THE INFORMATION CONTAINED IN THIS MESSAGE IS UNDER NON-DISCLOSURE

Mac OS X Server Snow Leopard Seed

Welcome to Snow Leopard Server 10.6 v10A433.

Installation Instructions

Installing Mac OS X Server To start installing Mac OS X Server, insert the Mac OS X Server install disc and double-click the Install Mac OS X Server icon. When the Installer opens, follow the onscreen instructions to proceed with installation on the disk that you select. In-Place Upgrade Installs from Mac OS X v10.5.x are supported; simply choose the disk or disk partition you want to update from the from the list provided by the installer.

Supported: - In-place upgrade from 10.4 -> 10.6 - In-place upgrade from 10.5 -> 10.6 - Migration from 10.4 -> 10.6 - Migration from 10.5 -> 10.6 - Migration from 10.6 (10A433) -> 10.6 (10A433)

Not supported: - In-place upgrade from any 10.6 seed -> 10.6 (10A433) - Migration from any earlier 10.6 seed -> 10.6 (10A433) - Promotion from any 10.6 client

To perform a migration: - Clean install on a different partition (per the existing instructions). - In Server Assistant, select the 10.4, 10.5 or 10.6 partition to use as a source volume. - Allow Server Assistant to perform the first phase of migration, usually 1-5 minutes. - Click continue to perform the second phase. Note: The time required for the second phase varies and is dependent upon the amount of data on the source volume and the speed of the hardware connections.

Erasing and formatting your disk You can erase and install Mac OS X Server on your hard disk using .

NOTICE: If you erase the destination disk, everything on the disk—your accounts, network settings, and all of your files and folders—will be deleted. Before you erase your disk, quit the Installer and back up any files you want to keep.

To open Disk Utility: 1. From the Installer, choose Utilities > Disk Utility. Select the disk you want to erase. 2. Choose a disk format. In most cases you should chose Mac OS Extended (Journaled). 3. Give your disk a name, and then click Erase.

Customizing your installation If you see a message that you don't have enough disk space to install Mac OS X Server, deselect items to be installed, such as printer drivers, to save space. To customize your installation: - Click Customize in the Install Mac OS X Server pane of the Installer.

Quitting the Installer To quit the Installer before the actual installation process begins: 1. Choose Quit from the Installer application menu. 2. Click Startup Disk to select a startup disk for your computer.

Installing without a router During the setup of Mac OS X Server you will be prompted to enter a network router address. If you do not have a router in your network, enter the IP address, instead.

Areas of Focus

Upgrade and Migration Please test an upgrade install.

Calendar Server Please test upgrade installs and SSL.

Podcast Producer - Using various Camera and Video input devices from a wide variety of manufacturers is encouraged; providing information both regarding devices which fail and devices which work as expected is welcome - Leopard Capture writing media to Snow Leopard Podcast Producer Server - Using Active Directory as your Directory System

Areas of Change and Developer

Server Assistant Server Assistant has been revamped with a new look. The Server Assistant application has been removed from the Server Folder. Remote install, remote setup, and auto server setup are now intiated from Server Admin's Server menu. You will need to create new profiles for use with SnowLeopard's auto server setup. Additionally, Server Assistant creates a self-signed SSL certificate using the server name chosen during setup. This certificate will appear as a selectable choice in the Server Preferences Info panel, as well as various service plugins in Server Admin.

Server Preferences Server Preferences in SnowLeopard no longer manages the Adaptive Firewall present in Mac OS X (non-server). If you have an AirPort Extreme or TimeCapsule, it will manage portmappings if you enable it to do so (either in Server Assistant or Server Preferences). Otherwise it will manage IPFW.

Certificate Management Certificate management has been entirely rewritten in Snow Leopard Server to make use of Mac OS XCertificate Assistant. Please use Server Admin or Server Preferences togenerate a signing request and obtain an SSL certificate. We would liketo get coverage with different certificate providers. Directory Services .app, formerly located in /Applications/Utilities/ is no longer the primary mechanism for binding to Open Directory and Active Directory. The new binding UI is in ->Accounts->Login Options->Directory Services. From this sheet, you can also open Directory Utility.app if you need it for more advanced LDAP or Active Directory binding.

Open Directory OpenLDAP has been updated to 2.4.11, and the LDAP server (slapd) has been enhanced to support a much larger number of connections.

