IT • 55:04
Snow Leopard Server includes a powerful new Setup Assistant that streamlines the configuration of your server. Learn from the experts about the rich set of functionality that the new setup experience provides for several different network topologies. Get a behind-the-scenes glimpse of how the Setup Assistant can automatically configure other network devices such as client computers, Airport Extreme, and Time Capsule to provide seamless network connectivity for local networks as well as the Internet.
Speakers: Josh Durham, Eric Firestone
Unlisted on Apple Developer site
Downloads from Apple
Transcript
This transcript has potential transcription errors. We are working on an improved version.
Today, we are here to talk about the Snow Leopard server and the setup process. And we're going to try and give you a little bit of an under-the-hood look. To sort of tell you some of the secret things that we're doing. Maybe not too secret, but some of the things you're doing when you click that button and we go set up 45 processes. So just to give you sort of an inside look there. I'm Eric Firestone. I'm a Software Engineer for the server team. And this is Josh Durham. He's a QA Engineer.
And so let's get started. So just to introduce you to this little presentation we're going to explore some of the setup options, and just sort of go through some of the new features and what we've got going there. Those new features are stuff that we've added in Snow Leopard or refined from Leopard in previous installs.
And again, like I said we're going to try and show you a little bit of what we do when you check that checkbox and sort of give you an idea of what processes we take advantage of for you. So to be specific we're going to go through networking.
AirPort base station setup. DNS. And here they are. So one goal of Snow Leopard server is to sort of be there when you need it to help you along, and stay out of your way when you don't want it there. So a Snow Leopard server is a great solution for small business and for larger IT solutions. We have three kinds of scenarios that we look at which are the bigger IT solutions.
We have multiple X servers in a rack and you're maybe hooked up to some RAIDs and all that fun stuff. And then we have some smaller solutions too such as a, just a small kind of business solution where you're behind an AirPort and you're in your small office and that's about it. Or a workgroup solution which is where you're a small group inside of a larger organization. So you'll see a little bit of that as we go through it.
And I'll talk a little bit about how that's changed since Leopard. So again, this is all the stuff that you're going to see if you go down the right path. There's about 45 of those.E You'll usually only see about 7 of them. And again, this is just the idea that you're only going to see what you need, and we're going to help you along based on what your machine configuration is-- your network configuration is.
We kind of pick out a lot of things for you to try and keep that as simple as possible. So let's go through some of the installation and setup options. We have moved from Leopard. We moved the remote install and remote setup browsers to Server Admin. So most of you guys are using Server Admin to kind of manage all of your machines anyway.
So when you want to add a new machine this is sort of the logical place to go. And we have these two new items up at the top here called Ready For Install and Ready For Setup. And so those when you click them are going to be these browser views of all the things on your local network that are either ready to be installed or ready for setup.
And specifically the ones that are Ready For Install is anything that are anything on that language chooser in the install CD. And Ready For Setup is anything that's sitting on the region chooser, the first panel of Server Assistant. So this is what you'd get if you go ahead and double click one of those guys in Server Admin and want to do a remote install.
And I'm just going to run through sort of this real quick process. It's changed a little bit since Snow Leopard. Mostly just cleanup. Or since Leopard. So you'd go ahead and do this. It would fill in the address for you, and then you're going to add the password in.
The password's going to be your hardware serial number from the machine. You're going to move forward. We got a nice disc picker. This is very similar to the local one and easy to use. We've added a couple little enhancements here from the local one. So we've heard some complaints from the IT people that it's too easy to silent the upgrade in the existing system.
So we try and help you out a little bit with this remote installer. And what's going to happen is you're going to get a sheet that says, There's already a system there. Are you sure you want to upgrade? And so if you don't want to upgrade, we also give you this very handy Erase option.
Again, this is remote so you can't just run Disc Utility because that's not a remote app. So you would just go ahead and hit Erase. You're going to get another sheet that asks you pretty much the one thing you want to know, which is, What do you want to name this thing? So you would click that. Hit Erase. It's going to erase the volume for you, and then throw you back to that main screen.
You're going to pick your volume. Move forward, and you're off with your install. So it's a very simple process and it's got a couple nice little enhancements. One other thing that's very handy on this panel. If you right click on any of these volumes, you can go ahead and bring up that Erase panel immediately.
So eventually, you'll have it installing and you're off on your way. So the other nice thing here is that if you want to install the multiple machines you can open up multiple windows. So you would just go back to Server Admin, double click another server. It's going to pop up another window for you, and you can go ahead and start that whole process over. So for installs, there's only a couple steps and none of them are really the same. So there's no point in choosing one volume and say, OK, install that volume on 30 machines0 because the volumes are all going to be different.
So for remote installs you're going to get a whole bunch of windows, and you just go through those three steps really quickly and they can all run simultaneously. For remote setups, it is actually useful to say, I want to configure all these machines the same, and we'll go into that a little bit in a second. So you can do a whole bunch of these windows and just let them all install simultaneously.
Once they're finished you can close down Server Assistant and all your machines will be great. So let's look at that remote setup a little bit. You have-- here you can multi-select. So like I was saying, it's sometimes useful to install to multiple machines with the same configuration at once.
So you can go ahead and multiply select, you know, 3 or 4 or 7 machines. And go ahead and hit that Setup button down on the bottom there. And what that's going to do is throw you into the setup process for all those machines. You can go ahead and add the password or serial number to all those machines.
