Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 11, 2013, 11:36 AM   #1
unplugme71
macrumors 68000
 
Join Date: May 2011
10.8 Server with FileVault

I have a Mac Mini running 10.8.4 Server and I'm interested in turning FileVault on.

On a server without filevault, I can restart the computer remotely and after the computer boots up, it goes to the login window. Meanwhile, the server OS is up and running and allows for services to be used. With filevault, does the OS not boot up until you login? So how can one use the server with FileVault being headless? Or is it not possible to use File Vault on servers?
unplugme71 is offline   0 Reply With Quote
Old Aug 11, 2013, 11:53 AM   #2
Weaselboy
macrumors P6
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Location: California
I have not used FV with Server, but I do use FV on Mountain Lion client and when you boot and get the login screen you are actually at that point only running off a boot stub on the recovery partition and the entire OS partition is still locked. So I am going to say you can't do what you are asking with FV on.
Weaselboy is offline   0 Reply With Quote
Old Aug 11, 2013, 09:11 PM   #3
alexrmc92
macrumors regular
 
Join Date: Feb 2013
Quote:
Originally Posted by Weaselboy View Post
I have not used FV with Server, but I do use FV on Mountain Lion client and when you boot and get the login screen you are actually at that point only running off a boot stub on the recovery partition and the entire OS partition is still locked. So I am going to say you can't do what you are asking with FV on.
Although i haven't tested this myself, i'm going to agree. From what i can tell FV requires a password to finish the boot process, which wont work for a headless system unless you have an XServe with LOM.
alexrmc92 is offline   1 Reply With Quote
Old Aug 12, 2013, 07:35 PM   #4
unplugme71
Thread Starter
macrumors 68000
 
Join Date: May 2011
That's what I figured. I guess the assumption is the Mac Mini running a Server OS would be located in a physically secure location.
unplugme71 is offline   0 Reply With Quote
Old Aug 13, 2013, 12:32 PM   #5
talmy
macrumors 601
 
talmy's Avatar
 
Join Date: Oct 2009
Location: Oregon
I solved this problem by having a system boot partition without FileVault and having a second partition that is encrypted. I don't keep anything sensitive on the unencrypted partition. I admit that I don't know how to move the databases for Contact and Calendar servers off of this partition, but I don't consider that data sensitive. I haven't tested to see if the encrypted drives are accessible before I log in since I always need to log in after power up to run services that aren't really services.
__________________
27" i7 iMac, 15" MacBook Pro, Mac mini with Yosemite Server, 5 other Macs and an unused Apple TV in the household.
talmy is offline   0 Reply With Quote
Old Aug 13, 2013, 07:23 PM   #6
unplugme71
Thread Starter
macrumors 68000
 
Join Date: May 2011
Quote:
Originally Posted by talmy View Post
I solved this problem by having a system boot partition without FileVault and having a second partition that is encrypted. I don't keep anything sensitive on the unencrypted partition. I admit that I don't know how to move the databases for Contact and Calendar servers off of this partition, but I don't consider that data sensitive. I haven't tested to see if the encrypted drives are accessible before I log in since I always need to log in after power up to run services that aren't really services.
I ended up just putting a firmware password on the mac mini server. The login passwords were strengthened some more. My external drive that connects to the mini just hosts iTunes and iPhoto libraries, so there's nothing extremely important anyway.

I'm just trying to think of better ways to manage a home network with server. The one thing I like about PHD is the ability to sync my HomeDir with any of the Macs I log onto. However, since this data is not encrypted on the Mini server, I'm starting to wonder if the benefit outweighs the security risk.
unplugme71 is offline   0 Reply With Quote
Old Aug 14, 2013, 03:34 PM   #7
ZMacintosh
macrumors 6502a
 
Join Date: Nov 2008
it is not recommended to have filevault turned on for your OS X server.
any user who connects to the server, that data will be encrypted unless theyre on FTP.

I'd highly recommend going through the server essentials guide and the 10.8 Server Admin page on Apple.com. good resources there to help secure your server.
ZMacintosh is offline   0 Reply With Quote
Old Aug 14, 2013, 04:00 PM   #8
mwhities
macrumors 6502a
 
Join Date: Jul 2011
Location: Mississippi
Send a message via AIM to mwhities Send a message via MSN to mwhities
This site:

http://www.mountainlionserver.com/

Has helped me out a lot.
__________________
Late '11 MBP 17" - Blue Nano 8G - Black 4S 16G/64G - Black iPad2 16G - Black iPad mini 16G - 2TB TC
mwhities is offline   0 Reply With Quote
Old Aug 23, 2013, 10:41 AM   #9
kirdes
macrumors newbie
 
Join Date: Jul 2011
Quote:
Originally Posted by unplugme71 View Post
I have a Mac Mini running 10.8.4 Server and I'm interested in turning FileVault on.

