OS X 10.8 Mountain Lion Server: A Review
Apple has released the ninth iteration of OS X, 10.8 Mountain Lion, to the masses. Alongside OS X 10.8 Client, Apple has also released OS X 10.8 Mountain Lion Server. As expected OS X 10.8 Mountain Lion has integrated even more features from iOS, Apple’s mobile operating system. These features are in addition to those that were previously added into OS X 10.7 Lion. Just like with OS X 10.7 Lion, 10.8 Mountain Lion is designed for ALL of your Macs, with some caveats.
There are some minimum requirements for OS X 10.8 Mountain Lion. You must be running one of the following models: iMac mid 2007 or newer; aluminum MacBook late 2008 or newer; MacBook Pro late 2007 or newer; MacBook Air late 2008 or newer; Mac mini early 2009 or newer; or a Mac Pro early 2008 or newer. All of these have a common feature: they support 4GB of RAM or more, meaning that they are 64-bit motherboards and processors. If your Mac can only have a maximum of 3GB or less, your mac is not compatible for OS X 10.8 Mountain Lion. This means that the last iterations of the black MacBooks are no longer supported.
If you have an existing Mac you will need to have OS X 10.6.8 Snow Leopard or OS X 10.7 Lion installed in order to upgrade to OS X 10.8 Mountain Lion. You will also need at least 2GB of RAM in order to run OS X 10.8 Mountain Lion, along with 10GB of free space.
Apple’s primary market is with consumers. Steve Jobs and other Apple executives have stated that Apple is a consumer electronics company. This is borne out with the transition from products like the Apple II, to the iMac, to the iPod in 2001, iPhone in 2007, and iPad in 2010. A vast majority of Apple’s revenue is with these new consumer electronics.
Consumers are not Apple’s only market, just their primary focus. Educational institutions for the longest time used Apple products almost exclusively. This trend has dipped a bit, but now with the iPad, education institutions are starting to look back at Apple to augment its curriculum and to use iPads as potential laptop replacements.
The crowd that tends to not be big on Apple’s radar is the enterprise market. Enterprises have traditionally been — and largely remain — a PC-dominated segment of the market. This is for many reasons, anything that ranges from better enterprise-level support from Microsoft, to better competition regarding pricing, to just overall focus to assist the enterprise.
One somewhat recent example of Apple’s not focusing on enterprises is the removal of the Xserve from its product line. Apple killed its enterprise-grade server product, the Xserve, as of January 31st, 2011. The reason was due to low sales, only 50,000 units per year. Fifty thousand units may seem high to many users, but in Apple’s world of selling millions of iPads during a launch weekend, this is a small number. Apple did release the Mac mini Server and Mac Pro Server, both of which are the same form factor as their non-server counterparts.
From Apple’s point of view, changing the server line to be in the same form factor as its other products makes complete sense. Instead of having to have a dedicated line to produce the Xserve, Apple can just use the current lines and swap in parts. Plus, Apple could then take the Xserve production line and use it for iPads or iPhones to keep up with demand.
While Apple may not focus on enterprises, it has not forgotten them entirely, even after killing off the Xserve.
The installation of OS X 10.8 Mountain Lion Server is much the same as OS X 10.7 Lion Server. In order to upgrade, a server administrator must first install OS X 10.8 Mountain Lion by purchasing it from the Mac App Store. The server administrator should also purchase and download OS X 10.8 Mountain Lion’s Server.app at the same time. After it has been purchased and downloaded, OS X 10.8 Mountain Lion must be installed.
Following completion of the OS X 10.8 Mountain Lion installation, OS X 10.8 Mountain Lion Server must be purchased and downloaded, if this has not already been done. Once it has been downloaded, Server.app needs to be run from the Applications folder. Server.app does take the server administrator through the installation and configuration of the services for Server.app.
Upon first launch of Server.app for OS X 10.8 Mountain Lion, the server administrator is presented with a dialog asking whether this Mac, or another Mac, is the target device to be configured. Once they have authenticated to allow Server.app to make the necessary changes, the server administrator is greeted with a Welcome Screen.
After clicking on ‘continue’ on the Welcome Screen, the server administrator must agree to the Terms and Conditions of using Server.app. If a server administrator decides to not comply, they will not be able to use Server.app.
Server.app then asks the server administrator to enable push notifications. This is one of the places where an Apple ID is needed, because push notifications use Apple’s servers to deliver notifications. If an administrator chooses to not use push notifications, this can be skipped.
Following push notification setup, you’ll have to set up the network. If multiple network connections are detected, Server.app will ask which network should be configured with the necessary services.
Part of the configuration includes choosing the type of network that this OS X 10.8 Mountain Lion Server will belong to. If it’s just for testing, ‘Local Network’ is your best option. If this server is intended to be used for a VPN endpoint or just locally without needing direct access to the Internet, ‘Private Network’ is the right choice. If this Mac is going to be used to host websites that the general public sees, then ‘Entire Internet’ is the proper choice.
Once the server administrator has determined the network type, it’s time to choose the server’s name. Naming conventions differ between companies, so it’s best to follow the company’s naming guidelines. As a note, if you decide to change which network this server is available on, you can either click on ‘Go Back’ until the network detection screen occurs, or you can click on ‘Edit’ to change the network.