And then as you go through the setup, it's going to act like you're setting up pretty much one server. But in the end, it's actually going to set all of those up the same. So this is great for, you know, clusters. We're going to have a whole bunch of nodes that are all the same. Anywhere where you want to install it to a bunch of machines would basically be the same configuration. And again, just like the remote install, if you want to do completely different setups you can open up multiple windows and install kind of one at a time.
So let's talk about some of the new features that you're going to see in both the local setup and the remote setup. So one nice change from Leopard here is that the remote case and the local case are almost identical. We go through the same pathway. Before, we used to use SSH to do the remote setup and just, you know, kind of local disc stuff for the local installs. So here now we go through Server Manager D for everything, which is the same mechanism that Server Preferences and Server Admin uses. So it's the same code path, the same everything, and it's going to be the very same experience, remote or local.
So we can go ahead and just kind of go through that setup here. And one other thing to point out here is that we've gone-- we've done away with the configuration silos. So I talked about our three scenarios that we have. The advanced kind of IT solution, and then we have the standard small business solution, and the workgroup which is, you know, part of a larger corporation solution. And so in Leopard these were very distinct things. If you had standard or workgroup kind of small business configurations, you would be using Server Preferences for most of your stuff.
And for the larger solutions, you're using Server Admin. And it sort of kept you away from switching back and forth. So we've done a really-- we've put a lot of effort into getting rid of that for Snow Leopard. We've tried to make it so that you can actually go ahead and use either of those at any time. It's not going to say, you know, You're on a small solution. Go stay away from Server Admin.
Or, Are you really sure you want to use this? It's kind of a big, heavy tool. And then before, we would completely lock you out of Server Preferences, which is a great tool. It does a lot of stuff for you. You know, when you click on in Server Preferences it's going to make sure everything's set up nicely for you. So that's a great tool even for the advanced administrator. And they really wanted to use Server Preferences, so we've kind of done that. There's no more silos.
And-- thank you-- and so of course, the setup process has to reflect that a little bit, and I'll talk about that a little bit more. But you won't-- you will no longer get that choice of are you a standard workgroup or advanced server? You're going to just do normal setup.
And again, we're going to try and help along based on what your configuration is. But it's really sort of one server again. It's not two different ones. So this is one of our new features, and this is very cool. This is migration from an existing volume. And so we've always had the upgrade case but this is actually migration, so you're pulling from another volume on the system. And we have a couple little things that are happening behind the scenes here that I can show you.
So let's get a look under the hood there. And so again, I said you can transfer from an existing server. This has one big advantage over Upgrade, and that's that it's not going to touch that other volume. It's a read-only operation. And this is great for replacing old servers with new ones.
So if you have like an old server on the rack and you want to get, you know, a shiny new Intel one, you can go ahead and pull the old one out. Plug it in with FireWire disc mode. Transfer all those settings, and plug that new one right into the rack and you're good to go in about 5, 10 minutes. So one thing to point out is that unlike in the local case or in the client case, this is a onetime operation. So you're going to get the chance to migrate here, and then we don't have the migration system like we do in the client.
It's sort of a one shot thing like I was saying. So if you go ahead and say, Yes, I want to migrate, this is the kind of thing that you're going to see. So it'll find all the volumes that are locally attached to your server. And it'll tell you what the versions are and that kind of stuff.
If you mouse over these, it'll give you a full path to what that volume is. And you notice a couple of caution icons there and there are a few restrictions, so I'm going to go into those. But first let's talk a little bit about what it's actually-- what, you know, what we can transfer from.
So you could do it from any directly attached volume. We don't want any new network volumes. It's really sort of a find-and-replace operation, so you want to. This is sort of for replacing an existing server that's on your rack, and you want to put a newer one in there.
Or something else died and you want to put a new one in there. So you can FireWire disc mode any of those old servers right into this one and transfer from another machine. No problem. Or if you have, you know, the drive you can just slide it into one of the drive bays. So it'll do that. It'll do anything from X.4, X.5, or X.6, so Tiger upwards.
And that is X.6, so you can transfer from one X.6 server to another. We can do it from Time Machine backups, which is very cool. And that'll do X.5 and X.6 since Time Machine wasn't there in Tiger. And like I said there are a couple restrictions which are what those caution icons are. So it needs to be from the same host name. Again, this is a network replacement as far as your network is concerned. You're taking one server out. Putting a new one in.
So you need to replace. You need to have a drive that had. That was configured with that same host name as your-- as the volume, the server that you want to set up. And we don't support dynamic network addresses. Because again, once you-- if you have a DHDP address as soon as you put that new server in there you might get a completely different DHDP address than your old server. So we really only support the manual address case.
But you can go ahead and go reconfigure your old server to have that manual address. Plug it back in and do that very easily. And this list does dynamically update, so you can go ahead and pull the server, plug it in any time. You don't have to reboot your machine that you're setting up. And finally, we don't support advanced Time Machine backups from Leopard, so you have the standard workgroup advanced. And we don't support the advance case there, but you can go ahead and install the server. You can connect the server directly.
No problem. It's just the Time Machine backups that we can't transfer from. Standard workgroup worked great. So this is another kind of refined feature. I just want to point out that we have a couple of check boxes here on the bottom, and I'm going to go into some detail on those.
So the rest of this is pretty standard. You're setting up an admin account. One thing that's sort of different from Leopard here, is the admin is always local. So before, depending on which of these install silos you had chosen, your admin might have been in the Open Directory Master. It might have been on the local disc. We had two other local users that were there.
So this is sort of a simplification from Leopard that hopefully makes things easier to understand. This admin that you're creating here is going to always be created in the local node. It's a local admin. If you create a directory, an Open Directory Master later, then you'll get a separate Open Directory Master and that's sort of an if thing.