Podcast Producer - Podcast Composer is an easy to use application with an intuitive Automator-style panel interface which leads you through the steps of defining video based Podcast Producer workflows. Podcast Composer can be found in the /Application/Server folder.

- Using either Podcast Capture or the new Web Podcast Capture users can use the new Dual Source Video Capture feature to create picture-in-picture format . Users can select from several Apple provided templates for displaying your picture-in-picture podcasts. Or users can create their own unique and interesting layouts using Composer.

- With Web Podcast Capture users can control remote cameras and microphones to capture their podcasts or submit content to Podcast Producer using any modern web browser from their Mac, iPhone or PC including 3 and 4 for Mac, iPhone and Windows, FireFox 2 and 3 and Microsoft IE 7. After setting up the server, it is running by default and can be accessed at: https://myserver.com:8170/podcastproducer/capture

- Podcast Producer 2 is now easier than ever to setup, using a new setup assistant in Server Admin. The new setup assistant provides an express mode that can setup Podcast Producer and all its related services in a matter of minutes. Or users can choose the standard setup mode and quick configuration of Podcast Producer.

- Podcast Library is a new simplified publishing model for Podcast Producer 2. Podcast Library provides long-term storage and organization for submitted and generated media files. Podcasts are vended using automatically generated Atom and RSS feeds. With the support of Atom feed, each feed can contain multiple enclosures, providing a more efficient way to organize and present podcasts. You can download original source and workflow results by visiting the Podcast Producer Library at feed://myserver.com: 8170/podcastproducer/catalogs. Simply cut/paste URL's into iTunes for subscription services. Library feeds are automatically created by: Date, Workflow Name, Submitting User, Keyword. Bookmark the Library feed as a convenient method to easily access Podcast Producer results!

Wiki Server A new default theme is available in the "Settings" page but not yet selected as the default. Pages can be starred and lists of starred pages can be retrieved from My Page. Attached documents now feature in-browser , which allows you to view attachments in the browser without downloading them. The now features an iPhone theme, which allows you to browse the wiki server in an iPhone-friendly format.

"My Page" features a list of all updates to every wiki on the server. You can also use My Page to search the contents of every wiki simultaneously. If you get a server error when loading My Page, try deleting your cookies.

This build includes Authenticated SMTP server settings for wiki notifications. Web-based e-mail rules, vacation notices and password change are also now supported. Trying out web-based email rules, vacation notices, password change and group mailing lists and writing up any issues you encounter is highly encouraged and much appreciated!

Mobile Access Mail Proxy Settings: You can use the Mobile Access service to configure a mail proxy for mobile users. In a default configuration, you will only need to enter the hostname or ip address of your IMAP and SMTP servers before starting Mobile Access. If you decide to change the mail hostname or the advanced settings, after saving your changes, stop and restart the proxy. To allow users to connect to Mobile Access servers, you must first grant access to your users and groups within the access tab view. After changing access privileges, it is not necessary to restart the proxy.

Both IMAP and SMTP are supported: - Default SMTP port for a client is 587. - Default IMAP port for a client is 993 - Use authentication type "password" when configuring IMAP and SMTP clients. - Enable SSL for IMAP and SMTP connections. - Supported server SMTP auth methods are none, plain, login, and CRAM-MD5. - Supported server IMAP auth methods are clear, plain, login, and CRAM-MD5. - IMAP can be configured for SSL. - SMTP uses TLS automatically when available. - The default IMAP port for connecting to a mail server is 143 with no SSL - The default SMTP port for connecting to a mail server is 25 with automatic TLS support

User Access Information: - SSL is always enabled. - User authentication and authorization is always required. - Use the access tab view to grant access to mail servers through the proxy. - Access can be granted to individuals or groups. - There can be a 10 second delay after saving access changes before they become available. - Connected users will not be affected by access changes until their next login.

Web proxy settings Enter web site name of back-end server. In order for the proxy to work, you need to have a DNS entry that points the domain name of the back end server to the proxy for external clients (split-dns). You can test the web proxy functionality by adding an entry in /etc/hosts/ on your client that maps the web server dns name to the proxy. You need to enable users to access the server through the proxy using the access tab view.

Push Notification Server To get started with the Push Notification Server, complete the following steps:

1. Start the iChat server 2. Start the Push Notification server 3. Start the iCal server 4. Connect an iCal client to the iCal Server. At this point, if you look at your iCal account prefs, you should see "push" as your polling interval

Starting the Push Notification server will also start the iChat server. Additionally, if the iChat server is ever restarted, the notification server will need to be restarted manually.

