Open Enterprise Server OS X Server

Johnnie Odom Why Compare?

• Why Me: Part of my continuing quest for the Apple and Novell® Singularity.

• Both systems compared frequently to Linux and Windows Server but not to each other.

• Given Novell’s well-known Apple blind spot, some insights might be gained in examining Apple’s approach.

• Given Apple’s well-known Novell blind spot, large organizations with a large number of Macs might not initially consider Open Enterprise Server.

• Some surprising commonalities ...

• Be careful with me. I’m trying to remember OS X Server 10.6 - 10.8 and Open Enterprise Server 2 – Open Enterprise Server 11.

• Apple: Simplicity above all else.

• Novell®: Functionality and Scalability.

• Reverse those to see each company’s weak spot.

• Open Enterprise Server grows to fill new functions

with every release and also to support SUSE® Linux Enterprise Server versions.

• OS X Server redefined between OS X 10.6 and 10.7. Lots of feature cuts, along with price drop. Kind of a dada-ist reinvention of what “server” means.

• OS X Server: Small organizations with a majority of Macs and some Windows or larger organizations (especially Education and Science) with a large Mac and Apple presence.

• Open Enterprise Server: Traditional Novell® customers. Large organizations with a mixed infrastructure with majority Windows clients but also Linux, OS X, and other devices.

• Both compete against Microsoft for workgroup services and Linux for network services.

• Both offer a core of Unix-style services and functionality with extremely valuable proprietary components layered on top.

• Both are successor products to non-Unix solutions.

• Both sell largely to a customer base invested in other products in the company ecosystem.

• Price: Open Enterprise Server priced per user. OS X Server 10.8 $20 when you already own a Mac. OS X Server 10.6 $1,000

• Strong geographic identities in the engineering groups.

• Invented and abandoned network topologies (and briefly shared a successor in SLP).

• Which leads me to a funny story about DNS …

• Build on technologies already developed in-house for new products.

• Novell interested in having OES do things the SuSE way – YaST, LUM, etc.

• Apple unafraid to reinvent Unix technologies for OS X: Launchd, DS, metadata.

• Open Enterprise Server is based on SUSE® Linux Enterprise Server, so one gets Linux + YaST.

• OS X Server is built on OS X, which is a more complicated beast.

– NeXT roots: “Rhapsody Server”, Network Home Directories etc.

– XNU Kernel based on Mach

– Unix layer above that, but most unix components in OS X sit beside the Cocoa libraries.

– Cocoa - the combination of Objective-C with a set of rich libraries written by Apple and NeXT - is the core of OS X.

– Additionally, OS X has its own means of doing init, cron and the like - launchd

– And while the BSD authentication system is present, the main directory system is Directory Service, which is represented by XML plists on a local node.

• Open Enterprise Server: eDirectory and its attendant technologies: NMAS, Novell® Certificate Server, Universal Password, etc.

• OS X: OpenDirectory (modified openldap) with an integrated Password server and an MIT Kerberos variant.

• No real comparison in this arena. eDirectory is much more scalable and feature-rich.

– OpenDirectory replication is read-only and tiered.

– Containers not supported for OD.

– eDirectory can easily be extended to support OD schema. OD does not support either eDirectory or Active Directory schemas.

– But eDirectory, while supporting GSSAPI, is not easily integrated with Kerberos other than Microsoft’s revision via DSfW.

• Common problem: User information held in a network directory service.Users interact with local system. How to connect the network user to the local system?

• Open Enterprise Server Answer: Linux User Management (LUM) with its “nam” toolset. Map eDirectory users to traditional Unix/ Linux user management similar to shadow file. Works through traditional Unix frameworks: PAM, etc.

• OS X Answer: Directory Service framework. Takes a variety of sources and reformats them in a common way. Interact using dscl and similar tools. Local DS, OpenDirectory, and Kanaka all make use of this framework.

• Open Enterprise Server : Add-On Product to SUSE® Linux Enterprise Server. Installed via YaST.

• OS X Server: 10.7 and After - Add-On to OS X purchased via Mac App Store. Standard installer. 10.6 and Earlier - Separate product with own media and installer.

• Open Enterprise Server Gotchas: Setting up Open Enterprise Server requires healthy eDirectory tree. SUSE Linux Enterprise Server packages cannot conflict with Open Enterprise Server packages.

• OS X Gotchas: DNS for hostname must be fully configured before setup. OpenDirectory, Kerberos, and Password Server are set up together and turned into something of a black box.

• As of 10.8, OS X Server is administered with Server.app and the Command Line.

• For 10.6 and previous, Server.app was available but so was Server Admin, Monitor, Podcast Producer, XRAID Admin.

• Workgroup Manager (for Directory Service info), System Image Utility, and Apple Remote Desktop (for remote administration of workstations) are separate topics.

• For Open Enterprise Server, the command line is an option. Also, iManager, YaST, DNS/DHCP Console, Remote Manager, iFolder Admin (web).

• OS X Believes in *DAV: WebDAV, CalDAV, CardDAV.

• OS X Mail, Calendar, and Contacts services vs.

GroupWise®

• Feature Request: GroupWise DAV support.

• Messages (Jabber) vs. Novell® Messenger

• Wiki vs. Vibe®

• Software Update Service vs. ZENworks® Patch Management

• NetInstall - no functional equivalent for OS X on Novell side, but image components can be hosted via AFP, HTTP etc. on Open Enterprise Server.