So, you know, if you need OD Master admin it's there because you have an OD Master. So again, always local. You still have your root user like you always have. There's no more local admin user with the short name Local Admin. So you just have this admin user that you're creating and the root.
And then again, if you create an Open Directory Master you'll get a third admin for that. So that's always local. Should be a little more consistent. We have these two check boxes, like I said. So SSH and Remote Desktop are enabled when you start your setup. So at any time during setup you want to SSH in and, you know, debug a problem or something like that.
Or you want to go ahead and set up over screen sharing, you can do that as well. One small caveat with the screen sharing setup, is that if you change your network accounts. Oops. Sorry. If you change your network setup, it may drop your connection and you don't have to reconnect.
Again, we have remote setup, which works great. It's pretty much the exact same thing as the local setup and that will actually accommodate that. So if you uncheck these boxes it's going to turn these services off at the very end of setup when it does the rest of your setup. And one other small thing to point out. We're only enabling this access for the admin groups. So we set up service ACLs so that only users in the admin group can access these services. So you're still pretty secure.
The only person that can really access it is your root user. And again, as I said they don't get turned off until the very end of setup. So this is our Gateway panel, and some of you have seen this, some of you haven't. Or seen the Gateway panel in Leopard.
And we've made it. This is a prime example of it only shows up when you need it and it's there to help you. So it's going to do a whole bunch of things for you if you do enable it. But it'll only show up hopefully when you can enable it.
So this is going to actually appear before the network setup. So what happens is you'll say, Yes, I want a Gateway. And then when you get to the network setup it's going to be preconfigured to sort of a Gateway setup. And then you kind of see exactly what settings you're going to get and that sort of stuff. So again, it's going to appear in certain situations only. And those include when you have two connected interfaces. So you're a Gateway. You're connecting a private network with a public network generally.
So you need two connected interfaces. They both have to be plugged in. And at least one of them needs to not be connected to a DHDP server. So when we set up our Gateway server it's going to be its own DHDP server. If you have another on that subnet, this is for the private subnet, then it's going to cause conflicts.
So we detect that and only give you this option if you have two connecting networks and one of them at least doesn't have an existing DHDP server. So again, like I said this does a whole bunch of stuff for you. It's going to turn on NAT, DHDP, DNS, firewall. It's going to really create a Gateway for you out of your server.
And it's going to set up a firewall properly so that everything on the private subnet is going to have full access to all the services. Everything on the Internet, that sort of stuff. But then we do set it up. We turn the firewall on from the WAN interface so you're protected from the Internet.
And so this is our new network setup. And it may look familiar to many of you since it looks just like the System Preferences one. And this was, you, they spent a lot of time designing that. And so we've tried to kind of use that time that they put into it.
Obviously, network is a very complicated thing, so we really like this UI. It's very simple to use. And it's not quite as full featured as System Preferences, but it should have all the basics that you need. Another thing that you're going to notice there is that the LOM setup is an additional couple of interfaces here. So if you have Lights Out Management, a BMC connector, you can go ahead and configure that on this network panel as well.
And you can modify your admin account with that button right there. So a couple things to point out here. You can now use AirPort and FireWire, which you can in any previous install. And that means that if you want to turn those off here you can do that now. If you want to those as full interfaces for something, you can go ahead and configure those now with IP addresses, DHDP, whatever you want to do. Connect the networks as well. So again, like I said you can disable the ones you don't want.
That wasn't really an option before. We just sort of silently did it for you. And one big thing to point out here is that all the other settings in Server Assistant are applied at the very end, so that gives you the option to kind of go back and change any of your choices that you wanted to make throughout the setup. And we tried really hard to make sure that you can go back and safely go forward again. And it's going to keep all your settings.
You know, it's going to modify your settings appropriately. So the network setup by necessity sort of has to happen now. And this is key for setting up an Active Directory and for getting the correct host name. For doing a whole bunch of things. We need to really configure your network now. So every time you leave this panel by going forward, it's going to apply whatever settings you had here. You can always come back and change them and go forward again. It'll reapply the new ones, but it does happen now.
So this is where you're going to lose that VNC connection if you do change that network setting. And you can go ahead and reconnect easily enough. But again, it happens now. So we have some very cool under the scene stuff that happens with a remote connection. So if you're doing a remote setup and you change your network setup, what we actually do is maintain that existing interface and sort of clone it.
So to you everything looks like exactly how you configured it. But we have an additional connection that's kept open underneath, and we'll get rid of that at the end of setup. So that when you're going through this remote setup, it doesn't just randomly drop your connection halfway through. The AirPort Management panel. So this is nicely enhanced from Leopard. It used to just be a sheet that asked you for a password. And this gives you a little more of a visual cue that Hey, we're going to do some special stuff for you.
And again, it's very easy. All we do is say, What is your AirPort password? And this is the management password. Not for like your wireless network. So you go ahead and check that box, add the password. And we're going to do a bunch of cool things for you, so I'll talk about that. Again, it's only going to appear if we actually detect that you're behind the AirPort or a Time Capsule.
And it's going to set up Server Preferences security for you, so I'm going to talk about how we even handle Server Preferences security a little bit toward the end. But it's going to go ahead and configure that for you to work with your Time Capsule or AirPort. And it'll automatically create a static DHDP reservation. So if you're running a server you really don't want your IP address to change.
