I’ve been able to get two clean installs of Leopard server onto two machines, and I want to take some time to comment about what I like and what needs to be fixed.
First, I like the fact that backing up data and settings (and restoring them) is a simple file copy operation. I know this is old hat for OS X (and I presume other Unix flavors), but it’s a positive worth mentioning because it makes my life easier, and I want to give credit for the things that matter, no matter how small they are.
Leopard DNS has been improved to merely a hassle rather than the nightmare it was in Tiger. The UI has improved quite a bit, but it still has some quirks that make adding zones and records harder than it should be. After clicking the “Add Zone” button, a new zone named example.com is created in the zone list, seemingly placed randomly among already existing zones. You then have to select the example.com zone and enter the correct information. It would be an improvement to click the “Add Zone” button, have the UI take you immediately to the panel to fill in the information, and then add the complete zone to the list.
The same goes for records under the zone: Currently, when you click “Add Record”, a record named “newMachine” is quietly created. If the zone you’re creating it under has the disclosure triangle collapsed, the new record is not revealed. You have to manually expand the disclosure triangle, then you have to manually select the “newMachine” record and edit it accordingly. Again, when I add a new record, I should be taken to the editing panel where I fill in the information, and then the completed record should be added to the zone.
As things are now, all new records and zones are filled in with example data except the MX record. Why fill in everything but that?
And as far as I can tell, there is no way to create a root A record (@ IN A 64.132.74.96) with the Server Admin DNS UI. Either it can’t be done, or it’s so non-obvious I can’t figure it out. Both are bad. To add a root A record, I have to manually edit /var/named/zones/db.zone.com with a text editor, manually increment the serial number by one, add the root A record, stop and start the DNS service. Ridiculous. Does the server team at Apple not think I want the zone aaronadams.net to resolve to an IP address? How could this be overlooked? (And now, the question I love to ask…) Do the people who create this stuff actually use it? Why is it so hard for Apple to get simple DNS basics right over multiple major revisions of their server OS? It’s beyond belief (and I haven’t accurately portrayed half my frustration with it here).
As for Wide-Area Bonjour Browsing, I haven’t been able to figure out how that’s supposed to work, and the documentation is no help. What am I missing here? Can someone clue me in?
AFP in 10.5.0 and 10.5.1 is nothing short of a disaster. You can read all about it here. Briefly, there is some terrible bug between the AFP server process and Directory Services that randomly causes one service or the other, or both, to stop responding properly, and the only fix is to restart AFP. If you’re sharing files between a handful of people, that’s an annoyance. If you’re serving network home folders to clients on a LAN, that’s a disaster. Each time AFP and/or DS stops operating correctly, those network home folder clients’ machines become useless until they can re-login or restart. When AFP / DS crashes multiple times per day, that’s your business ground to a halt.
How did a bug this major bug get past testing? Do the people who create this stuff actually use it? I came to the conclusion some time back that, in part because of Apple’s culture of secrecy, their software testing just sucks. I’ve run into too many crippling and very annoying bugs that happened within minutes of using software to give Apple any more passes. I’m not holding my breath for any changes, but they need to get on the testing ball.
I’ve had a chance to play with the iCal shared calendars service a bit, and so far I like it. The service itself is pretty simple and it does the obvious thing (let multiple users create and edit shared calendars), but setting it up at the client end took a little fiddling before I understood how it worked. It’s all very obvious in retrospect, but it would have been helpful to have a summary document somewhere (Apple support? iCal help?) that explained the process of accounts and delegation and what the settings do and what the terminology means and how the parts interact. Even if such a document would be considered remedial reading for some users and admins, I like to know very clearly what I’m supposed to be doing before I do it. Having the theoretical framework of how Leopard shared calendars work in my mind as I proceed helps eliminate guesswork and potential mistakes.
Open Directory, at least at a surface level, appears to be almost identical to OD in Tiger. I’m someone who uses OD for very basic authentication tasks and not much else, so I won’t (can’t?) get too deeply into it. One feature I do like, and that has saved me a lot of time, is the ability to archive the directory to an encrypted disk image. Kudos to Apple for including this feature.
I’ve wondered in the past why Apple has made multiple versions of its AirPort base stations that support RADIUS authentication, but they haven’t included a RADIUS server component in their server OS. Leopard finally includes a RADIUS server, and it’s super simple to set up. So simple that there isn’t much to write about it. And it does exactly what RADIUS is supposed to do. The less I have to write about a service, the better it probably works.
Software Update is another service that’s simple to set up and, once its working, does exactly what it’s supposed to do. But it’s easy to break. When initially setting up the service, the various updates and patches have to be downloaded from Apple’s servers. This can take quite some time (possibly 12 hours plus, from what I’ve read, although I don’t know how long my downloads took) and if you don’t realize how long it takes, you may stop and restart the service multiple times because you think it’s unresponsive, causing some kind of mishmash of partially downloaded updates and a screwed up update database and who knows what else. I haven’t read about any reliable recovery method after it’s all broken, so once you start that service, leave it alone and come back tomorrow when it’ll be operating normally.
It would really help if Apple included some kind of progress indicator for SUS. It could be a thermometer, a changing display of what’s currently being downloaded, a “don’t worry I’m still downloading” message with a time stamp, or some combination of all those. It would save a lot of admins a lot of headaches.
