Good afternoon. Well, hopefully all the demo gods are still in the room. We have a lot of demos this afternoon, so hopefully it will all go very well. I can feel a lot of positive karma in this room, so I think we'll be fine. I actually manage the Apple's professional services group for the enterprise, and we do a lot of integration work with a lot of you in the room, a lot of our customers, enterprise customers, people buying XSERVs, XSERV raids. We're helping a lot of our publishing customers migrate from OS 9 to OS 10, set up network home directories, integrate with Active Directory. So basically this session is all about integrating those Macs into your environments, into your corporations, on your networks. And so we'll show, we'll talk about a lot of that today. So we're kind of, I kind of see ourselves as like a jumpstart team, right? So we come in for a few days and we kind of help you do that integration, do that integration work. We're not the, you're not a, you know, a consulting firm that stays for months in your company and, you know, spends hundreds of thousands of dollars. We're just in for, you know, a week and we basically help you get all that stuff up and going and then basically mentor you and help you, you know, basically maintain the system moving forward on 10. So this is kind of what our team does. Yes.

So what's really interesting, the reason why we started this team and this enterprise professional services group is because of Panther. If someone would have given me that job before Panther, I wouldn't have taken it. Panther is really the first operating system that is truly an enterprise operating system. And I feel we're very confident when we go in that we can get the job done in your companies. And so really it fits beautifully in a lot of environments.

And so what we're going to talk about today is kind of review a little bit of the desktop solutions that are out there that make that Mac fit into that enterprise properly. And then we'll talk a lot about the back end, because the back end is also very key. And that's why we have on stage right now, you know, XSERVs, XSERV raids, which will all be part of the live demo. We'll also talk about some third-party solutions. There's tons of third-party solutions, of course. You've seen a lot of them this week. but I'm just going to focus on a few that I thought were kind of interesting, again, that have come out in the past few months or that we'll be shipping this month. I'll also talk about some myths versus facts. I meet a lot of people, and there's still some networking terms, and people still think that we're running Apple Talk on our network, so we'll kind of talk about those as well. And then a lot of people, when we go in, they're like, well, I'm running OS 9 or I'm running 10.2. Tiger's gonna be shipping next month, which of course we all know now it's not. Should I wait to deploy? And we'll talk about those. So fitting in, right? The first thing that's important today is for the MAC to fit into your corporations, and we all understand that.

at Apple. And so the first thing I wanted to talk about is email and collaboration. And we actually have a dedicated collaboration session on Friday, which I'll be presenting at 10.30. So if you want the whole download on collaboration tools and collaboration suites, please come to that session Friday at 10.30.

But I just wanted to review some of the main applications that we have today. When we go into a corporation, basically email is the number one application used. Probably 70% of your time is spent in Entourage or in Outlook or in Apple Mail. People spend their life in email nowadays. And so Apple made a lot of efforts and will continue to make efforts to fit in with our own tools. So Apple Mail, Address Book, and we'll show those in the demos a little later on. Microsoft also, they're very committed to the Macintosh. They've done a lot of important add-ons and new features and added some compatibility with Exchange with Entourage 2004. Things are working much better compared to the previous versions on Mac OS X. And so we have Pop IMAP as well as Exchange connectivity, and of course they do the same.

And they also have calendaring. Lotus Notes, the Lotus Notes suite, I mean, there's a whole bunch of products from IBM. And also, Lotus is also very committed to the Mac, and they've got a great product that is pretty much on par, totally on par, Mac versus PC. And then Novell just announced group-wise 6.5.x, and we don't see as much Novell in the enterprise, but it's pretty big in education. And so I just wanted to mention that as well. Desktop management solutions. You know, so again, I mean, when we talk to IT people, you know, for them, the most important thing is making their job easy. I mean, every IT person, they don't want to spend time, extra time managing computers. They want to spend as much, as less time as possible to manage the desktops. And so you've been to the sessions this week. Hopefully you were able to get into the session.

With Apple Remote Desktop 2, you all have CDs with your WWDC kit that came with ARD2O. We've made a lot of improvements. We've listened to customers. And there's some great features around software distribution, remote assistance, easy setup, asset management, all that kind of stuff. We've made some great strides in that area. But also, I wanted to mention some of the third-party tools that are available. Hopefully, if my clicker does work. There we go. We also have some other desktop management solutions that are compatible with Mac OS X, like Landesk, Netopia, Marimba, Altiris, FileWave. Those are all great third-party solutions that are available, that are cross-platform and basically allow you to also manage your heterogeneous environments. So I wanted to make sure that we mentioned those as well.

Active directory support, this has been key. This is something that we shipped in Panther, and we've improved it tremendously since we shipped 10.3. In 10.3.3, we added full support for network home directories. That has to be done. This is not a UI. That has to be done from the command line. You need to edit the active directory.plist file, but basically it allows you to truly have an SMB network home directory and not just have it mounted on the desktop like what happened when we shipped in 10.3. We just hadn't finished that feature yet, but we have that. Also very interesting, we even have wireless support when using Active Directory. So once you're bound or you're set up with your wireless account, you can actually reboot your machine, log in, and we actually have wireless support through AD, which is a feature that some third-party products don't. One feature we are missing that is interesting is DFS support, and love to get feedback on that. Right now you have to use the Thursby product for that, and we understand that. love to get feedback if that is important to you. You'll have my email address at the end, so we'll be glad to receive that feedback. Mobile accounts is also very important. Laptops, a lot of people use laptops today. You want to make sure that your credentials are cached on the laptop so you can log in, log out, reboot your machine. When you're not on the network, you can log in. So we've got all those features in the AD plugin. Some of the other directories where we are compatible with, because of Open Directory, and if you went to the open directory session this morning, you have a better understanding of how our directory system or directory infrastructure is in the OS. I mean, we're very open, right? And we're all based on standards. And a lot of those other directories use LDAP. And so it's really simple to plug in a Mac desktop into a Sun iPlanet backend or into a Novell backend or an IBM directory server backend. So we fit in very, very well even with some of the other directories that are out there. Even NIST, for those of you who still use NIST, it might be time to upgrade, but we still have that support in the operating system.