Here we can go ahead and create that static reservation for you so that your IP address won't change, even if you're using a dynamic method. And finally, it's going to actually do a bunch of-- or it's going to do some DNS configuration for you, which again, I'm going to go into some more detail about. But this is a very cool feature. This lets you really get out of the box and fully running on your network with very little extra help.
So speaking of DNS we have the Network Names panel, and this is slightly modified from Leopard. So in Leopard, in some cases, you could edit your host name and in some cases, you couldn't. In some cases, you always could edit your host name. Here, since we've gotten rid of these configuration silos, we're trying. We've kind of given you both options. So if we detect that your server has a host name on the network, we're going to go ahead and prefill it like you see here.
So, you know, this is a sample host name efiresend.apple.com. That was a pass full resolution. If I say, well, I understand that I have that but I really want to override it into something else. Maybe I have multiple names. What we can do is hit that Edit button, and it's going to say, Are you really sure you want to do this? Because for the small business user who doesn't have any idea about what this is doing, it's going to, you know, cause some problems maybe. We do try and handle this.
But anyway, we're going to warn you and say, Allow editing. And so if you do hit that, again you have that nice editable field like you did in the advanced case in Leopard. So you can change this now. And what we did in the past was sort of muck with your DNS settings under the scenes if you did change it from what matched your DNS.
And we're still going to do that, but now we're going to warn you, which is a nice little enhancement. So we're going to say, you know, that name that you've given us doesn't match what we see in DNS. We're going to go ahead and set up something that we call minimal DNS on the server itself. And I'll explain that. So here's minimal DNS. DNS is simple, right? You've got your cloud.
You've got your ISP. Your server. A couple of clients. I mean, DNS is like the easiest thing. OK? So, you know, disconnect here. The clients connect. Their server connects to the AirPort. The AirPort is connected to the Internet. Then the clients connect to the server. The server connects directly. OK. So, OK. It's not that easy.
Let's look at that a little slower. So you have the Internet. You have your server. They're going to connect up through AirPort base station, which is connected to your ISP. And you have a mix of clients. So initially, what's going to happen is the AirPort is your Gateway. It's going to mirror itself as the DNS server as well.
So basically, everybody's going to look at the AirPort base station as its DNS server. The clients, the server, everybody. And the server is going to. Or the AirPort is going to forward it on to the cloud, to the Internet, and get its resolution from up there. So what we can do is we set up this minimal DNS server. So the server can now resolve itself.
If you set up myserver.example.com, none of the clients actually knew who that was because there was no existing DNS entry. And that was sort of the predicate on what caused this to be set up. So we know there's no existing DNS entry. So we're going to set one up so that now the server can resolve itself. It knows that I am myserver.example.com. The problem is that the clients don't know that yet.
So if the clients say, I want to go to the Wiki on myserver.example.com, they're going to go up to the AirPort base station. The AirPort's going to go out to the Internet, and they still don't know who that is. But because you've provided that AirPort password, we can go ahead and tell the AirPort to redirect everybody to the server as this DNS server. So now, all your clients can talk. When they say, Who's my server.example.com? It's going to ask our new server that we've configured as a DNS server.
So now, everybody can resolve that properly. We have one last problem in that the clients can no longer resolve anything else, because the server knows only about myserver.example.com. So if you do not want to go through Apple.com, that's not in the existing DNS. But we're going to go ahead and set up forwarders for you as well. So now, the DNS server will say, I don't know what Apple.com is, but I know who might.
So it'll forward it on to the Internet for you. So this gets you an out-of-the-box setup where all your clients can now resolve any hosting that you given it during service setup. So we've got sort of an example here of how we've changed that minimal DNS from Leopard. In Leopard, we created an authoritative domain for whatever it was that you said.
So if you wanted myserver.example.com, we would create an authoritative domain for example.com, and then create a myserver record in there. So that caused one problem in that if I now want to go to www.example.com or anything else in that example.com domain, it would go to our server. Our server would say, I am the authority for that but I don't know what that is.
So even if you had an existing server that knew about all the other example.com stuff, it would block any resolution of that. So instead, at Snow Leopard what we've done is create a very distinct record that's only for the fully qualified domain name. So it's going to say, I'm only good for knowing server.example.com. Anything else, ever, is going to get forwarded on to the forwarders.
So now, we have proper resolution even within your corporation for the other domain names. All right. So moving on to Directory Services. This is another thing that is easy to mess, but we're going to try and help you along. So this is where you're going to see a little bit of what used to be configuration silos, but it's really not.
So we're not going to. Any choice that you make here is only going to configure your Directory Services. It doesn't have anything to do with which admin apps you want to use or what, you know, any preferences that you want to set later. It's not going to lock you into anything. You can go ahead and change these later using Server Admin or Server Preferences, and all you're modifying are your Open Directory and other Directory Services.
So we have the three choices here that look very similar to the ones that we had in Leopard. You have your Create Users and Groups, which is going to just kind of silently create an Open Directory Master for you. It's going to create a directory admin named diradmin.
And it's going to. That's the only choice you're going to get. It's going to do that all for you. So this is the small business. I want users and groups. Go ahead and just set me up. The second choice here is the worker configuration. So this is I'm a small group inside of a larger organization. So I want to go ahead and have my own users and groups, but I also want to use the users and groups for my larger organization. And this too is going to kind of silently create that OD Master.
It's going to create a directory admin named diradmin. And it'll also ask you to bind to your directory server for your preparation. So the last one there is sort of the I know what I'm doing. Give me all the options. So we're going to go through and show you that. The first option you would get with that manual configuration is the Connect to a Directory Server. And this is very similar to-- this is basically the same panel you would get with that middle option as well.
