Mac Servers & Services

[jscooper22]

Hi All,

(I posted this same question to the Mac Power Users FB group, but I'd like to cast a pretty wide net since there don't seem to be many in my position ... or we're all just busy. Would love to hear what others are doing to keep Mac infrastructure humming and how long you think we can hold on without any substantial offerings in this realm.)

What's everyone's take on Mac Servers & Services?

I maintain a 50+ user Mac office, run File & Web services (plus a few others like Kerio for mail) from Macs. We needed to put in AD a couple years ago because we bought a piece of software that needed Win and trying to get it to authenticate to OD seemed more daunting then shelling out $ for licenses. I do run OD that hooks into AD but just so users can change their credentials on a web form (AD doesn't have this built-in that I can find). I just read something (https://www.imore.com/changes-macos-server-54-high-sierra) about them moving even more services away from the server app in High Sierra (I assume to the command line), and all things being equal I would say they are telling business customers to take a flying leap.

But then there was that press meeting a few months ago where they talked a good game about supporting business and headless desktops/servers, but still no new Minis or MP, so I'm feeling kind of yanked around. Trying too stretch every bit of life I can out of old MPs and XServes (two still running!) plus my existing Minis, because buying three-year-old technology makes zero sense to me.

Anyone else in the same boat? Are you still running Mac Services, particularly OD? (I'm considering moving back 'cause AD has been a pain in my side since I got it and I may just learn to live without Single Sign On.) Am I nuts for continuing to bang my head against a wall?

Thanks and sorry if this is a bit diatribe-ish.

Jeff

 

[Geeky Chimp]

I understand where you are Jeff. We run a Cloud Infrastructure on macOS Server; and macOS High Sierra with macOS Server 5.4 is bringing with it testing times.
Apples favourite word with Server (and Business) at the moment seems to be "deprecated" in terms of features.
Depending on the Services you want/need will depend on how much bad news there is with macOS Server 5.4.

iOS File Sharing is fully deprecated, along with FTP. They suggest using 3rd Party Cloud Providers aimed at business such as Google Drive or Dropbox. My response to Apple went along the lines "So your telling businesses that Apple got it wrong but go to Google as they have it right? Where is iCloud for Business?". (Btw I hate Googles G-Suite)
File Sharing itself is still around but AFP is deprecated and its no longer in Server.app. Its managed in System Preferences - Sharing Pane. Well part of it is; WebDAV is managed in the Terminal, and theres no connected users list.
Caching Server is managed in System Preferences - Sharing pane too. That seems to have some features added such as a hierarchy.
Open Directory has been hidden but not deprecated. The reasoning is that Profile Manager doesn't rely on Open Directory anymore... So for now, we still have that feature.
Time Machine Server is half baked into System Preferences - Sharing pane too.
Xcode server is half baked into Xcode apparently, but I haven't tested that out yet.
The Mail Service lost the SMTP log a while ago, for reasons no-one really knows.

All in all, Apple have left us in a potential mess. iOS 11 brought with it the Files App and potential for File Sharing to be great, then they took iOS File Sharing away, which sums it up really.

We've looked at 3 potential pathways forward;
1 - to self-compile the open source packages Apple use to host the services and build our own interface,
2 - to move over to SUSE Servers (either SLES or openSUSE),
3 - bury our heads in the sand, stick with macOS Sierra and macOS Server 5.3.1, not be able to fully manage iOS11 Devices from Profile Manager if its on a 5.3.1 server, and hope Apple read the feedback on apple.com/feedback that we've had our staff submitting - I'm told this is read and well worth submitting to. Oh and hope that when you email people at the top of Apple they have read the email even though they don't reply.

I'm not sure where we are going as our pathway yet; we're still evaluating options.

I'll round this post out by agreeing that we all love Apple kit, and predominately love Apple software but macOS High Sierra with macOS Server 5.4 is a massive thorn in my side.

 

[DJLC]

My take is they're on the way out.

I work for a school. When I got here, they were using OD in one building and AD in another. I've migrated them all into AD and turned off OD completely. File shares have also moved over to the Windows server. The only things my Xserve is still doing are those that Windows can't — namely, Caching and Bonjour printer sharing. And it hosts an HTTP repo for Munki because I couldn't get IIS to work right. But with the changes to caching in High Sierra, we don't really even need Server.app anymore. I'll likely stick with Yosemite and Server 4 until that older caching service doesn't work anymore. At that point I'd imagine I either get a Mini for printer sharing, or I bite the bullet and migrate that to Windows too. Our Munki repo can always go over to a Linux server, or I can invest the time to figure out why IIS doesn't like me; probably just user error tbh.

In regards to password changes — if users are logging into their Macs with AD accounts, they can use the built-in password change functionality. No need for a web form. I've never seen an issue with that. Personally, I'd look to remove OD from the equation rather than AD. One is used by businesses large and small all over the world; the other is a little forgotten side-hobby.

In all — I gave up on macOS Server being reliable or usable way back in the 10.7 days. Since then I've been proven right time and time again. I don't like Windows or Linux for my workstation, but they sure make solid servers if they're set up right. And FWIW, 99% of our users are using Macs.

 

[Marshall73]

we run a client with Windows AD and also a Mac mini bound to the AD running macOS server for caching and profile manger. The Mac mini fills in the bits that the windows AD can’t do.

 

[Geeky Chimp]

Just to come back on our take on OD/AD. We have a fully Apple environment - no Windows Clients or Servers. For that reason I wouldn't put AD in our infrastructure. If/when macOS Server is deprecated/becomes unfit for purpose for us we will look at openLDAP which Open Directory is based on.
Alternatively there is SAMBA4 which can emulate a Windows AD with Group Policy etc; again I doubt we will implement this as we have no Windows machines but it gives you options.

 

[ThirteenXIII]

Apple really is simplifying the process to some extent, yes not with their services but 3rd party MDM tools instead. Apple does not or will not support mobile accounts at some point and we can see Macs going the way of a 1:1 device (i.e.; iPad and iPhone). Most will be local accounts and can be managed with MDM profiles vs AD or Server apps.
I'd recommend for a small environment like that using something like JamfNow and if you have directory services get Enterprise Connect from Apple to keep a single sign on process enabled with local accounts if needed.