IntroductionWelcome| 00:04 | Hi! I'm Sean Colins.
| | 00:05 | Welcome to Lion Server Essential Training!
| | 00:07 | Lion Server is the latest version of
Apple's Mac OS X Server operating system
| | 00:12 | and it has some fantastic new features.
| | 00:14 | We'll get started by setting up your
network and integrating Apple's AirPort
| | 00:18 | hardware for easy management.
| | 00:21 | I'll demonstrate the brand-new
Profile Manager, showing you how to enroll
| | 00:25 | and manage devices including Macs and iOS
devices like iPads and iPhones in your organization.
| | 00:34 | We'll fully explore Server app and
we'll see just how easy it is to manage.
| | 00:39 | Next, we'll set up essential services
like Mail, the Wiki, and file sharing.
| | 00:44 | Then we'll take a look at
the all new Podcast Publisher.
| | 00:49 | And later, I'll show you how easy it
is to connect your iPhone, iPad, and
| | 00:53 | Windows 7 devices to the services we Set Up.
| | 00:56 | Lion Server is a big change from the
previous version of Mac OS X Server.
| | 01:01 | I think you're going to
really enjoy our time together.
| | 01:03 | Let's dive in!
| | Collapse this transcript |
|
|
1. Preparing for Lion ServerKnowing your network and how it routes to the internet| 00:00 | If your server is on a local network,
everything on that local area network will
| | 00:05 | be able to see your server without
additional configuration on your part.
| | 00:10 | Your server may be on what's called a
VLAN or a Virtual LAN, which is one local
| | 00:15 | area network that is separated from
other local area networks inside of your
| | 00:19 | company or organization.
| | 00:21 | If that's the case, your server will be
available to other computers on your VLAN.
| | 00:25 | VLANs are extremely unlikely
outside of enterprise networks.
| | 00:29 | So if you're setting up your
own network, don't worry about it.
| | 00:32 | If you are setting up your server
on a company network to support your
| | 00:35 | workgroup, you should talk with your IT
department to plan the installation of your server.
| | 00:40 | They can help you with routing,
helper addresses, and DNS if needed.
| | 00:44 | For people outside of your local area,
to use services you set up on your
| | 00:49 | server, you need to allow them access
through your firewall if you have one.
| | 00:54 | And you have to forward the ports
necessary for each service to work from your
| | 00:58 | Internet connection into your server.
| | 01:01 | If you don't perform these extra tasks,
your server will still work, but things
| | 01:05 | you expect to work on the
Internet won't function at all.
| | 01:08 | A great example of this is a website.
| | 01:11 | If you copy your website to the proper
place on your server while watching these
| | 01:15 | movies and you don't have an Apple
AirPort Extreme like we do, you'll need to
| | 01:19 | configure your router to pass traffic or
requests from customers that are trying
| | 01:24 | to access your server from the Internet
through Port 80 on your router into your
| | 01:31 | network and onto your server, so
that your server can then receive those
| | 01:35 | requests and respond to them
back out through the router.
| | 01:39 | In our troubleshooting chapter,
we'll show you a webpage that Apple
| | 01:42 | provides with a reference for ports you will
need to forward for specific services to work.
| | 01:48 | Also in my DNS and Network Services
title, I show you how to configure advanced
| | 01:53 | network settings and services
that we don't cover in this title.
| | 01:57 | Also in my DNS and Network Services
title, I show how to configure advanced
| | 02:01 | network settings and services
that we don't cover in this title.
| | 02:04 | So if you feel you need more
information about Firewalls, DNS, or DHCP,
| | 02:10 | please have a look there.
| | 02:11 | For our installation, we have an Apple
AirPort Extreme plugged into our cable
| | 02:15 | modem via the WAN port on the AirPort Extreme.
| | 02:19 | That cable modem is plugged
into our Internet service provider.
| | 02:23 | They handle all of the details on
their network from that point forward.
| | 02:28 | We then have the LAN ports on our
AirPort Extreme Base Station plugged into our
| | 02:32 | Mac mini Server and client machines.
| | 02:35 | If your network has more devices that
need wired connections, you will want to
| | 02:39 | purchase a gigabit switch and connect
that switch to the AirPort Extreme via
| | 02:44 | one of its LAN ports.
| | 02:46 | You can continue to daisychain devices
in that manner with switches and devices
| | 02:50 | until everything you need is connected.
| | 02:52 | However, if you go beyond the number
of ports you can connect to a single
| | 02:56 | gigabit switch, you may want to seek
out additional assistance from a local
| | 03:00 | Apple certified professional,
such as those you can find at
| | 03:03 | consultants.apple.com.
| | Collapse this transcript |
| Understanding Lion Server installation requirements| 00:00 | Apple has set prerequisites for the
installation of Lion Server on a Mac.
| | 00:05 | To begin, the Mac has to
have a 64-bit Intel processor.
| | 00:09 | This includes all of the Intel processor
machines that Apple has shipped, except
| | 00:13 | for the original Core Duo systems.
| | 00:16 | If you have a Core 2 Duo
processor, you'll be just fine.
| | 00:20 | Anything after the Core 2
Duo will be fine as well.
| | 00:24 | You need at least 2 Gigabytes of
Random Access Memory or RAM, and at least 10
| | 00:28 | Gigabytes of disk space available.
| | 00:31 | However, you are setting up a server, so
remember, if you're going to be setting
| | 00:34 | up time machine to back up your client
systems or file sharing, so people can
| | 00:38 | put files on your server, mail, Web,
virtually almost all of the services,
| | 00:44 | you're going to need way
more space than 10 Gigabytes.
| | 00:47 | But those are the minimum requirements.
| | 00:49 | You'll also need an Internet
connection if you're installing Lion Server
| | 00:53 | from the Mac App Store.
| | 00:54 | You'll also need an Internet
connection for validation of your hardware if
| | 00:58 | you're reinstalling Mac OS X Lion on a
system that shipped with it initially.
| | 01:04 | Now those are the minimum
requirements for Lion Server, but let's talk
| | 01:08 | about reality here.
| | 01:10 | The 64-bit Intel processor, okay, that's fine.
| | 01:13 | That includes Core 2 Duo machines and if
you think about it, Core 2 Duo machines
| | 01:17 | were made right up until we started
shipping things like the new Mac mini Server
| | 01:21 | with its i7 processor.
| | 01:23 | So a Core 2 Duo is fine, but think about
which machine you're putting your server on.
| | 01:28 | An original white iMac with a Core
2 Duo processor had a 3-Gigabyte RAM
| | 01:35 | limitation, so if you're about to
do a profile management server that 3
| | 01:39 | Gigabytes of RAM, which could be the
maximum for that computer, might not be enough.
| | 01:44 | So you want to give some thought to
what services you're going to be installing
| | 01:48 | on your server before you choose
the machine that will be your server.
| | 01:53 | I would recommend for profile
management that you go with a minimum of
| | 01:56 | 4 Gigabytes of RAM.
| | 01:58 | For file sharing, two gigs might be just fine.
| | 02:00 | But for a lot of things that are running
scripts in the background on the server
| | 02:04 | that are doing a lot of background
work, a very fast CPU, a multi-core CPU
| | 02:10 | something with four cores or
virtual eight cores would be great.
| | 02:15 | 4-gigs, I think would be
a good minimum to go for.
| | 02:18 | And if you're doing profile management,
again, I would go for the fastest best
| | 02:22 | processor you can get and I would go
for the most RAM you can put into the
| | 02:26 | machine you're using.
| | 02:28 | I don't think it would be overkill at
all to consider 8-gigs or 12-gigs of RAM
| | 02:32 | even in a system of that type. All right!
| | 02:35 | Let's move on to the next subject.
| | Collapse this transcript |
| Planning for your server| 00:00 | When you think about planning for your
server installation, think about it like
| | 00:04 | planning for a vacation.
| | 00:06 | There a lot of analogies, right,
there are a lot of similarities here.
| | 00:08 | When you're planning a vacation, you
can just throw the family in the car and
| | 00:12 | get on the road and head in a
direction and experience the adventure.
| | 00:16 | And that's totally cool.
| | 00:17 | You can do the same thing with the server.
| | 00:19 | You can set it up, plug it in, get it
going, turn things on, turn things off,
| | 00:24 | experiment, break things,
whatever you want to do, right?
| | 00:27 | There's a valid reason to do that.
| | 00:28 | Some people just love to get in
and get their hands dirty and play.
| | 00:31 | If you're going to do something like
that, I would recommend setting up your
| | 00:35 | server on a small segregated test
network if you will, a place where you're not
| | 00:40 | going to disrupt other services on
other servers or with other client machines,
| | 00:45 | but you can get your hands dirty
and you can get in there and play.
| | 00:46 | On the other hand, if you're more of a
planner, then whenever you go on vacation
| | 00:52 | with the family, you probably know how
many days you've got to go, you probably
| | 00:55 | know where you want to stop, you
probably know how much time you want to spend
| | 00:59 | when you get each of these
places, you've got a roadmap.
| | 01:02 | And that roadmap helps you to get
more things done with your time.
| | 01:05 | It's not for everybody.
| | 01:07 | Not everybody is a planner.
| | 01:08 | But if you are, I wanted to talk to you
about a few things you should plan in advance.
| | 01:14 | So the first thing I want you to think
about when you're thinking about your
| | 01:16 | server is who's going to use your server,
what are they going to need, and are
| | 01:22 | you going to be able to provide them
with what they need by turning on a
| | 01:26 | service on the server.
| | 01:27 | There are a lot of services and going
through this entire title with us, you're
| | 01:31 | going to be able to see
what the server has to offer.
| | 01:35 | And you'll be able to plan a little bit better.
| | 01:37 | You're also going to want to know
what you want to name your server.
| | 01:41 | Have that domain name planned right
upfront, know where it's going to be
| | 01:46 | registered, have it registered
before you start the setup of your server.
| | 01:51 | Have it pointing to your AirPort.
| | 01:52 | We're going to do that this way in this title.
| | 01:54 | If you watch this linearly, you'll find
that you're just going to flow from one
| | 01:59 | thing into the next, and we did that on purpose.
| | 02:02 | Similarly, you'll want to already
know where you're going to get your SSL
| | 02:06 | certificates from, what they're
going to be called, and what kind of SSL
| | 02:09 | certificate you're going to need to buy.
| | 02:11 | It's also a good idea to sort of plan
financially for these things because it's not all free.
| | 02:15 | Know these things ahead of time.
| | 02:17 | They'll save you time when
you're doing it in the process.
| | 02:20 | Know the environment
you're putting your server into.
| | 02:23 | Certainly with the Mac mini Server, you
can put it just about anywhere, next to
| | 02:26 | a potted plant, no problem.
| | 02:28 | But keep in mind, you don't want to be
putting it underneath leaky pipes, you
| | 02:31 | don't want to be putting on top of a heater.
| | 02:33 | Those are extreme examples, but in a
small office environment where space is
| | 02:37 | limited, you might find that the only
places that seem reasonable to put a
| | 02:42 | server aren't the best places for a server.
| | 02:44 | For example, inside of a closet with
no ventilation, the server is almost
| | 02:48 | guaranteed to overheat, even something small
and power efficient like the Mac mini Server.
| | 02:53 | So be aware, you need to have
proper cooling, it needs to be in a place
| | 02:57 | where you can get to it.
| | 02:59 | When you plug this thing in and plug it
into the network and turn it on for the
| | 03:02 | first time, be sure that you're setting
your server up in the space and on the
| | 03:08 | network where you intended to finally live.
| | 03:11 | Changing the server's IP address after
you finished setting it up or changing
| | 03:15 | its name after you finish
setting up is quite a big deal.
| | 03:18 | If you look at Apple's Help
documentation, you'll see the many pages of
| | 03:22 | information about the multiple
services that are affected by a name or an IP
| | 03:26 | address change and how each of those
services is uniquely affected and how
| | 03:30 | you'll have to try to reverse those processes.
| | 03:32 | Apple gives you some interesting tools,
actually a very friendly button in this
| | 03:36 | new version, Lion Server, to fix that.
| | 03:39 | But your mileage may vary;
| | 03:41 | depending on the services that you have
turned on, that change of IP or identity
| | 03:45 | might not work as you expect it to.
| | 03:46 | So try to have all of this planned out
ahead of time so you don't have to make
| | 03:51 | those changes later on.
| | 03:52 | Obviously, you're going to have to
know the IP address, the subnet mask, the
| | 03:56 | router address, you're going to have to
know the numbers for your DNS servers,
| | 04:00 | all of this network information.
| | 04:02 | You have to have that fully
qualified domain name really locked down.
| | 04:05 | You've got to know what you want
to name your server ahead of time.
| | 04:08 | But if you have all of this information
in your head or on pieces of paper in a
| | 04:12 | nice organized plan, I think you'll
have a much better experience when setting
| | 04:16 | up your Lion Server.
| | Collapse this transcript |
| Understanding the changes in Lion Server| 00:00 | As you will notice immediately upon
installing OS X Server Lion, a lot of
| | 00:05 | things have changed.
| | 00:07 | We've lost some services, we've gained
some capabilities, and a few things that
| | 00:11 | we hold near and dear that were rules
that we thought we could depend on forever
| | 00:15 | have just flat-out changed.
| | 00:16 | A lot of this is for the better and
certainly most of it goes towards trying to
| | 00:21 | find a completely new audience for Lion Server.
| | 00:25 | So I'm going to try to explain some of
those big things for you so we can get
| | 00:29 | them out of the way right off the bat.
| | 00:31 | First thing I'd like to mention is that
Lion Server is supported on laptops now.
| | 00:36 | Used to be, we would only be
supported by Apple if we chose to install OS X
| | 00:41 | Server on desktop hardware.
| | 00:44 | Laptops always worked, but
they weren't a supported platform.
| | 00:47 | Now, they've done away with that now.
| | 00:49 | Now Macs, whether they're a MacBook Air or Mac
mini or a Mac Pro, everything is supported here.
| | 00:56 | So you've got a lot of
flexibility being offered to you by Apple.
| | 01:00 | And that offers some additional changes.
| | 01:02 | I mean, if you're on a laptop, it's
likely that you're going to be on a
| | 01:06 | DHCP-offered address, which means
as you move from network to network;
| | 01:10 | you may be on a different IP
address as you move from place to place.
| | 01:14 | In fact, for some services like File
Sharing for example, a static IP address
| | 01:20 | is just not necessary.
| | 01:22 | You need to have an IP address to get
things going, but that IP address could
| | 01:26 | change as you move from network to network.
| | 01:29 | And if you are using a service that
supports working just over Bonjour for
| | 01:34 | example, you're going to be just fine.
| | 01:36 | We have three different types of
server name that we can use now.
| | 01:40 | We have .local name, we can use a
fully qualified domain name that's own
| | 01:44 | private non-routable domain name, and
we can also do fully qualified Internet
| | 01:50 | capable domain names.
| | 01:51 | Examples here might be server.local,
server.mycoolnetwork.private, or
| | 01:57 | server.groundswellgear.com.
| | 02:00 | Obviously, you can get to server.
groundswellgear.com from anywhere on
| | 02:03 | the Internet, because .com is a
root domain that is understood by the
| | 02:09 | routing systems and DNS.
| | 02:11 | .private doesn't exist out
there in the outside world.
| | 02:14 | So if you try to go to .private from
Washington, D.C. and you're trying to
| | 02:18 | access your server back in Los Angeles,
that's not going to work unless you're
| | 02:21 | tunneling in through a VPN.
| | 02:23 | So just be aware of that.
| | 02:25 | Another thing about that .local name, if
you choose to name your server with the
| | 02:29 | .local domain, keep in mind that you
won't be able to access that server while
| | 02:34 | connecting through a VPN, because .
local is not routed through a VPN.
| | 02:38 | So there are some planning concerns that
you have to take into account there as well.
| | 02:42 | When you think about a fully qualified
domain name and what the big deal was
| | 02:46 | about that in the past, we were always
making a big deal out of that, because
| | 02:50 | Kerberos was really wanting to have a
forward and reverse lookup on a fully
| | 02:54 | qualified domain name in
order to function properly.
| | 02:58 | Thing about that is Kerberos, while
it's in the LKDC, was really a big deal in
| | 03:03 | our Open Directory Master and
our Open Directory replicas.
| | 03:06 | With our Open Directory Master, we
did that because there were several
| | 03:09 | services that really needed it and that
we really wanted to have running on an
| | 03:14 | Open Directory Master.
| | 03:15 | But there are really only a couple
of services that actually need an
| | 03:20 | Open Directory Master.
| | 03:22 | And the nice thing is that Server.
app will instantly tell you if you're
| | 03:26 | starting a service that does need an
Open Directory Master and it will offer to
| | 03:29 | set one up for you.
| | 03:31 | And that automated process will work
just fine as long as you've got the
| | 03:35 | foundation set up properly.
| | 03:36 | Just keep in mind, if you're going to
set up or you plan to set up a Podcast
| | 03:40 | Producer server, that's the Podcast
Producer server classic, not the new
| | 03:43 | Podcast Publisher, or if you're going
to use Profile Manager to manage your
| | 03:48 | Macs or your iOS devices, your iPads,
your iPhones, your iPod Touchs, then you
| | 03:53 | really will need that fully qualified
domain name, because you'll need that
| | 03:57 | Open Directory Master.
| | 03:58 | So if you're planning on doing that stuff,
just keep that in mind and start with
| | 04:02 | a true fully qualified domain name.
| | 04:04 | That would be either the server
.mycoolnetwork.private or the
| | 04:09 | server.groundswellgear.com
option of those two options there.
| | 04:13 | Another thing to consider here is
because the Server.app when downloaded offers
| | 04:18 | to turn your local system into a server,
you want to be very, very careful about
| | 04:23 | where you download that Server
application to and whether or not you actually
| | 04:28 | want to install server on the
machine where you're opening Server.app.
| | 04:32 | Server.app when opened on a system that
is not an OS X Server walks you through
| | 04:37 | a couple of steps where it starts to
download software and set you up as an OS X Server.
| | 04:42 | And that process is very, very quick and
there's no Back button, so plan accordingly.
| | 04:47 | We show you a movie in Chapter 3 where
to connect to remote OS X Servers and
| | 04:52 | how to accomplish that in the Server.
app without turning your client system
| | 04:56 | into a server itself.
| | 04:58 | So finally, you'll notice that in the
process of doing our set up, we won't ever
| | 05:02 | enter a serial number here.
| | 05:04 | The software for the server is
not on an optical disc anymore.
| | 05:07 | It's only available through the App
Store and all of the stuff you buy through
| | 05:11 | the App Store is DRMed.
| | 05:12 | Apple knows which Apple ID is
associated with that stuff and Apple knows if
| | 05:16 | you've purchased it or not.
| | 05:18 | Even though you're allowed to
download once and install on many systems,
| | 05:22 | Apple is able to keep track of what
you've got and where you're putting it,
| | 05:26 | which is all they really wanted to
accomplish with serial numbers in the
| | 05:28 | first place, right?
| | 05:29 | So there are no serial numbers now.
| | 05:31 | You can download Mac OS X Lion Server
and install it on two, three, four, five
| | 05:36 | systems on your office.
| | 05:38 | No problem if you need to.
| | 05:39 | So that's what we're
going to show you how to do.
| | 05:41 | Those are the big changes in Lion Server.
| | 05:44 | I hope that helps.
| | Collapse this transcript |
| Things that went away in Lion Server| 00:00 | There are a few major services
that aren't gone in Lion Server.
| | 00:04 | In previous versions of the product,
you may have grown used to using the Print
| | 00:08 | Server, the FTP file sharing service
and binding Windows machines to the open
| | 00:14 | directory Master as a PDC, all
three of those things are gone.
| | 00:18 | Let's talk about each of them in turn.
| | 00:19 | So we had the ability before to be a
print server, this allowed us to aggregate,
| | 00:25 | say five or six different printers of
the exact same model into a pool, and the
| | 00:30 | print server would just pass the jobs
onto whichever printer happened to be
| | 00:35 | available at that time.
| | 00:36 | We could do print queues, we could assign
privileges to individuals, that is now gone.
| | 00:41 | We still have the ability to share
printers, but it's exactly the same ability
| | 00:45 | to share printers that was
present whenever we're in client, right?
| | 00:49 | So Lion Client now has the ability
to share printers using the System
| | 00:53 | Preferences and we have the same ability
in Lion Server, it's exactly the same thing.
| | 00:59 | FTP Services, file sharing
is very different in Lion.
| | 01:03 | We have Apple file protocol, so file
sharing between Macs, that hasn't changed
| | 01:07 | much, except that it's a
lot faster than it was before.
| | 01:10 | SMB, of course, completely rewritten,
it's now not Samba, it's SMB X, rewritten
| | 01:15 | from the ground up by Apple's engineers.
| | 01:17 | And FTP is gone, and FTP is gone
for a couple of different reasons.
| | 01:21 | I mean, first of all, if you think
about FTP, it is a very un-secure way of
| | 01:26 | communicating back and forth on a network.
| | 01:28 | It's easy to hack, it's generally not a
great idea, you should probably find a
| | 01:33 | different way of accomplishing file
transfers, whether it's an SSL Encrypted
| | 01:38 | blog or Wiki site, or you've got
files or if it's something else.
| | 01:42 | One good example is if you turn on SSH,
you've got access to something called
| | 01:47 | as SFTP, that's a secure Encrypted
FTP client and that's supported by FH or
| | 01:52 | transmit, and all you have to do is turn
SSH on in the server app, very, very easy.
| | 01:57 | So there are alternatives but I want
you to be aware that the classic FTP
| | 02:02 | solution is now missing.
| | 02:04 | You can always install a third-
party FTP server if you need to.
| | 02:08 | Because our Window services used to be
dependent on Samba, and Samba provided us
| | 02:13 | with the capability to be a primary
domain controller, that allowed our Windows
| | 02:17 | clients to bind to our open directory
server and for those Windows clients to
| | 02:22 | login with a username and password,
that was held in open directory, right at
| | 02:26 | the login Window on their Windows PC.
| | 02:29 | That's not supported any more, we can't do that.
| | 02:32 | Don't get me wrong, we still have the
ability to connect a Windows computer for
| | 02:37 | file sharing purposes to a Mac OS
X server and that works very well.
| | 02:43 | The only functionality that's really
missing there is that remote authentication
| | 02:48 | at the login window to authenticate
locally, using a network username and
| | 02:53 | password, that is no longer
supported to Windows devices.
| | 02:56 | So as long as you're aware of
those things being missing, you can plan accordingly.
| | Collapse this transcript |
| Downloading Lion Server| 00:00 | One technique you can use if you're
going to be installing Lion, and Lion Server
| | 00:04 | on a lot of different systems is you
can use the App Store as we see here to
| | 00:08 | download the software into your
Applications folder and then you can copy that
| | 00:12 | software off to an external hard-
drive, and move it around as you wish.
| | 00:17 | As long as you're installing on systems
that are yours and you're within Apple's
| | 00:21 | Licensing Agreement, you
should be just fine to do so.
| | 00:24 | But what this is intended to show you
is that there is a way to download the
| | 00:29 | software once, and not have to go
through the process of the lengthy download
| | 00:33 | through your Internet Service
Provider every single time you do this.
| | 00:36 | Also worth mentioning is that Apple
has released a USB Installer Stick that's
| | 00:42 | like $69 that you can purchase from
the Apple Store and you can use that to
| | 00:46 | install on multiple systems as well.
| | 00:48 | But we're going to get started by clicking
on the OS X Lion link here in the App Store.
| | 00:52 | You're going to start by clicking
the Buy App button and then put in your
| | 00:56 | Apple ID and your Password, and this
is going to allow you to sign into your
| | 01:00 | Apple ID and then what Apple will
see is whether or not you've already
| | 01:04 | purchased this or not.
| | 01:06 | If you have already
purchased it, it'll say, hey!
| | 01:08 | You've already purchased this, and we are
just going to download it for you. There we go!
| | 01:12 | So you have already purchased this
item, so we are going to click OK.
| | 01:15 | You see the icon, it just moves right
there from the Installing button right
| | 01:19 | down into the Dock, and if you had
Launch Pad open, it would be downloading
| | 01:22 | into Launch Pad as well.
| | 01:23 | Now, where this is going is into your
Applications folder and what you will
| | 01:27 | notice is while it's downloading, you
will have this handy little Progress Bar
| | 01:30 | that will fill up and of course we
are downloading gigs of data here.
| | 01:34 | So no matter how fast your Internet
Connection, it's going to take a while for
| | 01:37 | that guy to fill up.
| | 01:38 | So I am going to go up here into the
Search field, so we can talk about server.
| | 01:41 | I am going to type Server and hit Return,
and what you will see is that the App
| | 01:45 | Store goes out and searches on server
and of course it finds OS X Lion Server as
| | 01:49 | one of the top hits.
| | 01:50 | So I am just going to click on the
title there, so we can go to the server
| | 01:53 | page, and you can see right here I've
got an Install button and I've got the
| | 01:57 | ability to click on that.
| | 01:59 | But of course that's not going to work
for me because we're downloading this
| | 02:03 | into a 1068 computer.