I wanted to quickly touch on a few applications and web browsers. So, of course, Safari is Apple's browser of choice. And, again, we've improved Safari tremendously. And Eric will show some of the cool Safari demos in just a second. A lot of applications are web-based. And you saw some of the announcements this week with, like, PeopleSoft and Salesforce.com, who are also very committed and that are basically fully supporting Safari as the browser of choice. A lot of banking. We've been talking to all the major banks as well to make sure they fully support Safari as the browser of choice on the Macintosh. We also added in Safari 1.2, we added Live Connect support, which is huge for a lot of customers. And then just mention some of the few tools that are really useful when you're a Mac user and you need to connect to a PC, a virtual PC. But RDC is a great tool as well, Remote Desktop Connection. It's free. Many people don't know that, and we'll demo that today as well, just so you can get a feeling of what you can do with Microsoft RDC. I say it's free, but it also requires a CAL, of course. Virtual PC 6 and 7 shipping this summer, or later this fall. And then PeopleSoft 8, SAP, Java, GUI, people who are using SAP. Also, there's a client on the PC, a Win32 client, but there's also a great Java client that is available and that is compatible with Mac OS X. So we also have SAP availability and Oracle 11i and Salesforce, of course.

And then 2004, Office 2004, if you read Steven Wollstrom's quote from Business Week a few weeks ago, he basically said that Mac users now have an Office suite equal to Windows, which is really good. And we actually have even more features than the latest version available on the Windows side.

Hopefully my clicker keeps on working. There we go. Quickly touch on Java and X11. So, again, we've got some great tools available on the Mac, and we're seeing more and more developers actually use Mac OS X as their development platform. Great tools, JBuilder, Sun Java Creator Studio, that was announced this week at the Java 1 conference. IBM Eclipse, there was a session on Eclipse a few days ago. And Eclipse is really, really important, because I'm seeing a lot of developers move to Eclipse to write their own applications. And because we have Eclipse on the Macintosh, it's going to help us even get even more applications on the platform because it truly is a cross-platform development environment. And it really helps IBM and others to bring even more applications to the Macintosh. And then JBoss, Macromedia, and of course the X11 client. This is great. I mean, if you've been downstairs to some of the vendors, if you went to the vendor fair, a lot of them, the first step, like in the backup area, they bring up the X11 server and the X11 client for the Macintosh, and then it takes them a few months, and then they come up with a really nice native Cocoa GUI. But at least we have X11, and people can actually run their applications through X11 on the Macintosh as well. VPN clients, just wanted to quickly touch on that. So we have a native L2TP and PPTP over IPSec client built into the OS. So for small and medium businesses, also on the server side, we have a built-in VPN server that is compatible with Mac and Windows. So make sure you take advantage of that. I mean, if you buy an XServe, it's really very simple to set up as a VPN server. And again, it'll work with both your Mac clients and PCs. And I still know quite a few accounts that are dialing in using dial-up. And the beauty of this is if you set up an XServe with VPN, you can go to pretty much, you're on the road, you can go to any hotel, they They pretty much all have DSL or cable modems, and you can get on your network without using any dial-up, which is kind of pretty much outdated. Cisco as well. Oh, by the way, we also, in 10.3.4, we also improved tremendously our Nortel compatibility.

So there was a bug on the Nortel side in their VPN box, which we basically addressed by adding some new functionality on the client to work around the bug, basically. And now you should really look at having your admin turn on L2TP on your Nortel box, and it should pretty much just work. So you can actually use the built-in Mac client to connect your Nortel back end. There are some other ones. Netlock has a client for Nortel, Equinux, a VPN tracker, V1, and Grayshawn software. here.

So that's kind of a quick summary on the enterprise side and again, on the client side. And again, I didn't touch on everything, but I also wanted to focus a lot on the back end and on server solutions and how we fit in into your networks on the server side, especially with Panther and then with Tiger, it'll just get better.

So what you're going to learn first is basically, this is stuff that we've really done a lot of work with on the integration side, on the professional services side, is really using a Mac server, a Mac OS X server as a Windows file server. And the reason for that is, you know, people, security is a big thing nowadays. I'm sure you all realize that. And unfortunately, there are a lot of viruses and worms you have to deal with on a daily basis on the Windows side. Not saying that we're not affected. We definitely are on some of the security patches, but we haven't been hit with a virus for the past three years. So we're much more secure on the virus side and on the worm side. And so it's really neat. Not only do you save on client access licenses, but you can really put a Unix machine. You keep your Active Directory back in. I mean, again, we understand you've spent a lot of money deploying AD. If you go the AD route, the Active Directory route, you're not going back, right? We all know that.

And so it's really nice. You can keep your AD backend, but basically deploy an XServe. Also, what's interesting is you can also use your XServes as network home directories. So what I mean by that is basically what's called roving profiles, right? So I can log into one machine, get to my files. Next day, log into another machine, get to my files. And all my files are stored on the network, and we fully support that on the server side for both Macs and PCs. Policy management.