One of the many good aspects of OS X 10.7 Lion and OS X 10.8 Mountain Lion is the ability for Server.app to automatically configure Apple’s AirPort routers. If you’re using an Apple router, you can choose to have Server.app manage the device automatically. If this option is chosen, the server administrator will need to enter in the router’s password on the next screen.
After the configuration of the AirPort router, Server.app will configure all of the services that are required. This step will take some time to complete, so it is best to be patient.
Upon completion of the configuration, the server administrator will see a ‘Congratulations’ screen. To complete setup, simply click on ‘Finish’. This completes the configuration of the Mac to run OS X 10.8 Mountain Lion Server. Now, it is simply time to actually enable services and make the necessary changes.
Since the introduction of OS X Server, Apple has been steadily improving not only the look, but also the functionality of OS X Server. As new versions of OS X were released, Apple made improvements over prior versions, not just in the built-in software, but also in the pricing.
Mac OS X Server 1.0 was priced at $499, while 10.1 through 10.5 were $999 for the server and $499 for the upgrade version. Along the way there were different versions, including one that had a 10-client limit and another that allowed unlimited clients. With OS X 10.6 Snow Leopard, Apple dropped the price to $499 for unlimited clients. This price drop brought big cheers from the enterprise and business groups. Apple took a significantly different tactic with OS X 10.7 Server; it only costs $49.99 in addition to the $29.99 price tag of the OS X 10.7 Lion client, and this was for unlimited clients for the server. This was a 90 percent price reduction over OS X 10.6 Snow Leopard. Who can argue with savings like that?
Apple hasn’t stopped the pricing changes for OS X 10.8 Mountain Lion either. Instead of being $29.99 for the client version of OS X 10.8 Mountain Lion, Apple has reduced this to $19.99 for the upgrade. OS X 10.8 Mountain Lion Server also received a price drop from $49.99 for Server.app, to $19.99 for Server.app. This brings the cost of an OS X 10.8 Mountain Lion Server down to $39.98, if you already have a Mac running OS X 10.6.8 Snow Leopard or OS X 10.7 Lion. That’s an overall price drop of 50 percent, and compared to OS X 10.5 Leopard’s Unlimited Client version, you are now paying 96 percent less for the newest version of OS X Server. You can’t beat that.
As with the $79.98 total cost for OS X 10.7 Lion Server, the allure of paying half the price at $39.98 for a server OS means that anybody, even those who only want to dabble in the land of OS X Server, will be able to do so at minimal cost. In all reality, the cost of OS X 10.8 Mountain Lion Server is less than a dinner out for two people.
It’s hard to see Apple reducing OS X 10.9 Server’s price much further than what it is already. Apple has a few options for OS X 10.9 Server. They could maintain the pricing as it stands today. This is the most likely route that Apple will take. It is already at such a low price that it really wouldn’t make much sense to reduce it further.
The second option is to just have one OS version altogether. Bundle both OS X 10.9 Client and OS X 10.9 Server in the same package. You could do this by just including Server.app in with the client and putting it under the ‘Utilities’ folder in Applications. Alternatively, Apple could opt to just have a switch under ‘System Preferences’ to turn on Server functionality.
Regardless of which route Apple decides to take, it will be interesting to see how they price OS X 10.9 Client as well as OS X 10.9 Server.
Since the introduction of OS X Server, Apple has also released an application called “Server Admin”. Server Admin is an application that allows administrators to manage any OS X Server for which they have credentials. This has been the case until OS X 10.7 Lion where a new application, Server.app, was introduced to replace most functionality within 10.7 Lion that was previously handled by Server Admin.
Server Admin in OS X 10.8 Mountain Lion has been officially removed and you can no longer use Server Admin to manage any aspect of OS X 10.8 Mountain Lion Servers. It has been superseded by the Server.app application, which made its debut in 10.7 Lion Server.
Under OS X 10.7 Lion Server, admins were forced to divide their attention between the two administration applications, Server Admin and Server.app. Under OS X 10.7 Lion Server, the majority of the configuration options were done through Server.app, while a small subset were still managed under Server Admin or another application. The items managed under Server Admin were DHCP, DNS, Firewall, Mail, NAT, Netboot, Open Directory, Podcast Producer, RADIUS, Software Update, and Xgrid.
With the transition away from Server Admin for managing your server, Apple has brought a significant portion of the functionality into Server.app. Most of the aforementioned services are now managed under Server.app. There are still some separate applications for certain tasks, like connecting to an LDAP or Active Directory Server, Xgrid Administration, System Image Utility, and Screen sharing.
Server.app has had some major enhancement over OS X 10.7 Lion Server’s version of Server.app. The changes bring many features from Snow Leopard’s Server Admin back into Server.app.
Server administrators love staying up to date on how their server is fairing. Under versions of OS X Server, prior to Mountain Lion Server, this was strictly via information on the local console as well as via email. Mountain Lion Server adds yet another option: push notifications.
Push notifications were available under OS X 10.7 Lion Server, but only for iCal, Mail services and AddressBook server. Push notifications use Apple’s Push Notification Service. This setup has not changed under OS X 10.8 Mountain Lion Server.
There are three methods of notification within OS X 10.8 Mountain Lion Server’s Server.app. Local notifications that show a badge number, email alerts, which will send you an email when something changes, and push notifications.
Under OS X 10.6 Snow Leopard, an administrator would only receive three different types of alerts: software updates, SSL Certificate expirations, and low disk space. For low disk space notifications, you could choose at what percentage notifications should be sent. The only delivery option was email.
Under OS X 10.7 Lion Server, Apple added a couple of new alerts: potential emails with viruses, and network configuration changes. As with OS X 10.6 Snow Leopard Server, the only notification method was via email.
OS X 10.8 Mountain Lion Server has seen additional changes in the alert system, with both the types of alerts as well as the method of notification seeing enhancements. The new alert types include: Disk S.M.A.R.T. status and disk unreachable. These two are definitely necessary to make sure that the server continues running as smoothly as possible without interruption. As mentioned above, with OS X 10.8 Mountain Lion Server, you can now receive all alerts via push notifications.
With push notifications you can receive alerts right on your iPhone, iPad or Mac in order to be able to take care of the problem quickly to minimize downtime. Also under OS X 10.8 Mountain Lion Server, you can now select which notifications you would like to receive and where to send them.
For instance, you can have software update notifications just go to your email, because while they may be important, they are not mission critical. Conversely, you can have disk unreachable and S.M.A.R.T status messages sent both via email and via push notifications so the administrator can maintain smooth operation of the server.
These upgrades in the alert system will make administering an OS X 10.8 Mountain Lion Server much easier and will allow administrators to handle problems much quicker than under previous versions of OS X Server.
As with everything under OS X 10.8 Mountain Lion, there have been some subtle improvements. VPN Services is no exception to this rule. Under 10.7 Lion Server, VPN options had been reduced from OS X 10.6 Snow Leopard by only allowing an administrator to choose whether or not to turn on VPN services, choosing a shared secret, and choosing which IP address range they wished to give VPN clients.
Under OS X 10.7 Lion Server, a server administrator did not have an option for which VPN protocol you could choose. Administrators were forced to have both Layer 2 Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP) running simultaneously. Additionally, under OS X 10.7 Lion Server PPTP seemed to stop working for several system administrators and I could never get PPTP working myself. With Mountain Lion you are able to choose either L2TP and PPTP, just as with OS X 10.8 Lion Server, but you are also given the option to just go with L2TP for VPN connectivity and not use PPTP at all.
The option for which VPN type to use is not the only change. Instead of having to determine how many IP addresses you want to use by entering in the VPN address range, you can now choose the number of addresses and then independently determine how many addresses for each type of VPN. You can choose any number between four and the maximum number of addresses from the starting address to the end of the subnet. Depending on your networking scheme, this could be several thousand IP addresses for VPN. If you opt to go for both L2TP and PPTP VPNs, you will then have to choose how many addresses are for each type, which is done with a slider mechanism. The slider is a good option for those system administrators who not be able to determine how big of a subnet to use right off the top of their head.
The ability to save the configuration profile to deploy to devices remains unchanged. The configuration profile allows a Server Administrator to easily deploy VPN configurations to devices and users without having to walk them through setting it up, nor giving away the shared secret, which could lead to a potential security hole. This is why corporations use VPN in the first place, to provide secure communications to their users.
The added options for the VPN server do allow a bit more customization and flexibility if you do use your OS X 10.8 Mountain Lion Server as a VPN endpoint. Using a VPN Server is also a good option for individuals who want to make sure that their communications are always secure while they are on the road or using their iOS or Mac remotely, particularly at an open Wi-Fi hotspot.
Mail servers on OS X Server have always been interesting. Since OS X 10.3, Apple’s mail server preference was postfix, right up until 10.6 Snow Leopard Server. With OS X 10.6 Snow Leopard Server, Apple moved away from postfix to Dovecot as its choice for mail services. Dovecot has survived through to OS X 10.8 Mountain Lion Server.
As time has progressed, the process of setting up mail services on an OS X Server has become increasingly simplified. The options with OS X 10.6 Snow Leopard Server were vast and could be quite confusing for novice server administrators.
OS X 10.7 Lion Server changed this by simplifying the options available and using the Server.app for management. The options available with OS X 10.7 Lion Server were vastly reduced to a total of five settings: receiving mail server address, relay through ISP, mailbox size limiting, enable webmail, and mail filtering settings. This made the administration of OS X 10.7 Lion Server a breeze.
OS X 10.8 Mountain Lion is not a whole lot different from OS X 10.7 Lion Server. There are still the same options, excluding the option for webmail, which has been removed. With the increase in use of iOS based devices, like the iPod touch, iPhone and iPad, all of which have the built-in Mail.app client, it’s possible that the use of web-based mail clients is rapidly decreasing. For me at least, the use of the web interfaces for my myriad of mail accounts is almost entirely non-existent. I cannot remember the last time that I logged into a web-based mail client to check my email. It only seems like a natural progression of the OS to remove a little-used feature. So, it’s not too surprising that Apple has removed any web-based mail client in OS X 10.8 Mountain Lion Server, likely preferring that users access mail services either via Mail.app on their iOS device or via Mail.app on their Mac.
Apple has added one additional option to the Mail service. Server administrators now have the option to customize Authentication, if they need to do so. Apple has provided some presets: Automatic, Open Directory, Active Directory, Local Users, and Custom. The only option that provides any true customization is ‘Custom’. All other options will pass authentication to the mechanism specified. For Open Directory, it will be an Open Directory server; Active Directory would be a Microsoft Domain Controller; and Local users will just authenticate against the local mail server.
Given that mail services are basically generic these days, it should be no surprise that Apple has simplified the mail service. While there are a few new options, it does remain mostly unchanged from its previous iteration under OS X 10.7 Lion Server.
File sharing, much like Mail services, has not changed a significant amount. The changes in file sharing from OS X 10.6 Snow Leopard Server to OS X 10.7 Lion Server resulted in a major simplification of the service. Despite this simplification, OS X 10.7 Lion Server did manage to add some much needed features, like file sharing with iOS devices.
OS X 10.8 Mountain Lion Server does not improve upon this a significant amount compared to OS X 10.7 Lion Server. There are only two major visual changes. The first change relates to the Home directories SharePoint. When you setup or configure a Home directories Sharepoint, you can now specify which file sharing protocol you wish to use. Server administrators have two choices, either Apple File Protocol (AFP), Apple’s preferred protocol, or Small Message Blocks (SMB). SMB is typically used by Windows and Linux. The ability to choose will allow administrators to possibly host the actual home directories on a non-OS X server. While the OS X 10.8 Mountain Lion Server will provide the path to the other server, it will not be hosting the information locally.
The second change is an item that was actually present in OS X 10.6 Snow Leopard Server but was removed from OS X 10.7 Lion Server. You now have the ability to see how many connections, and of what type, are connected to the SharePoints that you have defined. This can be useful to determine just how much of a load is being put on a certain SharePoint. This option will also allow for easier troubleshooting should an issue arise.
It seems like Apple may have done a rush job on certain OS X 10.7 Lion Server aspects, without thoroughly thinking through what features administrators may want, or need, in order to do their job. It may also be that things were in a transitionary state going from Server Admin to Server.app, and the option was just missed entirely. Either way, it is nice to have the feature back.
Overall, there are not that many changes that can be made to the File Sharing service without doing a major re-write of the underpinnings of OS X. Rewriting the File System could potentially cause conflicts with older versions of OS X, and could just lead to problems overall. It would definitely be a support nightmare.
Many companies provide laptops, phones and tablet devices to their employees to use for work purposes. There are many ways to manage of all of these items in the Windows world; however, there are only a few ways to handle this on the Apple side. One of these methods is Profile Manager 2, which is included with OS X 10.8 Mountain Lion Server.
Profile Manager is a web-based application that administrators can set up to manage and control the devices that they hand to employees. These devices can be iOS devices or OS X devices. Both can be managed with Profile Manager.
Profile Manager requires that the OS X Server hosting profile manager be connected to an Open Directory (OD) in order to manage profiles. Profile Manager allows an administrator to determine what functions can be performed on a system. Along with restricting what actions can be performed by users, administrators can also use Profile Manager to populate settings, such as DNS, VPN, Calendar, and Contacts.
There are two methods of installing profiles onto devices: push and download. The pushing of profiles will only occur if the device is connected to Wi-fi or 3G.
With Profile Manager, an administrator can assign a device to an individual person, or just manage the device on its own.
Some additional actions that administrators can perform are remotely locking the device and remotely wiping the device. Both of these can be great if a device gets lost.
There are some settings, such as Passcode, Network, and VPN, that apply to both iOS and OS X devices. There are other settings, such as restricting Game Center, disallowing YouTube, and even adding applications to their iOS or OS X devices.
Administrators can keep tabs on any activity that has occurred with a particular device by clicking on the Device and going to the ‘Activity’ tab.
Profile Manager is a great way for businesses, schools, and any other entity with a significant number of iOS and OS X devices to keep tabs on what is going on with the devices.
Software Update Service (SUS)
One of the best features of any OS X Server is the ability to host an internal Software Update Server (SUS). SUS is a service that allows a company to regulate the release of OS X updates by providing the system administrators the ability to test and verify that the updates do not interfere with already installed software, and more specifically, custom applications.
Under OS X 10.7 Lion Server and prior versions, there could be a situation where the settings you chose would not be honored. For instance, an administrator has the choice as to whether or not to automatically copy “all” updates or “all new” updates from Apple. If you tried to uncheck this option, it may not have been honored, but simply ignored.
Software Update Server running on OS X 10.7 Lion Server and previous versions is somewhat kludgey. You had to select the update, copy it from Apple’s software download servers to your local server, and then enable it. Apple provided only limited options for accomplishing this task. All of these options were global and could not be changed to affect individual updates. This behavior has not changed in OS X 10.8 Mountain Lion Server — in fact, it has become even more simplistic.
Under OS X 10.7 Lion Server and earlier versions, with the Software Update Server you were required to use Server Admin to administer any aspect of the SUS service. As with many other services, this functionality has been moved to Server.app. With the move to Server.app comes an entirely new look and feel to the SUS service.
The settings have been reduced from six down to two options. You can either have automatic downloading and enabling of SUS updates along with automatic removal of updates that are no longer supported by Apple, or you can have manual downloading enabled. Manual downloading requires server administrators to manage every aspect of the Software Update Server service.
With OS X 10.8 Mountain Lion Server, you are shown a much more concise list of available updates. The software update list is comprised of five columns: the update name, version number, the date the update was released, the size of the update and the current status. This is a much easier way to view the list.
Under status there is a drop down that allows you to either “Download” the update or “Download and Enable”. As one might infer, the “Download” option will only download the update but not enable it for all OS X machines that are configured to connect to that server. “Download and Enable” will both download and enable the update for machines. The “Download and Enable” option could be very handy for applications like iTunes where you know they need to get updated but may not necessarily need testing against internal applications first.