| | 02:07 | So because we are in a 1068 computer,
it won't allow us to click the Install
| | 02:11 | button or to download the app.
| | 02:13 | Now what it knows is that since I've
already logged in with my user account, I
| | 02:18 | have already purchased Mac OS X Lion Server.
| | 02:21 | That's why this says
Install rather than Buy App.
| | 02:26 | If you get here, and you see Buy App,
it means you haven't purchased it before.
| | 02:30 | You will have to go through the purchase
process and then you will come back and
| | 02:33 | you will click on it again,
and you'll get your app down.
| | 02:36 | So once you've got both of these
things downloaded into your Applications
| | 02:38 | folder, it's very easy to simply copy
those applications off to a thumb drive or
| | 02:43 | an external hard-drive and then carry
those around with you, so that you can
| | 02:47 | install those apps by dragging them
over into your Applications folder and then
| | 02:51 | going into the App Store right here,
as long as those apps are in the
| | 02:55 | Applications folder on the system, on
which you're running, the system will
| | 02:59 | automatically notice that, that's
already been downloaded and the DRM will all
| | 03:03 | be handled for you automatically. Okay.
| | 03:05 | So that tells you how to download Lion
and Lion Server off of the App Store and
| | 03:10 | how to move those apps around later on
to avoid having to re-download through
| | 03:14 | your Internet Service Provider.
| | Collapse this transcript |
|
|
2. Preparing Your Network and the WorldIntroducing port forwarding on the router| 00:00 | Getting a server set up properly and
having it work the way you intended to, is
| | 00:05 | much more about your initial planning,
the setting of your foundations, and
| | 00:10 | understanding your network than
it is about almost anything else.
| | 00:14 | When we talk about setting up your
network and understanding how it routes and
| | 00:19 | how you get out to the Internet, we
need to have a fundamental understanding of
| | 00:24 | the way your network works.
| | 00:26 | I find that most people don't
really understand this at all.
| | 00:29 | So I'm going to give you a high-level
brief introduction to how your network
| | 00:34 | functions and why we need to
do things like Port Forwarding.
| | 00:38 | So your server is going to be sitting
on what I'm going to term an Internal
| | 00:43 | Network, and it is going to
communicate with client systems Macs, iPads
| | 00:49 | whatever on your Internal Network, say
it's inside of a small office, so this
| | 00:53 | is in your company.
| | 00:54 | You may also want your server to be
able to talk to other devices that are not
| | 01:00 | on your internal network.
| | 01:01 | For example, if you turn on Web
Services and you want your customers to be able
| | 01:05 | to access the Wiki or the blog that
you've set up, so that you can set up a
| | 01:10 | conversation area where they can get
into your server and make comments and tell
| | 01:16 | the world about how awesome your
services are, well, that's fantastic, but they
| | 01:20 | need to be able to get through the
equipment that separates your network from
| | 01:25 | the Internet in order to
communicate on your server.
| | 01:29 | So, so far we've talked about two
different things, we've talked about the
| | 01:32 | Internet and we've talked
about your local network.
| | 01:35 | What is that barrier between those two?
| | 01:38 | Well in our case, we've chose an
AirPort Extreme Base Station, and we've done
| | 01:42 | that because the AirPort Extreme Base
Station can be tethered in a way to your
| | 01:47 | OS X server, so that your OS X server
can automatically update the information
| | 01:53 | on the AirPort, and it can be
configured to pass that traffic through
| | 01:57 | automatically, so you
don't have to worry about it.
| | 02:00 | You don't have to use the AirPort
Base Station to accomplish this.
| | 02:04 | In fact, in prior versions of our OS X
server training, we've even shown you
| | 02:08 | how to configure a D-Link router and other
devices, so that they can port forward through.
| | 02:13 | But one way or the other, you have to
find a way to poke holes through that
| | 02:18 | router that is between the Internet
and your Internal Network, so the traffic
| | 02:22 | can get from people on the
outside to your server on the inside.
| | Collapse this transcript |
| Using the AirPort Utility to set up your AirPort Extreme| 00:00 | Once you've got all your planning
taken care of, you need to set up your
| | 00:03 | network, because you have to have a
network to support your server and that's
| | 00:08 | what we are going to do right now.
| | 00:09 | So I've got my handy new trackpad, because
this is Lion after all, we are doing gesture.
| | 00:13 | So I am going to do the four-finger pinch.
| | 00:15 | That's going to get us into Launchpad.
| | 00:18 | Once we are in Launchpad, I am
going to click on my Utilities folder.
| | 00:21 | It opens up beautiful,
just like it would on my iPad.
| | 00:23 | I just love this feature.
| | 00:24 | Click on the AirPort Utility,
and up comes the AirPort Utility.
| | 00:27 | Now, when you first plugged in your
AirPort Base Station, if you came over to
| | 00:30 | your computer and noticed that this was
already up, that's because the default
| | 00:34 | preferences for the AirPort Utility
are to notice any base stations that are
| | 00:38 | in a state of distress, or have an update
that's necessary and open up the utility for you.
| | 00:43 | Now, we could choose to go the
automatic route over here by clicking
| | 00:46 | the Continue button.
| | 00:47 | But I thought I get you into the
manual setup area just because that sort of
| | 00:51 | gets us right into the meat
of the configuration here.
| | 00:54 | So let's click on Manual Setup, and wow!
| | 00:58 | We've got a lot of stuff
going on here. Don't we?
| | 00:59 | Let's have a brief tour of the Summary area.
| | 01:02 | So first thing we have here
is the AirPort Extreme Name.
| | 01:04 | This is the name of the box itself.
| | 01:06 | We have a Status menu.
| | 01:07 | We've got an amber light here that's
telling us that there is some stuff that's wrong.
| | 01:11 | We know that.
| | 01:11 | This is a brand-new device,
that's come right out of the box.
| | 01:14 | We can't expect it to be
perfect right out of the box.
| | 01:16 | The version of the software that's on
the AirPort, this is something you'll find
| | 01:20 | that you need to update occasionally;
| | 01:22 | the hardware Serial Number.
| | 01:23 | We have two radios inside of this guy
that are going to serve up two different
| | 01:28 | forms of AirPort signal.
| | 01:30 | We've got the 5 GHz radio and the 2.4 GHz radio.
| | 01:33 | The 5 GHz radio is basically giving you
a whole bunch of channels that are all
| | 01:37 | discrete and you've got
a lot of resiliency here.
| | 01:40 | So if you're going to be deploying a
whole bunch of iPads, you'll want to be
| | 01:43 | setting up a 5 GHz network.
| | 01:45 | If you have to support iPhones or
older devices that can only do the 2.4 GHz
| | 01:50 | range, then you're going to
want to be setting up the 2.4.
| | 01:53 | Cool thing about the AirPort Extreme
Base station is it can do both, and here
| | 01:57 | are the Mac addresses of each of those.
| | 01:59 | We've also got the Ethernet ID on the
device, the Wireless Mode, we are going to
| | 02:03 | create a wireless network.
| | 02:04 | That's what it's been told to do here,
and we will be changing some of those
| | 02:07 | settings as we get into these other tabs.
| | 02:09 | We have our Wireless Security settings.
| | 02:11 | Right now it's set to None;
| | 02:12 | the network name which is set
to an Apple default, our Channel.
| | 02:15 | So this is the 5 GHz channel
and this is the 2.4 GHz channel.
| | 02:19 | We will definitely be changing at
the very least the 2.4 GHz away from
| | 02:23 | Automatic, so we can
control where that's sitting.
| | 02:26 | How many wireless clients you've got connected?
| | 02:28 | Whether or not we're connected over Ethernet?
| | 02:30 | And then of course the IP Address.
| | 02:31 | As you can see, there's a lot of
information here that's either missing or not
| | 02:34 | optimal or just flat out, won't work
like this self-assigned IP address.
| | 02:39 | At the top here we've got our AirPort,
Internet, Printers, Disks, and Advanced menus.
| | 02:47 | We are going to start over here on the
AirPort side and we're going to click on
| | 02:51 | our Base Station Tab.
| | 02:53 | We're going to name the base station,
just going to call it something simple
| | 02:57 | like Lion, and we can set up
our AirPort Extreme Password.
| | 03:00 | I am going to just set to something
that I can easily remember, but I am also
| | 03:04 | going to make sure that it's over
eight characters, because we've got an
| | 03:07 | eight character minimum in place
on this device and I like to keep my
| | 03:10 | passwords up above that minimum.
| | 03:13 | And for ease and for simplicity during
this recording, I am going to remember
| | 03:16 | the password into my keychain.
| | 03:17 | You may choose not to do
that for security purposes.
| | 03:20 | I am going to set time automatically.
| | 03:21 | We're going to go to time.apple.com,
because as long as I'm going to the
| | 03:24 | Internet, I should be able
to get to that time server.
| | 03:28 | I'm not going to allow set up over the
WAN port only because I know that I'm on
| | 03:33 | the LAN here inside and I don't want
folks to be able to access my device from
| | 03:38 | the WAN port for setup.
| | 03:40 | If you want people to be able to access
from the outside and make configuration
| | 03:44 | changes, for example if you want to
be able to access your device from the
| | 03:48 | outside and make configuration changes,
you'll need this to be on, but I am
| | 03:51 | going to turn it off.
| | 03:52 | I am going to go over here Wireless, we
are going to Create a wireless network.
| | 03:55 | I am going to call it Lion Network and
we are going to go for an Automatic Radio
| | 03:59 | Mode, but Channel Selection is going
to be Manual and I am going to edit down
| | 04:04 | here primarily because I want to
talk about the 2.4 GHz channel spectrum.
| | 04:09 | So with 2.4 GHz, there is a lot
of what we would call bleed over.
| | 04:14 | So the only usable channels that we
have in the 2.4 GHz range are 1, 6, and 11
| | 04:20 | because these other channels are going
to get radio interference from devices
| | 04:24 | that are already on one of the other channels.
| | 04:27 | As long as you stick with 1, 6, 11 and
you spread out your AirPort base stations
| | 04:31 | in an appropriate fashion, you won't
get that kind of radio interference.
| | 04:35 | So I am going to stick with 1; that's fine.
| | 04:38 | And the 5 GHz channel, I'm going to
stick right up here at the top at 161.
| | 04:43 | That should be just great. Click Done!
| | 04:45 | I am going to add some Wireless Security,
WPA/WPA2 Personal would give us more
| | 04:50 | compatibility, WPA2 Personal is
going to give us better security.
| | 04:53 | So I am just going to go
ahead and put this in here.
| | 04:55 | Again, you probably want to keep this
wireless password different from the
| | 04:59 | device password and we're going to
talk about Guest Networks in a second.
| | 05:03 | You probably want this password to be
different from your Guest Network password as well.
| | 05:07 | Again, you probably won't want to
remember the password in your keychain, I'm
| | 05:10 | going to just for simplicity
during the recording process.
| | 05:14 | Here, I'd like to point out that you get
the chance to put-in a 5 GHz network name.
| | 05:19 | I did that by clicking on Wireless
Network Options in the previous screen,
| | 05:21 | and the sheet pulls down and gives you
a chance to name your wireless network
| | 05:26 | for the 5 GHz range.
| | 05:28 | It can be very convenient to just
leave the default name of your network,
| | 05:32 | plus the tag 5 GHz.
| | 05:33 | It tells people exactly what they're getting.
| | 05:36 | If you have a low multicast rate,
you're going to have better compatibility.
| | 05:41 | A high Multicast Rate will give you
better speed, but if you're having
| | 05:44 | devices drop off of your network quite a lot,
then you probably want to back it off to low.
| | 05:48 | If you want to tweak these settings
trying to go for higher performance, you
| | 05:52 | can, but your compatibility is
going to be better down here on low.
| | 05:56 | And your Transmit Power, probably want
to be 100% unless you've got a lot of
| | 06:00 | AirPort devices that are all very close
together in which case you might want to
| | 06:03 | drop the power down so that you reduce
the amount of overlap and therefore the
| | 06:07 | amount of interference.
| | 06:08 | I am going to leave ours at 100%.
| | 06:09 | 5 GHz gives you the ability to
use either narrow or wide channels.
| | 06:15 | As it explains down here, the wide
channels provide higher throughput, but might
| | 06:19 | interfere with nearby networks that
are trying to use the adjacent channels.
| | 06:23 | We are going to use wide channels,
because we don't have that problem here, and
| | 06:26 | because I want to get the highest
performance possible through the pipe we are
| | 06:30 | creating here over the air.
| | 06:31 | Lastly, you can create a closed network.
| | 06:34 | What a closed network is
essentially is a hidden SSID.
| | 06:38 | This name of the network is considered
an SSID and it would be not broadcast.
| | 06:43 | So it would not be available in an
AirPort menu for people to select if you
| | 06:47 | check this checkbox.
| | 06:49 | I am going to leave mine visible
though because a hidden SSID doesn't really
| | 06:52 | give you much security.
| | 06:53 | There are far too many wireless scanners
out there and a lot of wireless devices
| | 06:57 | that will just see hidden SSIDs by
default and so hiding it doesn't do a whole
| | 07:03 | lot to secure your network.
| | 07:05 | Better to just choose good passwords.
| | 07:07 | I am going to click the Done button now.
| | 07:08 | We will come over here to Guest Network.
| | 07:10 | I'm going to enable the Guest Network,
because I like the idea of letting people
| | 07:15 | onto my wireless network so that they
can have the convenience of checking their
| | 07:19 | email or going to a website.
| | 07:21 | But I don't want that guest to
necessarily be able to see all of my company
| | 07:25 | resources over Bonjour on my local network.
| | 07:28 | So this accomplishes that quite nicely.
| | 07:32 | You can allow guest clients to
communicate with each other, but not communicate
| | 07:37 | with other devices on your network.
| | 07:39 | But I'm going to even leave that off.
| | 07:41 | That's going to be great there.
| | 07:43 | I'm also going to create some
security here, because I don't want people to
| | 07:45 | just tag on to my network and start
going to sites that I don't want them to go
| | 07:49 | to, because if they go some place really,
really bad, they're going there with
| | 07:52 | your public IP address.
| | 07:54 | That means that was your traffic.
| | 07:55 | So you're responsible for it.
| | 07:57 | Let's pop-in a Guest Password here,
and remember to write down all these
| | 08:01 | passwords in your documentation, so you
can remember what back they were later on.
| | 08:04 | We'll talk about RADIUS later on,
because that will be tied in later in another
| | 08:09 | chapter related to OS X server.
| | 08:12 | You can set Timed Access via MAC
Address, so when people connect up, you can
| | 08:16 | tell the system how much time
they're going to be allowed to get on or
| | 08:19 | simply not enable it.
| | 08:20 | At this stage, not enabling is probably easiest.
| | 08:23 | Then we are going to go from the
AirPort section over here to Internet.
| | 08:26 | This is where we are going to
configure the AirPort Base Station to get onto
| | 08:30 | our public network.
| | 08:31 | I am going to click on TCP/IP,
click on Manually, and enter our network
| | 08:36 | information which I've got written in our plan.
| | 08:39 | You're going to get this
information from your ISP as we mentioned in
| | 08:41 | the planning phase.
| | 08:42 | So if you've got DSL or a cable modem
or maybe you've even paid for a T1 or T3
| | 08:48 | or something like that, your ISP
will have given you this information.
| | 08:51 | This will be the public information
that's used to connect up to your Internet
| | 08:55 | Service Provider and up to the Internet.
| | 08:57 | Very importantly here we are
going to put in DNS Server(s).
| | 09:00 | One thing that we've noticed is a
bug in the automatic configuration that
| | 09:05 | doesn't immediately ask you for DNS server.
| | 09:08 | So if you chose to do your AirPort
setup in the Automatic phase, come in here
| | 09:12 | into the Manual section and take a
look here in the DNS Server(s) area.
| | 09:15 | If these are blank, that's your problem.
| | 09:17 | I'm putting in some IP addresses for
some old PacBell DNS servers that we know
| | 09:22 | are still up and running and still
allow public access for everyone.
| | 09:25 | No matter where you are, pretty much
you're probably going to have success
| | 09:29 | accessing DNS from these IP addresses.
| | 09:32 | Then you can put-in a search
domain for your Domain Name if you wish.
| | 09:35 | I am going to go ahead and do that.
| | 09:37 | Our domain name for the purposes of
this course is groundswellgear.com and
| | 09:42 | we'll be showing you how to register all
that stuff up on the Internet in another movie.
| | 09:45 | So DHCP;
| | 09:46 | this is where we choose the network
that's being handed out to all of our devices.
| | 09:50 | The 10.0 network is a
default for our Apple network.
| | 09:55 | Whenever our AirPort base station comes up,
it's going to start off with this by default.
| | 09:58 | But you can also choose 172.16 or
192.168 as a starting point here for
| | 10:04 | your DHCP, and this is going to
define what IP addresses are available on
| | 10:09 | your internal network.
| | 10:11 | So for example, if you chose to go to
192.168, it would change the IP addresses
| | 10:16 | that are being handed out to
client devices on your local network.
| | 10:19 | I am going to go ahead and do
that just because it's illustrative.
| | 10:22 | So I'm going to change this and I'm
also going to change this from the 1 range
| | 10:27 | up to something like 19.
| | 10:30 | One thing that's important to note here
is that whenever you're doing, and this
| | 10:33 | has to do with port forwarding later on,
when you're making this decision about
| | 10:37 | your DHCP, keep in mind that if you're
going to be using VPN later on, we'll
| | 10:42 | talk about that later, if you're going
to VPN from a remote network into your
| | 10:47 | office network, these network ranges
on the two networks that are going to be
| | 10:51 | connected via that VPN,
they've got to be a different range.
| | 10:54 | If they're identical, if they
start with 192.168.19 and you're on a
| | 10:58 | 255.255.255.0 subnet, those are on the
same network, and they're not going to
| | 11:03 | pass traffic between the
different networks on that VPN tunnel.
| | 11:07 | Similarly, you won't be able to access
any servers that are set up as .local if
| | 11:11 | you were to do stuff like that.
| | 11:12 | So be careful here, keep things
unique, and that will be good.
| | 11:16 | We also have the IP range for our Guest Network.
| | 11:19 | Remember over here in AirPort,
we set up a Guest Network.
| | 11:22 | Well, that needs its own
range which it's got right here.
| | 11:25 | So that's really all we need to set up,
the DHCP Lease, the Message, the LDAP
| | 11:29 | Servers, the Reservations, these are
all fine in their default settings.
| | 11:33 | If we come over here to the NAT Tab,
we are not going to enable the default
| | 11:36 | host, and we are going to
leave this at its defaults as well.
| | 11:39 | So at this point, we have everything
set up the way we need to be set up in
| | 11:44 | order to move forward.
| | 11:46 | We could plug-in a USB printer, and
configure that here, we could plug in a USB
| | 11:50 | disk, and configure that for file
sharing if we wanted to, and we could even
| | 11:54 | configure some advanced Port Mapping settings.
| | 11:57 | We'll be doing that a little bit
later on and I'll show you how to do that
| | 11:59 | whenever we get into server app and
how to make server app control your
| | 12:03 | AirPort Base Station.
| | 12:04 | We could also add a MobileMe member
name here, which would allow us to gain
| | 12:08 | access to this MobileMe enabled device from
anywhere on the Internet, and we can control IPv6.
| | 12:14 | But I'm not going to
change any of these defaults.
| | 12:16 | I am going to leave it exactly where
it is, and I'd like you to do the same,
| | 12:19 | because if you just change your
settings so that they are similar to what
| | 12:23 | we've done here and click Update,
your network should function just fine
| | 12:28 | whenever it restarts.
| | 12:30 | After this restart, you ought to be
able to open up Safari and go to a webpage.
| | 12:34 | We are going to watch this restart,
we are going to open up Safari, go to a
| | 12:38 | webpage to prove that it's
working, and then we'll move on.
| | 12:42 | Now it is worth mentioning that if
you've changed the range on your network
| | 12:46 | in this process, the client machine you're
working from might be on an older DHCP address.
| | 12:52 | So it could be a good troubleshooting
tip at this point for you to go into
| | 12:55 | your Network System Preferences and
refresh your DHCP settings, so that you're
| | 12:59 | sure to get an IP address on the
new network you've just set up on your
| | 13:03 | Extreme Base Station. Okay.
| | 13:05 | So our Base Station is back up and
running, we have a green indicator light
| | 13:08 | that's telling us that
everything is set up normally.
| | 13:10 | If I go back here into Launchpad,
and I find Safari, here we are!
| | 13:16 | We've gotten ourselves to a webpage.
| | 13:18 | If you didn't get to a
webpage, a couple of suggestions;
| | 13:21 | one is come back into your Base
Station and come over to Internet and take a
| | 13:26 | look at the settings in this tab.
| | 13:29 | In the TCP/IP Tab, you're going to want
to look at your IP address, your subnet
| | 13:33 | mask, your router address, your DNS.
| | 13:36 | Those things are going to be the
primary sources of possible typos or
| | 13:41 | misconfigurations that might be hanging you up.
| | 13:44 | Make absolutely certain that you've
got these addresses all right and that
| | 13:49 | you've got DNS servers
that you can actually get to.
| | 13:52 | One quick point about troubleshooting
this is that you can go to Utilities
| | 13:57 | right over here, go to Network Utility, and
you can do things like Ping your DNS servers.
| | 14:02 | We are getting responses here.
| | 14:05 | If you see time with number in
milliseconds, you're getting responses.
| | 14:09 | You can do Lookups and look up
something that you know is going to be online.
| | 14:13 | Apple is never going down.
| | 14:15 | Here you see we've done
our question; www.apple.com.
| | 14:18 | It shows the Question Section right here.
| | 14:21 | So that's the question and if your DNS
server is responding properly, it's going
| | 14:25 | to give you an answer and even if it
doesn't give you an IP address, it's going
| | 14:29 | to give you an answer.
| | 14:30 | So you're all set there.
| | 14:31 | If those troubleshooting steps don't
work, come back in here, double-check your
| | 14:35 | information, and try
reconfiguring your AirPort Base Station.
| | 14:39 | But at this point, you should be
online and we should be able to go on to the next step.
| | Collapse this transcript |
| Extending your network using Airport Express| 00:00 | All right, so in between movies we
have plugged in an AirPort Express Base
| | 00:05 | Station that looks like this.
| | 00:07 | If you go out and buy one,
they are about 80 bucks.
| | 00:09 | It can't be a greater way to extend
your wireless network range than just
| | 00:13 | plugging an AirPort Express Base
Station into an Ethernet cable that is strung
| | 00:19 | between it and your
AirPort Extreme Base Station.
| | 00:22 | That's how we have got these guys connected.
| | 00:24 | They are not connected wirelessly but
what's happening is this guy is serving
| | 00:28 | out a network and what we are about to do is
configure this guy to serve out the same network.
| | 00:33 | It's going to be totally awesome.
| | 00:34 | So we are going to click Manual Setup.
| | 00:35 | It's going to read the configuration.
| | 00:37 | We have got the same sort of information here.
| | 00:39 | Note we don't have a 5 gigahertz radio.
| | 00:41 | We have only got the 2.4 in
the AirPort Express Base Station.
| | 00:45 | So the range that we are
extending is the 2.4 not the 5 gigahertz.
| | 00:50 | That's an important point of interest there.
| | 00:53 | So we are going to go with the new name.
| | 00:54 | The other was the Office, let's call
this one the Library just because that's we
| | 00:59 | are putting it and we are
going to give it a password.
| | 01:02 | For the sake of unity and the sake of my
sanity I am going to give this the same
| | 01:07 | admin password that I gave to my primary.
| | 01:09 | I am only doing that because I just
really need less passwords in my life, but
| | 01:15 | you can do whatever you would like.
| | 01:17 | A unique password of course
gives you better security.
| | 01:19 | Similarly, I'm recommending that we
not turn on Remember this password in my
| | 01:23 | keychain, but I am for the class.
| | 01:25 | We are going to set our Time Zone
automatically using time.apple.com as we did before.
| | 01:29 | Time Zone, that's where we are,
set your Time Zone appropriately.
| | 01:32 | We are going to allow going to Allow
setup over WAN in this particular case
| | 01:35 | because I want to be able to
configure this from the connection over the
| | 01:39 | plugged-in Ethernet port.
| | 01:40 | Remember, we have got an Ethernet cable
connecting these two, and in the case of
| | 01:45 | the AirPort Express that wired Ethernet
connection is the WAN port, so if turn
| | 01:50 | this off we won't be able
to configure it that way.
| | 01:52 | It's not the worst thing in the world
but if you turn this off you will only be
| | 01:55 | able to configure this guy while you're
connected to the wireless network, that
| | 01:58 | could be restrictive.
| | 01:59 | So we are going to leave that on.
| | 02:01 | We are also going to leave the rest of these
on a default and we come over here to Wireless.
| | 02:06 | Now here's the kind of important part.
| | 02:07 | I am going to come over here and I am
going to open up Lion. You can do this.
| | 02:11 | If you double click on any device in
the sidebar it will bring that device up
| | 02:15 | over here in a separate window
and you can compare settings.
