Mac OS X 10.7 Lion Server adds innovative features and a new low price tag, but cuts in services and the elimination of advanced GUI administration tools may force some enterprise departments to think twice about the role of Mac servers on their networks.
Some of the new features will please managers in business and education. The Profile Manager, a slick new web front-end tool for providing automatic push configuration and group policy management for Mac Lion and iOS clients, is miles ahead of Mac OS X Snow Leopard Server's old Managed Preferences features. Then there's built-in support for Microsoft's distributed file system (DFS) and Apple's Xsan file system, the latter for accessing storage-attached networking devices over Fibre Channel.
But once the initial excitement subsides and you start looking more deeply inside Lion Server, it's impossible to avoid the conclusion that Lion Server is not built for those of us in IT.
The price tag is the first clue that Lion Server trying to be a server for the consumer. Apple's slogan is "servers made easy." To that end, a new administration tool, called Server, is more logical and easier to use than the old Server Preferences that it replaced. And Server can do more than Server Preferences could.
But the ironic part for IT administrators is that Lion Server actually requires a greater degree of technical knowledge than its predecessors. Many routine tasks that were formerly a mouse click away now can be accomplished only via the Unix shell command line. Worse yet, some routine tasks are no longer possible at all.
A great big app that's tricky to install
For the enterprise, the first clue that something is amiss in Lion Server comes right at installation. Lion Server installs like a great big iPhone app. It's available only as a download from the Mac App Store and self-installs as soon as it's downloaded. All you can configure is the admin email address. Finally, it deletes the installer, though you can stop the install to make a copy before it's deleted. This app philosophy filters down through the software as well.
Lion Server isn't Angry Birds. The installation process includes downloading the 4GB Lion OS client installer, plus hundreds of megabytes more of server components. Depending on the type of installation (upgrade or new), you may have to make a second trip to the App Store to get the server components. A problem for administrators is that there is no supported way to make your own bootable installation DVD. There is an unsupported hack to create one, but it can bring up other complications.
Worse, there's no clean install option from within the installer itself. To do any install, you need to boot the Mac with Mac OS X 10.6.8 Snow Leopard or Mac OS X 10.7 from a volume (hard disk, partition or USB flash drive) and run the installer from that boot drive. To do a clean install, you need two volumes: one to boot from, one to install onto.
Apple has streamlined the server configuration process from previous versions, with fewer screens asking questions and more done automatically. The installer is smarter as well. If you tell the setup assistant to create an Open Directory master, it will do that as well and DNS for the server's IP address if it doesn't find it on the network or the Internet.
That's pretty nice, particularly if you don't know what DNS is. Unfortunately, if you do know what DNS is, the Server application won't show you the DNS configuration is. It provides no way to edit settings for DNS, DHCP, Open Directory and other network services.
The old administration tools that can access these services, Server Admin and Workgroup Manager, are no longer part of Lion Server. Instead, they are available are a separate download, but not from the Mac App Store where you get Lion Server app.
You have to go to Apple's support site. Nothing I could find in the installation screens, the help files or Apple's main Server website even mentions them. To quote Douglas Adams, the tools were "on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the leopard.'"
Lion Server's many missing services
Once you locate and download the Server Admin tool, experienced Mac OS X Server administrators will notice it's a much thinner tool than it used to be. Roughly half the services that used to be there are missing. Most user-based services, such as file sharing, calendaring and web services, have been moved to the simple Server application. Others, such as QuickTime Streaming Server, have been completely removed.
One of the more significant feature rollbacks comes in reduced support for Windows clients. For years, Mac OS X Server's LDAP-based Open Directory had the ability to function as a primary domain controller (PDC) to support Windows clients. The PDC provided Windows clients with single sign-on authentication, and for those who work on both platforms, it gave users access to the same accounts and server-based home folders from their Windows PCs as well as their Macs. In Lion Server, Windows clients still have access to file sharing, but are now second class clients.
On the flip side, Lion Server retains Open Directory integration with Active Directory. Mac clients can still bind to Active Directory using the "golden triangle" configuration, where Mac OS X Server and Open Directory bind to Active Directory.
Another service that Apple deleted is the print server of previous Mac OS X Server builds. Lion Server contains only the same ability to share printers found in every copy of Mac OS X client for the past five years. The open source Common Unix Printing System (CUPS) gives Macs the ability to host shared print queues and simple pools of printers, but lacks the enterprise features that previous print servers had. For example, Lion Server's CUPS cannot prioritise printers in the pool, or set quotas for individual users or printers. And you can't publish printers to Open Directory.