I realize that Apple is attempting to simplify many aspects of OS X 10.8 Mountain Lion Server, but there should be an option to assign SUS machines to a group of machines and then assign certain updates to a group. I do not foresee Apple implementing this, so I guess that’s why there is Reposado for those who need more flexibility.
Another option that is not available is the creation of a pool of OS X Servers that could handle the distribution of software updates. It may not be needed by many companies, but it would definitely be a nice feature to have added to Software Update Server.
Many OS X Server administrators use their machines as a web server. Apple uses the Apache web server as its base for serving webpages on OS X servers. This has been the case since the initial release of OS X 10.0 Cheetah Server. With each subsequent update to OS X Server, Apple has also upgraded the included components, including the Apache server.
A fully patched version 10.6.8 OS X Snow Leopard Server runs Apache version 2.2.21. Like OS X 10.6.8 Snow Leopard Server, a fully patched copy of OS X 10.7 Lion Server is also running Apache 2.2.21. Under OS X 10.8 Mountain Lion Server, Apache is at version 2.2.22.
The aspect of Apple’s approach to Apache that I don’t understand is why they are not running the latest version. Yes, 2.2.22 is the latest for the 2.2 series of Apache, but there is the 2.4 branch, which is also available. Yes, the 2.4 branch does make some changes, but I always thought Apple was about providing the best experience, and while 2.2 may suffice for many OS X 10.8 Mountain Lion Servers, it will not be be adequate for all.
There only two plausible reason that I can see for why Apple would stick with Apache 2.2 over Apache 2.4. The first reason is that Apple’s own services, Wiki and Calendar, rely upon certain features available in Apache 2.2 that were removed in Apache 2.4. This seem plausible, but somewhat unlikely.
The second possibility is that Apple has not fully vetted Apache 2.4 to be able to reliably say that it will work without any issues. Apple does offer paid support options for OS X 10.8 Mountain Lion. Part of this support includes websites, and it could be that Apple’s tech support personnel are not up to date on the changes contained within Apache 2.4, and they need to time to get the tech support up to date.
Lastly, it’s always good to not adopt the latest, greatest software technology right away, because you never know how buggy the software will be. Maybe Apple will have Apache 2.4 support with OS X 10.9.
With the transition from OS X 10.6 Snow Leopard Server to OS X 10.7 Lion Server, Apple chose to drop native support for MySQL in order to favor PostgreSQL instead. There was speculation that Apple would make this move.
Some thought that the acquisition of MySQL by Oracle was the cause. Others speculated that it was the use of the BSD License in distributing PostgreSQL that led to the move.
Under OS X 10.7 Lion Server, PostgreSQL is at version 9.0.5, while under OS X 10.8 Mountain Lion Server, PostgreSQL is running at version 9.1.4.
Despite the change from PostgreSQL OS X 10.7 Lion Server and OS X 10.8 Mountain Lion Server, administrators can now choose which version of MySQL they care to support. Additionally, they can keep their installations more up-to-date than Apple decided was necessary.
Along with almost every other aspect of OS X 10.8 Mountain Lion Server, there have been some enhancements to websites being hosted on OS X 10.8 Mountain Lion Server. You now have more options when configuring a website on OS X 10.8 Mountain Lion Server.
The naming of the service has been modified from “Web” to “Websites”. I’m not entirely sure why the name has changed, but it does indicate that server administrators can host multiple websites on their OS X 10.8 Mountain Lion Server.
Since the beginning of OS X Server, Apple has always included a version of PHP that would work with the web service. OS X Mountain Lion is no different. The version of PHP included with Mountain Lion is 5.3.13. This is somewhat bothersome given that the latest is 5.3.14, and 5.4.4 is also available, depending on which version of PHP is to be supported.
Along with the ability to support PHP natively, which has been present for some time, Apple has also included the ability to support Python web applications on your OS X 10.8 Mountain Lion Server. Python web applications is another option that must be enabled globally, just like PHP.
The difference with Python web applications, as opposed to PHP web applications, is that while you must enable PHP globally, you can specifically set certain Python web applications to run only on certain websites. You do have the option to globally enable Python web applications, but it is not necessary to do so in order to get a Python web application to work on a specific website.
To enable certain Python web applications, you must go into the advanced section of the site setup. You go to Websites, highlight the website you want to change, click the ‘Pencil’ icon to edit the website, and then click on ‘Edit Advanced Settings’. You will be presented with something similar to the screenshot below.
Python Webapps use plist files in order to be loaded. Plists, in case you are not aware, are just XML documents.
There is some documentation for creating custom web apps. You can access an example plist at “/Library/Server/Web/Config/apache2/webapps/com.example.webapp.plist”. You can go to terminal and type in “man webapp.plist” to view the manual pages for webapp.plist.
In addition, a server administrator can manage webapps via the servermgr_web command. If you are going to use this, I would recommend looking at the manual page for this as well. This can be accessed via terminal by using the “man servermgr_web” command.
Python web applications are not the only changes that Apple has made to allow administrators to manage the websites that they host on an OS X 10.8 Mountain Lion Server.