| | 02:18 | This makes it much, much
easier to do things like this.
| | 02:21 | Wireless Network Name, okay.
| | 02:22 | Well, I know I want those to be the same.
| | 02:24 | So I am just going to copy and I am
going to paste right over here, because
| | 02:28 | if these guys are serving up the same
network and I put them far enough away
| | 02:32 | from one another, whenever you walk
from one to the next what's going to
| | 02:35 | happen is your device, say you're on
an iPhone and you're walking from the
| | 02:39 | library into the office.
| | 02:41 | Well, if the library is on one end of
your office building and the office is in
| | 02:45 | the other end of the office building,
the phone will just hop onto the strongest
| | 02:50 | network as it gets to it as long as the
network name is the same and you'll only
| | 02:54 | have to enter the name and the password once.
| | 02:56 | That's pretty cool!
| | 02:58 | So we are going to set that up that way.
| | 03:01 | We're going to go with a different channel.
| | 03:03 | So remember we have the other one set to
its own channel and I believe we are on
| | 03:08 | Channel 1, so we are going to go with
Channel 11 on this one, maybe it was far
| | 03:13 | away as we possibly can in the spectrum.
| | 03:15 | If we were going to add a few more of
these remember what I said, we can stick
| | 03:18 | to 1, 6 and 11 but I am going to keep
these two channels as far away from each
| | 03:22 | other as I can get them. All right!
| | 03:24 | We are going to go with n, b/
g compatible. That's great!
| | 03:27 | We are also going to go with WPA2
Personal Security and we are going to pop-in
| | 03:32 | the same password, very important that
we put in for the network over here on
| | 03:39 | the other base station.
| | 03:41 | Wireless Network Options, this is
going to be a slightly different looking
| | 03:44 | configuration screen.
| | 03:45 | I am going to stick with the defaults.
| | 03:47 | If the defaults are working for you, fantastic;
| | 03:49 | if you find that people are getting
kicked off of your network, if you've opted
| | 03:53 | to 11 megabits per second Multicast
Rate you can try dropping it back down to a
| | 03:57 | lower Multicast Rate and if your
airports as I said before are really close to
| | 04:01 | one another you might want to
drop the Transmit Power down.
| | 04:03 | I am going to leave these at the defaults.
| | 04:05 | That's all fine and I'm going to come over
here to Internet, and I am going to go to TCP/IP.
| | 04:12 | It's Using DHCP to pull its IP address
but it's handing out its own DHCP network.
| | 04:17 | I don't want it to do that.
| | 04:18 | So what we are going to do is we are
going to turn the Connection Sharing Off
| | 04:23 | and put it in Bridge Mode.
| | 04:25 | This doesn't communicate
exactly what it's doing.
| | 04:27 | Off makes it sound like it's
not going to share its connection.
| | 04:30 | It is going to share its connection
but it's going to share its connection in
| | 04:34 | what's called Bridge Mode.
| | 04:35 | So what's going to happen is all of the
DHCP settings, so the settings that hand
| | 04:40 | out IP addresses are coming from
the AirPort Extreme Base Station.
| | 04:43 | They are going to flow through
the AirPort Express out to clients.
| | 04:47 | So the AirPort Express is just like I
said before extending the other network.
| | 04:53 | All right, so we have got that in Bridge Mode.
| | 04:55 | DHCP is going to be completely fine.
| | 04:57 | This can be dynamic;
| | 04:58 | it doesn't need to be on its own
static address and as you can see here it's
| | 05:01 | pulling in the DNS Server of 192.168.19.1.
| | 05:05 | All that means is this main AirPort
Extreme Base Station as we can see here;
| | 05:10 | it already has DNS Servers configured.
| | 05:12 | So the Express is just going to pass those
requests right through that AirPort Extreme.
| | 05:17 | Everything else we can leave pretty much
as it is and if we want and this is the
| | 05:22 | coolest stuff, we can Enable AirPlay.
| | 05:24 | I am going to click Update and then we
will come back, we'll talk about AirPlay.
| | Collapse this transcript |
| Installing and using AirPlay| 00:00 | When I left off, we were looking at
our AirPort Express and we had Enabled
| | 00:04 | AirPlay and I said we are going
to talk about what AirPlay is.
| | 00:07 | So first thing is the AirPort Express
allows you to play music through it to
| | 00:13 | connected powered speakers.
| | 00:15 | So you know how you plug speakers
into your computer using the headphone
| | 00:19 | jack, same kind of idea.
| | 00:21 | There's a little headphone jack on
the bottom of the AirPort Express.
| | 00:23 | You plug in your powered speakers and
then through iTunes, you can target this
| | 00:27 | little guy and have it play music
through the AirPort Express. Very, very cool!
| | 00:32 | So you do that by Enabling AirPlay.
| | 00:34 | It's on by default,
whenever you plug in an Express.
| | 00:37 | And the Express is by default going to pick up
the name of the AirPort that you created here.
| | 00:41 | We called ours Library so it's
picking up Library, and it gives you the
| | 00:45 | opportunity in here to configure a password.
| | 00:48 | I'm going to go ahead and do
that and I'm going to click Update.
| | 00:51 | While I'm clicking Update, I'd
like to point out something else.
| | 00:55 | If there were a Firmware update
available for AirPort Express, it would give us
| | 00:58 | a little amber light and it would
ask us to go out and get new software.
| | 01:01 | If yours is doing that, please go out
and do that because having your equipment
| | 01:05 | on the latest Firmware is important.
| | 01:07 | While this is restarting, I'd like to
talk about another device that we're
| | 01:10 | also working with here on our little local
network that you'll see when we open up iTunes.
| | 01:14 | That's an Apple TV.
| | 01:16 | Now the Apple TVs probably are
going to ship to you with a slightly
| | 01:21 | out-of-date firmware.
| | 01:23 | So one of the first things I want you
do is when you plug your Apple TV into
| | 01:27 | your television, maybe you've got a
great big beautiful LED or Plasma display
| | 01:31 | in your waiting room or in an entrance
area where you want to play a slide show
| | 01:37 | of promotional photos about your
products or your services, maybe you've got a
| | 01:41 | video that you want to put on a loop
or something like that, that's why we're
| | 01:44 | showing you this because I think that's the
kind of thing you guys might want to be doing.
| | 01:48 | Make sure you get into that Apple TV,
go over to the General menu and pull down
| | 01:52 | to the selection that says Update Software.
| | 01:54 | And you're going to update that software,
you're going to let it run through the
| | 01:57 | process of downloading.
| | 01:59 | It's going to take less than five
minutes probably. Let it restart.
| | 02:02 | When it does, you'll be at the
latest version of the Firmware and your
| | 02:05 | functionality should be roughly
similar to what we're showing you here.
| | 02:09 | Now because this title is going to be
out there online for a really long time,
| | 02:13 | your results may vary.
| | 02:14 | Apple is going to update the versions
of these things and new functionality may
| | 02:18 | become available, but this is what was
available at the time we recorded this.
| | 02:22 | So next thing I'm going to do, our
Library is restarted, is I'm going to do my
| | 02:26 | four-finger pinch and get into
Launchpad, I'm going to open up iTunes.
| | 02:30 | We come right here to our music.
| | 02:31 | So we've got some music already set up
here, we've also got some movies in here.
| | 02:35 | Let's start by playing
music out to all of our devices.
| | 02:38 | You can see down here we have our
AirPlay menu and we can come in here, we can
| | 02:43 | select Multiple Speakers, and here
we have all of our speakers available.
| | 02:49 | We can turn on the Apple TV,
we can turn on the Library.
| | 02:53 | Because the Library is password-
protected, we have to enter in the password.
| | 02:57 | And for convenience on this station, if
this is the only workstation I want to
| | 03:01 | be able to play to that Library
AirPort Express, I can just click Remember
| | 03:04 | password and from this
point forward it won't ask me.
| | 03:08 | And I can change my volume levels.
| | 03:09 | I can put the TV down, I can bring
the Library down if it's got really
| | 03:13 | overpowered speakers, or I can
bring its volume up higher if it's got
| | 03:17 | under-powered speakers.
| | 03:18 | Just get your levels all set up the
way you want them to be room to room, you
| | 03:22 | can totally put each of
these things in different rooms.
| | 03:24 | In fact, that's one of the ways
that this is intended to be used.
| | 03:27 | And we've named this library which is
kind of nice because this means that now
| | 03:31 | whenever we're playing music to the Library,
we know exactly where that music is going.
| | 03:34 | It makes it easy for us.
| | 03:36 | So if I close this, now you can see
that we're told down here that we're going
| | 03:40 | to be playing to 3 speakers.
| | 03:41 | If I come in here and I start playing
this song, it takes a couple seconds to
| | 03:45 | buffer it out, and now it's
playing in unison to all of our devices.
| | 03:49 | It's playing out of the Apple TV on
our television, it's playing out of our
| | 03:54 | AirPort Express, and
everything is working great.
| | 03:58 | So this can be useful for parties, this
could be useful for music in the office
| | 04:03 | that you just want to stream to
different rooms, however you want to use that.
| | 04:06 | But what if you wanted to use your
Apple TV to play a looping video of surfers
| | 04:13 | surfing and have that up on a
Plasma TV in the entrance to our store.
| | 04:17 | So before we do that, note that we
have all three of these selected;
| | 04:20 | Library, Apple TV, and Computer.
| | 04:22 | So if we come over here and we double-
click on the movie, you'll notice that it
| | 04:26 | comes up and it plays full-screen within iTunes.
| | 04:29 | And that's because iTunes doesn't
support transferring the audio and the video
| | 04:35 | out to multiple devices at the same time.
| | 04:37 | If you're playing video, that
will go out just fine to an Apple TV.
| | 04:40 | You see the Library is missing now in that menu.
| | 04:44 | So what we would have to do is from
here, we could hit Play, select Apple TV
| | 04:48 | from that menu, and now
it's going out to our Apple TV.
| | 04:52 | If we'd only had Apple TV selected in
the beginning, it would have only gone
| | 04:55 | there and it would have just gone
directly to Apple TV, and this would have been
| | 04:58 | the first thing you would have seen.
| | 04:59 | And right now on our Apple TV in the
other room, our video has started playing.
| | 05:03 | So we can stop that, hit
the little x to come back.
| | 05:08 | We could then do the same thing
with a different video if we wanted to.
| | 05:10 | Send that little guy out to the Apple
TV and it starts playing out over our
| | 05:15 | network to our Apple TV on
our Plasma screen. All right!
| | 05:19 | There's some really cool
functionality here that allows you to integrate
| | 05:23 | your AirPort devices with an audio
network or a video network and I wanted
| | 05:28 | to show that to you.
| | Collapse this transcript |
| Sharing your name with the world| 00:00 | Now that we have our network
configured properly to host our server and our
| | 00:05 | services, we need to get the Internet
prepared for us because we of course want
| | 00:09 | clients to be able to get to our server
from the outside world as I like to call it.
| | 00:15 | You might hear me refer to this
in this way throughout the course.
| | 00:18 | Anything that's on our internal
network I'd like to refer to as the inside
| | 00:21 | world, and anything that's on the
Internet or outside on the WAN I call the
| | 00:26 | outside world, that's just a meat thing.
| | 00:28 | So anyway we are going to open up Safari.
| | 00:30 | We are going to do our pinch to get
into the Launchpad and open Safari.
| | 00:35 | We're using Network Solutions here;
| | 00:37 | you could use any DNS registrar you like.
| | 00:39 | This is just the one that we've used
previously for this domain so we are going
| | 00:43 | back in to use them again and we
are going to click on Manage Account.
| | 00:46 | Now when we do we are going to click Login and
we are going to put in our Login information.
| | 00:53 | Once we've entered out User ID and our
Password we can click on any of these shortcuts.
| | 00:58 | I like going straight to Manage My
Domain Names and clicking on Login.
| | 01:03 | This takes us directly to our domain.
| | 01:05 | We've already registered groundswellgear.com.
| | 01:08 | Once we are logged in you see here we
have groundswellgear.com available to us.
| | 01:13 | Your domain would be here.
| | 01:14 | If you have not already purchased a
domain you'll want to purchase a domain and
| | 01:18 | we give you instructions on how to do
that in our Snow Leopard server titles and
| | 01:22 | go back and watch that there.
| | 01:24 | But here we've already got a registered domain.
| | 01:26 | We are going to assume that we are
starting from that point, click Edit right
| | 01:30 | next to Advanced DNS Settings.
| | 01:32 | Next thing we're going to do is scroll
down here and you'll see we have all of
| | 01:35 | our A Records in a list, we have our MX
Records here, we have our CNAME Records
| | 01:40 | here, our TXT Records here
and our SRV Records here.
| | 01:44 | We are going to quickly go through each
of these and make sure they are pointing
| | 01:47 | to the correct location.
| | 01:49 | Our TTL is set to 3600, that's in
seconds, we set that to the lowest possible
| | 01:54 | number awhile ago so that our records
would update quickly during this process,
| | 02:00 | but this is the minimum
that network solutions allow.
| | 02:02 | So even though we want this to go quickly
still going to take longer than we probably like.
| | 02:06 | If we wanted to edit our A Records we click
on Edit A Records and then we can scroll down.
| | 02:12 | By default our www.
backgroundswillgear.com is going to our primary IP
| | 02:17 | address externally.
| | 02:18 | This is the one that's hitting the WAN
port or the outside port on our airport
| | 02:23 | extreme base station.
| | 02:25 | Nothing in front of groundswellgear.
com is going to do the same thing.
| | 02:29 | Anything else, this is the (All
Others), asterisk is going to go there as
| | 02:33 | well, and then we've got a couple of specifics
in here too, one for mail and one for server.
| | 02:38 | Now these are all A Records and
we don't have to do this, this way.
| | 02:43 | For example, if we wanted to we could take
mail out of here, click Continue. There we go.
| | 02:54 | So I remove the entire line and it says,
okay, we are going to delete that record.
| | 02:57 | No problem.
| | 02:58 | It's going to take up to 24 hours to
update throughout the Internet. That's fine.
| | 03:01 | Click Save Changes.
| | 03:02 | The reason why I did that is I
wanted to show you something else.
| | 03:05 | We're going to skip down from A
Records all the way down here, there we are,
| | 03:10 | Host Aliases (CNAME Records).
| | 03:11 | This is another way to get
multiple names over to a system.
| | 03:15 | So for example we took out mail.
| | 03:17 | We can put in mail here, give it
that shorter TTL and talk about what
| | 03:24 | that's pointing to.
| | 03:25 | This would be pointing to our server
at server because that's the name that
| | 03:30 | we've already got in there. Continue.
| | 03:34 | And this is interesting.
| | 03:35 | Because we've just deleted mail,
Network Solutions hasn't had time to update
| | 03:40 | their records, we ran into
this earlier in our testing.
| | 03:43 | So you might have to wait a
little while for this to take place.
| | 03:45 | Let's put in another one just for fun.
| | 03:48 | Let's put in afp for example because
maybe we've got a file sharing server that
| | 03:53 | we want people to be able to get to.
| | 03:54 | We can put in afp here and that's going to
point to our server, that's at the server name.
| | 04:00 | Click Continue.
| | 04:01 | Changes will take up to 24 hours, that's fine.
| | 04:04 | So what this would allow us to do is
enter afp.groundswellgear.com and any
| | 04:08 | request that we made of that name
would automatically be directed to
| | 04:12 | server.groundswellgear.com.
| | 04:14 | Then I click Save Changes.
| | 04:17 | So as you can see server.
groundswellgear.com is pointing to our external IP
| | 04:22 | address and because we have the alias
pointing to server it's going to route
| | 04:27 | properly to that number.
| | 04:28 | So it's going to hit the WAN
port on our airport base station.
| | 04:32 | So let's talk about mail.
| | 04:32 | Right now we've got mail, an MX
Record for mail.groundswellgear.com.
| | 04:37 | Let's edit that MX Record in here.
| | 04:39 | Priorities on Mail Records or
MX Records are highest to lowest.
| | 04:44 | The lowest number is going
to be the highest priority.
| | 04:48 | Just keep that straight.
| | 04:49 | If you've got multiple e-
mail servers you could do this.
| | 04:52 | Additionally if you have more than one e
-mail provider, for example if you are
| | 04:57 | hosting your own e-mail in-house
but maybe you've got a ISP doing a
| | 05:02 | store-and-forward service for you so
that they can hold onto mail just in case
| | 05:06 | your Internet access goes down
and your mail server goes down.
| | 05:09 | You could put them in here as maybe a higher
number and that could be just about anything.
| | 05:15 | I am not going to type anyone in here
in particular, I don't want to show any
| | 05:17 | favoritism but you could put in any
mail domain name and just hit Continue and
| | 05:21 | that would say, listen, if this server
is available, deliver mail there, but
| | 05:27 | if this one is not available go to the
next highest priority and deliver it to
| | 05:31 | the next domain name.
| | 05:32 | All right, so I just wanted to
point that out before we moved forward.
| | 05:36 | Next, we need to put in an SPF record
or a Sender Policy Framework Record so
| | 05:42 | that mail servers will trust us basically.
| | 05:45 | There are a lot of different ways that
you can fill this out but there's one
| | 05:47 | format that will sort of generically cover
you and I wanted to put that in here now.
| | 05:53 | So I've just finished typing my text
record here and you're going to start
| | 05:57 | with v=spf1 and then a space and then
an a and then a space and another and a
| | 06:03 | Colon and then the fully-qualified
domain name used by the MX Record or the
| | 06:09 | Mail Redirect space-all.
| | 06:11 | Once you are done with that click Continue.
| | 06:18 | And you can review your work right here,
make sure you don't have typos, Save
| | 06:22 | Changes, and you're set.
| | 06:25 | Okay, that's going to help with mail
and security with mail on the Internet.
| | 06:30 | So SRV Records take a request for a
service if a computer is set up with for
| | 06:37 | example iCal or Address Book and the
Calendar is being configured to find a
| | 06:43 | server that provides for
example calendar services at a domain.
| | 06:49 | What the SRV Records serves to do is
send that request to the correct hostname,
| | 06:56 | the correct host computer in
order to find that service.
| | 07:00 | So for example, we've only got one
server so it's sort of everything is going
| | 07:04 | to one server but if you had multiple
servers you could configure Address Book
| | 07:09 | on one, iCal service on another, and
you could configure SRV Records that would
| | 07:13 | take groundswellgear.com and redirect
it to ical.groundswellgear.com for the
| | 07:20 | Calendar services or to addressbook.
groundswellgear.com for the Address Book services.
| | 07:26 | This would be very, very useful if
you were splitting up your services
| | 07:30 | across multiple servers.
| | 07:32 | We are doing sort of the same thing
because we've got a lot of different names
| | 07:35 | for our server in order to try to
approximate that and show how that would work.
| | 07:39 | So let's get started by going in
here and clicking Edit SRV Records and
| | 07:44 | entering that data now.
| | 07:45 | We are going to click Edit SRV
and we are going to start here.
| | 07:58 | That one takes care of our server.
| | 07:59 | Next, we will move on to configuring the client.
| | 08:10 | Having the server and the client SRV
settings now our client and server both
| | 08:15 | will know when in the groundswellgear.
com domain that the XMPP otherwise known
| | 08:21 | as Jabber or the iChat server
service goes to server.groundswellgear.com.
| | 08:25 | It allows that service to auto discover
and make a complete chain to that name.
| | 08:31 | You can also configure SRV
Records for Address Book and iCal.
| | 08:34 | I've just gone ahead and
configured the one for the iChat service.
| | 08:37 | If you're faced with a page like the
one here on Network Solutions where you
| | 08:40 | don't have _carddav or _caldav, you
don't really have much of an option, they
| | 08:46 | don't give you that custom capability here.
| | 08:49 | Other sites may give you that;
| | 08:50 | your mileage may vary depending
upon who your DNS registrar is.
| | 08:53 | On your internal network if you
custom configure DNS you can add those
| | 08:58 | service records internally.
| | 08:59 | The big thing to take-away here is that
if you don't have these SRV Records you
| | 09:04 | don't really have to worry about it
because you can just put the fully qualified
| | 09:08 | domain name of your server into the
target acquisition preferences essentially.
| | 09:13 | Whenever you are first setting up your
accounts in iCal or Address Book you can
| | 09:18 | put the fully-qualified domain name of
the server and it will obviously find
| | 09:21 | that because it will be able
wrap the correct IP address.
| | 09:24 | But that's entering an SRV Record.
| | 09:26 | We are going to click Continue
and we will click Save Changes.
| | 09:31 | Now we've already done A Records,
we've done MX Records, we've done CNAME
| | 09:36 | Records, we've done TXT Records, and
we've done SRV Records, so we're just about
| | 09:41 | done, but if you recall our CNAME Record
didn't complete successfully because we
| | 09:45 | had a little bit of a time out there.
| | 09:46 | So I'm going to come in here and
hope that we have given it enough time.
| | 09:51 | I am going to click server there.
| | 09:53 | I am going to click down here at
the Continue button. There we go.
| | 09:57 | So this system has updated and it knows
that there is no A Record from else so
| | 10:01 | it was allowing us now to
put in our mail information.
| | 10:04 | You'll notice that this
didn't update right-away.
| | 10:07 | We just put in mail, we
confirmed it but it didn't show up.
| | 10:09 | There seems to be a little bit of a lag with
Network Solutions, so just give it some time.
| | 10:13 | I'd say wait a good 30 seconds to a
minute before you panic and go back and then
| | 10:16 | try to edit anything.
| | 10:18 | You can also click the Refresh
button here to try to get new information.
| | 10:21 | Once you're confident that your
settings have been saved properly go ahead and
| | 10:25 | close Safari and we'll
move on to the next movie.
| | Collapse this transcript |
| Reserving an address for your server| 00:00 | All right, so, a couple of last
housecleaning things here in Chapter 02 before
| | 00:04 | we move onto Chapter 03.
| | 00:05 | First thing is the dock is taking up an
awful lot of vertical real-estate here
| | 00:08 | while we're recording.
| | 00:09 | So in order to give us a better view
and more screen real-estate to work with,
| | 00:12 | we're going to go to the Dock menu,
we're going to turn Hiding on.
| | 00:15 | I just didn't want anybody
to find that disconcerting.
| | 00:17 | So now we've got a nice, big
clean blue space in front of us.
| | 00:20 | The other thing we're going to do is
we're going to do the four-finger pinch on
| | 00:24 | our trackpad and we're going to open up
the AirPort Utility and we're going to
| | 00:29 | do a final little thing before we set
up our server, we're going to marginally
| | 00:34 | change the DHCP pool.
| | 00:36 | I am going to go into Internet, and go
to DHCP, and you see how we're starting
| | 00:40 | it to and we're going all the way to 200.
| | 00:42 | We certainly don't have that many
devices and I'd kind of like to use some of
| | 00:46 | these lower device numbers for other
things that are going to be static.
| | 00:50 | So I'm going to start this pool upwards a 50.
| | 00:53 | We still have the range of 50 to 200,
that's going to be completely fine but it
| | 00:59 | gives us some additional range which is nice.
| | 01:02 | The other thing we can do is we can
enter a DHCP reservation for our server, so
| | 01:06 | that whenever the server comes
up, we already know the address.
| | 01:09 | So all we have to do is put-in a description.
| | 01:11 | Let's call this one our Lion Server.
| | 01:15 | We're going to use the Mac address and
we're going to type-in the Mac address.
| | 01:21 | If you don't know where to find the Mac
address on your computer, don't worry,
| | 01:25 | it's actually printed on your box.
| | 01:27 | The box that your Mac Mini Server or
your Mac Pro Server came in is labeled with
| | 01:32 | the hardware serial number, and
the Ethernet and AirPort Mac Address.
| | 01:36 | You're going for the Ethernet Mac Address.
| | 01:39 | It will be two digits, separated by a
colon, with two digits, separated by
| | 01:43 | colon, separated by, you know, that
sort of pattern, and ours is going in now.
| | 01:50 | So as you can see it can be a
combination of letters and numbers, lowercase is
| | 01:53 | where we want to go with this and we
want to tell it the IP address that we're
| | 01:56 | going to put on this device
every single time it starts up.
| | 02:00 | So I'm going to start with .2 because
I want to keep this nice and low in the
| | 02:05 | range, and then we click Done.
| | 02:08 | That way from that point forward, that
machine will always get that address.
| | 02:12 | It's a handy way to make sure that your
server is always going to be at the same address.
| | 02:16 | So we are going to click Update now and Continue,
and that's the last bit of our housekeeping.
| | 02:22 | The next thing we're going to do is
get into our server and we're going to
| | 02:25 | configure it just as it would
be coming right out of the box.
| | Collapse this transcript |
|
|
3. Laying the Proper Foundations During SetupUnderstanding the upgrade process| 00:00 | Before we get started, it is
important that I provide some words of warning
| | 00:04 | about what we are about to undertake.
| | 00:07 | Though this appears simple, nothing
about any server product is simple once you
| | 00:11 | start peeling away the layers.
| | 00:13 | As such, virtually everything we do in this
course will work perfectly until it doesn't.
