OS X Lion Server includes a host of new enhancements to give you more control of your Mac server and the users who access it.
Networking
Multithreaded TCP stack
Lion Server uses a fully multithreaded TCP stack with dedicated write and read threads for each network interface. To improve performance and to avoid lock contention with multicore, multi-NIC, and 10Gb Ethernet networks, the TCP stack maintains a dedicated pool of memory buffers for each CPU.
Multilink multihoming
Multilink multihoming enables Lion Server to host multiple IP addresses on the same or multiple network interfaces. This is ideal for connecting your server simultaneously to multiple networks, such as a public and a private network, or hosting multiple websites, each with its own IP address.
IPv6
Most services in Lion Server support Internet Protocol version 6, or IPv6. To support the industrywide IP transition, OS X Lion includes an IPv4-to-IPv6 gateway that enables the deployment of IPv4-based server services in IPv6 networks.
IPSec
IPSec is a set of general-purpose protocols for protecting TCP/IP communications. Its network-layer cryptography mechanism provides privacy using data and packet-header encryption, integrity and packet-origin authentication, and key management. Although part of the IPv6 standard, IPSec can also be used with IPv4.
Ethernet link aggregation with network interface failover
Also known as IEEE 802.3ad, link aggregation allows you to configure multiple network interfaces to appear as a single interface — with the same MAC address, the same IP address, and the same server host name. Link aggregation also eliminates a potential single point of failure: If one interface fails, the remaining interface maintains the network connection.
VLAN
OS X Lion supports virtual local area networks (VLANs). This feature allows you to configure computers on different network sections to behave as though they are on the same section.
Server App
Server setup
Setting up Lion Server can be as easy as configuring a desktop computer. The Server app includes an assistant to walk you through initial setup, define network information, and set the administrator account.
Alerts
The Server app also makes it easy to maintain your server. Lion Server will notify you via email when software updates become available, when available disk space is getting low, or if an email virus has been detected and quarantined.
Server Status widget
The Server Status Dashboard widget provides an at-a-glance overview of your server’s activity, including CPU utilization, network activity, and disk usage. It also displays a list of currently running services, as well as their status and activity level.
File Sharing
File sharing for iPad
Lion Server delivers wireless file sharing for iPad. Enabling WebDAV in Lion Server gives iPad users the ability to access, copy, and share documents on the server from applications such as Keynote, Numbers, and Pages.
Flexible permissions
Lion Server supports both traditional UNIX file permissions and access control lists, giving administrators an unprecedented level of control over file and folder permissions. With access control lists, any file object can be assigned multiple users and groups, including groups within groups. Each file object can also be assigned to allow and deny permissions, as well as assign a granular set of permissions for administrative control, read, write, and delete operations. Lion Server supports a file permission inheritance model, ensuring that user permissions are inherited when files are moved to the server and rewritten when files are copied to the server.
Spotlight
Spotlight Server lets you quickly and easily search for documents, files, and other content stored on your server. Spotlight provides an instant way to find content on servers in your network. Designed for workgroups with shared documents, projects, and files, this feature delivers lightning-fast search results for content stored on the server. The rich Spotlight vocabulary in OS X lets you search for exactly what you want. Options include Boolean logic, quoted phrase searching, category labels, and range support.
Time Machine backup
Lion Server can automatically back up your users’ previous versions to the server or another designated hard drive on the network, protecting valuable data and freeing up disk space on individual hard drives, or eliminating the need for backup drives altogether.
Why a server?
Productivity is greatly enhanced when users store work in centralized folders rather than on individual computers. With centralized file storage, all users have access to the same up-to-the-minute file. Since a single version resides on the server, there won’t be any confusion about multiple versions of the same document. And users won’t need to worry about losing important data in the event of a system failure or a lost or stolen laptop.
iCal Server
Easy scheduling
Utilizing the CalDAV protocol standard enables iCal Server to provide real-time access to your calendar from your Mac, iPad, iPhone, or web browser. Users can propose meetings, book conference rooms, and reserve resources. iCal Server finds openings in your colleagues’ calendars so you can propose meetings during the best possible time slot. Meeting proposers can even attach files — such as agendas, to-do lists, presentations, or QuickTime movies — to the invitation.
Email notifications
Need to invite people to a meeting who are not in your organization? No problem. Just enter their email addresses in a meeting proposal. iCal Server will email them an invitation and communicate their response to the rest of the meeting attendees.
Push notifications
iCal Server is integrated with the Apple Push Notification service so you and your colleagues will immediately know when there’s a new meeting invitation or a change to an existing event.
Shared calendars and reminders
Shared Calendars let you easily share schedules, reminders, and to-dos with colleagues, family, and friends. Multiple people can access the same calendar, and everyone can add or update the calendar with events and meeting details. You can even create shared items that can be prioritized and marked as completed by anyone with access to the shared calendar.
