal at the price, despite the problems I found—and especially if you take my advice for tweaking spam-filter settings.
As with many Apple products, I would prefer if the experience were less frustrating at points at which the company should have tested and anticipated problems. But overall, Apple has kept most of the rough edges and hidden much of the configuration madness from the potential smaller-office audience.
You can't go into using a Mac mini server and OS X Server expecting to do it all yourself unless everything in this article made sense at first read. First find and meet with OS X Server consultants, and budget some time for setup and for regular maintenance (and emergency help).
Because Apple has packaged this offering so inexpensively, combining so many typically separate features into one offering, you can afford a little outside help. The cost will still wind up being far less than using any of the alternatives for what you get in one hardware and software package.
3COM [8 Certification Exam(s) ]
AccessData [1 Certification Exam(s) ]
ACFE [1 Certification Exam(s) ]
ACI [3 Certification Exam(s) ]
Acme-Packet [1 Certification Exam(s) ]
ACSM [4 Certification Exam(s) ]
ACT [1 Certification Exam(s) ]
Admission-Tests [13 Certification Exam(s) ]
ADOBE [93 Certification Exam(s) ]
AFP [1 Certification Exam(s) ]
AICPA [2 Certification Exam(s) ]
AIIM [1 Certification Exam(s) ]
Alcatel-Lucent [13 Certification Exam(s) ]
Alfresco [1 Certification Exam(s) ]
Altiris [3 Certification Exam(s) ]
Amazon [2 Certification Exam(s) ]
American-College [2 Certification Exam(s) ]
Android [4 Certification Exam(s) ]
APA [1 Certification Exam(s) ]
APC [2 Certification Exam(s) ]
APICS [2 Certification Exam(s) ]
Apple [69 Certification Exam(s) ]
AppSense [1 Certification Exam(s) ]
APTUSC [1 Certification Exam(s) ]
Arizona-Education [1 Certification Exam(s) ]
ARM [1 Certification Exam(s) ]
Aruba [8 Certification Exam(s) ]
ASIS [2 Certification Exam(s) ]
ASQ [3 Certification Exam(s) ]
ASTQB [8 Certification Exam(s) ]
Autodesk [2 Certification Exam(s) ]
Avaya [101 Certification Exam(s) ]
AXELOS [1 Certification Exam(s) ]
Axis [1 Certification Exam(s) ]
Banking [1 Certification Exam(s) ]
BEA [5 Certification Exam(s) ]
BICSI [2 Certification Exam(s) ]
BlackBerry [17 Certification Exam(s) ]
BlueCoat [2 Certification Exam(s) ]
Brocade [4 Certification Exam(s) ]
Business-Objects [11 Certification Exam(s) ]
Business-Tests [4 Certification Exam(s) ]
CA-Technologies [20 Certification Exam(s) ]
Certification-Board [10 Certification Exam(s) ]
Certiport [3 Certification Exam(s) ]
CheckPoint [43 Certification Exam(s) ]
CIDQ [1 Certification Exam(s) ]
CIPS [4 Certification Exam(s) ]
Cisco [319 Certification Exam(s) ]
Citrix [48 Certification Exam(s) ]
CIW [18 Certification Exam(s) ]
Cloudera [10 Certification Exam(s) ]
Cognos [19 Certification Exam(s) ]
College-Board [2 Certification Exam(s) ]
CompTIA [76 Certification Exam(s) ]
ComputerAssociates [6 Certification Exam(s) ]