So this is I want to connect to an existing thing inside of my corporation. And initially all you're going to get is that first box. So we've made it a little nicer in Snow Leopard. We can actually detect what kind of server you're connecting to. So all you need to provide is a host name for that server. And then we'll figure out if it's Active Directory or Open Directory. And if it requires authentication we're going to prompt you for that too. So these fields will kind of show up as you need them.
And so that's binding to an existing server. And then additionally you want the option to create an Open Directory Master, so you'll get that here as well. And here, these are the defaults that you're going to get. If you've gone ahead with those first two options it's just going to use these defaults, and you hopefully never really need to know them. But they are documented if you need them. Again, we're using the manual case.
So if you want to override any of these settings you can do that now. Finally, we have this Restrict Individual User Access checkbox And so one change that we've done from Leopard by getting rid of the configuration silos is made it a little more complicated for how we handle the Service ACLs. Or at least as far as setup is concerned, it can seem more complicated. Because again, we just sort of silently did one or the other. Now we have to-- we want to give you that choice. So that's what this is here.
If you check this box, we're going to turn on Service ACLs for you on the basic services. The ones that you see in Server Preferences. And hopefully that's not a big deal. So any time you add a user in Server Preferences, it's going to automatically add them to the ACL.
So any new user in Server Preferences can automatically access all the services. Should never need to modify it. The more advanced user in an IT solution may not want to do this at all. They may not want to restrict service access. They know they're on a private network. They know that all their users are going to want access to everything.
And they may be using Worker Manager, which is not going to manage the ACL for them automatically. So in that case you're going to want to uncheck this box, and by default, that box is unchecked. If you'd gone with either of the other options, it's going to turn those service ACLs on. So again, like I said it's kind of. Those other two options are sort of the small business and the worker configuration user.
And they just want to have it all done for them and everything works magically. The Services Panel. So this is pretty straightforward and not too different from Leopard, except for that one little thing on the bottom there which is very cool. So one thing I want to point out first.
You can set the service data location with this one combo box. So that's going to have all your volumes in it, and it's going to default to the root volume just like any normal setup would. But if you want to go ahead and pop that open and go to any of your other volumes, like your data volume or anything else, you select it and it's going to redirect all the services to that.
So what that's going to do is if you have a data volume. [applause] This is a very cool feature and it's pretty awesome that it's a one combo box. So say you chose your data volume. You're going to get a path like this. It's going to set it up as whatever the volume was. It's going to create a root folder called Service Data.
And then there's going to be a bunch of subfolders for each of the services right there. So this is super easy to migrate all your data from. And this is great for our new solid-state drive configurations, because you can put the operating system on that. You can save the attached data volume that has all the data on it, and you're good to go right out of service setup.
There are actually 9 different services that are relocated. It's not just these. It's also MySequel, QTSS, and one other one. I can't remember off the top of my head. So we migrate a bunch of your services for you. This is really great. All your Wiki data is going to be on there. All your iChat users. All your stuff is just going to be on this separate volume. You don't have to crowd that user volume.
That OS volume anymore. And you don't have to migrate all these services later. So again, this is not a migration. This is, you know, you're doing a clean install setup right now. And you've never used this server before so you're going to go ahead and say, OK, I want to start from the get go in this location which is, you know, easy to manage, easy to understand. If you do have existing data there, it's going to say, you know, We can't really do this for you.
Go use Server Admin and you can migrate all that data on your own. All right? So let's give this one a shot.
We're going to actually demo the small business setup, or what we like to call a small business setup. We've got an AirPort base station, a server and a client connected to that base station. And I just kind of want to show how many other base stations so we don't. So I can show you I don't have any tricks up my sleeve or any cards or anything like that.
So we're going to the base station config, and we're going to the Internet control panel. I want to point out three things that are. How to set it up right now. Right now, the DNS server is set up to my upstream DNS server that the AirPort base station is using.
The DCPs, there are no DCP reservations whatsoever. And in that, we have no port mappings to find at all. And I wanted to show you this, because this is all going to handled for you automatically by Server Assistant. So let's go and run through a setup of a server. And, you know, we've all done this pretty much and it's pretty easy to move around. One of the coolest tricks that Eric taught me in Server Assistant is Command right bracket Command left bracket will advance you back and forth in Server Assistant.
It's like, you know, I don't like to use the mouse too much, so this is great. Thank you, Eric. You know, I also wanted to show here that we now have a reason picker at the beginning, and this is important because we're actually going to change some of the additional panels based on which reason you choose right now. So I spent a couple years in the UK, so we're going to do that as part of our demo here.
Because I know the guy who happened to write the app, we have a nice hard coded serial number and so you don't watch me fumble around on that. And here's that migration pane that Eric was talking about. This is going to let us migrate from an external volume or another server that was just set up in target Pyro mode and migrate it for you. We can set it up here and that's pretty much I think the last question that gets asked.
Isn't it? We go straight into the migration. So this is one thing I did want to point out. It's because I'm known in the UK this is actually now localized. It's post code, so for everyone not from the U.S. hopefully you appreciate this. The phone number is actually originalized, so here's my old phone number in the UK. I can't even type in parens because we don't use that in the UK.
[ Silence ]
But of course, we can skip that. Time Zone. How many of you have seen the new Time Zone picker in Snow Leopard? This is pretty cool. So I'm going to go in and type in London. That's my closest city. And we can see actually, there's three dots up there.
The three Londons it found in the database. I don't know actually how it decided the one in England was the one I wanted but it was, so that's great. It's not in New Hampshire and Canada.