| | 00:20 | When things don't work, you might find
it hard to roll back to a place where
| | 00:24 | things worked once again.
| | 00:26 | Because of this fact, I recommend that
you use this course to learn on hardware
| | 00:31 | and software that you feel
comfortable erasing if necessary.
| | 00:36 | Never try to learn on hardware that
contains important information, especially
| | 00:41 | if that information is not backed up in
a way you have proven you can restore.
| | 00:46 | When we upgrade Snow Leopard Server to
Lion Server in this title, we do so to
| | 00:50 | show you what you can expect and how
to perhaps save yourself some time.
| | 00:55 | While the upgrade process is the most
likely forward migration path to succeed
| | 01:00 | from Snow Leopard Server, it is still to be
approached with caution, and a solid backup.
| | 01:06 | When performing an upgrade, it would
be best to have a full system clone on
| | 01:10 | another hard-drive available for
redeployment if the initial upgrade process
| | 01:15 | fails for some reason.
| | 01:16 | The Lion's share of this course will
be conducted on a new Mac Mini server we
| | 01:21 | purchased specifically to show
off what the new hardware can do.
| | 01:25 | We highly recommend this path to Lion
Server as it is the least complicated path
| | 01:30 | to follow and will give you
the best chance of success.
| | Collapse this transcript |
| Upgrading a client| 00:01 | One of the most common upgrade paths to
Lion Server is to promote a Lion client.
| | 00:05 | In a previous movie, I showed you how to
download the Server Installer from the App Store.
| | 00:10 | I'll open the Applications folder and
find the server application that was
| | 00:14 | downloaded and we'll open it now.
| | 00:15 | Once you open it, you'll be presented
with the welcome screen, and you need to
| | 00:18 | click through the buttons
necessary to start the process.
| | 00:22 | You agree to the License
Agreement. It says, hey!
| | 00:25 | You know what?
| | 00:25 | Your Mac needs additional server
software, and we're going to have to download
| | 00:29 | this stuff and install it
in order to get you going.
| | 00:31 | See, the thing is when you purchased
server from the Apple Online App Store,
| | 00:36 | what it did was it downloaded this installer.
| | 00:38 | If you think of it as like server
app light, it's only got some of the
| | 00:42 | software already there.
| | 00:43 | What we do now is we click Continue,
we log in as our administrative account.
| | 00:47 | On this client Mac Mini that we've
got set up here, I just created a local
| | 00:51 | account, called Local
Administrator and gave it a password.
| | 00:54 | So we'll log in with that and click Continue.
| | 00:57 | So what happens next here is the
server app will go out and it will download
| | 01:01 | all of the necessary server software,
it will run the full installation, and it
| | 01:06 | will install it for you, it'll get it set up
and then it'll walk you through your next steps.
| | 01:10 | We're going to let this process finish and
then I'll talk to you about what happens next.
| | 01:14 | When server app is finished doing its
initial installation, it will just give
| | 01:17 | you this Finish button which you can click.
| | 01:20 | It will open up and it'll start
asking you what you'd like to do next?
| | 01:24 | There's this area down here at the
bottom for your next steps, and you can go
| | 01:28 | straight through them.
| | 01:29 | It starts you off with how to
configure your network, with really nice
| | 01:33 | instructions on how to do that
along with your specific information.
| | 01:38 | Notice, this is not a random IP
address it picked out of some place, this is
| | 01:42 | actually the IP address this machine
happens to have right now, that it picked
| | 01:46 | up over its DHCP connection.
| | 01:49 | It's also telling us what the .
local name of the machine is.
| | 01:53 | So if you just go about the process of
upgrading an existing client system, you
| | 01:58 | won't end up having a fully
qualified domain name by default.
| | 02:02 | None of the additional work that we
talk about has been done at that stage.
| | 02:06 | So you'll need to make some changes here.
| | 02:10 | I would just recommend
following through these steps.
| | 02:12 | They're great, and they'll get you
started on a system that you've just upgraded
| | 02:16 | from client because you thought
it would be great to use a server.
| | Collapse this transcript |
| Upgrading from Snow Leopard Server to Lion Server| 00:01 | If you have an existing Snow Leopard
Server installation that you want to
| | 00:04 | upgrade to Lion Server, you're in for
a treat, because the upgrade process is
| | 00:09 | actually probably the best way to move
from a previous installation of any kind
| | 00:13 | of OS X Server into Lion.
| | 00:15 | It works better than the migration
process, and certainly is a lot easier and
| | 00:20 | works better than the manual
process of moving data over.
| | 00:23 | Let's get right into it.
| | 00:24 | First thing you want to have
obviously is a server running Snow Leopard.
| | 00:28 | The next thing you want to be
absolutely certain of is that your server meets
| | 00:32 | the new minimum requirements of Lion.
| | 00:35 | So we have to have that 64-bit
processor, got to have enough RAM, got to have
| | 00:40 | enough hard-drive space.
| | 00:41 | So once you're sure you've got those
things, you want to make sure your software
| | 00:44 | is up to 10.6.8 and you want to have
run the last Combo Updater that was
| | 00:50 | available from Apple for 10.6.8.
| | 00:53 | That's what we're going to be doing right now.
| | 00:55 | We are going to be upgrading our 10.6.8
version of Snow Leopard Server to Lion.
| | 01:02 | So we're going to quit Server Admin.
| | 01:03 | We've got our server all set up
here and it's working beautifully.
| | 01:06 | You don't want to upgrade a
system that's not working well.
| | 01:09 | If your system is broken or it's
exhibiting bad behavior, an upgrade is
| | 01:13 | not going to fix it.
| | 01:14 | In fact, it's probably
going to make matters worse.
| | 01:15 | So be careful there.
| | 01:16 | I am going to quit Server Admin.
| | 01:19 | In a previous movie in this chapter, I
showed you how to download the Lion and
| | 01:23 | Server Installers from the App Store.
| | 01:25 | Here we are in the Applications folder.
| | 01:27 | If you've downloaded Lion and Server
on another computer, copy them to the
| | 01:31 | Applications folder here
of your Snow Leopard Server.
| | 01:33 | Let's get started by double-clicking
Install Mac OS X Lion and it starts walking
| | 01:38 | us through our process, click
Continue, click Agree, click Agree again.
| | 01:44 | After agreeing to the last license
agreement, come over here and click on Install.
| | 01:49 | Type your Password and prepare to
wait for this process to complete.
| | 01:57 | This will take a while.
| | 02:00 | So we will fast forward now to the end of
this process, so you can see what happens next.
| | 02:05 | When that part of the process completes,
you'll be given a Restart button and if
| | 02:09 | you don't click on it, it will
automatically restart which is great, because if
| | 02:12 | you've walked away from this process, it's fine;
| | 02:14 | it will continue on its own.
| | 02:16 | We'll see you on the flip side
whenever this restarts for the
| | 02:19 | continuing installation.
| | 02:21 | Now, we've been taken to a Welcome
and registration screen and this is all
| | 02:25 | very straightforward.
| | 02:27 | It's kind of the same
thing that we've seen before.
| | 02:28 | We click Continue, we choose a keyboard
layout, we put-in our Organization Name;
| | 02:33 | in this case we're Groundswell Gear,
and we put-in an Admin Email Address.
| | 02:38 | I think I've said this before, but I'll
say it again, for Admin Email addresses,
| | 02:42 | please use Admin Email Addresses that
actually exist where you can truly receive
| | 02:46 | email, and it can be useful for the
Admin Email Address to be hosted on a server
| | 02:51 | other than the one where you're
setting up your new server software.
| | 02:55 | That way, if this server goes down,
people who have already collected that email
| | 02:58 | address will know who to contact and
the emails will actually get to you.
| | 03:02 | We are going to click Continue now and
the system goes through the process of
| | 03:06 | reading the configurations from your previous
install, and upgrading all of your services.
| | 03:11 | This process can take a short time
or a long time depending upon how many
| | 03:15 | services, how many users, how
much data you had on that old server.
| | 03:20 | I've seen this take anywhere from a few
minutes to nearly an hour depending upon that size.
| | 03:25 | Your mileage will certainly vary here.
| | 03:27 | Because this process takes a while, we
are going to fast forward to the end, so
| | 03:31 | you can see what happens next.
| | 03:33 | With our upgrade complete,
all we have to do now is log in.
| | 03:38 | The system completed our upgrade and
we logged in and now we have a fully
| | 03:42 | functional OS X server,
but now we're running Lion.
| | 03:46 | So the next steps for you to do in
your environment with your upgrade will be
| | 03:51 | to check from your client systems to make
sure that they're able to get their services.
| | 03:55 | So if you had iCal and Address
Book configured, make sure that those
| | 03:59 | connections are still working;
| | 04:00 | same thing with mail, check your
websites, check your wikis, make sure
| | 04:04 | authentication is working across the
board, all of those things should be
| | 04:07 | completely functional at this point.
| | 04:09 | There should be no additional
work needed from this point forward.
| | 04:13 | Another note about this process;
| | 04:15 | we don't necessarily recommend this
process, because this is an upgrade.
| | 04:20 | What we recommend is a completely
clean installation or best-case scenario,
| | 04:25 | you've gone out and you've purchased
either a new Mac Pro Server or a Mac Mini
| | 04:30 | Server, and you're going to be
setting this up from scratch.
| | Collapse this transcript |
| Starting up for the first time| 00:00 | The first time you pull your Mac mini
server out of the box, you're going to be
| | 00:04 | very excited, you're going to want to
plug it in, turn it on and make it work
| | 00:07 | right away, but there are few
things you're going to need to do first.
| | 00:10 | You're going to need to make sure that
it's plugged into adequate power, battery
| | 00:14 | backup would be recommended,
that would be fantastic.
| | 00:16 | If you didn't plan for that ahead,
it's not a bad idea to get it and you're
| | 00:19 | going to be plugging it into an
adequate network connection, right?
| | 00:22 | The gigabit network would be best and
we've already set up our AirPort Base
| | 00:25 | Station to hand a specific IP address
to this computer's Mac address with that
| | 00:31 | DHCP reservation that we did in Chapter 2.
| | 00:34 | So we can take advantage of that
right now, because, hey, we're on a
| | 00:37 | client system here.
| | 00:38 | I'm on Mac OS X Client;
| | 00:40 | I'm recording on this machine.
| | 00:42 | I want to remotely connect to my Mac
Mini server, which has been plugged in,
| | 00:47 | turned on, is on the network, is
connected to a little switch that's attached to
| | 00:51 | one of the LAN ports on my
AirPort Extreme Base Station.
| | 00:55 | Next step for me, go to the Go menu,
pull-down to Connect to Server, you could
| | 01:01 | also type Command+K on your keyboard and
get the same thing up, and you're going
| | 01:05 | to type vnc:// and in this
case for us, 192.168.19.2.
| | 01:13 | That's because that's the address
that we put into the AirPort Extreme Base
| | 01:16 | Station for our DHCP Reservation.
| | 01:19 | Because of that reservation we know the Mac
Mini server is going to have this address.
| | 01:24 | So it makes it really easy for
us to identify it and connect up.
| | 01:28 | Your address will possibly be different
on your network, so just put on whatever
| | 01:32 | you guys put in, we're going to click Connect.
| | 01:34 | Soon as you do it's going to ask you to
verify that you know the Username and Password.
| | 01:38 | Well, in this case it's going to be root,
because we still don't have any users
| | 01:42 | set up or still sitting in the
Startup screen position over on our server.
| | 01:46 | And unlike past versions, it used to
be you could authenticate right at the
| | 01:50 | Start Up screen with the first eight
characters of the serial number for your device.
| | 01:55 | Now they've changed that.
| | 01:56 | It's the entire serial number.
| | 01:58 | So we're going to put that in right now.
| | 02:02 | Now before we hit Connect, I don't want
you to get the impression that this is
| | 02:05 | necessary, but the Mac Mini Server
doesn't ship with monitor or display.
| | 02:09 | So if you just bought your Mac Mini
Server and you've got it plugged in and it's
| | 02:13 | turned on and you did everything else
that we've done up until now, this might
| | 02:18 | be the only way that you can
get in and look at the screen.
| | 02:20 | Of course, it's a heck of a lot easier
to just have a display that you can plug
| | 02:23 | the Mac Mini Server into and you could
do all of the clicking through the next
| | 02:27 | screens you're about to
see locally on that device.
| | 02:30 | We're just doing it
remotely to show you an option.
| | 02:31 | So we're going to click Connect, and so
this is the next thing that you'll see
| | 02:37 | whatever it makes that VNC connection.
| | 02:40 | I'm going to take this up full screen,
so we can see it all, in all of its glory.
| | 02:45 | We're now screen sharing with that
server and I think that's pretty cool.
| | 02:47 | So the first time you power this guy
up, you're going to choose a language.
| | 02:51 | Look at the beautiful animation.
| | 02:57 | The system is going to spend a
little bit of time evaluating the network.
| | 02:59 | You're always going to get these
indicators throughout the system;
| | 03:02 | you'll notice this whenever
we are in server app later on.
| | 03:04 | Once we've set this up you'll notice it here
in the Setup Assistance screen. Be patient.
| | 03:08 | If it feels like it's taking a really
long time to get something open, don't
| | 03:11 | just tap on Continue.
| | 03:13 | Don't worry about it, it will get there.
| | 03:15 | Click on United States if you're there,
if you're someplace else find your
| | 03:18 | country, click on it and click Continue.
| | 03:21 | Choose your keyboard type.
| | 03:23 | And we are not going to Transfer the
information from an existing Mac server.
| | 03:27 | In fact, and I'm sure this will get
better, but a 10.7.0 in our testing with
| | 03:34 | bunch of existing OS X servers, using
the migration from an existing Mac OS
| | 03:39 | X server into 10.7, has been less
successful for us, than simply performing
| | 03:46 | a straight upgrade.
| | 03:48 | If you're using 10.7.0 to do that, then I
would recommend that you do a straight upgrade.
| | 03:53 | If in the future that becomes more stable,
certainly you can choose Transfer the
| | 03:57 | Information from an EXISTING Mac
SERVER and you can transfer your stuff over,
| | 04:01 | but we're going to choose to
Setup a new server and click Continue.
| | 04:04 | This is our opportunity to put in an
Apple ID, if we already have an Apple ID so
| | 04:09 | that our registration
information can be automatically filled in.
| | 04:12 | We're not going to choose to put an
Apple ID in here now, but we will be working
| | 04:16 | with Apple IDs in the very near future.
| | 04:19 | Click Continue and then
click Continue. Click Agree.
| | 04:25 | Note that if you don't accept
you have to Shut your server down.
| | 04:28 | They just not let me go any further.
| | 04:30 | Click Agree, and then you can register.
| | 04:32 | I'm going to skip this step but Apple
would really like it if you would put this
| | 04:37 | stuff in here, because it helps them
to keep track of who's out there with
| | 04:40 | server installations, and I can tell
you the guys that are doing the server
| | 04:44 | programming would really
appreciate knowing who you are.
| | 04:47 | It helps them to know that they've
got customers out there, which will mean
| | 04:49 | they'll make more versions of
Mac OS X server. Click Continue.
| | 04:53 | Now this part is mandatory.
| | 04:55 | You've to create an Administrator's
Account as you always have had to do.
| | 05:00 | We're going to create one just like we've made
in the past, I'm going to Name it Server Admin.
| | 05:05 | If you just hit Tab then the Short
Name will fill in automatically for you
| | 05:08 | taking out any
capitalizations you put it and any spaces.
| | 05:11 | I'm going to hit Tab again and that
will take us to the Password field.
| | 05:16 | Now I'm going to put in our default
password here so that it's easy to remember
| | 05:20 | but you can put in a password that's
super hard for other people to guess, but
| | 05:24 | super easy for you to remember.
| | 05:26 | And also remember you've the
opportunity to put in a Password Hint here, which
| | 05:29 | they do recommend you do.
| | 05:31 | We're also going to leave this
administration enabled here in the
| | 05:34 | Administrator Account setup. This is new.
| | 05:37 | Under Organization we are going
to put in our organization name.
| | 05:40 | In this case, we are Groundswell
Gear and with the Admin Email Address
| | 05:46 | we're going to set up an address, and this
is sort of a chicken or the egg thing, right?
| | 05:50 | If we were setting this server up to be
an email server, should this be an email
| | 05:53 | address on that server or
should it be someplace else?
| | 05:56 | Basically, you want this to be an
address that as it says users can contact you
| | 06:00 | at as the administrator.
| | 06:02 | So if it's on a different
domain that's completely fine.
| | 06:05 | Just make this something that will
actually work, and we're just going to go
| | 06:08 | ahead and use serversupport@corequick.
com, because it's one that I have in
| | 06:13 | place for server administrations for people's
questions about servers and I know it works.
| | 06:18 | So I'm just going to do that, but you
use whatever you would normally use for
| | 06:22 | your customers or your users to contact you.
| | 06:24 | I'm going to click Continue.
| | 06:26 | Here we get to choose our
Closest City and our Time Zone.
| | 06:31 | I'm going to choose where we are.
| | 06:33 | We'll hit Continue next.
| | 06:34 | Under Host Name this is where we get to
take that choice where we were talking
| | 06:38 | in Chapter 2 about a .local name that
would be only available via mDNS on a
| | 06:43 | local network or a Host
name for a private network.
| | 06:47 | This would be a fully qualified
domain name, this will allow us to set up
| | 06:50 | an Open Directory Master locally for example,
but would not be routable to the Internet.
| | 06:55 | This would be great if we wanted to
have a completely private server, but if
| | 06:59 | somebody wanted a VPN to our network,
they could get to our server via that
| | 07:03 | method, or we can create a
Host name for the Internet.
| | 07:06 | That's a host name that's going to
work on our internal network, just as well
| | 07:09 | as it works outside.
| | 07:11 | I'm going to choose Host name for
Internet, because that's going to give us the
| | 07:14 | greatest flexibility while we're
setting up all of the services we're going to
| | 07:18 | teach in this title.
| | 07:20 | Once that's selected, I'm
going to click Continue.
| | 07:23 | Now our Computer Name is not set up.
| | 07:25 | We haven't set up DNS on our internal network;
| | 07:28 | we set it up with our ISP, which is external.
| | 07:31 | And right now the server has
got an IP address of 192 168.19.2.
| | 07:34 | It got that because of our reservation,
which is great, but we don't already
| | 07:41 | have a DNS server on our local network,
this server is going to become one.
| | 07:45 | So we just need to be sure that we put
in the right name, so it corresponds to
| | 07:49 | what we already set up in DNS on the Internet.
| | 07:51 | The computer name does not have to be
the same as the host name, it can be the
| | 07:55 | Groundswell Gear Server, just fine,
no problem, but down here we want to be
| | 07:59 | sure we use the name that we set up in the
primary A record for our server on the Internet.
| | 08:06 | So after you click the Change Network
button, the sheet will pop down with all
| | 08:10 | of your network information, and as you
can see, our work with our DHCP server
| | 08:14 | and its reservation really paid off.
| | 08:16 | We got the information that we put in there.
| | 08:19 | We're rocking and rolling.
| | 08:20 | This is fantastic, but you may notice
a bug with this if you allow it to just
| | 08:25 | continue to use the DHCP server as its source.
| | 08:29 | So what we're going to do is, we've
already got the right IP address, we're
| | 08:32 | going to keep it, but we're
going to manually configure it here.
| | 08:35 | And one of the reasons why we're going
to do that is I don't want to use the
| | 08:39 | DNS Server that's built into the AirPort Base
Station as the primary DNS server for this server.
| | 08:45 | The service is going to self-configure DNS.
| | 08:48 | It's going to create what we call mini
DNS, and in order to do that it needs
| | 08:51 | to resolve to itself.
| | 08:53 | So for that to happen I need to put in a
completely different set of information here.
| | 08:57 | I can either delete it entirely or I
can put in my own IP address right there.
| | 09:02 | I could also leave the groundswellgear.
com Search Domain, the Router address,
| | 09:07 | the Subnet Mask and the IP
Address exactly as they were.
| | 09:09 | But by changing that DNS server
address that tells the Setup Assistant, hey!
| | 09:13 | I need you to set yourself up as a DNS Server.
| | 09:15 | We're also going to disable all of
these services that we're not going to use.
| | 09:19 | We're going to click Make Service
Inactive by clicking on the gear and selecting
| | 09:23 | this option here on each of these.
| | 09:26 | The FireWire and Bluetooth aren't so
important, but Wi-Fi has a tendency to get
| | 09:30 | turned on by people.
| | 09:32 | And if your server ends up with two
different interfaces, you might have some
| | 09:35 | strange network behavior.
| | 09:36 | Let me click Apply. Okay great!
| | 09:40 | The networking sheet just disappeared.
| | 09:43 | Here we have our Computer Name, our Host
Name is all set, the Network Address is
| | 09:46 | done and we're ready to go.
| | 09:48 | We're going to click Continue here and
hey, look at this, it's noticed that we
| | 09:52 | have an AirPort on our network.
| | 09:54 | This is one of the many places where
you're going to see OS X server noticing
| | 09:59 | that we've got an
AirPort device and saying, hey!
| | 10:02 | Listen, I noticed you got this thing,
and I know how to manage it, would you
| | 10:05 | like me to take it over and make it my own?
| | 10:09 | There are a couple of good reasons to
do this and then there are some other
| | 10:12 | ones that aren't so hot.
| | 10:13 | If you do anything automatically
you're allowing a process that you may not
| | 10:16 | fully understand to take control over
all of your equipment, and you maybe the
| | 10:20 | type of person that wants to maintain
completely manual control over everything.
| | 10:24 | But on a plus side what this is going
to do is it's going to point that AirPort
| | 10:28 | Base Station at your server as the
DNS Server, because now we know we are
| | 10:32 | setting up mini DNS on this server.
| | 10:34 | We know that name resolution on the
internal network is going to be completely
| | 10:37 | dependent on this Mac Mini.
| | 10:40 | Well, the AirPort Base Station is going
to point all of the clients that go to
| | 10:43 | it for DHCP over here for name resolution,
and that's a good thing. We want that.
| | 10:48 | In addition, we also have the ability
to do automatic port forwarding, which is
| | 10:53 | going to save us a ton time of time.
| | 10:55 | It's a pretty good thing overall.
| | 10:56 | So, I'm just going to bite this
bullet and I'm going to say, you know what,
| | 10:58 | we're going to Allow this
server to manage Lion automatically.
| | 11:01 | This is going to be cool.
| | 11:02 | To do that we need the AirPort admin
password, so I'm going to enter that now
| | 11:06 | and I'm going to hit Continue. There we go.
| | 11:10 | So now it knows it's supposed to
control the AirPort Base Station.
| | 11:14 | Our server has been at least initially set up
and all we have to do is click the Set Up button.
| | 11:21 | Before we leave this Set Up Assistant
and we start the configuration of our
| | 11:25 | server, I want to point out this
wonderful little Help button over here.
| | 11:30 | Online help has a really bad reputation
and in Lion that reputation is undeserved.
| | 11:37 | The on screen documentation that
is provided in here is phenomenal.
| | 11:42 | Apple is no longer going the route of
writing 4000 pages of PDF documentation
| | 11:47 | that they expect people to download
keep updated and pour through, instead all
| | 11:51 | of the documentation is online.
| | 11:53 | All of it is available through the Help Viewer,
all of it is searchable and it's fantastic.
| | 11:58 | There is information in here that
hasn't even made it into the PDFs previously.
| | 12:02 | So if you want to know anything that
I don't cover about how to set up your
| | 12:06 | server, you're very likely to be able to
find that information right here in online help.
| | 12:11 | I just wanted to point it out;
| | 12:13 | one of these little Question Marks has
been on virtually every screen we've been
| | 12:16 | on leading up to this point.
| | 12:17 | So anything you have a
question about, click on that button.
| | 12:20 | It's likely to have your answers.
| | 12:22 | We're going to click Set Up right now
and it's going to go through the process
| | 12:25 | of properly setting up and
configuring our server for us.
| | 12:30 | Whenever it finishes configuring your
server, it will give you a Thank You
| | 12:33 | screen and you can click the Start Using
Lion button right there below the X. So
| | 12:38 | we're going to click that button
now, and we get to our Login screen.
| | 12:42 | We're going to login with
the user account we created.
| | 12:45 | That's going to be our Server Admin
account, you can use whatever name you
| | 12:49 | created, and of course the password.
| | 12:51 | All right, so as soon as we log in,
the first thing we see is our beautiful
| | 12:56 | Andromeda backdrop and I think is a
gorgeous desktop picture but for the purpose
| | 13:01 | of clarity and for function here within
the title, for the rest of this title,
| | 13:05 | we're going to change this desktop picture.
| | 13:07 | We're going to set it here from the
Apple down to System Preferences over into
| | 13:12 | the Desktop & Screen Saver preference,
pulling down the Solid Colors and we're
| | 13:16 | going to put it on Solid Aqua Graphite.
| | 13:18 | I'm going to quit the System Preferences there.
| | 13:20 | When you see this color throughout the
title you're going to know that we're
| | 13:23 | on our Lion Server.