Consultant [2 Certification Exam(s) ]
Counselor [4 Certification Exam(s) ]
CPP-Institute [4 Certification Exam(s) ]
CSP [1 Certification Exam(s) ]
CWNA [1 Certification Exam(s) ]
CWNP [13 Certification Exam(s) ]
CyberArk [1 Certification Exam(s) ]
Dassault [2 Certification Exam(s) ]
DELL [11 Certification Exam(s) ]
DMI [1 Certification Exam(s) ]
DRI [1 Certification Exam(s) ]
ECCouncil [22 Certification Exam(s) ]
ECDL [1 Certification Exam(s) ]
EMC [128 Certification Exam(s) ]
Enterasys [13 Certification Exam(s) ]
Ericsson [5 Certification Exam(s) ]
ESPA [1 Certification Exam(s) ]
Esri [2 Certification Exam(s) ]
ExamExpress [15 Certification Exam(s) ]
Exin [40 Certification Exam(s) ]
ExtremeNetworks [3 Certification Exam(s) ]
F5-Networks [20 Certification Exam(s) ]
FCTC [2 Certification Exam(s) ]
Filemaker [9 Certification Exam(s) ]
Financial [36 Certification Exam(s) ]
Food [4 Certification Exam(s) ]
Fortinet [14 Certification Exam(s) ]
Foundry [6 Certification Exam(s) ]
FSMTB [1 Certification Exam(s) ]
Fujitsu [2 Certification Exam(s) ]
GAQM [9 Certification Exam(s) ]
Genesys [4 Certification Exam(s) ]
GIAC [15 Certification Exam(s) ]
Google [4 Certification Exam(s) ]
GuidanceSoftware [2 Certification Exam(s) ]
H3C [1 Certification Exam(s) ]
HDI [9 Certification Exam(s) ]
Healthcare [3 Certification Exam(s) ]
HIPAA [2 Certification Exam(s) ]
Hitachi [30 Certification Exam(s) ]
Hortonworks [4 Certification Exam(s) ]
Hospitality [2 Certification Exam(s) ]
HP [752 Certification Exam(s) ]
HR [4 Certification Exam(s) ]
HRCI [1 Certification Exam(s) ]
Huawei [21 Certification Exam(s) ]
Hyperion [10 Certification Exam(s) ]
IAAP [1 Certification Exam(s) ]
IAHCSMM [1 Certification Exam(s) ]
IBM [1533 Certification Exam(s) ]
IBQH [1 Certification Exam(s) ]
ICAI [1 Certification Exam(s) ]
ICDL [6 Certification Exam(s) ]
IEEE [1 Certification Exam(s) ]
IELTS [1 Certification Exam(s) ]
IFPUG [1 Certification Exam(s) ]
IIA [3 Certification Exam(s) ]
IIBA [2 Certification Exam(s) ]
IISFA [1 Certification Exam(s) ]
Intel [2 Certification Exam(s) ]
IQN [1 Certification Exam(s) ]
IRS [1 Certification Exam(s) ]
ISA [1 Certification Exam(s) ]
ISACA [4 Certification Exam(s) ]
ISC2 [6 Certification Exam(s) ]
ISEB [24 Certification Exam(s) ]
Isilon [4 Certification Exam(s) ]
ISM [6 Certification Exam(s) ]
iSQI [7 Certification Exam(s) ]
ITEC [1 Certification Exam(s) ]
Juniper [65 Certification Exam(s) ]
LEED [1 Certification Exam(s) ]
Legato [5 Certification Exam(s) ]
Liferay [1 Certification Exam(s) ]
Logical-Operations [1 Certification Exam(s) ]
Lotus [66 Certification Exam(s) ]
LPI [24 Certification Exam(s) ]
LSI [3 Certification Exam(s) ]
Magento [3 Certification Exam(s) ]
Maintenance [2 Certification Exam(s) ]
McAfee [8 Certification Exam(s) ]
McData [3 Certification Exam(s) ]
Medical [68 Certification Exam(s) ]
Microsoft [375 Certification Exam(s) ]
Mile2 [3 Certification Exam(s) ]
Military [1 Certification Exam(s) ]