[ Clapping ]
I think there is a London, Kentucky as well, but it didn't show up on. But I think there is a database that you can go online and update that on.
So adding an account, this is again pretty straightforward. Nothing too simple though. You notice it's-- Apple is not my password. Not like everyone else's demo. Now this is great. We can now modify the Yes It's Safe settings and the Error D settings right here. And here's the new network pane. Eric actually has done I think a couple things that really annoyed me about the network pane before which is actually I can just drag the change the search order.
[applause] Which you can't do the network preference pane. So I thought that was really cool with Eric. We like to personalize it too, because instead of saying Server Assistant, it says Eric did this, Eric did that. Because when it breaks it's on a QA guy, it can say Eric really screwed it up. But he's done a great job with this.
We're going to go into a stack address here, or DCPS the manual address. And continue on here. We can do IPD6 here. We can do that turn off. We can enable jumbo frames right here from the setup, which I'm not sure we could do before. So that's very cool. Now this is what Eric was saying.
It's actually going to modify the network settings right now. And the reason it has to do this is because we had problems in Leopard where we didn't modify the network settings when he changed it. How many of you have tried to find the AD in Leopard from setup and had some problems? Yeah. I see a few hands in there. And the reason why is because for you to bind to AD you have to be using the right DNS servers when you bind.
And we didn't have that as part of the setup. In other words, when we asked our AD question we weren't using the right DNS at the time. So it automatically discovered that its router, or and, you know. Because we're in the UK, I can say the rooter [phonetic]. It's asking for an admin password here, so we'll put the admin password in.
And so now, it's actually going to use-- Tim, look at the IP address and find the host name. Now, that IP address I have didn't have a valid host name, so it left it blank. And it's pretty intelligent here. If it found an IP address, it will also address it, like Eric said, and you can override it, which is cool. Because before you couldn't even override it in some of these environments and that annoyed a lot of people. So we'll go ahead and just put in my network name here. Now we're into the Directory Services section.
Now I'm going to do this nice, easy integrated all-in-one set. We're just going to handle the users and groups. It's automatically going to create an Open Directory for us. It's going to create a diradmin account in there and that's going to be our admin account with the same password that I put in before. Here the services, I can disable or enable any of them right here. Are these untitled safetys? Oh, we'll use it. So we're going to store service data on one of these external partitions. And that's phenomenal.
I mean I'm so excited about that one feature right there. Mail options. This looks fairly similar to the pane we had in Leopard.
[Inaudible].
Right out of the box. You can actually set up a relay and do your SMT relay authentication in case you needed to. In case your ISP isn't allowing outbound SMTP, you have to use the relay. Oh, Eric, you better fix that.
Oh, yes.
See, Eric screwed that up. So here we go. We got the review pane at the end and we can go into details like before. Pretty nice and easy to say. Should I show this now or skip this? Or you going talk about this another time?
Never mind. And that's about it. So that's set up in the box. You know, we-- there are a tremendous amount of panes as Eric showed in the beginning. But I got asked the questions I just needed to do for this setup.
All right. So that's going to set up in the background and we can move on. So like he was saying, this is your Review panel and you have that Details button there down on the bottom right. If you click that, you're going to get that same sheet he showed us. But then there's a couple extra options here.
One, you can click Save Summary and save this whole thing out to a text file which is handy for reference later. But you can also automate your entire setup in the future. So if you want to hit Save Setup Profile, you're going to get a sheet that looks like this. And so auto server setup is something that existed in Leopard and I think before as well.
But we've enhanced it a little bit for Snow Leopard. So for one, the plist that you created, the profiles that you created in Leopard were very oddly named. You had to name them with the IP address that you wanted to, the server that you wanted it to apply to or the MAC address.
That was just a bunch of numbers. And they ended up having these very odd names and they were very hard to kind of keep track of. So we changed that in Snow Leopard. You can now name your profiles anything you want. You can name them MyExtraController.plist, or MyTimeMachineBackupServer.plist.
Whatever you want to name them, just so long as they end in plist. And the way that you figure out which ones they actually apply to. So the way that it works is you put these profiles on a disc somewhere kind of at one of the root levels.
And then as soon as the server comes up it's going to look for these profiles and say, Whichever profiles apply to me pick the best one and set up my server with that configuration. So what we're doing here is we're saving out this configuration that we just did, and then you can go ahead and put that on like a flash drive or anything else.
And as soon as you plug that flash drive into the server that's waiting to be set up, it'll apply all this configuration and you don't have to do a thing. So again, you need to kind of say, because you might have 30 of these profiles in a single folder and you want to know, OK, this machine here is going to be in my X-group backup. So I want to apply this profile.
So what you would do is go ahead and click that second radio button, and then you can go ahead and add all these predicates. So you can say, I only want this to apply to servers with the serial number of this, or this IP address of this, or the Mac address of this. You can add as many of these as you want, and it's and/or operation. So if any of these match it'll apply to that server.
And I'm showing E is here, but there's a bunch of different options. So you can say the serial number begins with this. So if you want to use the first 8 characters like you do in a lot of other cases, you'd say, The serial number begins with and then you'd give the first 8 characters.
If you want to do a subnet, you can say, The IP address begins with 192168.0. Pretty simple. Additionally you have Begins with, you have Ends with. You have Reg Exes. There's a bunch of different options in here. They're all case insensitive, and so you just, like I said, specify as many of these as you want.
You can go ahead encrypt the plist if you want because it is going to have your admin password in it. And you can go ahead and save that outright here and then, like I said, put it on a flash drive. Go plug it into any of your servers that are waiting to be set up. As long as this predicate applies, it's going to go ahead and set that server up no hands on.