| | 13:25 | When you see blue, you'll know
that we're on our Lion client.
| | 13:28 | That should help you to
visually keep the two distinguished.
| | 13:31 | The last thing I want to do before we
go is I want to pull-down from Apple the
| | 13:34 | Dock and I'm going to Turn on Hiding,
just because we want to have as much
| | 13:38 | screen space as possible to
communicate what we're communicating.
| | 13:43 | So now we're going to move on.
| | Collapse this transcript |
| Downloading additional server tools| 00:00 | Now because we have started up our
Server App and we've looked at our services,
| | 00:04 | we can immediately see that if we're
used to using Server Admin or Workgroup
| | 00:08 | Manager or any of our older advanced
server administration tools, if you put it
| | 00:13 | that way, we may be missing some stuff.
| | 00:15 | There are some things that we might want to see.
| | 00:17 | I would caution you to resist that urge.
| | 00:20 | We're going to go out and
we're going to find them.
| | 00:21 | I'm going to show you where they are,
we'll go to www.apple.com/support.
| | 00:25 | When we get here, we're going to click
on Download and in the Download section
| | 00:31 | we're going to find all kinds of cool updaters.
| | 00:34 | If hit Next over here, by the time you
watch this, this may be in a different
| | 00:38 | location, but I want to point this out,
we have the Server Admin Tools for 10.7.
| | 00:43 | You will of course, want to download
the version of the Server Admin Tools that
| | 00:48 | matches the version of the
server that you are running.
| | 00:51 | So if you're some point in the future
running 10.74 or 10.76, you will want to
| | 00:55 | be running the same version of Server Admin
Tools, just download the appropriate thing.
| | 01:00 | I am going to click Download and
here you can see it's already started to
| | 01:03 | download, it's not big 193 megabytes.
| | 01:06 | Now we'll come down into your
default downloads folder which for us is
| | 01:10 | Downloads, and we're going to download it,
I wanted to show you where it was and
| | 01:14 | how to get it, but we're not going to
open it and we're not going to install it
| | 01:19 | and there's a reason.
| | 01:19 | I am going to close this.
| | 01:21 | I would like to make the argument that
this is the direction Apple is taking
| | 01:26 | the server product.
| | 01:27 | This is the way this is intended to go
and they have done their QA, and they
| | 01:33 | have done their work around making
this a tightly, concisely built elegant
| | 01:39 | solution for people who
need to run a Workgroup server.
| | 01:43 | If you need more than that you may no
longer be in Apple's target market and
| | 01:48 | there may be ways to do what you want
to do, but those ways will fall into a
| | 01:52 | more advanced subject matter.
| | 01:54 | This is not that product, this is Lion Server.
| | 01:58 | So our Downloads folder now has Server
Admin Tools, I'm going to leave it there.
| | 02:04 | We will absolutely install this at some
point during this title, but we won't do
| | 02:08 | it until we need it.
| | Collapse this transcript |
| Introducing Server App| 00:00 | So if this is the tool that Apple
wants us to use to manage server, lets get
| | 00:04 | know it, because it's really very, very new.
| | 00:07 | First of all we've got everything
split up into sections, here we've got our
| | 00:10 | ACCOUNTS with our Users and Groups
here and we'll talk about entering
| | 00:13 | information, this is just an overall
tour, so I'm going to gloss over a lot of
| | 00:17 | things here just to give
you a feel for where we are.
| | 00:20 | We've a STATUS area here where you can
configure Alerts, you can Configure Email
| | 00:25 | Address that would be used to send those alerts.
| | 00:29 | You have statistics on Processor
Utilization, Memory and Network Traffic that
| | 00:33 | could be controlled by time and you
have all of your services and this may look
| | 00:37 | very much like what you remember from
Server Preferences for example in Snow
| | 00:40 | Leopard where you've an ON/OFF
switch and that's pretty much it.
| | 00:44 | So what we're going to talk about
when we configure a lot of these easy to
| | 00:48 | configure services is what they're doing,
how to use them and where that's going to go.
| | 00:52 | So we've got iCal, iChat, Mail, Podcast
which is not podcast producer server by
| | 00:59 | the way, brand-new cool thing here,
another brand-new cool thing Profile Manager
| | 01:03 | going to spend a lot of time in there.
| | 01:05 | Time Machine, so other people can
send their time machine backups to our
| | 01:09 | server over the network.
| | 01:11 | VPN, we'll talk about that
and Web and Wiki as well.
| | 01:14 | And then we've got a separate
section down here for Hardware.
| | 01:17 | We can look at our server itself.
| | 01:20 | So if we select the server we come over
here, we have an Overview of the general
| | 01:24 | hardware and software information.
| | 01:26 | We then have our Settings, we can allow
SSH, what you're looking at right now,
| | 01:30 | these are the default settings.
| | 01:32 | We can turn on Dedication of
system resources to Server Services.
| | 01:37 | It's arguable that this checkbox right
here is the checkbox that beyond just the
| | 01:43 | installation of the extra server
components, this checkbox actually makes your
| | 01:48 | server a server, because it dedicates
those system resources to the processes
| | 01:53 | that are necessary for the server to
respond in a really speedy fashion to AFP
| | 01:57 | Connections, for example.
| | 01:59 | We also have Apple Push Notifications
available here, and this is our interface
| | 02:03 | for configuring our SSL Certificates.
| | 02:05 | We're about to get into that into
that in a next couple of movies.
| | 02:09 | Next tab over, we've our Network
Information, we've our Computer Name which we
| | 02:12 | can click Edit on and we can change
easily and we have our Host Name which we
| | 02:17 | can click Edit and then we go through
this very big scary screen for a reason,
| | 02:22 | where it evaluates the network and
doesn't even let us move forward until it's
| | 02:26 | properly analyzed everything.
| | 02:28 | The reason why it's doing this is
because the result of doing what you're about
| | 02:31 | do here is running the Change IP
Command that used to be a terminal only thing,
| | 02:37 | we're not going to run that right now,
but that is how you would get that if you
| | 02:40 | needed to change your
server's IP address or its location.
| | 02:45 | And lastly we have the Storage area here
where we have Server HD and we have Macintosh HD.
| | 02:51 | These are both here because we're on a
Mac Mini server which has two internal
| | 02:54 | hard drives called Macintosh HD.
| | 02:57 | Now many of you may want to mirror
these together to give some fault tolerance.
| | 03:02 | I chose not to do that because I wanted to
have the extra data space on a Macintosh HD.
| | 03:08 | So we can put File Shares on there,
we can setup Time Machine Shares and
| | 03:11 | we've got lots and lots of space to fill up
on that without filling up our Boot Volume.
| | 03:16 | It's just a choice though, again this is
part of the planning process. All right.
| | 03:20 | So that's our storage and there are lots
of ways that we can manipulate this, we
| | 03:24 | can set Permissions and we
can Propagate Permissions here.
| | 03:27 | So if you're looking for where your
permissions are and you're over here in
| | 03:31 | File Sharing and you're not seeing
what you expect there, remember you got to
| | 03:34 | come back over here to your Hardware
and Navigate your storage in order to
| | 03:37 | change those things here.
| | 03:39 | Last stop on the tour here is this area
down here where we have our Lion Airport
| | 03:43 | Extreme Base Station.
| | 03:45 | Here we have the ability to expose services
by clicking this button and exposing them.
| | 03:49 | We can also restart our airport by
clicking this button here and we can also
| | 03:54 | allow user even password login, we're
going to show how to do that later on.
| | 03:58 | That's it we've already talked
about our next steps down here.
| | 04:01 | And next I would like to go up and
talk about what we have in the menus.
| | 04:04 | So we start here in Manage under
Connect to Server, you can connect to other
| | 04:08 | servers beyond the one
that you're already doing.
| | 04:10 | Manage Network Accounts allows you to manage,
Open Directory if you wanted to do that.
| | 04:15 | Connect to a Directory would allow
you to connect up to active directory or
| | 04:18 | another open directory server.
| | 04:21 | You can import accounts
from an exports file here.
| | 04:24 | Under the View menu you simply
have some really quick shortcuts.
| | 04:27 | This works a lot like the shortcuts
that you have in the System Preferences, if
| | 04:30 | you're used to seeing that.
| | 04:32 | And under Tools we've got a couple
things that are very interesting.
| | 04:36 | Firstly, you have the ability to get into
Screen Sharing, very quickly and easily.
| | 04:40 | This is great, if you're running
server up from a Mac OS X client system,
| | 04:45 | managing a remote server because this
would allow you to screen share with that
| | 04:49 | server and then on the other hand,
you have this Directory Utility.
| | 04:53 | Directory utility has been available in
10.5 it was in Utilities folder, in 10.6
| | 04:57 | they put it into System Library Core Services.
| | 05:00 | And here in Server App they have given
you a really handy shortcut that take you
| | 05:04 | right to it, where you can see any
available services and whether they're
| | 05:09 | configured and what
their configuration might be.
| | 05:12 | We got flip down triangles and the
ability to custom configure LDAP and active
| | 05:17 | directory information and new we've got NIS.
| | 05:20 | You also have the ability to put in
your search policies for authentication and
| | 05:24 | contacts and new to directory
utility, you have the directory editor.
| | 05:29 | This is the equivalent to what you
would have seen in workgroup manager in the
| | 05:34 | old server admin tools.
| | 05:35 | In workgroup manager you have the
ability to see all information and this would
| | 05:40 | allow you to really plumb the depths
of your directory services database.
| | 05:45 | We now have that ability right here,
we can find our Server Admin user
| | 05:48 | right there and it tells us that it's
in Local Default node so that we know
| | 05:53 | what directory it's in.
| | 05:55 | We can see all of this extended
information about that user record.
| | 05:59 | So this gives us a nice alternative
to going in to the command line and
| | 06:02 | reading user information in a
command line utility to read the directory
| | 06:06 | services like dscl for example.
| | 06:07 | All right so we'll get out of directory utility.
| | 06:12 | Again we didn't really show how to do
anything in there but I did want to give
| | 06:16 | you a tour of all of the places where
you can go and what they all mean and
| | 06:20 | what they're there for.
| | Collapse this transcript |
| Getting an Apple ID| 00:00 | We have several things that are left
to do to setup the infrastructure to
| | 00:03 | support our server installation before we start
actually setting up services and enabling them.
| | 00:09 | The first one I would like to show you
is setting up Apple push notifications.
| | 00:13 | Apple push notifications will allow your
calendar server and your mail server to
| | 00:17 | push data down to your client devices
so that they don't have to waste their
| | 00:21 | battery constantly pulling the
server to see if new stuff is available.
| | 00:25 | The good news is the new stuff only
comes in when there's new stuff to give out.
| | 00:28 | But to do that we need to get an Apple
ID and we don't want our Apple ID to be a
| | 00:34 | personal Apple ID we want it to
be an organizational Apple ID.
| | 00:38 | Something for our organization, our company
you know something that is not us personally.
| | 00:45 | And the reason why we want to do
that is because I might move on right if
| | 00:48 | you're an IT director or if you're a
technical consultant for a customer or if
| | 00:53 | you're even the business owner maybe
you'll sell your business someday and you
| | 00:57 | don't necessarily want that Apple push
notification certificate to be tied to you personally.
| | 01:03 | And so this helps to deal with that.
| | 01:05 | If we click Enable Apple Push
Notifications it instantly pulls down a Apple
| | 01:11 | Push Notification Service Certificate sheet and
it asks you to enter your Apple ID and password.
| | 01:16 | If you need an Apple ID for your
organization as it says right here it's going
| | 01:20 | to ask you to create one now.
| | 01:22 | So we click on the arrow.
| | 01:24 | This brings up Safari and takes us
to the Apple ID registration page.
| | 01:27 | We're going to click the Create an Apple ID
button and we're going to create a new Apple ID.
| | 01:32 | This should be a real e-mail address
that you can actually check, so that you
| | 01:37 | can get the e-mail and validate
control over the address with Apple.
| | 01:42 | So if you don't have an e-mail
server already setup maybe you'll setup a
| | 01:46 | organizational Gmail account or a
Yahoo account or maybe even an AOL account
| | 01:52 | something that's free something that
you can setup for free and remain in
| | 01:56 | control of and to check regularly and
something that you can pass on to the next
| | 02:00 | administrator if that should
happen, if you should move along.
| | 02:04 | So we'll start by typing our new Apple
ID and our Apple ID is going to simply be
| | 02:09 | the Gmail account that we already setup.
| | 02:11 | If you don't have one go ahead and take
a moment just hit Pause on the movie and
| | 02:15 | go setup a Gmail account so that you've
got something that you can check and you
| | 02:19 | can reply to Apple that you
actually own that account.
| | 02:22 | And again you don't have to use Google
you could Yahoo or anybody else that's free.
| | 02:27 | So I've entered all my personal
information and you may have noticed that our
| | 02:31 | editors have blurred out all of the
information we've put in here, but you
| | 02:34 | should just know that you should put in
your Apple ID and that Apple ID should
| | 02:37 | be the e-mail address that you've
setup on some outside server that you have
| | 02:41 | control over, but that you
could pass on to someone else.
| | 02:44 | You should use the Security Question
that is not yours but something that you
| | 02:47 | need to this account.
| | 02:49 | You should use a Birth Date that may
or may not be yours, but you should
| | 02:53 | certainly write it down, so that you can use
it for account validation purposes later on.
| | 02:57 | Once you've finished all of that, click
that you agree and create your Apple ID.
| | 03:03 | Now check all of your stuff here but
before you create your Apple ID and then
| | 03:08 | leave this page, remember it's a
really, really important step to document
| | 03:13 | all of your settings.
| | 03:14 | One really great way to do that is to
click on the Print option here and Save
| | 03:20 | your documentation as a PDF.
| | 03:22 | Just remember that because you've got
sensitive information in this document,
| | 03:26 | it's a really good idea to turn on
security and to add a password to the
| | 03:30 | document that will encrypt it and make
it so that you have to have that password
| | 03:34 | in order to open it up later.
| | 03:37 | Click OK, click Save and there it is.
| | 03:41 | And you can see that's an encrypted PDF,
if I double click on it, it will try to
| | 03:45 | open in Preview but it will
tell you its password protected.
| | 03:47 | It's a great way to remember
passwords and to keep them documented.
| | 03:51 | So when you're finished, scroll all the way
down to the bottom and click Create Apple ID.
| | 03:55 | So now that we've got our Apple ID
created let's open up a new window, and let's
| | 04:00 | go to Gmail and verify.
| | 04:03 | Now the first time you login on an OS X
system to a Gmail account it's going to
| | 04:07 | ask you, hey I just noticed you're using Gmail.
| | 04:11 | We can do that we can use Gmail
locally, do you want to set this up and you
| | 04:14 | could add the account we're not going
to do that we're just going to stick with
| | 04:17 | the web mail for right now.
| | 04:19 | Not now and here we go here's the Apple
asking us to verify the contact e-mail
| | 04:23 | address for our Apple ID.
| | 04:25 | So here we go, all we have to do is
click on the Verify Now link and we pop in
| | 04:30 | our Apple ID and our Password.
| | 04:35 | Once we've been verified,
we're all set to use this Apple ID.
| | 04:39 | I'm just going to Copy and Paste it
right into the Server App, then we click Get
| | 04:48 | certificate, terrific.
| | 04:50 | So we've got our Apple ID in place.
| | 04:52 | We have our Push Notification Certificate.
| | 04:55 | If you noticed we had a whole round
robin secure authentication process
| | 04:59 | there with Apple where we created our address,
we created all of our contact information.
| | 05:04 | We give them an e-mail address, we verified
that had control over that e-mail address.
| | 05:08 | This isn't exactly the verification
process that goes in place whenever we set
| | 05:13 | ourselves up with SSL and
we will be doing that soon.
| | 05:16 | But this does give Apple some degree of
certainty that we are who we say we are
| | 05:20 | and that our server belongs to us.
| | 05:22 | So we've got that set up.
| | 05:24 | Next, we'll move on to SSL.
| | Collapse this transcript |
| Understanding how Lion uses SSL| 00:00 | Before we buy SSL, before I set up a
self-signed SSL certificate, before we get
| | 00:06 | too deep into this I want to explain
what SSL is trying to accomplish and what
| | 00:11 | Apple is doing with it here.
| | 00:13 | We need a way to keep our conversations private.
| | 00:16 | A friend of mine recently sort of
explained non-SSL encrypted communications as
| | 00:21 | you standing next door to your
neighbor's house and started yelling over the
| | 00:26 | fence at your neighbor.
| | 00:27 | The whole neighborhood can
hear, that's not so good.
| | 00:30 | If you want to keep that conversation
private you're going to pick up the phone,
| | 00:32 | you're going to call them, you're
going to talk in a normal voice through the
| | 00:34 | phone lines and you're going to have
that conversation and it's going to work,
| | 00:39 | you get to have a nice civilized
conversation and hushed tones that not
| | 00:42 | everybody in the world can hear,
SSL is kind of the same thing.
| | 00:45 | Most of these services can be configured
to work perfectly fine without SSL, but
| | 00:51 | the conversation between the client
and the server is happening in such a way
| | 00:56 | that anybody on the line can listen in.
| | 01:00 | With SSL you've got this encrypted
tunnel between the client and the server
| | 01:05 | and so the conversation is not public,
it's a private conversation, your
| | 01:10 | usernames, your passwords all of
the content that you're surfing on the
| | 01:15 | website you're accessing or maybe
the mail that's going back and forth or
| | 01:18 | maybe the address book information,
the contact info or the appointments, all
| | 01:24 | of that information for those services
that use SSL is going back and forth in
| | 01:29 | an encrypted secure tunnel.
| | 01:32 | What services are we talking about here?
| | 01:33 | Well if we click Edit we can see right
here in the Service's list those services
| | 01:37 | that will be affected and they are
the ones that I pretty much mentioned.
| | 01:40 | iCal and Address Book, iChat also
does SSL, Mail both the receiving and the
| | 01:46 | sending end of mail and Web Traffic, so
that's what SSL is going to be able to
| | 01:52 | affect on our server.
| | 01:53 | In the next set of movies we're going
to go through the process of configuring
| | 01:58 | our SSL both locally and getting it
trusted by a third-party trusted SSL vendor.
| | Collapse this transcript |
| Creating a self-signed certificate to generate a certificate signing request (CSR)| 00:00 | So step one in getting yourself all
SSL certed up is going to be clicking on
| | 00:06 | this Edit button here.
| | 00:07 | You're going to be in your Hardware
section, under your server name, under
| | 00:11 | Settings, at the bottom of this
you're going to click on the SSL
| | 00:14 | Certificate Edit button.
| | 00:17 | Already, we've got a custom self-signed cert
that was kind of created for us during startup.
| | 00:23 | We're not going to use that.
| | 00:25 | We're going to come down here
and click on Manage Certificates.
| | 00:29 | Here you see we've already got the self-
signed certificate that was created for us.
| | 00:33 | It's got a bunch of generic information.
| | 00:35 | It's pretty good, but it
doesn't have any of our custom info.
| | 00:40 | It doesn't have our address and more
importantly, it's only got the one name.
| | 00:44 | We want to create what's called a UCC
certificate on the Internet that allows us
| | 00:48 | to have more than one name.
| | 00:50 | Well, to do that, we need to
create a certificate identity.
| | 00:53 | So we're going to click the plus
button, Create a Certificate Identity.
| | 00:56 | We're going to start with server.
groundswellgear.com, and that's fine.
| | 01:01 | But we're going to allow us to override our
defaults and we're going to click Continue.
| | 01:07 | What it's warning us about here
is that if we just stick with that
| | 01:11 | self-signed cert, we're going to
need to install it on all of our client
| | 01:14 | devices, so that they can trust us.
| | 01:16 | The good news is we're only creating
this as an intermediate step on the way
| | 01:19 | towards having a true, trusted third-party cert.
| | 01:23 | so we'll click Continue.
| | 01:25 | Choose a Validity Period
that's based on reality.
| | 01:27 | If you only plan on buying a SSL cert that
lasts for one year, obviously go for 1 year.
| | 01:33 | Choose your date appropriately.
| | 01:35 | Click Continue, and now you're going to use
an Email Address that you have control over.
| | 01:40 | This does not by the way have to be the
same email address that you use to set
| | 01:44 | up your Apple ID, but it
certainly could be if you wanted it to be.
| | 01:48 | The Name of your server;
| | 01:50 | that's going to be server.groundswellgear.com
in this particular case, but yours may vary.
| | 01:55 | The Organization;
| | 01:56 | notice that this keeps popping up.
| | 01:57 | This comes from when we entered our
organization name during the server setup assistant.
| | 02:03 | Organizational Unit;
| | 02:04 | well, we're in the IT department here,
and our City or Locality, in this
| | 02:08 | case, we are in Ventura.
| | 02:11 | I like to write out the entire
state name rather than abbreviating it.
| | 02:16 | This is an old habit.
| | 02:17 | There used to be a registrar out
there that would not accept a CSR if it
| | 02:22 | contained a state that was
written in just the abbreviated format.
| | 02:25 | So I like to write this out.
| | 02:26 | I haven't run into a problem with that yet.
| | 02:29 | Click Continue, and just click
Continue through the rest of these screens.
| | 02:33 | None of them are important to what
we're talking about until we get here.
| | 02:37 | Now, the interesting thing here is that
we can take out our IP address, but this
| | 02:41 | DNS name thing, this is important,
because we're going to choose five different
| | 02:46 | names to put into our UCC cert.
| | 02:48 | If we put those same five names in
here, I think it's going to line up
| | 02:52 | really, really nicely.
| | 02:53 | I'm going to start this off
with just groundswellgear.com.
| | 02:58 | These get separated by just spaces;
| | 02:59 | no commas, and periods are only there to
separate out the parts of each domain name;
| | 03:05 | server.groundswellgear.com is one.
| | 03:10 | Another one is mail, another, and this
we get from our friends at Microsoft,
| | 03:17 | autodiscover and this is just because
our client system's iCal and Address Book
| | 03:22 | will use autodiscover to
sometimes discover the services.
| | 03:27 | If this is a name mismatch, it'll
come back with an SSL name mismatch which
| | 03:30 | gives our users a feeling that maybe this
isn't as secure as they were hoping it would be.
| | 03:36 | We've got our primary domain.
| | 03:38 | We've got server, we've got mail.
| | 03:41 | We've got autodiscover, we've got room
for one more in here, and I think WWW is
| | 03:46 | just the right thing.
| | 03:50 | But again, these can be any names that you want.
| | 03:52 | It's just that you want to choose
names that will actually be used by your
| | 03:56 | clients to get to your server, because
if you just went with a single standard
| | 04:01 | SSL cert, say you just did server.
groundswellgear.com, if somebody tried to get
| | 04:05 | to mail.groundswellgear.com and you had
an alias program did DNS and everything
| | 04:10 | else worked great, but
your SSL services said, hey!
| | 04:14 | That's not the name on the cert.
| | 04:16 | Well, then that's a name mismatch error
and it still looks like a security error
| | 04:20 | to your clients and that's
something you don't want.
| | 04:23 | We've got our DNS names in here.
| | 04:25 | We're going to click Continue, and
it's going to create our certificate.
| | 04:28 | Now, by default, it's going to create a root
certificate that is not trusted. That's fine.
| | 04:35 | Click Done!
| | 04:37 | It wants to export a key from the
keychain, that's completely fine, click Allow.
| | 04:41 | Now, we've got two different ones.
| | 04:43 | See, we've got a lot more information
in our new custom created certificate.
| | 04:48 | So I'm going to click minus and Delete
and if I click back on the one we still
| | 04:54 | have, we see it's the correct one.
| | 04:56 | So I'm going to click OK.
| | 04:56 | If I click back on Edit, I can
see here that I can select my
| | 05:03 | server.groundswellgear.com certificate as
the primary certificate for my entire server.
| | 05:09 | We're not done yet.
| | 05:10 | We still have to go out with our CSR,
and configure a trusted signed SSL cert
| | 05:16 | with the contents of the SSL
certificate that we just created.
| | Collapse this transcript |
| Generating your CSR and using it to key your SSL certificate| 00:00 | When last we spoke I left you here at the
Server screen with the SSL certificate up.
| | 00:06 | Next we need to move on to the Internet.
| | 00:08 | So we open up a Safari page and we're
going to go to the site where we can
| | 00:15 | register a trusted third party SSL Cert.
| | 00:18 | We've chosen GoDaddy.
| | 00:19 | So we're going to Login with
the Customer ID and Password.
| | 00:27 | Okay when you've logged in it will
tell you thank you for logging in and it
| | 00:30 | identifies you, so there you are.
| | 00:33 | When you log into your account it will
give you your account information over
| | 00:36 | here and it will give you
your products over here.
| | 00:39 | Now what we've already done
is we've made a phone call.
| | 00:41 | We call the friendly people at GoDaddy
and we told them hey, we really, really
| | 00:45 | want a UCC SSL certificate and they
said well that's great, because we sell
| | 00:50 | those and so they sold it to us.