So I call this policy management because a lot of Windows IT people understand that. And that's what we call workgroup management, right? So workgroup management is basically policy management. And we'll talk about that as well. And then another interesting thing is, as you saw in some of the sessions in the OS X server, we basically talked about high availability and how we're going to improve our high availability active-passive solution in Tiger. Well, we have a pretty neat solution today that we're basically offering to our customers on the consulting side, and I'd like to demo that to you. And then we'll talk about backup solutions. So first thing I want to talk about is using the server as a home, basically, as your network home directory. And what you can see here, the beauty of it is, so you have a Mac client, you've got an SMB, you've got a Windows client, and you've got a Linux client, right, or a Unix client. And what's really interesting is because the server supports all three protocols, supports AFP, SMB, SIF, and NFS, basically, and the Mac desktop supports all three, you could basically connect over SMB, AFP, or NFS to your home. And let's say your home is stored on an X server and an X server RAID, right? On the PC, PC only supports SMB, so you're doing SMB. And, of course, on the Unix side, you're doing NFS. but we basically support all three on the Macintosh and, of course, all three protocols on the server side. So you've got a really interesting bundle here. For less than, you know, $13,000, you've got a fully, you know, you've got 3 1⁄2 terabytes of storage, and you've got your XServe, and you can use that as network home directories to store your network home directories.

Another thing that we've been doing a lot, pretty much since Panther shipped, is policy management. Now that we have a truly enterprise-level operating system, people want to lock down and manage their policies on the desktop. And there's a couple of ways to do that, and that's what this slide talks about. So the first way that usually we go with, and probably 80% of our customers, when we go and talk to the Windows admin, they manage their schemas, right? And usually we start talking and say, well, the first thing they ask is, you know, are you going to modify my schema? It's like, you know, don't touch my schema, right? That's usually the way the IT people behave. And that's fine. We've got no problem with that. I mean, we'll work both ways. We can put XSERVs in there and basically use the XSERV as kind of a dual authentication.

You're still authenticating the user to Active Directory, but you're being managed through the XSERV, okay? So that means You don't have to do any schema extension, and Eric will show you that in the demo in a few minutes. So that's the first way, is you put an XServe, and you're basically still authenticating to AD, but you're being managed through the XServe using World Group Manager. The other way we can do it is we can actually extend the schema on your Windows server. And that's stuff that we also do on the consulting side. And that's also, there's about 30, what is it, Eric? 37? So there's 37 attributes you need to modify on your AD server so that basically you could actually run work group manager against the active directory directly. So you can manage users, groups, computers when you're modifying the scheme on your AD server. Okay. So people usually don't like doing that manually, even though we have that. It's all detailed in the open directory guide. But you don't want to make any mistakes. especially on 2000 because you can't delete attributes once you've put them in. So we basically developed a script that just goes in and does it all pretty much automatically. So that's the other way of doing it. And so what I want to do now is basically bring up Eric to kind of show you some AD demos and kind of go through a bunch of them. Eric? Thanks, JD.

So the first thing I'm going to do is actually bind to AD. If you've never seen this, it's actually really, really easy. So we've got a tool called Directory Access. It's actually located in your Utilities folder or under every Applications folder. Need to unlock here. So you notice there's a plug-in here called Active Directory. Double click on that. It'll ask you for a little bit of information. Pretty easy.

Some of your admins have a hard time figuring out what it is. But it's very easy information to find out. You're looking for your force and your domain information. It's already entering here, but I'm not bound yet. So I'm going to actually bind this client to the AD. Now, you can use a pre-created computer account, all the kind of stuff you do on a Windows side. If you've got privileges to do it, it will let you bind to the directory. Return.

Now I'm bound. That fast, it created a computer account, and it's bound to the Active Directory. There's a couple of things you've got to do before you're done. You actually want to say, I want to use this for authentication. I've already done it in advance here, but you add that to the authentication chain. One very important thing people don't realize, if you've got Exchange, you want to add it to the context one as well, and I'll show you why you want to do that. All you do is switch to custom, click add, and add it to the list. So that's pretty much how hard it is to bind, But if you launch the terminal, the quick test to make sure it really worked-- so I know there's an AD user out there called winhome.

OK, that's a user out of Active Directory. You'll notice partially because his UID, for those with the Unix IDs, is very large, because that's dynamically generated from Active Directory. You'll also notice a group based off of the domain information. So he's actually part of the engineers group in AD. So now I know AD is working great. Now I'm going to log out. I'm going to log in as that user I just checked. So I went home.

Now what's important about this user is, I call him WinHome because his home is actually on the Windows server. No changes, it's not running AFP, it's running just regular Windows file services. I'll also show another user where we're connecting to the XServe, another example of how you can split that up.

One thing that happens for you is, one, your home directory on the network gets mounted on your desktop. And I actually put a shortcut in your dock. So I can actually create a folder here. You know, this is from the Mac. This is stuff for home, et cetera. So those are files that are up in my network home network. I could copy files over, et cetera, from my local machine if I wanted to. So you see how that works. It's normal SMB share from a Windows server. But let me go ahead and log out. And now I'll log in as an OS X user. Now what's different here is the home is actually on one of our X serves in the rack. Now the X serve is actually integrated AD as well.

You know, it's the same OS X home added to my dock. And in this case, it's actually using SMB to an XR, which is kind of interesting. In reality, as, you know, JD mentioned, you can actually switch that. Just to show you real quick, there's a command line tool called DSConfigAD. If you run that, there's a little option here called local home and mount style. You can switch the mount style to AFP. So if I were to switch to AFP, would actually use Apple File Protocol to connect to the XServe instead of SMB, which is more reliable for us. So that's pretty much it for actually logging in. It's amazing how easy that is. But a little more detail people don't realize is I can actually launch Safari. I've actually got Exchange 2003 installed with Outlook Web Access, so let me just click to Outlook Web Access.