Calendar Server - User account creation When creating user accounts on the server, be sure to assign each account an email address. This will allow an event's organizer to add attendees by entering their email address. If you are using to create the accounts, click the "Info" tab on each account to find the "Email" field.

- iCal account configuration To configure an account within iCal, open iCal's Preferences, click on Accounts, then click the plus (+) sign. Enter the user's name in the "Full Name" field, enter the word "Seed" into the Email Address field, and enter the user's password in the "Password" field. Click Continue. In the next form that appears, choose Account type: CalDAV, give the account a descriptive name, and for the Account URL, enter http://localhost:8008/principals/users// (where "") should be replaced by the actual username for the account, e.g., "http://localhost:8008/principals/users/joe/". Note the trailing slash is required. Finally, fill in the username and password and click Create.

- Push notification iCal Server uses XMPP publish-subscribe to announce when modifications have been made to a user's calendar. Calendar clients such as iCal who are listening for the announcements can then fetch the changes, eliminating the need for polling, and providing near-real time calendar updates.

- Assigning Delegates The /usr/sbin/calendarserver_manage_principals command line tool is used to specify delegates for users, Locations, and Resources, set the read/write state for the delegates, and set the auto-accept state for the latter two.

- Implicit scheduling iCal Server now supports the latest CalDAV scheduling specification which adds support for server-side scheduling message processing. The advantages of this are an improvement in scheduling data consistency between Organizers and Attendees, as well as improved behavior with respect to event updates (which no longer require the Organizer to have a Client running all the time in order for status changes to be propagated to all Attendees). In addition, it opens the door to "thin" clients or other types of calendar application with little knowledge of the full (complex) scheduling process to also participate in scheduling with very little additional overhead.

- Web Calendar Web Calendars are now available for individuals (from My Page), and you can now browse free/busy and invite attendees to meetings. A read-only list of upcoming events on a user's calendar is available from the iPhone under the "News" page.

Other changes - The ability to specify delegates and set the auto-accept state using the iCal Server Utility has been removed. - All Locations and Resources are reservable by default - User delegates can still be specified using the iCal Preferences UI

Mail Server In Snow Leopard Server, IMAP and POP services are now provided by Dovecot open source mail server. Snow Leopard Server continues to offer all the existing mail server features available in Leopard Server while adding significantly enhanced scalability and improved data reliability, including automatic data corruption detection and repair.

It is a good idea to validate the default Mail settings configured by Server Assistant for your particular configuration using Server Admin. The following are known inconsistencies: - Defining an SMTP relay should be done in Server Admin

Dovecot has two new settings for the imap and pop3 protocols which can be appended to /etc/dovecot/dovecot.conf: - mail_process_per_connection = yes/no Should each connected client have its own mail process (yes), or should one mail process serve multiple clients (no)? Yes is more secure, no is more scalable. - mail_max_connections = number Maximum number of concurrent connections allowed per each mail process. Meaningful only when mail_process_per_connection = no.

Software Update Server This build includes concurrent support for Tiger, Leopard and SnowLeopard catalogs

- Configuring the Server Server installs pre-configured for Apple (swscan.apple.com)

- Configuring Clients - % sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL = "..." - Catalog URL format: http://myserver.example.com:8088/{catalog-name} - Client OS version-specific catalog names: 1. Tiger: index.sucatalog 2. Leopard: index-leopard.merged-1.sucatalog 3. Snow Leopard: index-leopard-snowleopard.merged-1.sucatalog

Address Book Server Use Server Preferences or Server Admin to start up an Address Book Server for storing on your server.

Address Book Server Plug-in To access contacts stored on an Address Book Server account you have to configure Address Book to use the account:

1) Bring up Preferences 2) Click on the Accounts tab 3) Click on the add (+) button 4) Select Address Book Server as the account type 5) Type in your email address and password and click on Continue 6) Type in an account description 7) If the other fields are not automatically filled, enter the server address, user name and password for your account on the Address Book Server 8) Click on "Create"

Once the account is configured, it will be listed in the left-side column.

To connect to the Address Book Server account using SSL, enter the Server URL as "https://hostname:8843" (match the SSL port to the SSL set-up for Address Book Server in Server Admin.)

Portable Home Directories/Managed Client - The passwords to the network home for PHD users are now stored in the user's . Most of the time the information will be obtained automatically, but you may be requested to re-enter the network home password if passwords have changed. Similarly, you may be prompted to allow ManagedClient to access the user's keychain. The description in the user keychain will show "HomeSync Password" for entries automatically set up by ManagedClient.