• ZCM + ENGL = Windows NetInstall

• Profile Manager and (Older) WorkGroup Manager + MCX vs. ZENworks Configuration Management and ZENworks Mobile Management (ZMM)

• ZMM supports wider range of devices than PM.

• And, again, Apple Remote Desktop vs. ZCM.

• Will not deign to talk about FAT/NTFS or SMB/CIFS on this slide.

• Open Enterprise Server : Unix File Systems supported by SUSE® Linux Enterprise Server, plus NSS.

• OS X: HFS+ file system. Unix tools have been extended to handle HFS+ characteristics.

• OS X permissions are traditional Unix + acls. Metadata handled by special extended attributes in the file system (see the “xattr” command)

• Open Enterprise Server permissions are traditional Unix + NSS acls on NSS volumes. Metadata handled by NSS.

• Open Enterprise Server uses NCP as its native file sharing protocol, and includes functionality riding on top of it (NDAP etc.).

• OS X uses AFP, about which more later.

• Previous versions of OS X server could act as a PDC. Now restricted to Workgroup Management. Only interface to Active Directory is via the “Magic Triangle” or “Cylinder of Destiny” where the Apple infrastructure receives read-only information from Windows. This is for Directory Services only.

• Formerly, the “Cylinder” approach used shadow attributes, which are no longer supported.

• Open Enterprise Server offers Domain Services for Windows to essentially emulate an Active Directory domain through eDirectory.

• Open Enterprise Server offers SAMBA, Novell® SAMBA, and Novell’s proprietary CIFS implementation for Windows file sharing.

• Apple previously offered Windows file sharing via SAMBA but with the change to GPLv3, now has its own CIFS implementation also.

• Of course, Open Enterprise Server fully supports Windows clients for all of its functionality.

• Open Enterprise Server gains NFS through SUSE® Linux Enterprise Server. Possible to share NSS via NFS.

• OS X no longer exposes NFS in the GUI but still makes it available for NetInstall and via the command line.

• SSH / SFTP supported on both.

• Both use apache2. OS X exposes it via Server.app and Open Enterprise Server via YaST. Open Enterprise Server apache is newer and offers more customization and libraries at install.

• WebDAV on OS X Server provided via Apache. On OES supported via NetStorage. Also SuSE-layer via apache

• FTP on Open Enterprise Server is eDirectory/LDAP-integrated pureftp. FTP on OS X is back in the GUI for 10.8.

• Both OS X and Open Enterprise Server have Apple File Protocol servers.

• Apple originated AFP, and it has been rewritten over the years. Not scalable, but supports mount points, messages, Bonjour, multiple directory services, messages to users, timeouts, and Apple ACLs.

• Open Enterprise Server AFP server based on Netware AFP and integrated tightly with NSS - only mount points are NSS volumes, although these can be renamed. Only eDirectory users allowed but as of Open Enterprise Server 11 sp1 subtree searches can be done.

• Every few releases of AFP, Apple specifies a new password hashing scheme and it takes a few months for Open Enterprise Server to catch up.

• OS X client logins happen via Directory Service framework -- aware of OD and AD servers by default, with support for LDAP, NIS, and legacy BSD methods.

• OS X login to Open Enterprise Server also happens via Directory Service as Kanaka is a valid DS plugin. Could also use eDirectory LDAP mapped to OS X client DS, but for basic functionality Kanaka is now recommended.

• OS X uses BIND through Server.app

• Open Enterprise Server integrates BIND with eDirectory via XTier.

• Open Enterprise Server DHCP also an OSS +eDirectory solution.

• Both Open Enterprise Server services controlled via Java DNS/DHCP Console.

• DHCP removed from OS X Server in 10.8 except when using either VPN or NetInstall (for proxy dchp services).

• OS X previously offered printing services. No longer officially supported.

• But Apple owns CUPS, the basis of modern Unix printing, so a work-around is available.

• Novell has iPrint, currently offering clients for Windows, Mac, Linux

• And soon iPrint will support Mobile printing, AD authentication, printing appliance, etc.

• DHCP and NFS hidden.

• XGrid

• Podcast Producer

• Webmail

• (Remember Netmail and Hula)

• VPN (OS X)

• Backups (Time Machine vs. Archive and Versioning)

• SAN

• Sacls

• iFolder / Filr (OES)

• No firm numbers here.

• SUSE Linux Enterprise Server + Open Enterprise Server can run on more powerful hardware than OS X, and so can scale higher in raw numbers.

• XNU kernel has decreased performance characteristics under load compared to Linux.

• Novell® engineers for scale moreso than either Apple solutions or open source solutions included with OS X.

• AFP Server on OS X has a max limit of around 400 concurrent connections.

• AFP Server on Open Enterprise Server scales far above 400 concurrent connections with application of additional resources.

• Whither OS X Server?

• Maybe iCloud.

• Whither OES?

• Maybe Filr and iPrint Appliances

• Both products should be evaluated in regards to the middle of the market: OS X looks to smaller implementations. Open Enterprise Server looks to larger implementations.

• Never depend on Apple for a scalable or comprehensive solution.

• The difference in feature set between services offered in OS X Server and Apple Remote Desktop is the roadmap for Apple missing features in Novell® products.

• Questions?

• Thank you.

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. Novell, Inc. may make improvements in or changes to the software described in this document at any time.

All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States. All third-party trademarks are the property of their respective owners.