You notice I didn't do anything. It signed me in. It used my Kerberos credentials that I got when I signed into the computer and just logged right into Outlook Web Access, just like you do on your PC. I can click on email, read email, send email, et cetera. And I can show you the fact that I got credentials from the command line with a simple Kerberos command called K-List.

This is the credentials I got when I signed in, and this is the credentials to connect to the Exchange server. Thank you. All automatic. But remember that comment I made a little earlier about the Context tab and why that's important. Most of us don't realize once you do that, if you launch Address Book, you can actually look at Active Directory and find users. You know, I want to send an email to somebody. I know there's a demo user out there. Actually, there's three of them. I can double-click on the user. You know, this is all kinds of information. All of this is coming out of Active Directory.

I can, for example, I can actually drag that to my personal address book if I want. So I don't have to worry about being on active directory. And now that user is now in my local directory. All completely seamless for you. So just to prove a couple of things, let me go ahead and log in. Hey, Eric. Yes. Go back to address book and show them the syncing, the iSync with Exchange. So inside of address book, you can actually go to preferences, and you'll notice there's a synchronize with Exchange. So if you actually got an Exchange account and you've integrated your mail as well, launched your mail and set it up, you can actually sync your address book with mail and Exchange back and forth. So all your addresses are always in sync for your personal address lists. Your GAL, or what people call the GAL on the Windows side, is auto-ready and address book by default. So there's nothing to synchronize. The great thing is if you launch Mail and you type in usernames, it will find them in AD automatically. The autocomplete that we have in Mail, it works with AD as well. All automatic. This is number four, please.

So let me actually show you real quick those users in AD. I've actually got the AD administrator up here. Those two users I just logged in as. You'll notice the OSX home. You'll notice his account, just a normal account, but his profile was on the XSERV under the Users folder with his OSX home. And same thing on the WinHome. You'll notice the difference is it's actually on the Windows 2003 server. Thank you. Now let me log in on another PC with that same user.

So that's a home folder stored on a XServe from a Windows box. If I actually click on the short link here, you'll notice that it's actually going to the server and the files are in there. You can also go to my computer and notice that it's actually mounted on the desktop or on the system as a drive. All transparently. They don't even know it's an XServe on the back end. So that's kind of it for that, but let me now go through some policy examples. Can we go back to number two, please? Thank you. So I have a couple other users set up. Actually, number three, please. Oh, three, sorry.

So I've got a couple other users set up to actually show the policy management. First of all, let me show you a user that has actually been extended directly in AD. So this is a, we've done the schema changes, and I've applied a policy to the user in AD using our tools. Nothing special, I log in as user just like I always would.

Now I didn't do anything special here. This actually came from the policy management. I said to put his dock on one side. actually enable magnification. And this is all coming from the policy management. It's always a slight delay logging in here. Notice the network home isn't listed in the folder. So I've kind of controlled that user's experience, which is very handy. I could lock out applications. Anything you can do in worker management, you can do to the user right then and there. And I'll show you what that looks like in our tools so you see how I actually set the settings.

Now I'm going to log in as a different user, and this is a group user. And this is because I'm going to control his policies from an OS X server with a separate directory. I want to log in first without anything set up. So you see it's just a normal user, everything exactly the way you would have first time when you signed in. But I'm going to make a slight change. I'm going to add the OS X server to that authentication tab you saw. What that's going to do is find any other groups the user might be part of.

Let me show you a little utility here. So if I launch ID, you see I'm not part of any groups. Sorry, the terminal's a little smaller there. Yes, I'm only part of staff, no extra groups. Last director access. authenticate as the admin. Now I'm going to actually add the LDAP server from our server into the list. Now if everything's working right, for us here, I should log in with the same user again. And notice everything will look different.

Demo guards aren't with us. Let me double-check to make sure I actually talked to the server. Managed settings are cached, so there is some danger in this. And the fact that it didn't go to the director again because he knew that it didn't have any managed settings that needed to be refreshed. Just open up a terminal and show them that. You'll see that I'm actually part of another group. Actually, it did. Take that back. Oh, there you go. I have a simple finder. So that was the big change. Boy, Simplifiner is really simple. So it worked. So next thing, let me launch the worker management tool so you can see what this kind of looks like in the directory. Couldn't run it as easy. It's pretty restricted there.

connect to the server here. So I'm going to connect to Open Directory Master. And I'm going to connect to the X server that's bound to AD as well. So this is the Open Directory server. Notice there's some other users. I didn't do anything special. But you'll notice the group called Manage Group. And that's the group user is in that group. You come over here. This is the XSERV. And here's a machine connected to AD.

I can do the same thing under the menu. And you'll notice there's a View Directories. I see the same list because I'm connected to AD as well as on a client. If I click Groups, you'll see the engineers, et cetera. So the nice thing is if I click on this extended user and go to preferences, you'll notice he has some preferences set up. Now I can authenticate.

And I can actually change some of this more, but if I click on one of these settings, I can come in here, say always, even though I didn't make a change. And it just saved that directly to Active Directory. So I'm modifying the user directly. Now, if I go to the Open Directory server, I can click on the Manage Group, go to Preferences, and you'll notice the Finder setting that I hit set. And I said always make it a simple finder. So that user got that policy from a completely different directory. That's it.

Cool. Thank you, Eric. Thank you. So see, demo gods are actually with us. It's a good thing. And there's more coming. The next thing that I wanted to talk about is Mac OS X as a PDC. That was pretty interesting. Last year, we did a similar session, not as in-depth as this one, because, of course, Panther wasn't shipping at the time. And a customer came at the end and basically told me, hey, you know, we've got about 500 Macs and about 100 PCs. You know, should I go to Active Directory? And I said, absolutely not. I mean, there's no reason to do that, because Panther now has PDC support built in. So really, I mean, you just basically set up an open directory master, an open directory replica, and you have the PDC built in.