[ Clapping ]
So this is another very nice addition that we've added in Snow Leopard. This is your desktop kind of as you see it when you first boot in. And you're going to notice this new document on your desktop called The Next Steps Doc. And what this is, is a very personalized document to the server that you just set up. So it's not just boilerplate that's going to be the same on every install. We actually-- you'll see host names. You'll see IP addresses in here. Which entries you see are going to change.
So just to point out some examples that you would get on a pretty standard server. It's going to say, You've set up user groups. Your diradmin name is this. Go start using Server Preferences to start setting that up. So again, this is sort of a reminder of what that diradmin name is if you ever need it.
And sort of gets you started on where you want to go. If you didn't create users and groups it's going to say, you know, you've enabled some services that require users and groups. You probably want to go to Server Preferences and create an Open Directory Master, which you can do now because configuration silos are gone.
If it didn't detect proper DNS it's going to say, OK, go set up DNS. You may need to go talk to this DNS server and add an entry for that. If you've turned on Mail and it notices that you don't have an MX record for your server in your DNS server, it's going to say you probably want to go add one of those. And then we also get this nice entry about how to create a signed SSL Certificate.
So in many situations you really want to go do this, so we've kind of gotten you started on that as well. And so, what this document sort of addresses is the things that we couldn't do for you. I mean there are outside network forces that we can't configure. You know, we can handle the base station, an AirPort base station, but we can't do other routers.
So if you had a third party router it'll say, Add UR DNS server. If you want your clients to be able to see you as a DNS server, go modify your router and add you as an entry. So we're really just trying anything that we couldn't do for you we're going to try and lead you that direction. So I want to look a little bit at the new admin tools, specifically Server Preferences. And again, like I was saying there are no more configuration silos.
So if you don't have an Open Directory Master, when you go to users or groups it's going to say, Do you want to create and Open Directory Master? and it'll do that all for you in that same very easy setup that we kind of had in server setup where you just choose the option, it's going to use some great defaults, and set it all up for you really quickly. So again, we have Address Book.
That's one small addition. And then we changed the security model a little bit to make it a little bit easier and a little bit less confusing for users behind an AirPort. So the security panel now actually will detect that you're behind an AirPort base station, and it won't show you the local firewall because you already have your AirPort's firewall. And if you don't have that on it'll give you the normal one.
So what you're doing here is when you turn it on and off it's actually going to turn port mapping on that AirPort base station. You can manage it just like your local firewall and you can go ahead and say, I want to add a service and choose it by name and add those in.
And it'll go ahead and poke those ports in the AirPort itself and use the, you know, kind of manage that firewall for you. So again, if you provided your password for the AirPort during setup, this is all ready to go. You just need to add the services you want to poke ports for, and you're good to go.
So we're going to pick up where we left off. The server is not completed. It took a while and I don't want to have you sit there and watch the dialogue box. So the server's not completed.
We're actually going to go back and look at the base station and see what happened. So now we're going to the Internet panel and we can see here, now I can zoom, the DNS server has changed, right? So what it did is it took the old DNS server and moved that to the secondary. And now it's using the server we set up as the primary DNS server that the base station is going to hand out.
And this is great because part of the problem we did before was that when we did the automatic client configuration we have hard coded this DNS server into your configuration. So if you went down the street to Starbucks you'd still be using 10.0.100 as your DNS server, and that wouldn't work. Made a lot more sense to have actually your network DHCP than the DNS servers instead.
So that's great. We're using that now as the DNS server. And we took a precaution here. We made sure that we have a DHCP reservation in for the server. That way the AirPort base station will never hand out that IP address as for the DHCP. Nothing exciting in that quite yet.
Should be pretty empty because we haven't actually set up any port forwardings yet, so we're going to do that. So now we're on our server, and there's The Next Step Document that Eric was talking about before. Again, it's custom tailored to my setup specifically. So for example, we can see configured DNS actually had the IP address.
And actually it has the IP address of the AirPort base station in this case because it knew that that was my access point to the Internet. If this server was acting as a Gateway or was disconnected to your, perhaps your organization, it would have the server's IP address here instead.
This is very cool. It's very customed to your environment. If you're in an environment where we're concerned that your firewall needs to have some additional setup, it's going to tell you here, Go configure your firewall, and give you some pointers on how to do that. Also reminds you of what your Directory admin account is just in case since we automatically set that up for you. Very cool. I like this a lot.
So here we have Server Preferences. This is great. I can now actually go into Server Admin as well, and I just want to kind of show that I opened up Server Admin, didn't get yelled at, screamed at, kicked around a little bit. I have both of them open just fine. And I kind of want to show the DNS configuration on the server. So because this is minimal DNS, we want to make sure that you don't actually go in here and modify it and kind of leave the server in a bad state.
So we're going to warn you here. You can tell it to leave you alone and go away, and we can do that. And this is the change that we're talking about, that we made in Snow Leopard. Before this domain, the primary zone name would have been just example.com.
And Eric showed that that could be a real problem, right? If we would try to go www.example.com, this server would say, I don't know what that is. Too bad. So now we're only an authoritative for this server, and we don't stomp on any of those other hostings that you might have in your domain.
So that's very cool. We're going to back in Server Preferences though, and I kind of want to show this security pane. Because now if we expose these services on under the hood. Under the hood is the name of the AirPort base station. So instead of doing a local firewall, it's going to do the firewall in the AirPort base station. So let's go in and add a service.