Misc [1 Certification Exam(s) ]
Motorola [7 Certification Exam(s) ]
mySQL [4 Certification Exam(s) ]
NBSTSA [1 Certification Exam(s) ]
NCEES [2 Certification Exam(s) ]
NCIDQ [1 Certification Exam(s) ]
NCLEX [3 Certification Exam(s) ]
Network-General [12 Certification Exam(s) ]
NetworkAppliance [39 Certification Exam(s) ]
NI [1 Certification Exam(s) ]
NIELIT [1 Certification Exam(s) ]
Nokia [6 Certification Exam(s) ]
Nortel [130 Certification Exam(s) ]
Novell [37 Certification Exam(s) ]
OMG [10 Certification Exam(s) ]
Oracle [282 Certification Exam(s) ]
P&C [2 Certification Exam(s) ]
Palo-Alto [4 Certification Exam(s) ]
PARCC [1 Certification Exam(s) ]
PayPal [1 Certification Exam(s) ]
Pegasystems [12 Certification Exam(s) ]
PEOPLECERT [4 Certification Exam(s) ]
PMI [15 Certification Exam(s) ]
Polycom [2 Certification Exam(s) ]
PostgreSQL-CE [1 Certification Exam(s) ]
Prince2 [6 Certification Exam(s) ]
PRMIA [1 Certification Exam(s) ]
PsychCorp [1 Certification Exam(s) ]
PTCB [2 Certification Exam(s) ]
QAI [1 Certification Exam(s) ]
QlikView [1 Certification Exam(s) ]
Quality-Assurance [7 Certification Exam(s) ]
RACC [1 Certification Exam(s) ]
Real Estate [1 Certification Exam(s) ]
Real-Estate [1 Certification Exam(s) ]
RedHat [8 Certification Exam(s) ]
RES [5 Certification Exam(s) ]
Riverbed [8 Certification Exam(s) ]
RSA [15 Certification Exam(s) ]
Sair [8 Certification Exam(s) ]
Salesforce [5 Certification Exam(s) ]
SANS [1 Certification Exam(s) ]
SAP [98 Certification Exam(s) ]
SASInstitute [15 Certification Exam(s) ]
SAT [1 Certification Exam(s) ]
SCO [10 Certification Exam(s) ]
SCP [6 Certification Exam(s) ]
SDI [3 Certification Exam(s) ]
See-Beyond [1 Certification Exam(s) ]
Siemens [1 Certification Exam(s) ]
Snia [7 Certification Exam(s) ]
SOA [15 Certification Exam(s) ]
Social-Work-Board [4 Certification Exam(s) ]
SpringSource [1 Certification Exam(s) ]
SUN [63 Certification Exam(s) ]
SUSE [1 Certification Exam(s) ]
Sybase [17 Certification Exam(s) ]
Symantec [135 Certification Exam(s) ]
Teacher-Certification [4 Certification Exam(s) ]
The-Open-Group [8 Certification Exam(s) ]
TIA [3 Certification Exam(s) ]
Tibco [18 Certification Exam(s) ]
Trainers [3 Certification Exam(s) ]
Trend [1 Certification Exam(s) ]
TruSecure [1 Certification Exam(s) ]
USMLE [1 Certification Exam(s) ]
VCE [6 Certification Exam(s) ]
Veeam [2 Certification Exam(s) ]
Veritas [33 Certification Exam(s) ]
Vmware [58 Certification Exam(s) ]
Wonderlic [2 Certification Exam(s) ]
Worldatwork [2 Certification Exam(s) ]
XML-Master [3 Certification Exam(s) ]
Zend [6 Certification Exam(s) ]
Dropmark : http://killexams.dropmark.com/367904/11795750
Wordpress : http://wp.me/p7SJ6L-1Ix
Dropmark-Text : http://killexams.dropmark.com/367904/12566391
Blogspot : http://killexamsbraindump.blogspot.com/2017/12/pass4sure-9l0-614-dumps-and-practice.html
RSS Feed : http://feeds.feedburner.com/feedburner/ANEY
Box.net : https://app.box.com/s/2tydikc5k3prc1ow3ismu6m20o0mxqgf