So all your PCs can authenticate, you know, can authenticate directly to the open directory master box. So there's no need for deploying any active directory server to manage your PCs and log in and so forth and so on. So basically, we've got, you know, native support to act as a PDC. And as you saw in the session, we'll also add a backup domain controller in Tiger as well, which is useful when you need to manage the server. And then what's also interesting is we also mentioned that we were going to come up with a migration tool. But again, Panther is shipping today, and Tiger will ship in the first half of 2005. And we understand that the NT support is going away at the end of the year. So I wanted to make sure that people, there are two tools that are, one is available today, one is coming very shortly. One is from DAS Technology, and the other one is from Versora. And basically, they're going to have a tool that will allow you to migrate your NT servers over to a Mac OS X server, an open directory PDC. So those tools are available, or one is available, one will be available shortly by this fall. And then we also have some documentation. So please look at the Windows documentation. It's not as easy. We don't have that automatic tool yet. but the documentation is pretty explicit on how to help with the migration. And again, our recommendation is, you know, if you have about under 400 users, our PDC will work great. Four to 600, it's a perfect solution for that.

So if you have less than, you know, four to 600 PCs, you'll be fine. Of course, when you go, you know, in that enterprise level, you know, the PDC is, you know, Active Directory or a Sun solution or a Novell solution is probably better for the high-end enterprise. But for the small to medium business, it's a great solution. So what I'm going to do is have Eric give you a PDC demo.

Yep. So first on the Mac here, I want to just show you the fact that I have a user in Open Directory. This is a LDAP server. Let me close out the AD one over here. So you notice there's a PDC user, but he's got a Windows setup. I didn't create any profiles, so obviously I don't feel like dealing with creating a login script and profile and such. But you'll notice I'm going to map his home to the server, the Mac server. So he's got a typical path. I'm going to map H to our X server. This is number four, please.

So now I'm on XP, and you can see I'm actually bound to the ODPDC. Let me just sign in here. to type the right password? - Actually good, it's actually a security feature in Windows. It doesn't let you in if you don't type the right password. And you'll notice my H drive got mapped automatically.

Nothing special. Can I just talk about number three real quick, please? - And hold on, go to the start menu, the start button in just a second. Click on the start button, Eric, just to show them that actually, you can see that the PDC user, it's actually the PDC user. And again, the beauty of it, you can change passwords on the PC. It saves that back to the Mac and you change it on the admin side. I mean, all that stuff is totally transparent on the desktop and on the server. Number three, please. So you saw what I was looking at in Worker Manager real quick. I just want to actually bring up Server Admin so you can see that particular setting. It's got to query both servers.

As you can see, some of the logons have been a little long, and that's because of our little mini DNS server we set up at lunch. So bear with us. the DNS might not be completely configured properly here. And DNS is extremely important for those of you who have set that up before. - So you notice under Windows, there's some settings. Let me finish refreshing there. And I'm just configured as a primary domain controller. I set my domain as ODPDC, my computer name, and it's set up. - Great. - Thank you. - Thank you, Eric.

So I wanted to touch base also on another topic, which is migrating to open directory. Well, what's also interesting is we've been talking to a lot of people who have Sun, Sun iPlanet servers. And again, you know, they're spending a lot of money with Sun servers and especially the maintenance support and the support.

And so what I wanted to mention is it's actually pretty simple to migrate if you're only using your Sun for authentication. And again, we're not talking, you know, 500,000 user records, right? I mean, again, you have to, within reason, you know, our server can support today in Panther over, you know, we've tested over 100,000 user records. So if you're in that area, you know, zero to 100,000, you can definitely use our master replica scenario.

And definitely very interesting from a migration to--from iPlanet. What's also interesting is, again, built into directory services, you can very quickly authenticate to iPlanet, but also you can use Workgroup Manager to help you migrate that. So what you could do is you could basically tie into Workgroup Manager on your Sun box, you see all the list of users, and you basically use the export feature in Workgroup Manager. You save that file, and basically you bind to your open directory server, and then you import that file. And you've got a great way to basically import and export the basic user settings, right? SN, CN, password, definitely not. Usually what we recommend there, password migration is not easy for those of you who know that in the audience.

But you can use Workgroup Manager to quickly set up a default password, and users can come in and change it at first logon. But we've talked to at least four or five people in the past few months who want to migrate to open directory from Sun. And you can do that because, again, Sun uses LDAP. We use LDAP. Therefore, we're very compatible.

Next topic I wanted to cover is high availability. And so, again, if you were in the session, you saw some of the announcements around Tiger and Tiger Server where we're basically going to have an active-passive failover mechanism. But, you know, Tiger, again, is shipping next year, and a lot of you in the publishing world or in the enterprise world want, you know, the XSERVs, you know, they have one power supply, so I hear that all the time, right? People want to make sure that if the server goes down, my users get back online immediately. And so what we've put together is basically a scenario. This is a simple scenario. And the scenario is I've got a master server serving files or serving network home directories. Again, AFP, SMB, NFS, it doesn't really matter. And so this master server is actually connected to a fiber channel switch. It doesn't matter. It could be VXL, Brocade, QLogic. Those are the three that we support. And basically the server is connected to an XSERV RAID. It could be one, it could be two. In the demo today we have one, but no big deal.

The more ports, the merrier. And then you've got this failover server. And this failover server is basically in a waiting mode. And yes, the server is not doing much, but at least you're back up and running. If something happens, that server will pretty much instantly take over. And that's really what people care about. And of course, none of the volumes are mounted on the failover server right now. That's a big thing that people have run into. They think they can have both volumes mounted from the RAID on both servers. Not at all. You don't want that because then that's how you cause corruption. So all the volumes are mounted on the master server. And when the failure is open, we basically automatically mount all those volumes over to the failover server. And we'll do a demo in just a second. And what's also interesting is usually those kinds of solutions are pretty expensive. They're $10,000 to $15,000. And basically, we have a scenario where we sell it for probably the $4,000, which is really, really good, using scripting. And so what I want to do is bring up Eric, and Eric is going to basically show you this high availability demo. Thank you.

To set this up the best way, we actually put Apple Remote Desktop on our servers. I've got two windows open here. You notice I've got the master and I've got the failover. You notice the desktops are similar, but all the volumes are set up on the master over here. Let me show you these are really live windows. So I can create a New window. Sorry, I'm observing. In observed mode. So these are real live windows. And I'll actually connect to-- try connecting to the master.

It's gonna probably, you know, they're actually there. So notice that Eric is connecting. Notice the IP address, right? He's connecting to 162, and he's connecting to, you know, to the volumes. And we basically -- we have -- You can see we have 10 volumes, but we've only shared four in this case, right? So he's connected. Everything is going fine. What I'm gonna do now is I'm gonna do -- I'm gonna simulate a power failure or a power supply blowup. So you can see there's no trick here in this demo. I'm going to turn off the server.

Server is now off. And you can look at the failover server and in a matter of a few seconds, it takes usually around 10 seconds, you'll see that not only all the volumes mount, but also what we do is we start AFP as well on the services side. And you can see all the volumes mount up.

And we're going to connect to the exact same IP address. And Eric is going to be connecting to the same IP address, right? AFP's probably still launching, so give him a moment. Hopefully. week. We might not have started AFP. Can you make sure AFP started? Or just run it from ARD? I'll try to connect to it real quick. Yeah, AFP's not running. Yeah, AFP might not be running.

There you go. Just a matter of time for things to come up. So, again, we've had a little bit of DNS issues here, but usually it's pretty instantaneous, where basically the user... So the user will get disconnected, okay? And there's nothing we can do about that, but the point of it is that anything could happen, right? Your switch could be going bad, right? Or there might be a power failure or something. And in a matter of 10 seconds, your user will say, oh, I got disconnected. Let me just reconnect to the server, the same server I was connected to. And it's very transparent for the user they'll be connecting to the failover, but again, the RAID will move underneath the failover server. And then we also have failback, and again, that's for you to decide if you want automatic failback or not. Our scripts are able to do automatic failback, and so if I start the server again, all the volumes will move back over to the master server. Thank you, Eric.

So moving forward, what's also very interesting is you've all heard and maybe a lot of you have been to the XSAN sessions. And what's interesting is if you deploy this high availability failover solution that we talked about, you can deploy that today, right? But when XSAN ships later this fall, what's interesting is you could actually install XSAN on a very similar scenario.

Now, granted, I didn't put the metadata switch in there. It's not all fully wired up, but it would be a very similar scenario where you would load XAN on the master and on the failover. And what's interesting there is because of XAN, now your RAID volume could actually be mounted on both machines, right? And so you could actually run other services on that failover server, right? So you wouldn't be running AFP, but you could run some of the other services that are out there. You could use that to do Netboot, Netrestore, QTSS, you name it, right? Anything but AFP or SMB. And when that machine fails, basically you start those services on the failover server. So great migration path. You start with the high availability. Can't really use that second server for now. But when XAN ships, you can basically buy two copies of XAN and load it on the master on the failover and basically come up with a really nice little XN environment.

What's also very interesting moving forward with Apple XSAN and XSAN is, you know, really the whole SAN environment, and we talked about that in the XSAN sessions. But again, what's interesting here is you can have a mixed platform SAN solution using XSERV RAIDS. And that's really interesting because that gives you true enterprise data management. And using some of the wonderful tools from ADIC, you could actually have a mixed environment of XSERVs, of Windows servers, and Linux servers.

Because of our compatibility, because we're 100% compatible with the ADIC file system, you could actually host XSERVs, Windows servers, Linux servers, and your back end could be all Apple XSERV raids. What we see in the enterprise a lot is people have EMC storage or Hitachi storage. And what you can do now is you can basically, you can still use that storage, right? I mean, that storage is really expensive, right? And usually you don't want, you know, hundreds of terabytes of that storage because it will cost you, you know, a couple million dollars, right? Quite a few Porsche GTs. That's my car.

I mean, I'd love to have one. But anyway, so what's really interesting is you can use the XSAN in that middle storage range, right? So using ADIC's total life management system, basically when the files haven't been touched for a few days or a few weeks, that's for you to set up the policies, those files will get migrated automatically to our next serve RAID, and then if they haven't been touched in another month, then they could be moved to tape, right? And that's all done totally automatically using ADIC software, and we can integrate with that very, very nicely. So again, just food for thought on the enterprise side using Exan.

I also wanted to quickly touch base on backup solutions. And again, we had a great backup solution or backup session yesterday. But again, I think it's important to mention that last year, we didn't have a lot of backup solutions available for Mac OS X. And you can see that the list has grown pretty dramatically. From IBM to Veritas, EMC, Legato, CA, Backbone, Tolus, Dance, Atempo, Avail solution. Actually, a lot of the vendors were downstairs, if you saw them for the past three days in the vendor fair. So a lot of great backup solutions available for Mac OS X, both on the client and as well as on the client server side. And that's really exciting. And again, the reason why we have all those is because of, you know, Mac OS X's Unix foundation, is that it's much easier now for developers to come on the Mac platform and write tools because they support Linux, they support Windows, and for now it's really easy for them to support Mac OS X.

Another big thing is near-line backup. And that's a solution that I wanted to talk about because this is actually a true deployment that we did in Washington, D.C. And basically, the customer decided to completely get rid of tape. No tape libraries. They wanted basically true disk-to-disk backup. And basically, they bought an XSERV and they bought four XSERV RAIDs. And about 20 miles away, or 10 miles away, They have another set, one XServe, four XServe raids. And basically, the way they're doing it is they're doing their backups, their daily backups, and they basically kind of segmented the backups, you know, day one, day two, day three, day four, day five, up to day eight. And then at the same time, every day they're mirroring the data over to the off site, to the disaster recovery site about 20 miles away.

And I don't know if you guys can, can you guys actually see the performance, the throughput number right here? Okay, this is 2,720 megabytes per minute. Okay, that's the throughput they're getting when they're doing disk-to-disk backup. Okay, and that's actually using Retrospect on Mac OS X. Retrospect 6 with 1034. Pretty amazing. Now, how many people know how much you get when you backup the tape?

Yeah, yeah, it's a big difference. And we're not saying that you shouldn't back up the tape. We're just saying that basically the disk to disk to tape is a great scenario. And that's what people are moving to simply because there's not enough time in the day to back up all your machines, right? And in this scenario, they're backing up about 250 to 300 desktops, and they're doing that in less than two hours, okay? So that's the kind of -- you can't do that.

I mean, people leave at night. they've got about eight to ten hours to back up their systems, and the users are back up online in the morning, and if the backup is going on, what happens? User calls the IT guy and says, "Hey, my machine is really, really slow." Well, yeah, it's slow because I'm still having to do the backup, right? I haven't picked up your machine yet. And so that's the beauty of disk-to-disk. You back up the disk, and then you can take whatever time you want to back up that disk over to tape, right, and then take that tape offsite.

But disk-to-disk is a great scenario, and again, with the XSERV RAID, for those of you don't know this, an XServe RAID is $3 per gigabyte. Okay, that's our cost, $3 per gigabyte. It's unbeatable. And the performance is absolutely stunning. I mean, you're looking at 350 to 400 megabytes per second on the throughput on the XServe RAID sustained. And so we've got a really great solution for nearline backup. Thank you.

quickly talk about Apple imaging technologies. And that's because, again, a lot of you are migrating from 9 to 10 or from 10.2 to 10.3 or from 10.3X to 10.3.4. And basically, you tweak your image, your Mac OS X image, and you want to basically reload it on your desktops. And we did that actually at a customer probably about six months ago. And they had about 600 and in less than five hours, we basically loaded a three gigabyte image on each desktop. Less than six hours, all those machines were upgraded from 10.2 to 10.3.

And that's using some of the great imaging tools we have in there, using network image utility. We used a little bit of net restore as well. We used disk utility. So you use disk utility to make your image, and then we used ARD as well to basically set up the machines to net boot. And the machine would net boot in this net install mode and would basically load in less than 10 minutes would load the image on the desktop. And that's how we were able to achieve, you know, that migration. And so for those of you who are in the room, just wanted to give you a little heads up. So as you know, network image utility today does not support block copy. And so it usually takes 20 to 30 minutes to load an image. And again, this is a confidential session, right? So you don't repeat that, of course. But in a very near future software update, Network Image Utility will now support block copy.

I knew I would get applauses for that, and I asked the product manager, can I say that? I said I really wanted applauses around that. So he said, yeah, you can do it. Just have fun. - No. So quickly talk about third parties. And this is a very interesting few products here. We have a couple of really big ISPs who are now using XSERVs to basically make sure that they're not being attacked or not being hacked into their network. And the XSERV is a phenomenal box for doing that. This customer, which I can't name, basically did a lot of testing. They tested, you know, Dells with Red Hat. They tested Sunboxes. They tested computer associates, $100,000 systems that basically do, you know, check their network and make sure that you're not being, you know, hacked into. And when they did all their testing, we also shipped them an XServe. And what they did is they used Snort, which is an open source tool, and they installed Snort. And the XServe was the only machine, and you're talking, you know, ISP, so you're talking a lot of packets going on. And the XServe was the only machine that did not drop a single packet. And any solution under $100,000 couldn't even come close to the XServe. So they were really blown away. And that was last year. And in the past six months, there's been two enterprise-level solutions that are now available. Symbiote, which is a company based in Austin. And not only do they defend your network, but they'll go and attack. They'll attack back at the hackers. So that's kind of cool. And then ArcSight is another solution available as well on Mac OS X. So it's two great solutions to put XSERVs in your environment and basically secure your network. You know, another really fun one, I talked to this developer on Monday night, and he told me that basically he's working on some solution that runs on the Mac that will basically go and find the worms that are living on the PCs. And it was funny because a few years ago, another big account, they were using Power Books. All their Windows servers were down because they were all hit by the Code Red worm. And so they were using Power Books to go in and shut down all the servers and find the servers that were infected. That was pretty funny.

Another solution that was announced this week from Versora is called Progression Web. And that is basically a migration tool. And it sells for under $300, which will basically migrate from IIS, from Microsoft IIS, over to Apache. And as you know, Apache is pretty use on the web browsing--on the web serving side, you know, over 60% market share. And this is an automated tool to migrate from IIS to Apache. And then one that I thought was really interesting that was announced this week and they'll be shipping by the end of the month is Cario. And Cario 6--Cario has been around for about four years now and they've shipped quite a few version of their email solution.

But what's really missing, right? I mean, you all know that. What's really missing on the Mac is calendar, right? There is no email, there is no solution today that has really good, that is kind of medium-sized business, right, that has good calendaring and good email, and that is cross-platform. And so what Curio saw that, and what they did is they basically developed their version 6, which basically allows you, they have a migration tool, which allows you to totally migrate from Exchange over to Cario, and it's very seamless on the back end. So you just migrate the server over to a next serve. Also very interesting is that you don't have to touch anything on the client. You just load this Mappy connector on the Windows side. But on the Mac side, they're totally compatible with Entourage 10 and 2004, right? So basically, you've got a really nice solution that is cross-platform, and they support FreeBusy, and they've got all that nice Microsoft stuff. And so really, for small to medium business, they've got a really good solution. Their pricing is amazing.

I mean, you're talking, you know, with the antivirus, with the McAfee antivirus and the spamming and the backup, all that stuff, you're talking $700 for 25 users, and you're talking, you know, $5,000 for an additional 1,000 users. So that's $5 per mailbox, right? that's pretty cheap. If you know how much exchange is, you know, it's usually a hundred to maybe two hundred dollars per mailbox, so it's not cheap. But again, you know, this is not I wouldn't go beyond 1,000 users on the product yet. We're working with them on adding XSAN support as well for clustering. But for small to medium business, great, great solution, all running on Mac OS X and great migration tool. And they also tie right into AD and open directory. So on the back end, you can keep your AD infrastructure, and you just basically migrate your Exchange 5.5 or 2,000 over to Cario. So.

And then finally, I wanted to quickly talk about myths versus facts. And, you know, it's pretty funny because I talked to, you know, again, some pretty large companies. And, you know, there's a lot of people think that AFP, the Apple Filing Protocol, is basically Apple Talk. And just, again, to make sure that, you know, we've gone away from Apple Talk years ago, right?

So there is no more Apple Talk running on the network. So AFP is like SMB for the PC, right? It's pure TCP/IP protocol. There's no AppleTalk going on on the network. So that's just-- for you, if your network person tells you, we don't like Macs because they still run AppleTalk, we really don't. SMB is faster than AFP. That is not the case. And really, we've tuned AFP. Because our customers work with really large files, you're always better using AFP when you can. And even today, on the Mac OS X side, it's always better to use an XServe to serve your Mac users, simply because the protocol has evolved throughout the years. You know, Microsoft still uses AFP 2.2 on their servers, and that is just not a good protocol to use, especially when people are running Photoshop, InDesign, and all those big applications on a daily basis. And then they still have to deal with resource and data forks. So really, it's better to have the Mac connect to AFP than SMB. AFP is chatty, not at all. That used to be the case with Apple Talk, but NetBios was also very chatty. But AFP is not chatty. Again, people confuse Apple Talk with AFP. And then Rendezvous is proprietary or chatty. Well, this week, we basically announced Rendezvous support for Windows. You've got a Rendezvous browser for Windows and for Linux, which is available if you saw that. And it's open standard and open source. And since we announced Rendezvous, I mean, you've seen how many printer manufacturers and game manufacturers and devices are now supporting rendezvous, and so it is not a proprietary standard whatsoever. whatsoever.

So what about Tiger, right? So, you know, should you wait for Tiger? Well, you know, we don't think so. We think that, you know, Panther is a phenomenal release on the desktop, on the server side. And really, when you look at the maintenance plan that we have, we've got this three-year maintenance plan where you buy for $1,000, you're covered for three years on the server side. And we've got a similar maintenance plan on the desktop. And when you see all the stuff that we're basically announcing in Tiger Server with no more 16 group limitations, full ACL support, nested group support, software update server, high availability, iChat server, WebLock server, full syncing of my home directories, it's really important that you plan ahead and that you get that maintenance. Because you will want to upgrade, no doubt, to Tiger Server when it's available because of all that functionality. So make sure you get the maintenance plan. You're covered for three years. You know, Tiger ships first half of 2005. Get the maintenance today, and you're covered. You get your software when we ship it, and it's just the best way to do it. So, you know, today, we've got a great solution. Tomorrow is looking, you know, a ton better with ACLs and no more group limitations.

So as a wrap-up, I just wanted to kind of review again that, you know, Apple has made great strides in the enterprise, right? I mean, if you look at all the solutions that are available today from key enterprise developers like IBM, Microsoft, Oracle, I mean, you saw all those people today or this week. We've got phenomenal solutions on the enterprise side, and they keep coming, right? Every week, every month, we get new solutions on the platform.

And the reason we have that is because the server, our server product, is so affordable, and our storage is so affordable. Those developers don't have to fight for the hardware. They can focus on selling their software solution, and the hardware is now, you know, it's nothing. I mean, a $4,000 server is nothing compared to a 16-way, you know, HP Superdome or some other box like that. And then in summary, I just wanted to say, you know, we've done a lot of work in Panther, Panther Server around the enterprise. We keep moving forward with Tiger in that direction. Pick your directory wisely. If you haven't gone to AD and you're still on NT, please consider Open Directory. I think it's a great alternative to AD. Much less expensive. Deploy technologies around open standards. And if you need help to set up those environments, That's our email address, [email protected].

And we'll be glad-- send us an email. We'll be glad to help you with your integration projects and help you get started. So this is my email address, [email protected]. And Chris Bledsoe, who's the Enterprise Alliance Manager on the developer side. And more information-- we've got a lot of documentation. You've got all your CDs. So all that is available. great server documentation which is available for free off our website. And of course, a lot of information on the Apple RAID and Exan and ARD available as well.