We want to make the, maybe the web and Wiki server that we had already set up available on the Internet. So we're going to add that. We're going to get a little warning. Because the base station requires a restart to update its port mappings, we want a kind of warning that that's going to happen.
So this says Quit Server Preferences to apply these settings. So we're going to go in and quit. And here again, it reminds you that it's going to have to reset the base station. Because this is a disruptive network thing, we wanted to kind of give you an opportunity to opt-in for when this research is going to occur.
So we went from the base station to restart and then we go over the client. Is there anything else that I was supposed to show on the server?
Sorry?
No.
Nope. All right. So we're going to-- show automatic client configuration. And so before on Leopard we did this in a couple places. We gave you an opportunity to take advantage of it.
We did it during the client setup. It would detect the server on your network and ask what you wanted to do on that client configuration. And we also did it in Directory Utility. So the first time you open Directory Utility it might detect if there's any servers that can automatically configure. Or be automatically configured from and use that. We added a third way in Snow Leopard. So on my server I already have a user name Josh Durham or we're going to set it up in the Directory.
I create it in Server Preferences. And I'm going to login. And what's going to happen here, if I remember my password, which is not-- well, it is Apple. Sorry. So what's going to happen here hopefully, Eric, is it should at login now detect that there are-- I don't have a mini-bar-- that there are other servers. That there's a server available to set up.
And I should check to see if that server has an account with the same short name or full name as my. As the account that I logged in locally here. It didn't work.
[Inaudible].
It's a mini-bar, buddy.
One more time?
Should be.
[ Silence ]
Great. So let me just show you how we can actually now do this here in Accounts since that didn't work.
So here is a little change that I do want to point out. Because in Leopard we had Directory Utility and the Utilities folder right next to the Directory app in the Utilities folder. We decided to really change things around and get rid of both, so there are no Directory anythings and the Utilities folder anymore.
Core Services.
System Library Core Services, Directory Utility. Right? Yes. There it is. It's just moved. And we hid it because you can actually get to it from the Accounts pane now, so it's just kind of a different path to get there.
Oh, it came up finally. [applause] I was stalling there. So I promise. You know how demos have been at WWDC this week. This came up fine instantly six times before the setup and then the balloon popped. So we're going to do a setup here. You notice that it actually says that the service provides Address Book, iCal, iChat and Mail Services. It actually looked up the server configuration and knew what services the server is going to offer there. So we're going to do a setup. And it's asking for my user account on the server.
Let's see if I remember this password, and it's asking for my local password. And what it's going to do, it's going to automatically configure my applications, Address Book, iCal, iChat and Mail, to now use the server. So we're going to log out and log back in to apply those settings.
[ Silence ]
Some.
Small handful?
[ Silence ]
OK. So we're going to through some of the services here. We're going into iChat first. And so iChat I'm automatically configured with myserver.example.com, which is the server we set up. We can actually see that it auto-populated it with people in my workgroups.
So I had created an account for Eric, and he's automatically been added to my workgroups, so that's pretty cool. If we go into the Accounts pane we can see it did get set up. So, and this is kind of proof that DNS is actually working as well. Because the server that we're using is myserver.example.com. So there's iChat. Let's go into Mail.
Probably should have started with Mail. Forgot about this. So remember I, when I was setting up the server I sent out a welcome email to my new users, so let's take a look at that welcome email. Nice thing about the email is it actually now has links inside the email so you go to specific things. It also tells me about my email address that was set up. So we can go onto the web server for example and login.
Oh, it's [inaudible].
[ Silence ]
Great. So here's the Wiki. I can create it right here. I'm not going to do that. For the demo iCal you can see it's actually now connecting to the server, so this is actually in my Web Calendar. So I'm going to create an event for today.
[ Silence ]
[ Silence ]
All right. So we've updated this through the Web Calendar, or to my network calendar in iCal. We're going to actually go back to the Wiki server, and I am completely strayed off the demo right now. So we're actually going into Calendar on the web server, and yeah.
Not there.
[ Silence ]
Yeah, I don't know. I'll take a look at that later. And then finally, Address Book. Address Book is now automatically set up. We have Address Book server on the server. So now we have an Address Book that we can now access over the server.
So one thing to point out here, this is great for configuring all your services. But if you don't want to set up a Directory Asser [phonetic] or you have a D or you have some other configuration where you don't really want all your clients to bind, we still have the DNS resolution. So you can still hit the Wiki and anything else that doesn't really require users or-- no problems.
So you can actually like hit the Wiki from a Windows client, because that DNS resolution is going to work. You can go ahead and say anything. Whatever that domain name was that you gave, myserver.example.com, that's going to resolve on the network now because we're going through the router rather than using this client binding thing. So that universal DHDP mechanism is much better than the Leopard one. And again, they can hit File Sharing. They can hit the Wiki. They can hit a number of different services without having to do any other configuration. It's just that domain name is going to work.
So I forgot to show this. This is the port mapping from the AirPort base station. You can see it. It's set up with a few defaults. But because I selected Book, I wanted the web to be ported, there's Port 80 and 443. So this is cool because now I can go to my ISP or GoDaddy or whatever, register myserver.example.com, and have it point to the base station's IP address.
And the base station's now going to automatically forward that. So this is great. So that now when I'm on my local network myserver.example.com is going to resolve to my internal address. And then when I'm roaming it's going to use the external address. The address of the AirPort base station. So it uses kind of a split DNS there and that's actually really nice. So you can be able to get to your settings from anywhere. Or your data anywhere. Well, Eric, is that it?
That's about it.
OK. 1