Under OS X 10.6 Snow Leopard Server, Apple provided a slew of options to allow complete customization of anything from logging, individual website administrator email addresses, and even server aliases. As with many items under OS X 10.7 Lion Server, the options available for the customization of websites was severely reduced. Under OS X 10.7 Lion Server there were only four options available: IP address, port, location of website files, and who is able to access the website. That was it.
Along with many other aspects of OS X 10.8 Mountain Lion Server, Apple has also added back options that were available under OS X 10.6 Snow Leopard Server, but were removed from OS X 10.7 Lion Server. The re-instated options are: additional domains, redirects, aliases, and customization of default index files. In addition to these re-instated options, there are also more options that were put back under the ‘advanced’ settings button.
These customizations include: ‘Enabling Server-side includes’, ‘Overriding of htaccess files’, enabling folder-listing, allowing CGI execution, and custom error pages. All of these customizations were available to server administrators under OS X 10.6 Snow Leopard Server, but were removed from OS X 10.7 Lion Server. It will definitely make many server administrators happy to see these customizations available again.
Overall, Apple has added improvements for hosting websites under OS X 10.8 Mountain Lion. The inclusion of Python web applications is a nice improvement and will be much appreciated by the Python programmers on the web. In addition to bringing new functionality, Apple has also re-instated many of the lost features and customizations that were available in OS X 10.6 Snow Leopard Server and subsequently removed from OS X 10.7 Lion Server.
Push Notification Server
Upon first glance of the Server.app, a server admin may wonder if the Push Notification server has disappeared. Fear not, the Push Notification server can still be found in OS X 10.8 Mountain Lion Server. However, there are no user accessible configuration options for push notifications as there were in OS X 10.6 Snow Leopard Server.
There are two places to configure Push Notifications in OS X 10.8 Mountain Lion Server. The first is during the initial server configuration, or reconfiguration after upgrading to OS X 10.8 Mountain Lion Server.
The second method to configure push notifications is through Server.app. Once you log into your server, under the Hardware section you click on your server. Click on the ‘Settings’ Tab, and then select “Enable Push Notifications”. At this point you will be able to configure push notifications.
All push notifications must go through Apple’s Push Notification service. In order to be able to use Apple’s Push Notification service, you must have an Apple ID. You can view and manage all of your push notification certificates by going to Apple’s Push Certificate Portal and entering in your Apple ID credentials.
It remains to be seen how this will affect functionality of all devices. As mentioned earlier, Server Alerts requires a server administrator to configure push notifications, if they wish to be able to receive push notifications on their iOS devices.
NOTE: I am including this section, not because anything has really changed from OS X 10.7 Lion Server, but because it was completely missing from my OS X 10.7 Lion Server review last year.
It is sometimes a necessity for companies to stop supporting certain products. The reasons as to why they stop support can vary from lack of use, to being superseded by another more functional application. Apple is no exception to this; some functionality that was previously present has been removed.
It looks like Apple has stopped support for Podcast Producer. Podcast Producer was a feature of OS X Server that allowed the automation of podcast production and publishing all within one application. Podcast Producer allowed the automation of your work flow to reduce the number of steps within your workflow. Many users opted to have their production and rendering completed over multiple machines using XGrid. Unfortunately, this product is no longer supported by Apple. If you wish to look at what Podcast Publisher could do, check out Apple’s Podcast Producer manual.
A new application that appeared in OS X 10.7 Lion was Podcast Publisher. Podcast Publisher was an updated version of the podcasting tool, Podcast Capture. It does not appear to have survived into OS X 10.8 Mountain Lion.
Management of Non-OS X 10.8 Mountain Lion Servers
One of the big features that made OS X 10.7 Lion Server somewhat of a success was the ability to manage existing OS X 10.6 Snow Leopard Servers from your OS X 10.7 Lion Machine using the included Server Admin utility.
With the full transition to using Server.app, as well as the deprecation and removal of Server Admin from OS X 10.8 Mountain Lion, there is now no way to manage OS X 10.7 Lion Servers from OS X 10.8 Mountain Lion Server. However, it is entirely plausible to want, or need, to manage OS X 10.7 Lion Servers from OS X 10.8 Mountain Lion machines. It seems like an oversight for Apple to not include this functionality.
If a server administrator attempts to connect to an OS X 10.7 Lion Server using Server.app, they will be presented with a dialog box that states that you cannot connect to this server because it is not running OS X 10.8 Mountain Lion Server.
The server would have to install OS X 10.8 Mountain Lion Server. Alternatively, they can still manage OS X 10.7 Lion Servers, but only via screen sharing. If a server administrator opts to use screen sharing they will, of course, be able to use the OS X 10.7 Lion Server.app to manage that server and other OS X 10.7 Lion Servers. If a server administrator attempts to run a copy of Server.app from an OS X 10.7 Lion Server or Server Admin from an OS X 10.7 Lion Server, they will be presented with the Crash reporter and neither application will launch.
While it may seem possible that a company may upgrade all of their OS X 10.7 Lion Servers to OS X 10.8 Mountain Lion Servers, they may still have machines that are not capable of running OS X 10.8 Mountain Lion, but they may still wish to centrally manage all of the OS X Server machines.
The use of Dashboard within OS X Server could go one of two ways; it either could be a waste of time and resources, or it could be the best tool to see the overall health of your OS X servers.
Dashboard within OS X 10.8 has changed slightly due to other changes related to the switch from Server Admin to the requirement to use Server.app to manage OS X 10.8 Mountain Lion Servers.