Leopard mail seems to be very similar on the surface to mail in Tiger, with a few UI improvements in Server Admin. What’s changed under the hood I can’t say, but I’m confident that components like Postfix and Cyrus have been updated to the latest and greatest. One issue mail does have under 10.5.0 and 10.5.1 is a bug that disables the use of short names as WGM-based virtual aliases, and instead you have to implement Postfix-based virtual aliases as documented here. WGM-based aliases are probably the simplest and most common way of implementing mail aliases, and it took legions of OS X admins under a minute to discover these aliases don’t work. Apparently this is another obvious bug that got past testing somehow but was found immediately in the real world. Do the people who create this stuff actually use it?
Luckily a workaround exists, as linked above, and hopefully this issue will be corrected in 10.5.2. Weirdly, Apple has provided a knowledgebase article that seems to address this problem, but I can’t quite wrap my brain around what’s happening here. Apple acknowledges that virtual aliases in some form don’t work, and then instructs you to add virtual aliases that aren’t really virtual aliases because they are duplicates of the short name that you want to alias to begin with. Huh?
I want to take a paragraph to recommend TopicDesk’s fantastic mailbfr (backup, fix, restore) utility that no OS X server running mail services should be without. This utility does the mail maintenance command line things I don’t want to take time to learn how to do. I give this software an A+. Apple should include a utility like this as part of Server Admin or at the command line. How about the ability to archive e-mail to an encrypted disk image, as is done with OD?
It’s nice to see that Apple has included MySQL 5.0.45 in Leopard instead of requiring admins to install it themselves. Setup and configuration are super simple and the service works as it should. I like that. And a case can probably be made for the addition of functionality, like OD has and like I recommended for mail, to archive MySQL data to an encrypted disk image.
Data that can be very easily backed up and restored via a simple file copy should be handled by the admin in whatever way they prefer. Data that needs to be extracted from and reimported to a database should be automated through Server Admin.
Leopard’s web service has been updated to Apache 2.2, which makes my friend Mike happy because he has some things he wants to do with Subversion. From a UI perspective, the web portion of Server Admin is much the same, but some important options have been added. PHP5 can now be enabled by checking the php5_module in Server Admin. If I remember right (it’s been a long time since I had to do this), PHP4 had to be enabled in Tiger by editing httpd.conf with a text editor, and if you wanted to use PHP5, you had to compile and install it yourself or use an installer package like this one. A minor inconvenience, but it’s nice to see PHP5 easily enabled and included as part of the OS now.
Also, sites have an option to “Allow All Overrides”, which is important to me personally because certain features of WordPress require it. Now, instead of adding “AllowOverride All” to the config for my site (and others) using a text editor, I can simply check the box. Simplicity is good.
I can’t say much about the new reverse proxy feature as I don’t use it, but the webmail service is something I had running in seconds by checking a box, clicking save, and loading the page. The default Squirrelmail UI isn’t great, but I usually only use webmail in a pinch, so the look and features are good enough, especially considering how little time I had to put into getting it to work.
As for the wiki, blog, web calendar, and other group features, I don’t use those either.
The overview screen for Server Admin is a very good one-glance summary of the server’s status, and I’m glad to see it added. The usage graphs, however, still lack some of what I would consider basic functionality. Graphs for CPU and network usage are relative to the current time, where you can only look back a certain number of hours or days in the past. What if I wanted to see what network traffic was like yesterday between 3 and 5 PM? Can’t do it. I’d have to look at all traffic between now and back to yesterday at the closest increment provided on the menu to 3PM. That’s dumb. Do the people who create this stuff actually use it? Simple is good when translating the options of complex services into a UI meant for amateurs or those who just want to get things up and running without hassle. Simple becomes limited when providing performance information about hardware people may depend on for their livelihood.
I like the fact that file sharing has been moved from Workgroup Manager to Server Admin, which is where I thought it belonged to begin with, and I have only one complaint: Sharing protocols should default to no protocols rather than all protocols. (Or maybe default to AFP only. Discuss.) Going through tabs to deselect three sharing protocols when you only want to use one is suboptimal, as I would imagine few admins want a share to use all four protocols often enough to justify that as the default.
The Server Update panel is still very much the same, and still a little iffy at times. When installing updates, admins probably experience a shot of adrenaline when they see an update’s status change from “Downloading” to “Unknown”, when “Unknown” should really be “Waiting” or “Staging” or whatever else may be more accurate, because “Unknown” is followed by “Installing”. “Unknown” starts images of failed updates and broken servers dancing in admins’ heads, and that’s all bad.
Most things under the Settings pane for the server are the same as Tiger (besides UI updates), with a couple of exceptions. The Notifications tab will notify the proper authorities when disk space drops below a certain arbitrary percentage the admin can set, and will e-mail those same admins when update are available.
As for the Services tab, I’m not totally sure why that exists. Logically, I don’t understand why it’s important to mark certain services as available for configuration as opposed to showing all services and leaving unused ones turned off (as in Tiger), or grouping services into active and inactive with disclosure triangles in the servers sidebar. Perhaps there’s something I’m missing.
That’s a whirlwind, shallow to medium depth brain dump of my impressions of Leopard server. Correcting Leopard server’s issues as I see them requires Apple to do two simple things: Hire me to work from home as a full-time product improvement consultant (The cost of living in Dayton is really cheap. Think of the bargain you’re getting!), and perform more comprehensive testing with users outside of the Apple campus and outside of ADC. Do whatever it takes to put this OS (and accompanying hardware?) into IT peoples’ hands and merge their needs and suggestions with Apple’s UI know-how to take this OS to the next level of professionalism and usefulness.
My .Mac Web Gallery
Loading ...
Recent Comments