| | 00:52 | If we click on SSL Certificates
right over here you can see we have a New
| | 00:56 | Certificate a Standard Multiple Domain (
UCC) SSL with up to 5 domains for one year.
| | 01:01 | Fantastic!
| | 01:03 | So we can click right
here on Manage Certificate.
| | 01:06 | What we have here is a Credit.
| | 01:09 | So in order to use that credit we
have to click Request Certificate.
| | 01:16 | When we say Request Certificate
we need to put our CSR in here.
| | 01:21 | So let's drag this off to the side a
little bit and we'll minimize this one down
| | 01:25 | into the dock so we can get this out of
the way and we're just going to try to
| | 01:29 | put this into a format here
where you can see what's going on.
| | 01:35 | So over here we've got our website and
we've got a little box where we supposed
| | 01:38 | to put our CSR and over here we've got
Server App and what I want to do is I
| | 01:41 | want to Generate a Certificate
Signing Request and there it is.
| | 01:49 | Note, box here, box here.
| | 01:51 | All we have to do is get the data that's
over here copy into the boxes over here, paste.
| | 01:57 | I'm just using Command+C,
Command+V just like we would.
| | 02:00 | And we come over here and
scroll down just slightly here.
| | 02:06 | The big difference between getting a
standard SSL CERT and getting a UCC is
| | 02:10 | we've the New Subject Alt Names down here.
| | 02:14 | We're going to Add a few.
| | 02:29 | There is one, there is two, and there is three.
| | 02:41 | Checking our spelling all the way through,
let's make sure we're not making any typos here.
| | 02:51 | So we have zero left.
| | 02:53 | Now we've only got four here, remember
the first one was the one we registered
| | 02:57 | when we set the Cert up in the first place.
| | 02:59 | So that one is already taken care of,
this is the one that we were worried
| | 03:03 | about, so we're all set.
| | 03:05 | The one that's in our CSR is the one
that says server.groundswellgear.com
| | 03:10 | because that was what we set up.
| | 03:12 | So we're all good there.
| | 03:13 | Certificate issuing organization is Go Daddy.
| | 03:15 | Next we click Next.
| | 03:18 | Okay, so we've made it over to our
submit screen this is the second of three
| | 03:22 | that we're going to go through here.
| | 03:24 | This is telling us to
click back for corrections.
| | 03:25 | We can still change this afterwards.
| | 03:28 | It's going to be very difficult to
change things like the Domain Name that
| | 03:31 | we're registering here.
| | 03:32 | So first thing I would like to point
out server.groundswellgear.com that's
| | 03:36 | covered under the Domain Name.
| | 03:38 | The alternate names are
groundswellgear.com mail.groundswellgear.com,
| | 03:42 | autodiscover.groundswellgear.
com and www.groundswellgear.com.
| | 03:48 | All of these are now spelled correctly.
| | 03:50 | I've double-checked my spelling a
couple of times here as I'm just
| | 03:53 | scanning through it.
| | 03:54 | We're set, this is what we want.
| | 03:56 | One of the reasons why we want a UCC
instead of what's called a Wildcard Cert is
| | 04:01 | because a Wildcard Cert wouldn't let us do this.
| | 04:04 | A wildcard Cert won't let you use the
root level of your own domain in the
| | 04:07 | cert whereas a UCC will.
| | 04:10 | So that's kind of a cool level of flexibility.
| | 04:13 | Go Daddy actually will sell you
these with even more of these.
| | 04:15 | We chose the five, because this really is
going to cover 90% of our use model here.
| | 04:19 | So I'm going to go to Next.
| | 04:22 | We're through, the certificate
is going to be issued shortly.
| | 04:25 | We click Finished and the rest of what
we do is going to be done over here in
| | 04:29 | this Certificates area.
| | Collapse this transcript |
| Installing your SSL certificate and intermediate certificate| 00:00 | In the last movie, we left off with our
requests still pending and here we are
| | 00:06 | and our certificates are in
the oven. We are all set.
| | 00:09 | The secret sauce there of course is
check that email account, make sure that the
| | 00:12 | folks at Go Daddy have sent you an
email and that you've actually clicked the
| | 00:16 | Reply button and that you've actually
requested this thing, that's part of that
| | 00:19 | whole trusted third party verification.
| | 00:21 | Now that we have got our cert, we
can click on it and we can download it.
| | 00:25 | We click the Download link, we
select which OS we are downloading for.
| | 00:30 | OS 10.7 has only been out for a few days
realistically if you think about it and
| | 00:36 | OS 10.6 has been around for two years.
| | 00:38 | So we are going to tell it that we are
10.6, even though we are 10.7, and we're
| | 00:42 | going to trust the good people at Go
Daddy to update that so that we can tell
| | 00:46 | them that we are running a Mac OS 10.7 server.
| | 00:49 | We are going to click the Download link
and it's go directly into our Downloads
| | 00:53 | area and while that was fast, here we go.
| | 00:56 | We have our Intermediate cert and we have our
| | 00:58 | server.groundswellgear.com.crt file. Fantastic!
| | 01:03 | So I am going to come back out here.
| | 01:04 | I would like to point out by the way,
they have a really good installation
| | 01:08 | instructions website.
| | 01:09 | If you need more instruction
this is a great place to go.
| | 01:11 | But we just going to click Close and
we are going to Log Out here and close
| | 01:17 | Safari and we have our certs right here.
| | 01:21 | So over back in here, we
are going to click Close.
| | 01:23 | We are to come back into SSL
Certificate, we are going to click Edit.
| | 01:28 | Select our certificate right up here
and we are going to Replace Certificate
| | 01:33 | with Signed or Renewed
Certificate. There we are.
| | 01:37 | We are going to drag server.
groundswellgear right in there, and we are going to
| | 01:42 | replace that certificate.
| | 01:43 | But that's only part of the process.
| | 01:47 | In fact I'm going to quit Server App
at this point and now I'm going to go
| | 01:51 | to Keychain Access, and in Keychain Access,
I want to go to System and Certificates.
| | 01:58 | I just want to drag over this gd.
intermediate.crt, and put in our password.
| | 02:07 | So with the intermediate cert in there,
we now have a full chain to the trusted
| | 02:11 | root certificate, with that process
in place we can quit the Keychain.
| | 02:15 | We can open back up Server App, and here
we have our server Hardware one more time.
| | 02:23 | Come over here to Settings,
come over here to SSL Certificate.
| | 02:28 | We select our server.groundswellgear.com
and notice, Go Daddy Secure Certificate
| | 02:33 | Authority, and if we want, we can
even come down here and click Manage
| | 02:38 | Certificates and look at this and see
the entire trust chain right there, and
| | 02:43 | that has been validated.
| | 02:45 | So that gets us our secure, true, trusted cert.
| | 02:49 | Let's assign it to some services.
| | 02:50 | Let's click Custom, so we
know we have got them all here.
| | 02:54 | We don't have to do this by the way,
but I like being repetitive in this way.
| | 02:58 | So I am going to select on each one of these.
| | 03:02 | They're all now configured to use
the trusted SSL Cert and click Ok.
| | 03:08 | Watch while it sets the certificate
for all of the services down here in the
| | 03:12 | lower corner and once that's done
you'll see the name of your certificate right
| | 03:18 | there next to SSL certificate.
| | 03:20 | So breathe a sigh of relief, you've
gotten through it, you now have a trusted
| | 03:25 | third-party SSL certificate
that's going to treat you well.
| | 03:29 | So with that complete, we now have our
internal DNS setup, we already took care
| | 03:34 | of our external DNS in Chapter 2,
we got our Apple ID, we have our Push
| | 03:38 | Notification certificate, we've got our
UCC Certificate, everything is trusted.
| | 03:43 | Next, we can move on to actually
configuring services and learning how to use them.
| | Collapse this transcript |
| Remote control| 00:01 | One last thing before we move on to
another chapter, I want to show you how
| | 00:04 | to download the Server App on a client
machine to remotely administer your OS X Server.
| | 00:11 | It's really very easy, so we are not
going to spend much time doing this.
| | 00:14 | I'm going to do my pinch and I'm going
to open up the App Store, and from the
| | 00:21 | App Store, I'm simply going to go to
my Purchases because I have already
| | 00:24 | purchased a server on my other machine.
| | 00:27 | So I will have OS X Lion Server right
here in my list, I am going to click Install.
| | 00:32 | It's going to ask me for my Password,
and once I Sign in, it starts the download
| | 00:40 | and you can see it coming in
right here it's very, very fast.
| | 00:43 | Server App is not a huge application.
| | 00:47 | Okay and there we are.
| | 00:48 | And it starts launching it
automatically in the background.
| | 00:50 | I'm going to quit the App Store here,
and there you can see Server App
| | 00:56 | running in the dock. Welcome to Server.
| | 01:00 | So we are going to go up to the
Manage menu, and we are going to pull down
| | 01:03 | to Connect to Server.
| | 01:06 | And when we do, we can choose this Mac
which we don't want to do because this
| | 01:09 | is not a OS X Lion Server, this is a client
system and we want to leave it a client system.
| | 01:17 | We have over here pulling up on
Bonjour, our server.groundswellgear.com.
| | 01:22 | If we wanted to Wiki connect to
another Mac on a host name or IP address
| | 01:25 | somewhere out on the Internet but we're
going to connect to the one we have here
| | 01:28 | locally and click Continue.
| | 01:31 | It's going to ask us for our
Administrator Name and Password which is going to
| | 01:33 | pop that in here and click Connect.
| | 01:38 | Now when you make your first connection,
you'll notice that this is exactly,
| | 01:43 | what we're trying to avoid
whenever we configured SSL.
| | 01:46 | This is a Name Mismatch error.
| | 01:50 | This is one we are not going to be able
to get away from because if we Show the
| | 01:52 | Certificate, you look down here, the
one that it's having a problem with this
| | 01:56 | com.apple.servermgrd (manager daemon).
| | 01:58 | We are not going to create a certificate
that's going to be trusted in that regard.
| | 02:02 | We are going to have this simply say you
know what, our server is at that location.
| | 02:06 | We are going to trust that server
manager daemon when connecting to a
| | 02:09 | server.groundswellgear.com and
we are going to click Continue.
| | 02:12 | It will ask us for a Username and a Password
that's our local username on a client system.
| | 02:19 | And then Connect, it opens up the server
interface and we get the opportunity to
| | 02:24 | start managing our OS X Server remotely.
| | 02:28 | This is really cool, I want to show you
this and make sure that we talk through
| | 02:31 | the steps that you don't
inadvertently turn your client system into an OS X
| | 02:36 | Server when you don't mean to.
| | Collapse this transcript |
|
|
4. Connecting Storage to Your ServerChoosing external storage| 00:00 | When you're choosing storage for your
server, you need to choose it based on a
| | 00:03 | number of criteria that
you can define ahead of time.
| | 00:06 | For example, you may need very, very
fast storage because someone needs to send
| | 00:11 | a lot of data very, very quickly to
your server, very, very frequently.
| | 00:15 | Perhaps you need a lot of capacity,
maybe people are sending you a whole lot of
| | 00:19 | video and you just need a place to put it all.
| | 00:22 | Maybe you need a RAID Array, may be
something that's got a RAID 5 or RAID 6
| | 00:27 | configuration because your data can't
go down, your server must stay running at
| | 00:31 | all times and your data store
must be available at all times.
| | 00:36 | Whatever the case you're going to
need to make a choice, your choices will
| | 00:39 | include things like whether or not
you're going to use FireWire, USB, or
| | 00:44 | Thunderbolt to connect your
storage devices up to your server.
| | 00:48 | Now Thunderbolt is the most
interesting new option out there.
| | 00:51 | Very, very fast, more than 10
times faster than FireWire 800.
| | 00:56 | It's also capable of carrying power
and you can daisy chain it with lots
| | 01:00 | and lots of devices.
| | 01:01 | You can connect RAID Arrays and in fact,
at the time of this recording only a
| | 01:05 | couple of storage devices
are available for Thunderbolt.
| | 01:07 | For example the Promise Pegasus line is
available in a four and a six drive bay
| | 01:13 | configuration that ships
as RAID 5 protected array.
| | 01:17 | These are very, very fast and
relative to the cost of other things that are
| | 01:22 | similar like old USB and FireWire
Drobo devices or perhaps the other Promise
| | 01:28 | devices that are out there for desktop
systems like the Smart Store that have
| | 01:31 | slower connection buses.
| | 01:33 | They're all sort of similar, right.
| | 01:35 | In the case of the Promise device,
it's got a RAID interface built into the
| | 01:40 | device, so when you connect it up via
Thunderbolt the computer is not doing all
| | 01:43 | that RAID work, the device is.
| | 01:46 | This makes it very fast, makes it very
reliable and interchangeable, you can
| | 01:49 | move them around very easily.
| | 01:52 | Depending upon your needs and your budget,
you may choose to go with a small USB
| | 01:57 | drive to just use as a local backup,
maybe you'll choose a big Promise RAID
| | 02:02 | that's connected over the Thunderbolt
because you've got people sending a lot of
| | 02:05 | video to your server and you need to
have everything available all the time.
| | 02:09 | Whatever the case just take a close
assessment of what your needs are and what
| | 02:14 | your budget is, and make the appropriate choice.
| | Collapse this transcript |
| Connecting and preparing Thunderbolt, FireWire, and USB storage devices| 00:00 | Now that your server is at least
partially set up if you have purchased
| | 00:04 | additional external storage for one
purpose or another you're going need to
| | 00:07 | connect it and prepare it.
| | 00:09 | So we're going to have a brief
conversation about how to properly prepare a
| | 00:14 | external drive for
connection to a Mac OS X Server.
| | 00:17 | We here have a FireWire hard drive
that someone has their personal stuff on.
| | 00:22 | It currently contains a whole bunch of
information and we've cleared with that
| | 00:28 | person that this can get erased, but
this is probably something similar to
| | 00:31 | what you might have.
| | 00:32 | You might have a FireWire drive lying
around that happens to have a bunch of
| | 00:36 | space that you feel that you can use,
you're going to need to prep that thing in
| | 00:40 | order to use it on your server.
| | 00:41 | So let's get started.
| | 00:42 | First thing we'll do is we're going to
pinch and go into our Utilities folder
| | 00:46 | here and we're going to go to Disk Utility.
| | 00:49 | Disk utility pops up and we select the device.
| | 00:52 | Now Disk Utility is a great program,
it separates your stuff in your sidebar
| | 00:57 | here into devices and volumes.
| | 01:01 | So if we click on the device we get
device information below, if we click on
| | 01:05 | the volume we get information about the
specific volume, the two very different things.
| | 01:10 | You can always click on the Volume that
you booted from and you'll notice that
| | 01:14 | Mount Point is a single Slash . If we
click on the other volume you'll see that
| | 01:18 | that's in a folder called Volumes,
this is the way UNIX addresses the volume
| | 01:22 | itself, so some useful information there.
| | 01:25 | What you need to do to this in order to
prepare it to be connected to your OS X
| | 01:29 | server and I'm doing this by the way
from a Lion client system completely fine
| | 01:34 | to do it that way before you connected up,
is we're going to click on the device
| | 01:37 | and we'll click over here on Partition.
| | 01:40 | In light blue we've
represented a lot of data on this drive.
| | 01:43 | Will we're going to get rid of that data.
| | 01:44 | We're going to repartition
this drive with one partition.
| | 01:48 | We're going to name that partition
simply data, and then we're going to make
| | 01:52 | sure that it is Mac OS Extended (journaled)
and that we're using the full size of the drive.
| | 01:58 | We can then click on Options and to be
certain that we've a GUID Partition Table.
| | 02:04 | GUID is important, Apple Partition Map
works just fine but if you would ever
| | 02:09 | want this extra external drive to be
bootable on an Intel-based Mac which is all
| | 02:14 | of them now, right, then
you would need it to be GUID.
| | 02:16 | So since you have to do this at the
partitioning level this is a great time
| | 02:21 | to do this, because we're about to destroy all
the data on the drive anyway we might as well.
| | 02:25 | So I'm going to click OK.
| | 02:27 | So we've got our Name, our Format
our Size we've done our Options, we're
| | 02:31 | completely set now I click Apply.
| | 02:33 | It warns us that it's about to
destroy all the data on the disk.
| | 02:35 | We say no problem, Partition it
and it creates the new partition.
| | 02:39 | It lays down the new partition table and
we get a volume in that partition named
| | 02:45 | data that will be coming up shortly here.
| | 02:48 | First thing OS X is going to do
is it really wants you to backup.
| | 02:52 | Time machine is extremely aggressive
about asking you if you can please, please
| | 02:56 | assign a drive so that it can back you up.
| | 02:58 | We're not going to use this on our client
machine because obviously we're moving it.
| | 03:02 | But you do get that message.
| | 03:04 | So here we're back in our Disk Utility
and our new information has been applied.
| | 03:08 | We now have the name data here.
| | 03:10 | The Mount Point has changed down here when
you select the volume and we're good to go.
| | 03:15 | So this drive is prepared.
| | 03:16 | This would've been the exact same
process whether we were on a USB disk or on
| | 03:21 | a Thunderbolt disk unless we were
connected to a FireWire or a USB or
| | 03:28 | Thunderbolt external RAID by a company
like Drobo or maybe Promise Technology
| | 03:33 | with their Pegasus line.
| | 03:34 | Those tools may come with their own
formatting and preparation software which
| | 03:40 | you would then use from that
manufacturer to prepare it.
| | 03:43 | So be careful about that.
| | 03:45 | Manufacturers like Drobo don't want
you reconfiguring your storage in disk
| | 03:49 | utility, they want you using their dashboard.
| | 03:51 | Similarly Promise with their Pegasus
line they want you using your own stuff.
| | 03:55 | Promise also has a smart
store line that's FireWire 800.
| | 03:59 | Again, they have got special utility.
| | 04:00 | So be sure you're using the software
that's appropriate for your storage device.
| | 04:05 | But at this point this drive is ready to go.
| | 04:07 | We can click on it, hit Command+E to
eject it and now it's perfectly ready to be
| | 04:13 | unplugged and plugged into our OS
X Server to use as a data store.
| | Collapse this transcript |
|
|
5. Managing Macs and iOS DevicesWhat is a profile and why should I manage it?| 00:00 | During a Keynote Address in 2011 Steve
Jobs indicated that the Mac was going to
| | 00:05 | be demoted to being just another device,
just like an iOS device, like an iPad
| | 00:11 | or an iPhone or an iPod Touch.
| | 00:14 | He mentioned this in reference to a
new thing called iCloud, but in fact, you
| | 00:20 | can see evidence of this new strategy
throughout many of Apple's new decisions.
| | 00:25 | One of them is in managing devices by using
something called Profiles, so what's a Profile.
| | 00:32 | A Profile is an XML document,
written into a format that ends with a
| | 00:37 | .mobileconfig extension.
| | 00:39 | And essentially this XML document can
be downloaded and can be applied to any
| | 00:45 | iOS device or any Lion enabled computer.
| | 00:48 | So this is any Mac that's new as of
August of 2011 or any older Mac that's had
| | 00:55 | the Lion installed on it.
| | 00:57 | So we now have the ability
to manage through Profiles.
| | 00:59 | In the past we used to manage using
MCX settings, and if you're an existing
| | 01:04 | administrator, don't be alarmed.
| | 01:05 | MCX management is still
allowed and it is supported.
| | 01:09 | However, it has been deprecated, so it
would be a good idea if you are an old
| | 01:13 | hand at running MCX settings for you to
learn the new Profile management way of
| | 01:18 | the world, because that is
definitely the direction everything is going.
| | 01:22 | There are certainly some things that you
can't do in Profile Management that you
| | 01:25 | could've done before in MCX settings.
| | 01:28 | But likewise, there are many, many
things you can do now in Profile Management
| | 01:32 | that were never possible in MCX.
| | 01:33 | For example, we now have the ability
to create and send out the new profiles
| | 01:39 | completely automatically, once the
system has been enrolled in what we call a
| | 01:43 | Mobile Device Management System.
| | 01:45 | Lion server is the first version of
OS X server to include Mobile Device
| | 01:48 | Management, and it's rather a big deal.
| | 01:51 | So what do we have?
| | 01:52 | We have old MCX settings;
| | 01:54 | we have new Profile Manager Settings.
| | 01:56 | We have the ability to manage
the Lion computers using Profiles;
| | 02:00 | we also have the ability to
manage iOS devices using Profiles.
| | 02:05 | So let's spend some time now together
exploring this brand-new feature of Lion
| | 02:09 | Server and learning how best to
utilize it in our environments.
| | Collapse this transcript |
| Creating an Open Directory master (ODM) to allow for profile management| 00:00 | In the previous movie we talked about
all of the reasons why you would have a profile
| | 00:04 | and want to
manage devices with a profile
| | 00:07 | and what the differences are between them.
| | 00:09 | But we have some prerequisites, right?
| | 00:11 | We have some things we need to get done
before we can start managing profiles.
| | 00:15 | I mentioned in a previous chapter that
we have to have an open directory master
| | 00:19 | in order for Profile Manager to work.
| | 00:22 | We also need to have push
notifications and things like that.
| | 00:24 | We took care of those items in
an earlier chapter when we were setting up our
| | 00:28 | Apple ID, our push notification certificate,
even our custom purchased SSL UCC certificate.
| | 00:34 | That was fantastic.
| | 00:36 | We are really in good shape if
we've got all of those things done.
| | 00:39 | At this point, to get started with
profile management, we just need to configure
| | 00:44 | an open directory master.
| | 00:45 | Since we don't have one, all we need to
do is come up here and click Configure
| | 00:50 | on Device Management.
| | 00:51 | It's going to read our existing
settings and now there are a lot of
| | 00:54 | different ways to do this.
| | 00:55 | I would like to point out before we
click Next, that we could Manage Network
| | 00:59 | Accounts and that will allow us
to create an Open Directory Master.
| | 01:03 | We could come down here to Manage
Devices button and we could click on a Profile
| | 01:07 | Manager and we can get through that way.
| | 01:08 | There are a lot of different ways
to create an open directory master.
| | 01:11 | We can even get Server Admin out of our
advanced Tools disk image and we could
| | 01:16 | use that to create an open directory mater.
| | 01:18 | But the nice thing about Profile
Manager and one of the reasons why we have got
| | 01:22 | this one close to the front of our
outline is that if we come through here and
| | 01:27 | we click through this it's going to
create an open directory Master for us in
| | 01:31 | order to manage all of this.
| | 01:33 | Now the default name that they give you
is directory administrator with a short
| | 01:36 | name of diradmin or an Account Name of diradmin
and we have talked about this in prior titles.
| | 01:42 | Since this is the default that's given
to every directory master out there in
| | 01:46 | the planet and the primary point of
having a user name and password is to keep
| | 01:51 | other people from getting into your stuff.
| | 01:53 | You might want to choose the
Username that isn't the default.
| | 01:56 | We are going to stick with diradmin for
the purposes of this course but I highly
| | 02:00 | recommend that if you are setting this
up for yourself, come up with a name that
| | 02:04 | is unique and that you will
remember that no one else is going to know.
| | 02:07 | The important thing here is that
it would be different from the local
| | 02:10 | administrator username that you
created at the very beginning of this process
| | 02:15 | when we first started setting up the server.
| | 02:17 | All right, so we are just going to
choose a Password here and we will click Next.
| | 02:22 | We already have our organization name
when we set that up initially and we
| | 02:26 | already have our Admin Email
Address here servicesupport@corequick.com.
| | 02:30 | So those are already auto populated for use.
| | 02:33 | We will click Next.
| | 02:34 | It tells us what it's going to do and
we just click Set Up. It's that simple.
| | 02:39 | We could also do this at a Command-
line just so that you could use the
| | 02:42 | command-line tools that you would
normally use Slab Config in order to get this
| | 02:47 | configured if you are an advanced administrator.
| | 02:49 | But this is made so easy for us
here, it's really quite wonderful.
| | 02:53 | If this takes a little while don't worry,
it will eventually finish on its own.
| | 02:58 | It's just going through quite
a few steps in the background.
| | 03:00 | It's doing some network validation,
some testing to make sure we've got the
| | 03:03 | correct PTR and A records, and DNS,
which we do, because our server internally
| | 03:08 | configured that for itself.
| | 03:10 | It's one of the nice things about just
going with the DNS that they hand you.
| | 03:13 | The mini DNS is already done and it's all right.
| | 03:16 | And whenever it finishes configuring it,
you are all set and it will tell you
| | 03:21 | that your server meets the
requirements for the Profile Manager to work.
| | 03:24 | So we are going to click Finish, the
sheet will disappear and we will be faced
| | 03:29 | with our Profile Manager segment here in server.
| | 03:33 | That was not hard, we went from
Disabled to Enabled, we got ourselves out of a
| | 03:38 | standalone state and we moved to an
Open Directory Master and we did the whole
| | 03:42 | thing without the Advance
Server Administration tools.
| | 03:44 | In our next movie we are going to
move on to some more cool stuff with Profile Manager.
| | Collapse this transcript |
| Creating Users and Groups in your ODM| 00:00 | Before we start managing profiles now
that we've got our open directory setup we
| | 00:05 | can start setting up users and groups,
people who are going to log into our
| | 00:09 | server to use these services and
groups we can organize them into.