Under OS X 10.4 Tiger Server up to OS X 10.7 Lion Server, a widget was installed that would allow server administrators to quickly see the status of any one of their servers through using the ‘Server Status’ widget.
The Server Status widget would report back on CPU use, number of file sharing connections, and the server status of Address Book, ICal, iChat, Mail, Wiki and VPN. Server Status allowed a server administrator to click an arrow at the right of the row for each service and go directly to the configuration for that service. For OS X 10.6 Snow Leopard, it would open Server Admin, and for OS X 10.7 Lion Server it would open Server.app.
Under OS X 10.8 Mountain Lion, this functionality has been removed. There is no more Server Status widget. This is a loss, because a server administrator cannot quickly open up Dashboard and easily see the status of their fleet of OS X 10.8 Mountain Lion Servers.
Coincidentally, if a server admin configures Server Status on an OS X 10.7 Lion Server to monitor an OS X 10.8 Mountain Lion Server, it will work and report back the status of each service correctly. However, if the server administrator attempts to go to the service, Server.app will open and ask you to connect to the server. Upon attempting to connect, you will be told that you cannot do so because Server.app only supports 10.7 Lion Server.
If a server administrator attempts to install the copy of the Server Status widget from OS X 10.7 Lion Server, it will install and it will appear. However, it will not be able to connect to any server because it will not ask for any server information nor any credentials. Additionally, Server Status will not display any of the needed icons within the widget.
It is too bad that Apple has decided not to include an updated Server Status widget in order to monitor OS X 10.8 Mountain Lion Servers. It would be a good thing to include in an update, or as a separate download. It would be fantastic if the Server Status could also monitor OS X 10.7 Lion Servers as well, even if Server.app cannot connect, just to report back the status.
Notes is an applications that has been in iOS since the version 1.0 release in June of 2007. With OS X 10.8 Mountain Lion Server, Apple includes the ability to use iCloud on all of your OS X 10.8 Mountain Lion Servers in order to be able to keep information synchronized between your devices.
There is one particular area that could be beneficial for server administrators. Imagine if a server administrator used iCloud to synchronize all of their notes across OS X 10.8 Mountain Lion Servers. Let’s say the administrator is responsible for fifteen OS X 10.8 Mountain Lion Servers, wouldn’t it be fantastic if the administrator could go to any of their OS X 10.8 Mountain Lion Server machines and be able to look at any note that they have?
It may be something as simple as a username and password or task list, to something a bit more detailed as to the upgrade procedure for an internal application. The possibilities are endless.
I’m not sure if many server administrators would think of this possibility, nor am I sure how many would actually use the Notes application in this manner. Regardless, it is an option that is available for OS X 10.8 Mountain Lion Server administrators, if they want it.
Daemon and Built-in Library Changes
OS X Server comes with any number of built-in libraries. These libraries do get regularly updated in both major OS upgrades, as well as point releases.
One of the main programming languages used within Web applications is PHP. PHP has been included with OS X Server since OS X 10.0 Cheetah Server. Throughout each iteration of OS X Server, Apple has included a new and updated version of PHP. OS X 10.8 Mountain Lion is no exception to this.
Under a fully patched version of OS X 10.6 Snow Leopard Server, PHP is at version 5.3.8. A fully patched OS X 10.7 Lion Server runs PHP 5.3.10. OS X 10.8 Mountain Lion Server runs version 5.3.13. Much like Apache, there is a newer version of PHP available: PHP 5.3.14 and PHP 5.4.4. Both of these are newer versions than what is currently installed.
There is one aspect to PHP on OS X 10.7 Lion Server and OS X 10.8 Mountain Lion Server that was not included in OS X 10.6 Snow Leopard. PHP on OS X 10.7 Lion Server and OS X 10.8 Mountain Lion Server both run a hardened version of PHP using the Suhosin patch.
The Suhosin patch consists of two parts. The first is a patch that will protect the PHP Core against buffer overflows and format string vulnerabilities. Both buffer overflows and format string are used as vulnerabilities by malicious software to try to gain access to your system.
The second part is a binary that will protect PHP web applications from attacks. The beauty of the binary is that it is compatible with ZendOptimizer, which is a popular PHP optimization add-on.
Apple is running the latest version of the Suhosin patch, which as of this writing is 0.9.10.
It is good to see Apple taking security within Websites and PHP on OS X seriously by including the Suhosin patch with PHP.
OpenSSL has been a standard library within both OS X and OS X Server since the initial release of OS X 10.0 in March of 2001. Throughout each iteration of OS X, Apple has updated OpenSSL to keep pace with new features and security updates. OpenSSL on a fully patched OS X 10.5 Leopard is 0.9.7l, while on 10.6.8 Snow Leopard Server it is version 1.0.0a, built on June 1st, 2010. On a fully patched 10.7.4 machine, it is 0.9.8r built on February 8th, 2011. On OS X 10.8 Mountain Lion, the version is the same as Lion, 0.9.8r.
I am not sure why Apple decided not to use the latest version, 0.9.8x, or even switch to the 1.0 train of OpenSSL. The versions for that are 1.0.0j or 1.0.1c. Any of these three versions would provide some security updates, which would make OS X 10.8 Mountain Lion that much more secure.
Just like OpenSSL, SSH has been a standard feature of OS X for quite a while. Apple uses OpenSSH for its SSH daemon. OpenSSH, in case you are not aware, is the daemon used to allow users to remotely connect to your Mac, as well as remotely connect to other servers. This is one method of securely connecting back to your Mac. Also, like OpenSSL and most of the other daemons and common libraries, OS X Mountain Lion is no different.
On a fully patched version of OS X 10.5 Leopard, the version of OpenSSH is OpenSSH_5.2p1. On OS X 10.6.8 Snow Leopard, the version of SSHd is OpenSSH_5.2p1; on OS X 10.7 Lion it is OpenSSH_5.6p1; and on OS X 10.8 Mountain Lion, it is OpenSSH_5.9p1. OpenSSH version 6.0 was released on April 22nd, 2012. I don’t think Apple will be using this version anytime soon, but there is an update available should they choose to upgrade. It is more likely that we will see OpenSSH 6.0 in OS X 10.9.
Ruby is a programming language that is used by many programmers to create websites that have a rich user experience. Apple also uses Ruby as the basis of its built-in applications like Wiki, Profile Manager, and Calendar. Ruby is like many of the other built-in libraries and has been in OS X for quite a while now.
A fully patched version of OS X 10.5 Leopard runs version 1.8.6 patch level 369 of Ruby. Compare this to OS X 10.6 Snow Leopard where the version of Ruby installed is 1.8.7 patch level 249. OS X 10.7 Lion has version 1.8.7 patch level 357. OS X Mountain Lion runs Ruby 1.8.7 patch level 358. These are nowhere near the latest version of Ruby, which is 1.9.3 patch level 194.
As with the other built-in libraries, I am not sure why Apple has chosen not to update to the latest version.
Python, as with the other libraries, has existed on OS X for quite a long time. Python is one of the core programming languages provided on OS X. A fully patched OS X 10.5 Leopard device runs Python version 2.5.1, whereas OS X 10.6 Snow Leopard installation runs version 2.6.1 built on June 24th, 2010. OS X 10.7 Lion runs versions 2.7.1 built on June 16th, 2011. OS X 10.8 Mountain Lion is running 2.7.2 built on June 15th, 2012.
There is not a significant difference between the OS X 10.7 Lion and OS X 10.8 Mountain Lion versions of Python. This is what might be expected. Outside of security updates, I am not sure if Apple will continue to update OS X 10.7 Lion after 10.8 Mountain Lion is released.
The overall state of OS X is a transitionary one. OS X is at the point where it is a mature operating system and the addition of new features has to make sense in an overall strategy and cannot be done just to warrant a new release.
If you were to predict the progression of OS X and iOS, you might say that there will be a convergence of iOS and OS X at some point. It may not be for quite a while, but the integration of more iOS features into the Mac and having the two operating systems have feature parity makes it abundantly clear that Apple is looking to go this route at some point.
Operating systems are not the only transitionary piece with OS X and iOS. Apple is moving users more and more to using iCloud and cloud-based storage for all of their media. iCloud is a major feature of OS X 10.8 Mountain Lion. The integration with iCloud means that more applications can use iCloud for storing their files so a user can access their data across both iOS and OS X devices.
The third transitionary factor is local storage. Traditional spinning hard drives have provided significant amounts of storage. The largest single drives commercially available today are 3TB hard drives. Out of all of Apple’s products, there are only five models of products that support traditional spinning hard drives. Those products are the iPod classic, 13-inch MacBook Pro and 15-inch MacBook Pro, the Mac minis, and Mac Pros. All of the rest of Apple’s products require solid-state hard drives as their storage mechanism. It is clear to see that Apple is going to eventually go all SSD. This may be the case, except for in their server-class products where storage is a much needed item and enterprise-level customers need to get the most local storage possible.
If you take the iCloud strategy and intertwine the reduction in local storage options with the small number of products that do support traditional hard drives, it is quite clear that Apple is putting more emphasis on its iCloud for storage as well as reducing local storage amounts. It is true that at some point solid state storage will reach, and possibly surpass, the storage amounts for traditional hard drives, but the time is not now and it may not be for a few more years.
Regardless, this is a time of transition for Apple, its products, and the users of Apple’s products. In the end, the transition should make it a better experience for all of the parties involved.
Apple has released another solid build of OS X. OS X 10.8 Mountain Lion integrates some fantastic features from iOS, like Notification Center, Twitter and Facebook integration, and iCloud support throughout the system. OS X 10.8 Mountain Lion Server also saw some vast improvements in Software Update Server, improvements with Website hosting, as well as moving from iChat to Messages server.
OS X 10.8 Mountain Lion is an integral part of Apple’s overall strategy to make your content and data available wherever you go and across all of your devices. If you do not have OS X 10.7 Lion, this is not a problem since OS X 10.8 Mountain Lion can be installed from OS X 10.6.8 Snow Leopard. This means that if you decided to skip OS X 10.7 Lion, you can still upgrade directly to OS X 10.8 Mountain Lion without needing to pay for the upgrade to OS X 10.7 Lion.
The price reduction for both the Client and Server versions of OS X 10.8 Mountain Lion definitely makes it an attractive buy for users and enterprises alike. OS X 10.8 Mountain Lion makes improvements in all areas compared to OS X 10.7 Lion. The price reduction for OS X 10.8 Mountain Lion Server will make it compelling for more small businesses as well as curious non-business owners who want to be able to test out server functionality without investing in dedicated hardware or software.