CalDAV
Apple is a member of the CalConnect Consortium and is committed to open, standards-based calendaring and scheduling protocols. To further the widespread adoption and deployment of these standards, Apple has made the complete source code for iCal Server available through the macosforge.org website.
Address Book Server
CardDAV
Address Book Server utilizes the CardDAV protocol standard for exchange of contact information. CardDAV works just like IMAP, allowing you to access and synchronize contact information on multiple computers and devices.
Management
Users manage their contacts directly within the Address Book application on their Mac or the Contacts application on their iPad or iPhone. The information is stored on the server, allowing users immediate access to new contacts and updates. With Address Book Server, it’s easy to access and synchronize contacts across multiple computers and devices.
Mail Server
Virus detection and junk mail filtering
Lion Server uses encryption technologies to protect confidential email communication. It analyzes the content of each mail message and trains itself to recognize and filter out junk mail. It also scans, quarantines, and deletes viruses before they can make their way into your organization.
Push notifications
With integration into the Apple Push Notification service, Lion Server can immediately notify iPhone and iPad users when they receive new mail messages.
Server-side document searching
IMAP clients can search the content of message attachments stored on the server. Searching works with all standard file formats including text documents and Microsoft Office, iWork, PDF, and QuickTime files.
Forward without download
To improve performance and reduce bandwidth usage, Mail Server includes support for the latest IMAP extensions, allowing message attachments to be forwarded without first having to download them from the server.
Attachment compression
Attachment compression uses Binary MIME to automatically convert and compress attachments sent between the client and server. It dramatically reduces file transfer times and the amount of data sent over Wi-Fi and cellular networks.
Enhanced webmail
Lion Server includes a webmail service featuring support for rich text and HTML messages, multilanguage support, drag-and-drop message management, and threaded message listings.
Wiki Server
Creating a wiki
Creating a wiki is quick and easy. In just a few clicks users can create a new wiki, enter a name, and assign access privileges — all from within the browser.
Editing a wiki
The intuitive toolbar editor makes it simple to add content, customize fonts, add tables, and attach files — including audio and video files — with no syntax or markup language required. By dragging and dropping, users can format their pages, insert hyperlinks, and cross-reference material.
Quick Look
A useful feature of Wiki Server is Quick Look. By clicking the Quick Look icon next to a file attachment on the wiki, users can view the document without downloading it. Quick Look supports all standard file formats, including Word, Excel, PowerPoint, Pages, Numbers, Keynote, QuickTime, PDF, and text documents.
Document sharing
It’s simple to share files on a wiki. Each wiki has a document repository where users can upload, preview, and download files to their local computer.
Email notifications
Email notifications automatically notify you when a page has been updated or comments have been added. Multiple change notices are sent in a single mail message every couple of hours.
iChat Server
Group collaboration
iChat works with Lion to automatically populate users’ buddy lists with members of the groups to which they belong, so it’s easy for them to start communicating. And thanks to store-and-forward functionality, iChat Server allows users to send messages to buddies who are offline, combining the advantages of IM and email.
Chat rooms
iChat users can request iChat Server to create and host a persistent chat room. Perfect for virtual-team scenarios, project-specific discussions, and real-time, blow-by-blow updates, the chat room allows individuals to join at any time, leave when they need to — even log out and shut down — and still come back to review all communications from the time the chat room opened.
Profile Manager
Web-based administration console
Featuring a web-based administration console, Profile Manager enables management from any modern web browser. Administrators can define profile settings for individual users, groups, devices, and groups of devices. For group-based management, Profile Manager easily integrates with directory services such as Open Directory, Active Directory, and LDAP.
User portal
To simplify profile deployment, Profile Manager includes a portal where users can download and install new configuration profiles for their Mac, iPad, iPhone, or iPod touch. Users can access this portal within a browser to manage their passcodes, set their Mac boot password, or remotely lock or wipe devices that are lost or stolen.
Management options
- Accounts
- Email, calendar, contacts
- Exchange
- LDAP, CalDAV, CardDAV
- Subscribed calendars
- VPN, Wi-Fi
- Digital Certificates
- Web Clips
- APN
- SCEP
- Proxy server
- Policies and restrictions
- Passcode age, length, complexity
- Application launch restrictions
- YouTube
- iTunes Store
- Safari
- Device features
- Camera
- Voice calling
- Encryption
- Content ratings
- Mac specific
- Directory services
- Dock settings
- Login window
- Mobility
- Software Update
- Printers
- Energy Saver
- Parental controls
Podcasting
Podcast Publisher
Lion includes Podcast Publisher, a new application to simplify creation and publishing of podcasts. Using Podcast Publisher, you can record videos of yourself, your computer display, or a narrated screen recording and organize them into unique podcasts. You can also import audio and video you already have on your computer.
Podcast Library
Podcast Library in Lion Server provides a centralized location for hosting and publishing podcasts uploaded from Podcast Publisher. Podcast Library provides long-term storage for content and automatically generates the appropriate RSS feeds based on the podcast and episode names, title, and metadata provided by Podcast Publisher.
Web Server
Website editor
Lion Server features an intuitive website editor, making it easy to create your own custom website by just inserting text, dragging and dropping, adding links and images, and formatting. No knowledge of HTML required.
Hosting your website
When you create a new website, the Server app automatically creates a folder using the domain name you’ve specified and checks to verify DNS, making sure the domain name resolves to your server’s IP address. Simply copy your website content (HTML, CSS, JavaScript files, and so on) into the folder. Your website is now online and ready to be accessed.
Hosting multiple sites
Support for virtual hosting allows you to host multiple websites on a single server. Depending on how you configure the server, each website can have a different domain name (using virtual domains) and even a different IP address. In addition, each website can be configured with unique security options and access controls.
Xsan Administration
Setup
With Xsan, it’s easy for first-time users — such as workgroups in small film and video productions, podcast clusters, small graphics shops, and boutique post houses — to set up and deploy a SAN. Xsan Admin walks users through the Xsan installation and setup process. It’s no longer necessary to create private metadata networks or volumes optimized for different data types. The SAN Setup assistant guides you through the volume creation process and setup of computers on the SAN. Xsan handles the complete “after cable-up” setup and configuration of the SAN.
Xsan Admin
With Xsan Admin, complex tasks such as expanding a volume, optimally configuring volume settings, or managing file system permissions are now easier and less prone to errors. SAN components — computers, volumes, and LUNs — are logically presented as assets, and an overview of SAN health is prominently displayed.
Access control
Volume mapping and masking let you control which computers access various volumes. For finer-grained control, you can use Xsan on OS X in conjunction with Open Directory to manage application, user, and group access to specific folders and files in shared volumes. You can control access to SAN storage in exactly the same way, from the same centralized directory you use to control access to network-attached storage.
Admin notification
Real-time monitoring lets you keep tabs on your SAN file system performance and throughput. Should it fall below a specified level, you can set the program to send you a notification via email or pager. Xsan logs metadata controller activity and client access for each volume, and you can review these logs from any OS X system on your network.
Xsan Clustered File System
Xsan is a 64-bit cluster file system that provides concurrent data access over high-speed Fibre Channel to multiple systems on the network. For better performance and higher availability, you can pool storage across multiple RAID devices, and each Xsan client can use this centralized data as if it were directly connected.
Support for 2PB files and volumes
Xsan lets your users share multiple files and volumes. Each file can be as large as 2 petabytes, or more than 3 months’ worth of uncompressed 1080i high-definition (HD) video at 30 frames per second. Xsan supports billions of files per volume, with each metadata controller hosting multiple volumes at the same time.
File sharing over Fibre Channel
Xsan storage networking eliminates the bottlenecks of traditional network file servers that use Gigabit Ethernet and that are not fast enough to transfer dense formats such as HD video. Fibre Channel gives you a 4Gb-per-port connection for increased data transfer and can be used with Fibre Channel multipathing for greater aggregate throughput. Good for multiple editors working on a video project or a compute cluster that needs fast data access for maximum utilization of processing power.
File-level locking
Unlike volume-level locking, which enables only one computer at a time to write to an entire volume, fine-grained file-level locking enables simultaneous access to shared files. All clients can access all the files on the volume, but only the client that has read/write privileges can edit a locked file. File-level locking provides enormous productivity advantages in post-production workflows where multiple editors are using a single large file.
File system access controls
Xsan supports flexible file permissions that not only work with Mac clients but are fully compatible with Windows Server and Windows 7. With file system ACLs, any file object can be assigned multiple users and groups, including groups within groups. Each file object can also be assigned both allow and deny permissions, as well as a granular set of permissions for administrative control, read, write, and delete operations. For added security, Xsan supports a file permission inheritance model, ensuring that user permissions are inherited when files are moved to the SAN and rewritten when files are copied to the SAN.
Xsan High Availability
Xsan is designed for high availability, with features that make it well suited for mission-critical environments.
Metadata controller failover
Xsan uses one system connected to the SAN, called a metadata controller, to manage access to shared storage. If the system fails, Xsan picks another computer on the SAN to take over its role. Cascading metadata controller failover ensures that you can access your data as long as any system on your SAN is active.
Fibre Channel multipathing
Apple’s Fibre Channel host bus adapters (HBAs) are dual-port or quad-port cards, providing every Mac desktop or server system with two or four connections to the SAN. Fibre Channel multipathing takes advantage of multiple connections — if one Fibre Channel path fails, Xsan continues to use another for storage access, eliminating a potential single point of failure at the cabling layer.
File system journaling
Xsan is a journaled file system that can be recovered in seconds in the event of a catastrophic failure. Journal data includes a record of file system transactions, eliminating the need for time-consuming integrity checks after an unplanned shutdown of the entire network or the metadata controller. Your storage can be back online almost immediately.