- ManagedClient users that have managed printers options set up and have the "Allow user to modify the printer list" enabled will now be added to a special group on the client called the mcxlpadmin group. This group is part of the lpadmin group and membership in the group will allow users to add or remove printers on the client without the need to unlock the System Preferences pane.

- When creating a new portable home directory account, if the sync can't complete, you are given an option to continue to log in and complete the sync later. This option can be disabled using the preference manifest homeSync keys (cachedaccounts.onFirstTimeErrAskToContinue).

- The mcxrefresh tool allows you to refresh the client's managed preferences via the command line. The tool supports Active Directory servers if you provide a valid password. See the man page for more information.

- The mcxquery tool now supports hardware UUIDs as an option for locating managed computer records. See the man page for more information. - For managed printers, a custom local PPD path location can be set up via the PPDPath key in the com.apple.mcxprinting domain. The PPDURL key is no longer used.

- AppleTalk printers are no longer supported in 10.6.

- A new option in Workgroup Manager "Only Show Managed Printers" will filter out non-managed printers in the client's printer popup printer list. If you do not enable this option, both managed and unmanaged (client system) printers will show up and be available to users. You will want to disable this option if you allow your users to add or remove their own printers since those printers are not managed printers, and those printers will not show up in the printer list.

- There are new preference manifest options for setting up screensaver preferences when the login window is showing.

- A new preference manifest option was added in com.apple.MCX for setting up a time server.

- There are various terminology changes in the com.apple.homeSync preference manifest that should be noted. The term "background sync" has been replaced by "home sync", and "login & logout sync" has been replaced by "preferences sync". The motivation for these changes is that, since sync sets can be done at various times, the wording that represents the "time at which the sync occurs" has been replaced by "what the sync actually does". Thus, it's now possible for the old background sync to also be run at login and/or logout. Take a look at the new interface in Workgroup Manager for Mobility preferences for more information. By default, both the home sync and the preferences sync sets will be run any time a sync occurs.

Bug Reporting This build is being provided to you for testing and development purposes. Should you encounter any problems, please submit a bug report using the online Bug Reporter at . Please make sure to include "" in the bug title and description. This information will ensure that your bug is processed quickly.

When submitting a bug report, please make sure to include a Summary, Steps to Reproduce, Actual Results, Expected Results, the System Profile Report, and any other relevant information that is necessary to process the report.

IMPORTANT: Engineering requires additional information for crashing bugs, kernel panics, and hanging issues.

Crashing Bugs: Crash logs are required for crashing bugs. Crash logs can be located in ~/Library/Logs/CrashReporter

Kernel Panics: Backtraces, which contain vital information for investigating kernel panics, are required for kernel panic issues. Backtraces can be saved to nvram on restart shutdown, then copied to the panic.log file on restart. The panic.log file can be found in /Library/Logs/PanicReporter.

Hanging Issues: When an application is hung, a Sample should be provided. This can be done using the Activity Monitor (/Applications/Utilities/). To generate a Sample using this utility, click on the hung application name, then from the View Menu select "Sample Process".

For complete instructions on submitting bug reports, please visit the Bug Reporting page at

Legal Notices The software identified above is Apple Confidential Information and your use of such software is subject to the Apple Developer Connection Programs Terms and Conditions, including the Prototype License and Confidentiality Agreement attached thereto. Distributing the software to anyone other than an ADC member who is working for the same entity as you is considered a violation of your agreement with Apple and is damaging to both Apple and those who develop for the Apple platform. We sincerely appreciate your efforts to keep this software Confidential.

You agree that you will not export or reexport any of the software or Confidential Information received from Apple (a) into (or to a national or resident of) any U.S. embargoed countries (currently, Cuba, Iran, Libya, North Korea, Sudan, or Syria) without first obtaining proper authorization from the U.S. Government; or (b) to anyone on the U.S. Treasury Department's list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person's List or Entity List. You also agree that you will not use said software for any purposes where prohibited by United States law, including, without limitation, the development, design, manufacture or production of nuclear, missile, chemical or biological weapons.

This seed note is an appendix to the Prototype License and Confidentiality Agreement between Apple Computer, Inc. and the addressee.

THE INFORMATION CONTAINED IN THIS MESSAGE IS UNDER NON-DISCLOSURE