On a server without filevault, I can restart the computer remotely and after the computer boots up, it goes to the login window. Meanwhile, the server OS is up and running and allows for services to be used. With filevault, does the OS not boot up until you login? So how can one use the server with FileVault being headless? Or is it not possible to use File Vault on servers?
There's a special reboot command for this particular case, details here:

http://blog.macminicolo.net/post/324...ng-filevault-2
kirdes is offline   0 Reply With Quote
Old Aug 23, 2013, 10:57 AM   #10
talmy
macrumors 601
 
talmy's Avatar
 
Join Date: Oct 2009
Location: Oregon
Quote:
Originally Posted by kirdes View Post
There's a special reboot command for this particular case, details here:

http://blog.macminicolo.net/post/324...ng-filevault-2
That will allow you to manually reboot, however if the system shuts down for any reason (such as a power failure) you are unable to start it without a keyboard attached.
__________________
27" i7 iMac, 15" MacBook Pro, Mac mini with Yosemite Server, 5 other Macs and an unused Apple TV in the household.
talmy is offline   0 Reply With Quote
Old Aug 26, 2013, 10:52 AM   #11
unplugme71
Thread Starter
macrumors 68000
 
Join Date: May 2011
Quote:
Originally Posted by talmy View Post
That will allow you to manually reboot, however if the system shuts down for any reason (such as a power failure) you are unable to start it without a keyboard attached.
Yup. Even if the 'restart after power failure' option is enabled. You are still screwed. Luckily with a mac mini server in a data center, you should have a better chance at winning the lottery than losing power. At least you'd hope so.
unplugme71 is offline   0 Reply With Quote
Old Aug 26, 2013, 01:00 PM   #12
talmy
macrumors 601
 
talmy's Avatar
 
Join Date: Oct 2009
Location: Oregon
Quote:
Originally Posted by unplugme71 View Post
Yup. Even if the 'restart after power failure' option is enabled. You are still screwed. Luckily with a mac mini server in a data center, you should have a better chance at winning the lottery than losing power. At least you'd hope so.
The only reason to use FileVault is physical security, an issue with a home server. However one would hope that the data center is secure, in which case FileVault is of marginal usefulness anyway. In any case the workaround of using a small, unencrypted boot partition and putting everything of importance on an encrypted partition works fine.
__________________
27" i7 iMac, 15" MacBook Pro, Mac mini with Yosemite Server, 5 other Macs and an unused Apple TV in the household.
talmy is offline   0 Reply With Quote
Old Aug 26, 2013, 11:11 PM   #13
unplugme71
Thread Starter
macrumors 68000
 
Join Date: May 2011
Quote:
Originally Posted by talmy View Post
The only reason to use FileVault is physical security, an issue with a home server. However one would hope that the data center is secure, in which case FileVault is of marginal usefulness anyway. In any case the workaround of using a small, unencrypted boot partition and putting everything of importance on an encrypted partition works fine.
Depends on what you find important. To me, Open Directory for example can be important and that would have to reside on the unencrypted boot partition.

Most likely, I will probably opt for a server rack and get one of those trays that supports 4 Mac Mini's.

If someone wants to take my Mac Mini (or data), they'd have to go through quite a bit of physical security first. And to do all that just to know my identity, financial records, and large iPhoto/iTunes library is probably not worth the effort - not until I push over 7 figure net-worth.
unplugme71 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Filevault ,what to do 50L Mac Applications and Mac App Store 4 May 23, 2014 05:20 AM
FileVault jakesaunders27 Mac Pro 2 Jan 7, 2014 04:40 PM
FileVault Tander OS X 10.8 Mountain Lion 10 Sep 1, 2013 12:38 PM
HELP filevault wozzerage Mac Basics and Help 1 Feb 25, 2013 01:08 AM
FileVault 2 oldcelt MacBook Air 7 Jul 19, 2012 01:34 PM

Forum Jump

All times are GMT -5. The time now is 04:49 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC