Good morning, everyone. Welcome here bright and early for the Mac OS X Server Overview session. Today we're going to go into depth on some of the new features of Tiger Server, and we're going to spend time on how they work and give you more information about them. But before we do that, I'd like to spend a little bit of time talking about the key goals we've had in developing Mac OS X Server and Tiger Server.

Our first goal has been to make sure that this is the easiest server to set up and deploy, and we've spent a lot of effort on the tools to enable that. But we want to make sure that it's also not just easy, but that it works well in mixed environments.

I'm sure that all of you have mixed environments, and although Mac OS X Server integrates well with the desktop with features like client management and NetBoot and now portable home directories, we've also made sure that it integrates seamlessly with your existing clients and networks. And finally, we've wanted to make it the easiest path to deploying open source to provide a scalable, proven solution that works for business-critical applications.

We started developing Mac OS X Server about four years ago, the first release in 2001. And since then, we've been building a portfolio of server and storage products with the XServe, the XServe RAID, the G5 XServe. And now, last year, we did a major new release of Apple Remote Desktop, our desktop management console. And this year, at the beginning of the year, we introduced XAN, our storage area network product.

And this spring, of course, Tiger Server, our fifth release of the server operating system in four years. We've had one underlying strategy for all these releases of Mac OS X Server, and that's to take an industry standard base, to layer open source on top of it, and then to integrate it with Apple innovation.

Mac OS X Server is industry standard. It's based on a Unix-based platform. The Darwin kernel that underlies Mac OS X Server is based on FreeBSD, and it gives you the performance and stability you'd expect from a Unix-based server. On top of that, we've taken the best open source packages. Instead of developing proprietary services to provide the service layer of Mac OS X Server, we've taken Apache, and Samba, Kerberos, OpenLDAP, Postfix, SpamAssassin, and many more. And we've integrated them all together.

And that integration has made all these services work together. For instance, we've made sure that all these services work together with LDAP and Kerberos, so that you don't have to do the integration on the platform. And then we've layered on top of that a unified, integrated management console to make the setup and deployment easy.

This integrated, open-source strategy has worked well, and we've seen the results of this in rapid customer adoption of the server product in the last few years. And we're continuing this momentum with Tiger Server, with over 200 new features. And some of the features that we're going to go in-depth to today are major new features, such as access control lists, the iChat server, X Grid, portable home directories, and more. So to tell you more about some of the new features in Tiger Server, I'd like to bring up Kazu Yanagihara, and he's the engineering manager for Core Server.

Good morning. So let's first spend a couple minutes looking at the foundation of Mac OS X Server, mostly for those of you who are new to the product. First, Unix Foundation. Our server, as Greg mentioned, is built on top of very solid, proven technologies: Mac kernel and FreeBSD. It delivers all the key features that one would expect from a modern OS, such as SMP, protected memory, real-time scheduling, and so on. And in Tiger Server, we've significantly improved the scheduling performance of SMP and multi-threading, so you should see it's pretty good news for all of us. But probably the biggest news at the Core OS layer in this release is the introduction of 64-bit support, especially for high-performance computing.

We no longer have the limitations of 4GB that's imposed upon us by 64-bit apps. And with our 64-bit file system, you can now have huge volumes beyond 16TB limit. And of course, all the key libraries such as Mathlib and Vectorlib have been upgraded and optimized for 64-bit. Development tools-wise, every single copy of Tiger and Tiger Server ships with Xcode 2, which now fully supports 64-bit application development. And lastly, unlike on some other 64-bit OS platforms, on Tiger, you can run native 32-bit applications side-by-side with 64-bit. So there is no emulation mode or associated performance loss.

Next, our directory services system. Our directory, open directory, is based on industry standard LDAP, and it also provides single sign-on capabilities using Kerberos, as well as support for different authentication methods out there, such as APOP and DHX. It also has a plugin architecture so you can extend it and integrate with different directory systems such as Active Directory and NIS. It provides high availability features such as server replication and client-side failover in case your server goes down. And lastly, in Tiger Server, we've implemented an authenticated binding, so you have a little bit more security now.

So now let's start talking about some of the higher level features that we've implemented in Tiger Server. And we're going to start with File Access Control List, which is also known as File ACLs or File ACLs. ACLs enable complex workflow in places like publishing workgroups, where you have different people needing to have different fine-grained permissions. It also enables Tiger Server and client to work much better with Windows client and server. With ACL, we are now 100% compatible with the NT-ACL model that's being used by both Windows XP client and server.

So let's look at how it works. Here's the old permissions model that we had in Pencil Server and previously released, known as POSIX permissions. As you can see, you can define permissions for just one user, one group, and everybody else. And the kinds of permissions that you can set are fairly simple: read-only, read-write, write-only, or none.

With ACL, you can assign as many users and groups as you want to any particular file or folder. And then for each of those users and groups, you can specify one of the pre-existing or predefined permissions, or you can go ahead and choose the custom at the bottom, and you can set very granular permissions if you want to. For example, you can say this particular user can write to a file, but cannot delete that particular file.

ASIO also supports allow and deny mode. And in most cases, people want to use allow mode, but the deny mode gives you a little bit more flexibility in defining exactly the permissions you want. For example, you can set something like this, where everybody in Apple's software organization have read-write access to one particular file, but Kazu can only read, and you can accomplish that using something like this. And lastly, for each of the folders that you set permissions on, you can also define inheritance. So you can say how you want the permissions that you've specified to be inherited by files and folders inside that folder.

So with ACL, you have much more flexibility in defining and enforcing access permissions on your shared files. But here's how we implemented it. We didn't really get rid of all the Unix or the POSIX permissions, so it's still there. So if you want to, you don't really require ACLs, you can continue to use POSIX permissions. But when you do need those flexibility and power of ACL, you can go ahead and use it. So implementation is really a best of both worlds. You have the simplicity of Prozacs, and then the power of ACL, which you can mix and match any way you'd like.

Administration-wise, you can enable or disable ACLs on per volume basis, and then on Mac OS X Server, it's enabled by default on all the internal drives and direct attach rate systems. And you can manage it from GUI in a workgroup manager application, or you can use standard Unix command line tools, such as gmod.

And this is something that wasn't just kind of bolted on top of system, but it's really built into the system. It's enforced by the kernel, and it's supported by key file systems in the OS. And as I mentioned earlier, we've also updated all the command line tools, so things like LS, correctly display information when you have ACL set.

And we've also modified Finder and other copy engines, so when you copy or duplicate files, the permissions are duplicated correctly as well. And as I mentioned earlier, it's fully compatible with Windows NT ACL model. So, whatever you set on Windows shows up exactly the same on Tiger Server and vice versa.

And we've also made a number of changes to the rest of the system for ACLs to work better. For example, we now generate 128-bit GUIDs, or the global unique IDs, every time you create users or groups. So when you specify one of those users or groups in ACL, you have the-- I should say, when you have that ACL specified, you can just go ahead and make sure that there's no ID conflict. For example, if you move a volume with ACL enabled from one system to the other, there's no ID conflict with ID 501, for example.

We've also removed the 16 group membership limitations, and also added support for nested groups. So now you have much better control over defining groups and effectively utilizing them in ACL. And lastly, we've introduced a new daemon called MemberD, which provides you with group membership check, as well as ID translation between UIDs, GUIDs, and Windows SIDs, or security IDs.

And there's a public API, so if you want to take advantage of it, it's there for you. For example, in your application, if you want to check group membership of a particular user, instead of writing a code to actually walk through all those nested groups, you can just make a simple API call.

And here is the GUI of Workgroup Manager looks like. So on the top, you can go ahead and continue to use POSIX permissions if you want to. But if you need more flexibility and sophistication, you can go ahead and set ACLs at the bottom. And when you have ACLs set, it takes precedence over what you specified in the POSIX panel.

And as you start to construct very complex permissions with a bunch of nested groups and a mix of deny and allow mode, a lot of times it's really difficult to tell if a particular user, what the particular permission of the particular user is. So to help you with that, we do have a tool called Inspector. which let you show exactly the effective permission of any particular user for any particular group, or any particular folder or file.

So that's File ACL. Now let's talk about Service Access Control Lists. So File ACLs are for controlling access to the files, and Service Control Lists are for accessing control to services such as AFP, FTP, mail, and so on, for a particular server. And why do you want this? Well, here's the problem. So more and more people are really centralizing all the users and groups into a centralized directory system.

and in a lot of corporations or educational institutions, you have tens of thousands of users, or hundreds of thousands of users in your directory system, which is a good thing. It's much easier to manage that way. But within the organization, people also bind different servers, the file servers, mail servers, and so on, to that centralized directory, which is also a good thing, because people can just go ahead and use single username and password to connect to all different services on all those servers. But one problem there is now everybody, the whole 10,000 or 100,000 of them in the directory, have access to every single service and every single server in your organization. And that's the problem service access control solves.

And setting it up is quite simple. So for example, if you want to limit access to your file server to only a few people, all it takes is just two steps. One, on the left-hand side, you can define which service you want to control access to. And then, on the right-hand side, you can just drag any number of users or groups into it, and save, and that's it. Now only those three people, Chris LeCroy, Kazu Yanagihar and Mike Lopp, has access to your file server out of the thousands of people in the directory system. So it's very simple, but it's also very powerful.

So if you're interested in learning more about ACLs, there are two sessions you may want to attend. There's one this afternoon on file systems, where we're going to talk about more of the technical aspects of file ACLs. And tomorrow, we have a session dedicated to ACLs, both file and service ACLs. And there, we're going to talk about different features more in detail, as well as talk about best practices for sysadmins and developers, with some nice demos. So if you have time, please attend. Two o'clock tomorrow.

Now let's talk about two collaboration services that we've introduced in Tiger Server. We're going to start with iChat Server. Here are some of the reasons why you may want to deploy Mac OS X Server as your instant messaging solution. It's very low cost. There's no per client access license. It's standards-based, so there are tons of different open source products out there that you can integrate on different platforms. It's integrated with open directory, and most important of all, it's very secure.

So security, of course, it supports service access controllers, so you can specify exactly who in the directory system can use the iChat server. It also encrypts every single message that gets passed between client and server, so people can adjust network and then see what you're talking in your iChat. And we also support body authorization, so for anybody to add you to their body list, they need to first get authorization from you, which means random people cannot just add you to their body list and start to track and monitor your online presence.

Cross-platform, so it is based on Java D open source project, and it supports Java D protocol, which means you can interoperate with all the clients on Windows, Linux, different flavors of Unix, and even cell phones and PDAs. And there's a pretty interesting demo coming up in a few minutes to demonstrate that. And it's, iChat server automatically uses directory services, so there's no need for you to go ahead and set up separate external account on AOL or Yahoo Messenger or anywhere else. Everything stays within your firewall.

And of course, it fully supports all the features of iChat, such as chat rooms and U+3 audio and video conferencing. And lastly, we have some nice features such as Store and Forward, where you can go ahead and send a message to somebody who is not online, and then when that person becomes online, the message gets delivered, even if you're offline at that time. It's sort of like a voicemail.

And here's an example deployment of iChat server within your corporation or educational institution. You have the directory server there with all the users and groups defined, which means, again, you don't need to create an external account, and the users can use the same username and password that they use to connect to file server or mail server.

And your iChat server is inside, again, inside a firewall, meaning your messages don't leave your company or educational institution. It all stays within the firewall. And then everything that stays within is also encrypted, so it's a very secure system. And you can really deploy this with very low cost.

All it takes is just one Mac OS X server, and hopefully open directory server. And it's also very easy to set up. You can set it up probably in a few minutes. So now I'd like to invite Chris LeCroy to come up to the stage and then give us a quick demo of iChat Server in action.

Can I have demo two, please? All right. So, iChat server. So, let me first show you the UI for configuring it. In server admin, it's really simple. Basically, specify the domain that you want to use for your Jabber IDs. In this case, we're kind of using a closed network, so I have kind of a funny name.

But an example of what you'd want to do here is, at Apple, we want to have our IDs be things like [email protected], but the server we run on may not actually be apple.com. It's probably going to be jabber.apple.com. So, this field allows you to tell the server what kind of host names it'll accept for chats. You can add a welcome message for people to see the first time they log in.

And you can specify the SSL certificate. By default, you're going to get the default certificate. It's unsigned, so there are some clients that may comply. But you can always go use our new certificate UI in server admin and get a signed certificate and cause those warnings to go away. iChat does not complain about it, so that's good. So that's basically it for setting it up. And let me show you a little bit of a demo here.

So here's iChat. I'm not going to do a big iChat client demo, because you guys have all seen that a million times. Just show you some of the unique things with Jabber. So if you look at the bottom here, Wilfredo Sanchez waiting for authorization. What that means is that I've invited Wilfredo to, or I've asked him if I can have him in my buddy list.

Until he authorizes me, I'm not going to be able to see his presence. And I can still chat with him, but I just won't be able to see his presence. So on his side, he's going to get a little notification saying, Chris LeCroy would like to add you to his buddy list, and he'll say okay. And then he'll show up like Al Begley does here, with proper authorization. Another kind of cool feature is, even when people are offline with Jabber, you can still send them messages. So I know that Doug likes to sleep in.

So I can send him a chat and as soon as his machine wakes up, after he wakes up, he's going to get that instant message. He's going to know that I want him to call as soon as he wakes up. So that's about all I'm going to show you with the iChat client. So as Kazu mentioned, there are like hundreds of Jabra clients out there, from Windows, Linux, PDAs, everything. I actually went and downloaded an open-source Python-based client called XMPP-PY.

And I installed it. It took like two minutes to install. And it gives you this really rich library of Jabber functionality that you can access via Python, which means you can access it from shell scripts. So here's kind of what a command looks like for sending a message. Xsend is the name of the little tool. I'm sending it to Chris LeCroy at www.c.local. So if I hit that, basically I've sent myself a little message from the terminal.

So, mine on it. So, kind of extending that, Mac OS X Server ships with a utility called Disk Space Monitor, and what it does is it monitors hard drive space and will send notifications when it notices that certain thresholds have been reached. So what I've done is I've modified that script. There's kind of a default script.

The default script that we changed, so what's in blue is what I changed. I typically, or by default it sends emails. So I commented out the line that sends email, and I just added a few X send calls in there. So let me show you how that works now. So I've got a... A server, so I've mounted an AFP volume. It's a very small volume, only 2.4 megabytes. I'm going to copy a 2.3 megabyte file over to that volume.

And in a few seconds, Disk Space Monitor noticed that the hard drive got full and it sent me a message saying, "My hard drive is full with a bunch of information." So this is really useful. There are all kinds of things you can monitor. You can have it send it to iChat. If you've got other clients, if you've got a Jabber client on your phone, you can throw away your pager. So basically that's iChat, or iChat Server.

So we now ship block server that's based on standards and integrated with open directory. And it's such a turnkey product, you can just go ahead and start using it without any additional software. The old editor is built into the browser and so on. So let's take a look.

Security-wise, it of course uses or supports service access controllers, so you can again decide who can access this server. And you can also use Kerberos for authentication if you want the most security there. And it's based on popular BroadSum project out there, and uses all the standard protocols, which means your users can use standalone editors or viewers if you want to, or you can use what's built into a product based on browser.

And you can create individual user blogs or group blogs for collaboration, in which case anybody in that group can create and edit blogs for a particular project, for example. We do have this auto-blog creation feature, so every time a user first logs in, not every time, but first time when the user logs in, the server automatically creates a blog for that user, so the sysadmin doesn't have to do any manual configuration there.

And lastly, we do ship with a handful of very nice-looking themes, but if you want to, you can add your own. And there's also plugin API, so you can extend the functionality of the server if you want to do something additional to meet needs of your specific environment. Here's what GUI looks like in the browser. It's one of the themes. But rather than me just kind of going over every single one, what I'm going to do is I'm going to invite Chris back onto stage so he can show us the live version of the software.

Okay, so as Kazu mentioned, its weblog server is based on Blodsum. First thing is it's really easy to get to. If you just go to the host name on a server machine, you get our default web page, and you'll see a little web log link over here. Make that a little bigger for those of you in the back.

Maybe a little smaller. Welcome. Thank you. That's Weblog Server. Okay, so clicked on the weblog link, and what you're seeing here are a list of the weblogs on this server. Weblogs are actually created dynamically, so everybody in the directory system who has access to the server can create a weblog really easily by just typing in their short name.

So I'm going to type in Michael, and Michael doesn't have a weblog, or didn't have one. Now he does have a weblog. Went out, looked in the directory, and just automatically generated his weblog, so the administrator doesn't have to do anything. It's very easy.

They've all got kind of calendar-based navigation. They've all got support for categories.

Here's one. Looks a lot like the default web page. Here's one that's a little cooler with some transparency and a little three-dimensional window there. Let me show you what the... We tried to... We used a lot of dynamic HTML, and we really tried to make the experience not too web-like, I guess, is one way to put it. So these little windows that pop up make it really easy to... make it feel like you're kind of in an application. So let me log into ELLs blog and show you how to do a new entry. So create new entry.

I guess that would be personal status. Oh, and geez, I guess I should do spell checking on that. So that's how you do data entry. Oh, another thing is that it completely integrates with Safari RSS. Use that UI if I'd like to. And because of the integration with Safari RSS, there are kind of some unique things you can do. So we actually use this a lot at Apple, especially for team status. So I've got bookmarks to everybody's status that are actually feed URLs, which are the Safari RSS URL type.

Kind of the cool thing about it is I can have my entire team in a folder, and I can do view all RSS articles. And I can see everybody's status now, and it's really a lot easier than dealing with all the emails coming in with people's status. I like it a lot.

And then another thing we do at Apple, so we didn't build this to try to compete with any of the internet blogging services out there. There are a zillion of those. We really intended for this to be kind of an internal collaboration tool. So we use it internally quite a bit.

And here's an example of just an example project. We use it for project status primarily. So in this example, I've got different categories. I've got build info. One thing to note about Blogson is that the weblogs are actually text files. So if you wanted to, you can build little tools that actually generate little blog entries for you like the build system is doing here.

You know, meeting notes, project status, it's all searchable, so if I noticed in this project status here that the first official build, 1A322, was fired off and it was a total failure, I can go in here and search for... Oops, I have to go back to all entries. Search for 1.8.3.22 and then get any info about that build problem. And that's basically it for WebLogs.

Thanks, Chris. So next, let's talk about X Grid. It's our distributed computing solution. Here are some of the reasons why you may want to use Mac OS X Server with Xub for your distributed computing needs. We now have a nice 64-bit architecture. We ship pretty nice development tools, Xcode 2. And we have Xgrid, our distributed computing engine, built into the OS, which ships with nice management tools and supports open directory with features like single-sign-on authentication using Kerberos.

But before we talk about it, let's take a quick look at how it works. There are three parts to it-- the client, controller, and agents. Client is a system where you submit jobs, jobs being some sort of computational jobs, such as calculating first 1 billion prime numbers, or rendering graphics files, or so on. And when the job gets submitted to the controller, the controller breaks it down into different tasks, number of tasks, and assigns each task to a different agent. So the agents can go ahead and do the computation in parallel.

The agents send back the task result to the controller. The controller puts everything back together and then notifies the client when the whole job is done. And of course, at that point, the client can go ahead and retrieve the result of the job that's submitted. So that's sort of the 45-second overview of how X-Grid works. And X Grid is built into every Tiger and Tiger Server. On the server side, you can make any Tiger Server a controller or agent. And you can define that, or both actually, and you can define that in server admin software.

On the desktop side, any Tiger desktop can become an agent. All you have to do is go to the system preference panel, go to sharing panel, and then click check on that little X grid mark at the bottom. And if you want, you can configure things like different authentication methods, or whether you want your machine to be always acting as agent, or only when you're sitting idle, not using the computer. We've also posted a PanServ version of the agent on the web, so you can download and make any PanServ desktop or the server XGrid agent as well.

And setting up Next Grid is very simple. It uses Bonjour to discover all the controllers and agents. And it really, within a few minutes, you can click, click, click, and set up your whole grid, ready for computation. So of course, integrated with open directory, which means it uses all the users in the centralized directory for authentication, and it supports things like authentication, as well as password-based authentication.

On the client side, there are two different ways that you can submit jobs. One way is by using the command line tool that we ship. You can either invoke them directly from the terminal, from your shell script, or C program or whatever you want. Or you can go ahead and create a custom Cocoa application using our new X Grid Cocoa API, which is on the SDK for it on the DVD.

And complex workflow support. Xgrid supports dependencies management between jobs and between tasks. So you can say, start this job when this particular job is complete, so you can take a result from it and do additional computation on it. And you can really put together a big, complex system to solve your huge rocket science problem. And lastly, we've improved our scalability limit somewhat since our last release of Technical Preview 2, which was last summer, I believe. So here are some of the improved limitations listed here.

And Xgrid ships with its own admin software called Xgrid Admin, and here's what it looks like. So with this app, you can create grid, you can assign different agents to the grid, and on the right-hand side, you can manage jobs and agents. You can monitor them, you can pause or resume jobs, you can delete them, reassign them, and so on. Of course, you have a bunch of different statistics, so you can see how much aggregates through CPU power you have, for example.

And here's an example deployment of X Grid, maybe at a science department at a university. So of course you have the controller in the middle, and then in this case you have a rack full of X Serves that are dedicated agents. So any researchers with right authorization can submit jobs to this system, either from his or her laptop or from desktop. And then the person can wait for the result, or he can go away and then be notified, since some of those jobs may take days or even weeks.

But with X Grid, you can also take advantage of the CPU power that may be just sitting idle right there in your institution. So for example, student computer lab machines or some of the desktops that's being used by secretaries that are not being used after 5:00, if you mark the little checkbox in the system preference panel, the controller automatically discovers them and starts assigning tasks. So you don't have any CPU sitting there just idle, wasting time.

Even any computer on the internet can contribute to the grid. Again, all you have to do is check the little check box, and then type in the IP address of the controller, and now you have the SETI at home style computational engine. So I can call my grandma in Japan and say, hey, grandma, if you're not using a computer today, can you turn it on and do the checkbox and type in these four numbers with that in between? And then I can use the extra 1.8 gigahertz in Japan to solve some of the problems here in the US.

So that's what XGrid is, and it's primarily for scientific market or the professionals, such as graphics and video editing. But some people are starting to take a look at this and start to use it in more creative ways. For example, one of the groups in my department is looking at using this as an automated testing engine. So you can distribute a whole bunch of different test scripts to multiple machines, get it executed, and collect the result. So if you have time, take a look and then see sort of creative ways you can think of to use XGrid.

Here are some of the sessions that are related to X Grid and high-performance computing. In particular, the third one, Using X Grid to Create Blah Blah Blah, is the one dedicated to X Grid. It's just too long. So, and then there you have to, we're going to have a pretty nice demo of how you can use X Grid to improve the productivity of your day-to-day tasks that have nothing to do with scientific computing. So, when you get a chance, drop by and take And that's all I had, so now I'd like to introduce Michael Lopp, who's going to tell us all about desktop management features built into Tiger and Tiger Server. Michael. Thanks, Kazu.

Good morning, everyone. My name is Michael Lopp. I run the Desktop Management Technologies Group at Apple. And I'm going to give you guys a super-fast overview of desktop management at Apple, and I'm going to give you a demo of portable home directories, as well as talk about software updates. So we've got a lot of tools built straight--a lot of desktop management technology built straight into Tiger, as well as some great tools in Tiger Server.

Right now, WorkRoot Manager has a great utility we call Manage Desktop, which allows you to really deploy a wide variety of different management policies to your desktops. Maybe you're running a school. Maybe you've got--you want to lock down a desktop and not have the kids doing strange things. Or maybe you've got a small business where you want to just plant breadcrumbs on a desktop. WorkRoot Manager is a great way to deploy and manage your desktops. I'm not going to demo it today, but there's a lot of sessions that I'll be talking about it.

The other technology I'm responsible for is system imaging. This is NetBoot Network Install, a great technology that will actually allow you to actually boot images over the network or also allow you to build custom images and deploy software via network install. So I'm going to talk about software update server and portable home directors a little bit more. I want to put a plug in for ARD. ARD 2.2 just came out with Tiger. This has Tiger support and it's the Swiss Army knife of management, the way--that's what I think of it. You see the binoculars there that were actually in the keynote as well.

And that's a feature that we're famous for is the observing and controlling. There's a lot of other features in ARD. And I encourage you to check out the ARD website. I've got a lot of other features in ARD and I encourage you to go to a lot of the sessions and check it out. So, let's get started.

Software update server. Probably know what this is. You've got some interesting challenges with software update. First issue, it's really a question. It's how do I maintain standard desktop configurations? How do I test updates before my users get to them? How do I minimize bandwidth costs? When software updates are a force of nature, they just seem to always be coming.

And also, with the software update client, it's really easy for users to get to these updates without you actually being in the way, which may be a little bit of a So, anyway, we have a software update server which we really released as part of Tiger Server. This is a proxy cache of all of our software updates on your local system, which gives you management and control over all those updates. You've got to be in the intermediary from all of the updates.

And the good thing is, when that 20-meg keynote update shows up, and you can actually restrict it so that users can actually see it until it actually is available, until you want to make it available. So let's go over the network diagram here. Up at the top, we've got the mother ship.

That's all -- that's our software update servers, and every single update is up there right now. And then you have the Internet, and you have your infrastructure, and then you have all your clients. So what we want to do here, what a software update server allows you to do, it allows you to put a server right in the middle, an XServe, and actually this will be your cache of all the software updates.

So what that means is, when that 1,000 -- when that new keynote update shows up and 1,000 users try to download it, they're going to download it from your infrastructure, from your network. They're not going to pull it down from the Internet. Huge bandwidth savings there. And of course, via Workgroup Manager, you can actually control -- you can control the updates as well as you can manage the software update server via Server Admin. Surprise, surprise. Sorry, you guys in the back probably can't see this very well, but it looks a lot like Software Update Client. Key difference, though.

You're going to see, when you first turn on Software Update Server, you're going to see the updates that are going to be on your software update server. You're normally used to seeing only the updates that apply to your machine. So you're probably going to see some things you've never seen before because you've never installed, I don't know, motion. So remember, all the updates are going to be on your software update server. And there's two columns here. You can't see it in the back, but there's a mirror and there's an enable column.

Mirror means pull this -- pull this update down and put it on my -- put it on my local server. Enable means actually share that with my network. And then all the other information that you can see about that. So as I said, there's a lot of different management scenarios that you might have. You -- that you can manage a software update with. So maybe you want to use WorkRoute Manager. You can actually do that and have the Software Update Client point at your server versus another server.

Or you can use -- you can actually use the inspector and directory to actually change a -- change the record that we look up the Software Update Server for. And also, if you're building custom images, you can just use a command line to actually configure the Software Update Client. We are totally integrated with the Software Update Client and it's a great tool. It's a really handy tool to defer a lot of costs from, you know, all the bandwidth costs as well as controlling all the updates. So that's Software Update Server. Portable home directories.

This is a cool feature. So we have some other challenges in mob -- with mobility. And it's not just mobile computers. First off, we do have mobile computers and they're wandering around all over the place. We got all the machines in here. We got the ones down at Starbucks. When you're an IT person, you're responsible for monitoring and managing the machines. It's really hard to do that when they're not there. So that's a big thing. So that's a big challenge.

The other thing is users are mobile too. In a lot of K-12, students are moving from machine to machine and the problem they have is their content's not following them around. So the technology to solve this problem already exists. We already have home directories, a nice envelope which does that. If you end synchronization on top of that, you get -- whoops, sorry -- you get an interesting transition. You combine mobile home directories with synchronization, and you get portable home directories. So let's do a quick scenario here.

Your most important file. Let's talk about this. Got this gentleman down here right here. He's got his portable and he's writing his most important document right now. Don't know what it is, but it's a big deal. And if he loses it, that's a problem. So the problem is he writes his document, it's on there, and it's an obvious problem, but if that computer vanishes, his content's gone too. But this guy's bright.

He knows there's some guys in the back room with a rack of servers, and these servers are well maintained, and if one of these servers goes down, cell phone goes off, and someone gets a call, and they drop whatever they're doing, and he knows that if he puts his file on that document -- that document on that server, chances if he's portable being harmed or vanishing, he still has his content. We all want to do this. We all want to back up our content, but we don't always remember to do it.

What we want is a synchronization -- we want a synchronization tool that actually does it for us. And that's what portable home directories is. Another network diagram. So it's very similar to a software update. So you have your servers up on top and your clients down below. What happens is all your clients, when they have portable homes actually working for you, it actually does synchronization.

When the network goes away, the synchronization actually stops. And then when the network reappears, the synchronization will continue again. So what I'm actually going to do -- and actually, I'll demo this in one second, but I want to show you how you can actually opt into software update -- I mean, software -- portable home directories. There's two ways.

If you've got a network, if you've got a network account and you log into your account, you go into accounts preference, you'll see at the bottom there's a configure button there. If you click that, you'll see You're actually going to see the various options that you have that you can configure. There's a timing policy, how often do you want me to sync, and then there's what do you want me to sync, which content. Now you're thinking, that's pretty simple. Here's some great news. There's a million ways to configure this via WorkRootManager.

So we've got three, this is actually a sub-screen shot of within WorkRootManager. We've got three panels. Login/logout sync, background sync, and the options associated with it. Login/logout sync is, tell me what I should be syncing every time I log in/log out. Which content, which folders, whatever you want. Below it is the exclusion list.

Maybe you don't want to be syncing all your MP3s or your video or whatever. So we allow you to create really complex exclusion lists to say, don't sync this. So that's login/logout sync. Background sync has the same basic set of options, except background's actually happening when you're sitting there at your machine.

Same options, which content. as well as the exclusion list. And then lastly, The options. How often do I sync? Every five minutes. Maybe I don't want to do background syncing. Maybe I just want to turn it off and actually just do it manually. So, let's give a quick demo here. I'm going to go to demo three. I call this the dog-eat-my-powerbook scenario.

And I won't be demoing a dog actually eating a powerbook. So what I'm going to do here is this is my powerbook, and I've got my demo files here. And what I'm going to do here is I'm going to create my three most important files, okay? And I have them right here.

I have Project X, which is my career-defining project. This is a big deal that gets done. And I have all my specs associated with it. And if it doesn't work out, I've got my resume just in case. So these are very important files that I need. So what I'm going to go ahead and do is actually pull these and put them on my desktop.

Okay, and then I'm gonna change, what time is it? It's 9:44. So let's change this one here. If I can click it, there we go. I opened it. There we go, and it's 9:44 still. Okay, so now I'm gonna synchronize. Now, normally you wouldn't do this, what I'm about to do, 'cause the synchronization will just happen for you. It's gonna be happening behind the scenes. So we'll go ahead and we'll synchronize.

And you'll see a dialogue here in one second as the synchronization occurs. Again, normally you will never see this because it's happening in the background. So why do we call this the dog-eat-my-powerbook scenario? It's because a lot of students come up with interesting excuses for losing their content. And who knows what's going to happen to this powerbook. So let's just say that this powerbook got eaten by a dog and it's gone. My content's gone. My resume, my projects, my project schedule. So let's go over to demo two.

Login as me. Because I want to remember, oh wait, I turn on portable homes for this account. So shouldn't everything that I did be actually synchronized with my network home directory? And there you go. Let's actually organize this a little bit. There's my resume. There's my time-stamped file. And there's my folders. Everything has been backed up for me. I know this machine right here. I realize it's a simple demo, but the point is, portable home directories are working for you when you least expect it.

Because when we were installing, late in the development cycle, we were installing a lot of versions of Tiger. And we turned them into portable home directories because we were developing them. Now what we found is, on the second time that we upgraded the OS to the latest development version, suddenly all my content was there from the previous day.

And the reason was, as I turned on portable home directories, everything was being synced with my network home. So what I found was, my content was constantly following me around. These are the sort of ah-has you're going to have with portable home directories. And I think it's an amazingly great feature. So that's all I have. I've been great back up. Thank you very much.

All right, thanks, Michael. So I'm just going to wrap it up here. Tiger Server-- so you've heard about the foundation of Tiger Server with some major new features with ACLs and 64-bit application support. On top of that, we have open source. We've added some new services-- Blodsham, Jabber, and then we have-- oh, and SpamAssassin, of course, and many others. And on top of that, we have also services that integrate directly with the Mac OS X desktop. And we talked about a few of those as well-- X Grid, and Software Update Server, and Portable Home Directories.

For more information, we mentioned a bunch of sessions throughout the presentation. Of course, at the Apple developer site, there's also documentation and downloads available. And there are some other sessions that we'll be having throughout the week as well that you ought to check out. So, for Active Directory and for Open Directory support, we have a few sessions throughout the week. If you are programming with WebObjects or J2E, there are two sessions today that you should check out.

We have a session tomorrow afternoon on XAN, our Storage Area Network product. And we'll stay up here shortly after the presentation, but I want to definitely put in a plug tomorrow morning for anyone that has feedback or questions to attend the server feedback forum. It's tomorrow morning at 10:30 a.m. And then throughout the week, we have hands-on labs in the Enterprise IT Lab related to the various products, and there'll be people there that can answer your questions.