| | 00:13 | To do that we have got to go up here
to the Accounts area, click on Users and
| | 00:17 | you see right now we've already got our
Server Admin user and it's got the sort
| | 00:20 | of generic single user icon.
| | 00:23 | When we start creating additional users
you are going to notice that there's a
| | 00:25 | little globe attached to the icon
for the new users we create and that's
| | 00:29 | because now that we've got an open
directory master the server app is going to
| | 00:33 | automatically know that it needs to put those
users into the shared directory, very important.
| | 00:38 | So let's start and we
will just inter a few users.
| | 00:40 | I'm going to create four
users and four different groups.
| | 00:44 | You don't have to use the same names that I use.
| | 00:46 | I am just going to use some names that
we've come up with here internally for
| | 00:49 | fun, but you could totally use users
that are in your office or you can make up
| | 00:53 | fun users for yourself.
| | 00:55 | So as soon as you hit the plus Button
you get this new user screen and we put in
| | 00:59 | a Full Name and Account Name that's
going to be that short name that we talked
| | 01:02 | about before, that's all lower
case and has not spaces in it.
| | 01:05 | Then we are going to put an
Email Address in for this user.
| | 01:07 | The e-mail address is very important
throughout the system, but it's especially
| | 01:12 | important if you're going to have things
like and iCal server setup, because the
| | 01:16 | iCal invitation system uses the e-mail
address or addresses you put into this
| | 01:22 | field to determine whether or not the
user you are inviting to an event is
| | 01:26 | actually on your server or if it's not
on your server and it needs to send an
| | 01:30 | e-mail to that person in
order to invite them to an event.
| | 01:32 | So the Email Address field is very important
and it can accept multiple e-mail addresses.
| | 01:37 | And then we have our Password and
Verify and of course we have got a little key
| | 01:40 | here for our password assistant.
| | 01:42 | So we are going to start now entering names.
| | 01:44 | When you come back to the end of
this, we are going to have a bunch of
| | 01:47 | names already set up.
| | 01:49 | Whenever you have your information
entered you are just going to click Done.
| | 01:54 | Notice, we've got the
little globe here on the icon.
| | 01:57 | Now I am going to
configure several additional users.
| | 02:00 | Once we have our users all setup, we are
going to go over to the Groups area and
| | 02:05 | we are going to create some open
directory groups to organize our users into.
| | 02:09 | We will click the plus Button and we will
just give a Full Name and then the Group Name.
| | 02:15 | If we just hit the Tab key it'll auto
complete for us in the proper format in
| | 02:20 | the Group Name area and we can click Done.
| | 02:22 | We will do the same with a few more groups.
| | 02:26 | So we now have our All Employees,
our Office, our Remote users, our Sales
| | 02:32 | group and the Workgroup group that
came with the system whenever we created
| | 02:36 | our open directory master.
| | 02:37 | So we have got our Users and we've got
our Groups and now we've got some stuff
| | 02:41 | that we can really work with.
| | 02:43 | What I would like to do just briefly
before we move on is add some people to
| | 02:47 | unique sets of groups.
| | 02:48 | So let's open up the Office area,
click on the Pencil Button and we can click
| | 02:53 | the plus Button down here and we can
type the names of a few of the people that
| | 02:56 | we want to put into this group.
| | 02:57 | So, the Office Group:
| | 02:59 | I'm assuming that the Office Group is
people who actually work in the office.
| | 03:02 | So I am going to make Oliver and I'm going to
make Justin Members of that in Office group.
| | 03:15 | I would like to also point out.
| | 03:16 | If I click that Pencil Button again, I
could also make those group members iChat
| | 03:20 | buddies automatically if I wanted to.
| | 03:22 | We may come back here and do that later.
| | 03:25 | Now my Remote users, these are going to
be folks that work outside of the office.
| | 03:29 | So these will be pretty much
by definition other people.
| | 03:32 | I am going to make Paige and Tom people that
work outside of the office. We click Done.
| | 03:42 | All right, so now we have in
Office people, we have Remote people.
| | 03:46 | Now sales may be a mixture of those two.
| | 03:49 | Perhaps we've got somebody from the
sales that's inside the office and another
| | 03:53 | one that works remotely.
| | 03:57 | So let's make Oliver part of Sales and
we will also make Paige part of Sales.
| | 04:07 | Okay, so now we've got an Office group,
a Remote group and a Sales group that
| | 04:11 | contains people from both of those two groups.
| | 04:14 | Now lastly, I'd like to create a group
that's just sort of everybody that I've
| | 04:18 | entered so far of my own creation,
because all of these people are the
| | 04:24 | employees that work for us. Click Done.
| | 04:28 | Okay, we now have our
four custom created groups.
| | 04:32 | I would also like to just look
here at Workgroup just briefly.
| | 04:35 | I would like to point out that the
Workgroup group contains not only everyone
| | 04:39 | we've created on our open directory
master, but also a group of local accounts
| | 04:44 | and it's also automatically getting
iChat buddies and it's also giving a shared
| | 04:48 | folder automatically here.
| | 04:49 | This is what we did pretty much for free,
no configuration necessary whenever we
| | 04:53 | create our open directory master.
| | 04:54 | Be aware that that's there.
| | 04:56 | You can use it if you wish.
| | 04:57 | We may use it later on in a limited
fashion, but what I want to show you is
| | 05:01 | how to control these things individually
with each of these groups that we've created.
| | 05:04 | All right, so our Users and Groups
are all set, next, we can move on to Profile Management.
| | Collapse this transcript |
| Opening Profile Manager via Safari| 00:00 | You may notice whenever we get into
Profile Manager here, that there is not
| | 00:03 | much of an interface.
| | 00:04 | All we can really do is Enable Device
Management as we've already done, we can
| | 00:08 | Sign our Configuration Profiles, that's
fine, we can choose our Certificate for
| | 00:12 | signing that, and that's all great!
| | 00:14 | We could also change the name of
our Default Configuration Profile.
| | 00:18 | The Default Configuration Profile would
automatically configure devices to use
| | 00:22 | services we've already set up on the server.
| | 00:24 | So if we had already set up iChat, iCal,
Mail, VPN, all of those things, they
| | 00:30 | could be handed to a user automatically,
using a Default Configuration Profile.
| | 00:35 | But just for the tour, we are going to
simply turn on the service by flipping
| | 00:39 | the switch right up here.
| | 00:40 | We will wait for it to finish Starting
the Profile Manager as you can see down
| | 00:43 | here in the lower right-hand corner of
server app, and when do we will get a
| | 00:47 | link right in the screen to the Profile Manager.
| | 00:50 | So as soon as Mac OS X Server has built
its Mobile Device Management system in
| | 00:54 | the background and started that up,
we will get a set of new links here.
| | 00:58 | So we mentioned right here that
profiles are available for all users for
| | 01:01 | download and devices can
be enrolled for management.
| | 01:04 | You can go to the user portal.
| | 01:05 | So there's the user portal, which is
where individual users in our case for
| | 01:10 | example Justin Case would be going
there, in order to enroll their devices.
| | 01:15 | A user can go there, log in with their user
account and they can do all kinds of cool things.
| | 01:19 | We'll show that in a little bit.
| | 01:20 | First, we want to go to the Profile
Manager to show a tour of that interface.
| | 01:25 | So we click on the link and it takes
us directly to the secured site that is
| | 01:30 | our Profile Manager.
| | 01:31 | You can tell it's secure because
you get a little lock right up here.
| | 01:33 | If we click on the lock, we can look at
the chain through to our trusted security.
| | 01:38 | So here we are, we can look at
Details on our Certificate, and this is all
| | 01:42 | through the web browser, remember.
| | 01:43 | So anybody who accesses this site
will be able to see this validation.
| | 01:47 | It tells them that the
certificate is real. That's great!
| | 01:50 | So we are going to Log In to server.
groundswellgear.com with our Username and Password.
| | 01:54 | Which Username and Password, you might ask?
| | 01:56 | Well, we can either use the local
username and password or we can use the
| | 01:59 | directory, username and password.
| | 02:01 | I'm going to use the directory admin.
| | 02:07 | Once we log in, we have all sorts of
stuff that's already populated for us.
| | 02:11 | That's because we did a little bit
of work ahead of time in server app.
| | 02:15 | So we have our Groups, which it's
pulled in from open directory, and we can see
| | 02:19 | here that Sales has 2 Members, and we
can see the Members by clicking on them
| | 02:23 | over here, and we can go directly to the
user account by clicking on that little
| | 02:27 | arrow and it takes us directly there.
| | 02:29 | You can see here that we have the
user's name and their email address.
| | 02:33 | Email addresses are used
throughout OS X Server now.
| | 02:36 | So it's important to have that setup as I
said before in the Users area in server app.
| | 02:41 | But here, you can see we've got several
tabs with information about each user.
| | 02:46 | Now that we have clicked around a
little bit and explored, I just like to
| | 02:48 | explain what's going on in the sidebar
and we'll sort of work from left to right.
| | 02:53 | At the top of the screen, we have Devices
and you notice right now we have No Devices.
| | 02:57 | That's because we really have only a few
different ways to get devices into this system.
| | 03:02 | We have a manual distribution method for
getting our profiles onto these devices
| | 03:08 | that will enroll them, we
can have user self-service.
| | 03:10 | I mentioned that there was a user
portal where the user can go to a website and
| | 03:14 | self-enroll their device.
| | 03:15 | Then later on, we can do
some remote device management.
| | 03:18 | We can set up the MDM as we already
have, and that will remotely install,
| | 03:24 | remove, and update configuration
profiles as long as the device is enrolled.
| | 03:28 | So this is where the devices would be sitting.
| | 03:30 | We can set up Device Groups here to
organize our devices into different sets.
| | 03:35 | Maybe we'll have a group of Macs, maybe
we will have a group of iPads for example.
| | 03:39 | We'll set that up in a bit.
| | 03:41 | We have our Users that were pulled in
here from our open directory, and we
| | 03:45 | have our Groups as well.
| | 03:46 | Down below here, you can
check out your Activity.
| | 03:48 | So anything that you have told the
Profile Management system to do will show up
| | 03:53 | in Active Tasks until it's been
completed and then obviously it will move that
| | 03:57 | task into the Completed
Tasks area once it's complete.
| | 04:00 | So that is our brief tour of
the Profile Manager interface.
| | 04:03 | I think one of the more important
things to realize here is that you can get to
| | 04:06 | this from anywhere, and I will
just tab over to that so you can see.
| | 04:10 | You don't have to be running server app to
click on this link in order to get to this page.
| | 04:14 | All you have to do is go to your
server's domain name/profile manager, and
| | 04:20 | you'll go straight to this site.
| | 04:22 | Because it asks you to log in and it's
secured over SSL, this entire process is totally secure.
| | Collapse this transcript |
| Defining management strategy by choosing category of device or user| 00:00 | In this movie I want to walk you
through the various choices you have available
| | 00:04 | to you, in the Profile Management
System when you are creating mobile
| | 00:07 | configuration profiles for
your iOS or your Mac OS devices.
| | 00:11 | To do that, we're going to go into
Safari and we're going to go to the Profile
| | 00:14 | Manager website on our server.
| | 00:16 | I am going to go to
Spotlight and click on Safari here.
| | 00:19 | I already had that typed in.
| | 00:21 | When you get to Safari, you are going
to type your fully qualified domain name
| | 00:25 | of your server into the URL bar.
| | 00:28 | Once you've typed your fully qualified
domain name you're going to type a slash
| | 00:32 | followed by the word
profilemanager, all one word, no space.
| | 00:35 | I hit Return and that takes
me to an authentication page.
| | 00:39 | This is asking me to authenticate as
an administrator on the server so that I
| | 00:43 | can change these profiles.
| | 00:44 | I am going to type serveradmin here
and then I am going to type the password.
| | 00:48 | You can choose to Remember me or not
depending upon your security needs on the
| | 00:52 | system you're working on.
| | 00:54 | Click Log In and that takes
us to the Profile Manager page.
| | 00:58 | It takes us first to the User
Groups area, but we're not going to be
| | 01:02 | playing here right now.
| | 01:03 | We're going to go over
to the Device Groups area.
| | 01:06 | We don't have any devices enrolled on
our server yet, but we can set up Device
| | 01:12 | Groups ahead of time to put our
devices into once they're enrolled.
| | 01:16 | So to do that, I click on Device
Groups and then I come down to this area.
| | 01:21 | You will notice we have plus and minus
signs on both sides of this line here.
| | 01:25 | The plus and the minus signs apply
to the column they're underneath.
| | 01:28 | So we're going to go over here where it
says No Device Groups, come down to the
| | 01:32 | bottom and click plus.
| | 01:34 | So first, I am going to create a group
called iOS and this is just going to be a
| | 01:37 | group for our iOS devices.
| | 01:39 | I hit Tab to get out of that field and
then the Save button down here turns blue.
| | 01:43 | Once it does, I click Save.
| | 01:44 | I am going to create another group.
| | 01:47 | This one is going to be for Macs.
| | 01:49 | Tab out of that, click Save
and so now I have my two groups.
| | 01:54 | Now, if I click on iOS here, I can come
over to this Profile Tab right here and
| | 02:00 | the Profile Tab will show you all
of your profiles right down here.
| | 02:05 | If I want to change this profile or
change the settings for this group, all
| | 02:11 | I have to do is click the Edit button
right beneath where it says Settings for iOS.
| | 02:17 | When I do that, it opens up another
window here in Safari, and this is sort of
| | 02:22 | overlaid over the previous window.
| | 02:24 | We have the option of configuring
all of the different settings that
| | 02:29 | are available to us.
| | 02:30 | Now, this is our settings for iOS area.
| | 02:33 | So we'll look at all of the settings
that are available for all devices, Mac OS
| | 02:39 | X and iOS, we will also
look at the settings for iOS.
| | 02:43 | We're not going to configure any of
these settings at this time, just going to
| | 02:46 | take a look at them.
| | 02:48 | And since we're only looking, it won't
hurt anything for us to go in here, and
| | 02:52 | we'll look at those that are
in the Mac OS X area as well.
| | 02:56 | So let's start up here at the top,
and talk about the General area.
| | 03:00 | In this first General area here where it
says we have 1 Payload Configured, what
| | 03:04 | it's talking about is this as a
Payload and it says it's already configured
| | 03:10 | because it's being told that
it's going to automatically push.
| | 03:13 | We have that as one option;
| | 03:15 | the other option here is for Manual Download.
| | 03:17 | Manual Download could be very useful
if you are configuring a mobile config
| | 03:21 | profile that you didn't want
to push to enroll the devices.
| | 03:26 | Perhaps, you want to use this solution
to create payloads that you're going to
| | 03:30 | load onto devices that aren't
enrolled in the Automatic Push System or the
| | 03:35 | Mobile Device Management System,
you have that ability to do that here.
| | 03:39 | But we're going to leave Automatic
Push on, because it's kind of the point
| | 03:41 | of what we're doing.
| | 03:43 | Organization is automatically
configured for us, but we do have the opportunity
| | 03:47 | to put in a brief description.
| | 03:48 | So I'm going to do that now.
| | 03:50 | Okay, so I've got a brief description.
| | 03:52 | We now also have a security option.
| | 03:54 | We can allow people to remove our
profiles, and this is sort of a big deal,
| | 03:59 | because you probably are enrolling
devices into mobile device management in
| | 04:04 | order to restrict them in some way.
| | 04:06 | If you select Always here under Security;
| | 04:09 | that means that your users will always
be able to remove the profiles on their
| | 04:13 | own without even notifying you.
| | 04:15 | This means that those restrictions
don't count for much because they're
| | 04:18 | very easy to eliminate.
| | 04:20 | If you select With Authorization,
you have an opportunity to put an
| | 04:24 | authorization password in here, and in
that case, those profiles could still
| | 04:29 | be removed off of the devices, but
only if an authorization password that you
| | 04:34 | designate here is input into the device
that's on the glass, for example, on an iPod.
| | 04:40 | Or you can also select Never.
| | 04:42 | Never means that the profile cannot be removed.
| | 04:46 | In order to remove this profile, you
would have to change the configuration and
| | 04:50 | to push it back out to the device;
| | 04:52 | the device would have to get that update
from the Mobile Device Management System.
| | 04:57 | You could also remove these profiles
using iPhone Configuration Utility, but
| | 05:01 | you'd have to be either doing that
through the MDM system or with a direct USB
| | 05:06 | connection, it's much harder to get
these profiles off if you select Never.
| | 05:11 | I think that With
Authorization is a nice middle ground.
| | 05:14 | So I am going to select that
and put-in a password here.
| | 05:17 | All right, so that's a
nicely configured General Payload.
| | 05:22 | Let's move on now to the Pass Code.
| | 05:23 | Whenever you select Pass Code, there is
no Payload here yet, so there's nothing
| | 05:28 | to configure until you
click the Configure button.
| | 05:32 | So we click Configure and this
opens a lot of options to us.
| | 05:37 | You can choose what type
of Pass Code a user can set.
| | 05:42 | This is not a place for
you to set the Pass Code.
| | 05:46 | I am scrolling down here to the bottom
of this, so you can see that there is no
| | 05:49 | place here where you can indicate what
the Pass Code will be on the device that
| | 05:54 | must be set locally.
| | 05:56 | All right, so if you want to indicate
a maximum Pass Code age or require an
| | 06:04 | alphanumeric value, you can get very,
very strict with your Pass Code rules by
| | 06:10 | enabling them here in the Pass Code area.
| | 06:12 | If you click on Network, you also
have a Configure button, we click that.
| | 06:17 | We can configure Wi-Fi settings, or
even that settings, if we are talking about
| | 06:21 | the settings for a Mac OS X device,
this would be any Mac OS X computer.
| | 06:27 | But Wi-Fi would work for either;
| | 06:29 | we can configure Wi-Fi settings for an
iPad or for an iMac, doesn't really matter.
| | 06:35 | But I would like to point out one thing.
| | 06:37 | If you're configuring your Wi-Fi
via a profile and the Wi-Fi network is
| | 06:44 | protected, either hidden or protected
with a password, the iPad will have no way
| | 06:50 | of getting this information, because it
won't be connected to that network until
| | 06:56 | you do something on the glass.
| | 06:58 | If you're on the device, you will have
to manually configure that device to get
| | 07:02 | on the network and at that point,
that iPad would for example remember that
| | 07:07 | network from that point forward,
making this type of Wi-Fi network profile
| | 07:11 | unnecessary, because it's
already been done manually.
| | 07:15 | If on the other hand, you were going to
provide this as a profile that would be
| | 07:18 | manually applied to the system using
for example iPhone Configuration Utility,
| | 07:22 | then this would become more useful.
| | 07:25 | So think about this in your planning.
| | 07:28 | VPN is another great option because
here we can configure a VPN mobile config
| | 07:33 | profile that can be applied to a
device which will easily allow your clients
| | 07:39 | to connect to the VPN server without having
to know all the configuration information.
| | 07:46 | This is extremely convenient for your users.
| | 07:49 | This is a great thing to do for folks.
| | 07:52 | If we click Configure under
Certificates, we can add identity certificates or
| | 07:57 | security certificates here manually.
| | 08:00 | This will allow new certificates to be
pushed to devices without having people
| | 08:05 | have to manually pull them down from a location.
| | 08:10 | If we want to click Configure here
for SCEP, we can do that as well.
| | 08:14 | But we don't need to do this if we're
setting our systems up to be part of a
| | 08:19 | Lion Mobile Device Management System.
| | 08:21 | You would put-in the SCEP settings if
you were installing a third-party Mobile
| | 08:26 | Device Management System.
| | 08:28 | If you're using Lion for your Mobile
Device Management, you're probably not
| | 08:32 | using another Mobile Device Management
System on top of that, and especially not
| | 08:37 | for our intended audience for this subject.
| | 08:41 | If you're in an enterprise
environment where you're using a large Mobile
| | 08:45 | Device Management System, you'll
want to talk to the manufacturer or the
| | 08:49 | developer of that Mobile Device
Management System to find out how they would
| | 08:53 | like you to use SCEP.
| | 08:54 | Now, those are the settings that
apply to Mac OS X and iOS together.
| | 08:59 | Let's look at the iOS ones independently.
| | 09:02 | So, iOS comes with the ability
to restrict a lot of settings.
| | 09:05 | We'll talk about this later on in
detail when we create our first profile.
| | 09:09 | But I just want to go
through some of the options here.
| | 09:13 | Restrictions here are slightly
different than the restrictions that you can
| | 09:18 | place on a device directly from the device.
| | 09:21 | They're a little bit more limited.
| | 09:23 | You can limit things like not allowing
the editing of email accounts or calendar
| | 09:29 | accounts directly on the device, and
we don't have that ability here in our
| | 09:34 | Restrictions in the MDM solution.
| | 09:37 | You can still apply the same
restrictions to explicit content;
| | 09:41 | this is extremely useful in
school settings or with children.
| | 09:44 | You can still restrict the use of
YouTube, which is a great way to keep people
| | 09:48 | off YouTube because YouTube doesn't
work through Safari on the iPad itself,
| | 09:53 | because of the lack of Flash compatibility.
| | 09:56 | So this is very, very effective.
| | 09:58 | You can turn off Safari
if you wanted to do that.
| | 10:01 | I would really recommend against turning
off Safari on iPads and iOS devices, as
| | 10:06 | it's so useful to end-users.
| | 10:09 | One last thing I'd like to mention
is the forcing of Encrypted Backups.
| | 10:12 | Again, we talk about all of this a little
bit later but I'd like to put this in here.
| | 10:16 | Forcing Encrypted Backups forces your
iOS device to put any passwords that
| | 10:21 | are saved on the device into the
backup and that's useful if whenever you're
| | 10:26 | restoring the device, you want to
keep those passwords in the restored
| | 10:30 | version of your device.
| | 10:31 | So forcing Encrypted Backups is great.
| | 10:34 | The one thing that you'll notice about
that though is that if you turn this on,
| | 10:37 | you'll be forced to enter a password
on your system whenever you sync it.
| | 10:42 | So be aware of that.
| | 10:44 | Email configuration, this is pretty
obvious, but we'll talk about it briefly.
| | 10:49 | You can configure Advanced Settings
so that this goes in before a user even
| | 10:53 | touches the device for the first time,
it already knows what the incoming and
| | 10:57 | outgoing mail server is going to be,
what types of accounts are there and where
| | 11:01 | that server is, as you can put in
the fully qualified domain name of the
| | 11:04 | server, so that the user doesn't
have to enter so much information for
| | 11:07 | configuration purposes.
| | 11:09 | Similarly, for Exchange, you
have that ability to connect up to
| | 11:13 | Exchange services here.
| | 11:16 | LDAP, would allow you to connect up to
an LDAP server for contact information.
| | 11:20 | CardDAV would allow you to connect
up to a CardDAV server for contact
| | 11:26 | information, and similarly, CalDAV, so
you can put-in account information, a
| | 11:31 | host name with a fully
qualified domain name for the server;
| | 11:34 | so that those things can be entered for
your users before they get their devices.
| | 11:38 | Subscribed Calendars would be for any
ICS calendars that are published via
| | 11:43 | WebDAV out to the Internet.
| | 11:45 | This is different from subscribing to
your own personal account on a CalDAV server.
| | 11:49 | This is an opportunity for you to do
things like subscribe to the calendar for
| | 11:54 | your local baseball team,
if they're publishing it.
| | 11:58 | Web Clips are extremely useful.
| | 12:00 | They give you an icon right on your
iOS device that you can tap on as if you
| | 12:05 | were opening a new application that will take
them directly to the website of your choosing.
| | 12:10 | So if you have several websites that
people need to go to in your organization
| | 12:14 | on a regular basis, and you don't want
them to have to set Bookmarks inside of
| | 12:17 | Safari, or you don't want them to have
to reenter the URL over and over again,
| | 12:22 | there's a great handy way to
give them those quick links.
| | 12:25 | Also, if you've developed web-based
applications, you can make this go full
| | 12:30 | screen, so that the URL
Bar is not even available.
| | 12:34 | That makes it look even more like a real
full screen application. Pretty cool there!
| | 12:40 | APN has to do with setting up
access points for cell traffic.
| | 12:44 | It's unlikely to be something
you're going to do in a small
| | 12:46 | business environment.
| | 12:48 | If I go down here to the Mac OS X
section, we have restrictions, but they're
| | 12:51 | different kinds of restrictions.
| | 12:53 | Here, we're allowed to configure the
restrictions for our available system
| | 12:58 | preferences, and any one who is a long
time Mac OS server administrator who is
| | 13:03 | used to doing MCX Management of Mac OS
X client computers will recognize the
| | 13:08 | way this looks, which is very
similar to the way that looked in Workgroup
| | 13:11 | Manager previously.
| | 13:12 | This is still available by
the way in Workgroup Manager.
| | 13:15 | We're just moving that management
into this environment for the future.
| | 13:19 | We can restrict applications, create
white and black lists for applications that
| | 13:23 | are allowed or disallowed.
| | 13:25 | We can allow or disallow
specific dashboard widgets.
| | 13:28 | Additionally, within our Mac OS X
Restrictions, we have this Media area, which
| | 13:32 | gives us the ability to control whether
or not people can burn CDs, or DVDs, and
| | 13:37 | whether or not they can
access internal or external disks.
| | 13:40 | These are all the same types, again, of
management options that we had available
| | 13:43 | in MCX settings in Workgroup Manager.
| | 13:46 | We can configure a Directory server right here.
| | 13:50 | Under Login Window we can
configure a Login Window options.
| | 13:54 | Again, anybody who is an old hand at Mac
OS system administration and is used to
| | 14:00 | doing this through MCX settings,
this looks very familiar to you.
| | 14:02 | We can control Login Options, what
will launch at log in, any Network Mounts
| | 14:07 | that need to be placed, or any items
that will launch automatically at login.
| | 14:12 | We can Control mobility settings, so
we can set whether or not someone is a
| | 14:16 | network user or a portable home
directory user, all through here.
| | 14:22 | We can control Dock Options
for our Mac OS X client systems.
| | 14:26 | We can set the location of the
Software Update Server, we can configure
| | 14:31 | Printing Management, so we now have
the ability to configure printing through
| | 14:36 | the Profile Manager area.
| | 14:42 | Energy Saver settings, Parental
Controls, these are very, very similar to the
| | 14:47 | parental controls that are
available on a local Mac OS X system.
| | 14:52 | Security & Privacy, really only gives
us access to this one checkbox about
| | 14:56 | whether or not we'll be sending
diagnostic information to Apple, and then
| | 15:00 | lastly, this is very interesting.
| | 15:02 | If you're the type of administrator
that's comfortable editing keylists and
| | 15:06 | creating custom property list values,
you can import those custom settings files
| | 15:11 | here using the Upload File button.
| | 15:14 | This can be very useful if there is an
old style managed client app preference
| | 15:19 | that you're used to use to manage things like;
| | 15:22 | I don't know the
performance in iTunes for example.
| | 15:24 | There are things that aren't available here.
| | 15:26 | You can add that additional
functionality here under Custom Settings if you're
| | 15:30 | an experienced administrator.
| | 15:31 | All right, so that took quite a while to
get through, but that gives us a really
| | 15:36 | solid overview of all of the settings
that are available to us here in Profile
| | 15:41 | Manager, just so that we don't muddy
the waters for later in the Chapter I am
| | 15:45 | going to hit Cancel.
| | 15:46 | That's going to disable
what we've just changed here.
| | 15:49 | And that returns us back
to a nice pristine state.
| | 15:51 | In the next movie, we're going
to create our first real profile.
| | Collapse this transcript |
| Using Profile Manager to create your first profile for Mac or iOS device management| 00:00 | In this movie we are going to
configure our first simple profile.
| | 00:04 | We are going to do so by opening the Profile
Manager with the link here in the Server App.
| | 00:08 | Remember, you can always get to this by
typing your fully qualified domain name
| | 00:11 | followed by profilemanager here.
| | 00:14 | So we are going to go into Device Groups.
| | 00:15 | I've already got a Macs group and an iOS group.
| | 00:18 | In the Macs group, I'm going to create
some extra profile settings just for the
| | 00:23 | Macs that are going to be members of this group.
| | 00:26 | Now, nobody is a member of the
group yet so this won't apply to anyone.
| | 00:30 | Clicking Edit I am going to select
Automatic Push that will make sure that these
| | 00:33 | things get pushed using the Push
services, we worked so hard to get set up and
| | 00:37 | then we are going to type a Description.
| | 00:40 | Baseline Mac Settings is what I am going
to put in and I'm going to allow people
| | 00:45 | to remove this as long as
they have authorization to do so.
| | 00:49 | So that's going to be our first setting.
| | 00:50 | We are going to skip past all of these
iOS Restrictions and other settings that
| | 00:54 | we could set up because we are
not setting up an iOS device;
| | 00:57 | we are setting up a Mac OS X device.
| | 00:59 | And I am just going to put
in a few simple settings.
| | 01:01 | Let's start easy with something like the Dock.
| | 01:04 | So I am going to change the dock so
that it goes to the right and I'm going to
| | 01:08 | change the size of the dock.
| | 01:10 | That's all I am going to do.
| | 01:11 | I am going to just leave it like that.
| | 01:14 | I might go down to Security & Privacy
and just tell Apple that I'm not going to
| | 01:17 | send them diagnostic and usage data.
| | 01:19 | Very, very simple, my Payload only
includes the General settings, the Dock and
| | 01:23 | Security & Privacy, right.
| | 01:24 | So we are done there.
| | 01:26 | If I click Save and we do if we click
Save again, that's going to cause those
| | 01:30 | new settings to be pushed out to any
devices that are already in the group.
| | 01:34 | Now we don't have any members in the
group yet so we would need to go back and
| | 01:37 | add those but that is what
would happen at this point.
| | 01:40 | Okay, so we got our Mac profile. You know what?
| | 01:42 | I'm feeling great about this.
| | 01:43 | Let's go ahead and
configure the iOS profile too.
| | 01:46 | This is too much fun.
| | 01:47 | We are going to go into Settings for
iOS and click Edit and now we are going to
| | 01:51 | go down in here into this
section where it says iOS.
| | 01:54 | So we will come over here.
| | 01:55 | Actually, you know what?
| | 01:56 | Let's now get ahead of ourselves.
| | 01:57 | We need to create a Description for our payload.
| | 01:59 | So this is going to be iOS Device
Baseline Settings and I am going to allow
| | 02:07 | people to do this as long as
they have authorization to do so.
| | 02:10 | Of course I need to put in my password.
| | 02:13 | Later on we'll talk about VPN and
maybe even network but I want to come down
| | 02:17 | here to some iOS specific
Restrictions like, we will come in here and for
| | 02:21 | example, if we didn't want to allow
multiplayer gaming we could turn that off.
| | 02:25 | If we wanted to be sure that the
users of our devices didn't do any in-App
| | 02:30 | purchasing we can turn that off.
| | 02:33 | So there are some really neat things that we
can disable that are default parts of the iOS.
| | 02:38 | We can also disable turning on Game
Centre friends, we can basically turn all of
| | 02:42 | that stuff off and we can Force
encrypted backups of our iOS devices.
| | 02:48 | This is kind of neat because if you
have an IOS devices as an iPhone and iPod
| | 02:53 | Touch or an iPad and you're backing up
that device in iTunes, which by the way
| | 02:58 | happens automatically anytime you change
something in one of the applications on
| | 03:02 | there so your Camera
Roll or something like that.
| | 03:05 | If you don't encrypt your backups on
that device it won't back up any of your
| | 03:09 | passwords, which is interesting
because then if you ever restore your device
| | 03:13 | you're going to have to reenter those
passwords later on, which means you will
| | 03:17 | have to change those settings
later on if you do a restore.
| | 03:20 | This encrypts the backups so the
passwords are sent into the backup, which
| | 03:24 | means when you do a restore from a backup of
that iOS device, you will get your passwords back.
| | 03:29 | It's a more complete backup.
| | 03:31 | So there is a really good
setting to turn on here.
| | 03:34 | We could also control the way
that our various applications work.
| | 03:37 | For example, if we didn't want our kids
getting into the You Tube application,
| | 03:41 | you just turn that off.
| | 03:42 | If we didn't want anything to go to
the iTunes Music Store whether it be a an
| | 03:46 | iPod, an iPad or an iPod Touch
that's all going to be gone as well.
| | 03:51 | We can also control
restrictions for media content.
| | 03:53 | So we can say you know what we're not
going to allow any explicit music and
| | 03:56 | podcasts and for movies we are only
going to allow PG-13 in here and PG here,
| | 04:03 | for the apps we are just going to allow 12+.
| | 04:06 | So we are done with that.
| | 04:07 | We can also configure things like Email.
| | 04:09 | If we had an Exchange server we
could set that up so that it goes to
| | 04:12 | the Exchange server.
| | 04:14 | CardDAV, CalDAV, we will talk about all
of these things later on but one thing
| | 04:17 | that I think is really need is the
fact that you can control Web Clips.
| | 04:20 | This puts a little button right
on the screen of your iOS device.
| | 04:25 | So let's call this Enrollment and we will go to
| | 04:30 | https://server.groundswellgear.com/
mydevices and we will make it removable if
| | 04:43 | they want to and we are just going to let the
icon come in from the web device. That's fine.
| | 04:47 | No Precomposed anything and I am
not going to make it full-screen.
| | 04:50 | I don't need to control any of that.
| | 04:52 | That's going to show up on the screen of iPad.
| | 04:54 | That's pretty cool!
| | 04:55 | So we click OK, and there we are.
| | 04:57 | We have only done Restrictions and Web Clips.
| | 04:59 | It's very, very simple but now
we have two different profiles.
| | 05:03 | We have got profiles that will apply
to our iOS devices, once we make them
| | 05:06 | members of this group and we've also if
I hit Save, if we can look over here we
| | 05:11 | have a profile for our Macs.
| | 05:13 | Next, let's see how to actually enroll
devices, so we can get them into this
| | 05:17 | library of devices and then make them
members of the different device groups.
| | Collapse this transcript |
| Getting profiles onto your Mac| 00:00 | Now that we've created our first simple
profiles, we need to get those profiles
| | 00:04 | on to our devices, so
those devices can be managed.
| | 00:07 | The first one we are going to show you
is this Mac here that we are on right now.
| | 00:11 | So there are a couple of processes
we need to finish in order to do that.
| | 00:15 | The first one is we need to get into Safari.
| | 00:18 | So I am going to do my four-finger
pinch to bring up our launch pad.
| | 00:22 | We bring up Safari and we are going
to go to our Personal Device portal.
| | 00:26 | So that's going to be the fully
qualified domain name of your server, we are
| | 00:32 | SSL encrypted here.
| | 00:34 | So we've got an s after the http.
| | 00:36 | Don't miss that part and then
that's going to be followed by mydevices.
| | 00:43 | That's going to send us
to an authentication page.
| | 00:46 | We are going to
authenticate as one of our users.
| | 00:48 | I am going to use our user, Justin.
| | 00:54 | So now we are logged in as Justin
and here we are at our My Devices page.
| | 00:58 | We also have a Profiles page.
| | 01:01 | So we have two choices here;
| | 01:02 | we can download Settings for Everyone.
| | 01:04 | This Settings for Everyone button will
download a Settings profile that contains
| | 01:08 | the settings for all of the
services that are configured on our server.
| | 01:12 | Now at this stage in the course, we
don't have any services configured.
| | 01:16 | So this won't do us much good.
| | 01:18 | Later on in the course, towards the end,
we are going to show you how to bring
| | 01:21 | this down in order to
configure your device all at once.
| | 01:24 | That would be pretty cool.
| | 01:25 | For now, what we are going to do is
actually go over here to Devices and we are
| | 01:28 | going to Enroll this device.
| | 01:30 | So this device is a Mac and there we go.
| | 01:34 | It downloads into our Downloads area.
| | 01:35 | That goes into our Downloads folder
and it immediately asks us if we want to
| | 01:39 | install our Device Enrollment profile.
| | 01:42 | Now you might have noticed that
automatically System Preferences is opened here,
| | 01:46 | this is where we are;
| | 01:47 | we are going to click Continue and it's
going to warn us that it doesn't have a
| | 01:52 | verification of the authorship of this profile.
| | 01:56 | So you remember we set ourselves up with
a UCC SSL profile, so that whenever our
| | 02:01 | client systems are communicating with
the server, they can know that there is a
| | 02:04 | trusted third-party relationship and
they can have that SSL encrypted path back
| | 02:08 | and forth between the client and the server.
| | 02:11 | This is not handled by that certificate.
| | 02:15 | This is handled by a code signing
certificate that was set up originally back in
| | 02:19 | server app, and the reason why it can't
verify the authorship is because it's a
| | 02:24 | self-signed, code signing certificate.
| | 02:27 | Because this is a different type of
certificate, we have a couple of choices here.
| | 02:31 | We chose not to purchase a code signing
certificate from Go Daddy because it's
| | 02:36 | really expensive and I figure most of
you probably won't want to go to that much
| | 02:40 | of an additional expense.
| | 02:42 | On the other hand, if we show the
details, we can see where it was signed from.
| | 02:47 | We can simply choose to Install and
once this is installed and trusted, we are
| | 02:52 | going to have to go through a few more of the
screens, we won't see this again. Same thing here;
| | 02:57 | remember, it says unverified and very
importantly, if you see down here where it
| | 03:01 | says Mobile Device Management, we have
rights here on the server to erase all
| | 03:06 | the data on the computer where
we are installing the profile.
| | 03:09 | So we are installing this
profile on this local Mac.
| | 03:11 | That means that we are going to have
the rights from the server to erase
| | 03:15 | the data on the Mac.
| | 03:16 | Your users, if they are doing
this themselves, if they are doing a
| | 03:19 | self-enrollment, will be able to see
this and this might cause come concerns so
| | 03:22 | you might get some phone calls about this.
| | 03:25 | If you go about the process of
enrolling devices by yourself as an
| | 03:28 | administrator, you can avoid those questions.
| | 03:31 | Click Continue, we are also going to
click Install here and we are going to add
| | 03:35 | our administrator, Username, and
Password for the local machine, the client
| | 03:39 | machine that we are installing the profile on.
| | 03:43 | You have to be an administrator to do this.
| | 03:45 | So, because our local account was an
administrator account, it allowed me to
| | 03:49 | authenticate and here we've
installed to Remote Management settings.
| | 03:53 | So you can see that all here, if I
click Show All, you can see that we now
| | 03:56 | have these Profiles, System Preferences
pane in the System area of System Preferences.
| | 04:02 | If I quit this and we come back here,
now you can see that this Mac is indeed
| | 04:07 | registered with the server.
| | 04:08 | We know its Serial Number and we can
remote Lock it and we can Wipe the data
| | 04:13 | from it right there with that button.
| | 04:15 | And we can do this because we've logged in
as a specific user to enroll this device.
| | 04:19 | So because we are still logged in as
that user, we have the ability to lock
| | 04:24 | or wipe this device.
| | 04:25 | Other users won't be able
to wipe each other's devices.
| | 04:28 | So we are going to leave the My
Devices area and instead we are going to go
| | 04:32 | back to Profile Manager.
| | 04:35 | Now that the device is
enrolled, we'll be able to see it.
| | 04:38 | I am going to log in as serveradmin,
and if we come back over here to Devices,
| | 04:45 | here you'll see Justin Case has
registered the Mac Tower in this area.
| | 04:49 | So he is in the Devices
area, but in a group yet.
| | 04:53 | There are still No
Members of the Mac's group here.
| | 04:55 | So we have to go to the Mac's group,
click on Members, click on the plus
| | 04:59 | button>Add Devices, and because the Mac
Tower here that was registered by Justin
| | 05:04 | Case, has been enrolled in our system,
we can just click Add and Done and Save.
| | 05:10 | And as soon as we do, it says this
might cause settings to be pushed to the
| | 05:13 | devices and of course, it will, because
we've got a profile associated with the
| | 05:18 | Mac's group which is a device group.
| | 05:21 | And so as soon as we save this as a
member of that group the settings we have in
| | 05:25 | there should apply to that device.
| | 05:27 | So, clicking Save is going to
give us an active task right here.
| | 05:31 | It's going to set Push Settings in
progress and what happens here when this
| | 05:34 | happens is the server because we have a
trusted relationship with Apple's Push
| | 05:39 | notification service, we'll send a
Push notification to Apple or a request.
| | 05:43 | Apple's Push Notification server will
send a message back down to the Mac Tower
| | 05:49 | to say, hey, Mac Tower, you need to
look to your server that you've already
| | 05:53 | said you trust and you need to get whatever
updates have been applied to your profiles.
| | 05:59 | When that happens, the Mac goes out and
gets its stuff, it succeeds and now the
| | 06:03 | Mac has the new updated management information.
| | 06:07 | So that's how that
process completes full circle.
| | 06:09 | If we wanted to add the Mac to
additional groups, if we had multiple additional
| | 06:13 | groups, we could come through
here and add that Mac in there.
| | 06:16 | So that's getting all of this onto your Mac.
| | 06:20 | In the next movie, we'll talk
about how you get this stuff onto your iOS devices.
| | Collapse this transcript |
| Getting profiles onto your iOS device| 00:00 | When it comes time to download and
install your profiles on your iOS device,
| | 00:04 | it's fun to start with an iPad because
you've got a nice big screen, you can see
| | 00:07 | what you're doing, it's easy
to get to all the controls.
| | 00:09 | So here you can see we have a very,
very stock brand-new iPad, there's
| | 00:15 | nothing custom about this.
| | 00:16 | If I go to Settings and you look
through General here, there are no extra
| | 00:21 | profiles, no extra
settings in here at all, right.
| | 00:24 | I go to Mail, Contacts, and
Calendars, nothing in here.
| | 00:27 | So what I need to do first, and there
are several different ways of doing this.
| | 00:31 | You can see right up here,
I'm not on our Wi-Fi network.
| | 00:34 | So I want to put us on our Wi-Fi network.
| | 00:37 | Now you could temporarily set your Wi-Fi
network so that it would be completely open.
| | 00:42 | This would make it very easy to get on,
but ours we're just going to click on
| | 00:46 | our Lion Network here and put
in our password and click Join.
| | 00:51 | As soon as we join that Wi-Fi network,
we're going to get the symbol right up by
| | 00:54 | your carrier logo in the upper
left-hand corner of the iPad.
| | 00:59 | And we can then come back here and we
can tap on Safari, and when we open up
| | 01:03 | Safari, we can go to a new URL.
| | 01:06 | I'm going to go to that https://.
| | 01:11 | We're going to go to server.groundswellgear.com.
| | 01:14 | Now you're going to go to your own URL.
| | 01:18 | All right, so we double-check our
spelling, make sure we didn't type anything
| | 01:21 | incorrectly, everything looks good here.
| | 01:24 | I'm going to then type a Slash and then
I'm going to go to My Devices and hit Go.
| | 01:30 | This is going to take us to that
Authentication page, the same one pretty much
| | 01:33 | that we saw on our Mac.
| | 01:34 | So I'm going to log in this time as
oliver and I'm going to tell it not to
| | 01:39 | remember me and I'm going to click Log In.
| | 01:43 | All right, so here is the
My Devices page for an iPad.
| | 01:46 | Note that the system sees that
this is an iPad right off the bat;
| | 01:51 | it knows what we are.
| | 01:52 | So all we have to do is tap Enroll,
it tells us that the Code Signing
| | 01:56 | Certificate is not verified for
the same reasons that we mentioned in
| | 01:58 | the previous movie.
| | 01:59 | So we're just going to click Install.
| | 02:00 | It says Unverified Profile,
it's warning us about that again;
| | 02:04 | it's fine, we're going to tap Install.
| | 02:06 | We created it, we know
what it is, and we tap Done.
| | 02:10 | So we are now enrolled.
| | 02:11 | If we refresh this page on Safari, we
can see that this is an iPad, we have our
| | 02:15 | Serial Number, we can Clear the
Passcode, we can Lock the device if there's a
| | 02:19 | passcode in place on the device,
and we can Wipe the device.
| | 02:23 | Note that locking the device
won't ask you to enter a Passcode.
| | 02:27 | It will simply lock the device with
whatever passcode is already on the device.
| | 02:31 | All right, so now that this is in
place, I'm going to go back over to our
| | 02:35 | Mac, and on our Mac we're going to go into
Safari and I'm going to go to Profile Manager.
| | 02:41 | And in Profile Manager, if I
go to Devices, I now see iPad.
| | 02:46 | And there is Oliver, he signed
it in, no problem at all there.
| | 02:49 | All we need to do is go to Device Groups>iOS>
Members>+>Add Devices, and here we have the iPad.
| | 02:59 | So we can click Add, Done,
Save, and then once again Save.
| | 03:05 | And what that's going to do is it's going to
push that information out to our iPad here.
| | 03:08 | We can see in our Active Tasks, we have
one that was sending, we have some stuff
| | 03:13 | that succeeded here in our Completed Tasks.
| | 03:15 | Our iPad has now been placed in this area.
| | 03:18 | And if we come back out here, if we hit
our Home key and you notice that the Web
| | 03:23 | Clip that we put in as part of our
profile is already on screen number two here.
| | 03:28 | It threw it into our second screen.
| | 03:30 | If we tap on that, we go
right back to our Enrollment page.
| | 03:33 | If we hit the Home key, we get the Custom
icon that Apple put into the webpage itself.
| | 03:38 | It downloaded that custom icon
the first time we went to that link.
| | 03:42 | So we get a really cool icon as a result.
| | 03:45 | And if we go to Settings, and General,
now you can see down here we have
| | 03:50 | Profiles installed and all of
our settings for iOS are here.
| | 03:54 | We can tap on More Details.
| | 03:55 | We can see our Restrictions and we can
see our Web Clip, basically everything
| | 03:59 | that's coming in here because we're part of
Settings for iOS, is right there in front of us.
| | 04:03 | All right!
| | 04:05 | So we tap back, get out of
there, tap Home, and there we are.
| | 04:10 | So that takes us full circle.
| | 04:12 | That added our iOS device into the system.
| | 04:15 | We put our iOS device into a Device
Group that was already set up with a profile.
| | 04:20 | And as soon as we did, we watched the
Push Notification work as it went from the
| | 04:24 | server to Apple to the device, made the
device communicate back with the server
| | 04:29 | so that it could get its new information.
| | Collapse this transcript |
| Using the Self Service Portal to wipe an iOS device| 00:00 | Okay, so let's say you wanted to
remotely lock or wipe a device that
| | 00:04 | you'd already managed.
| | 00:06 | So we've already enrolled our iPad as
Oliver, right, but to show you how we get
| | 00:10 | there, you're going to be at My
Devices again, right, we're going to go to
| | 00:15 | server.groundswellgear.com/mydevices
and we're going to login with oliver and
| | 00:20 | we're going to click Log
in here, and there we are.
| | 00:23 | So because we're on a Mac that has not
been enrolled by Oliver, it's offering to
| | 00:29 | let us enroll it again as this user.
| | 00:32 | I would refrain from doing that if at
all possible, because that's going to end
| | 00:35 | up making some pretty strange records
in your online database, but we do see
| | 00:40 | that we have registered the iPad here,
and we've got its Serial Number and we
| | 00:44 | have our buttons to Lock, Wipe and
Clear Passcode, and I just want to point out
| | 00:48 | this is all too easy.
| | 00:49 | If we tap Wipe right there, it just asks,
are you sure you want to perform the
| | 00:54 | Wipe task on the device?
| | 00:55 | You say OK and it says, all
right, Wipe is in progress.
| | 00:58 | Over on the device what's happening
is the device is restarting, we get the
| | 01:02 | Apple from the startup screen.
| | 01:05 | On the computer it saying wipe was
completed and it gives us a date and the
| | 01:09 | time, it's right now going through the
process of basically resetting the device
| | 01:14 | back to fresh out-of-the-box status,
and we get a symbol that says please
| | 01:18 | connect this device to iTunes, we're
recording this before the release of iOS 5.
| | 01:23 | Once we have released iOS 5, all of
these devices that are running that new
| | 01:28 | operating system will come back, and
because they are devices that don't need to
| | 01:32 | be connected to a computer before
they're activated, these devices should come
| | 01:36 | up from this process once we're in
iOS 5, and they should just activate.
| | 01:40 | It's wiped, the data that was on it is
gone, so if you lose one of your devices,
| | 01:45 | you no longer have to depend on the
device already being signed up with a
| | 01:50 | MobileMe account or find my iPhone
account, so you can do the remote wipe, you
| | 01:54 | can do that functionality right here
as long as your devices are enrolled on
| | 01:58 | your Mobile Device
Management System here in OS Server.
| | Collapse this transcript |
| Managing hardware inventory with Profile Manager| 00:00 | Okay, so we're going back to our
Profile Manager, so it's going to be https://
| | 00:06 | your fully qualified domain name
slash profile manager and it's going to
| | 00:10 | redirect you to this page for
authentication, so I'm logging in as a
| | 00:13 | serveradmin account.
| | 00:14 | Again, you could log in as diradmin;
| | 00:15 | I'm just choosing serveradmin and Log In.
| | 00:20 | So what I wanted to show you
here is something kind of neat.
| | 00:23 | If you select a device note our
iPad has been wiped, isn't that fun?
| | 00:28 | If we come over here and we look at our
device, our Mac Tower for Justin Case.
| | 00:33 | If I come over here and click on About.
| | 00:35 | I want to point this out.
| | 00:37 | So we can see right here all the
certificates that are installed on that device,
| | 00:41 | we can see the Device Groups that
this device is in and under Installed
| | 00:48 | Applications this is kind of cool.
| | 00:50 | This is kind of like running system
profiler on a local Mac, you can see all
| | 00:55 | of the applications that are installed on
that Mac and this can really, really helpful.
| | 00:59 | If you're planning an upgrade or
something else and you need to find out what
| | 01:03 | applications are installed on your
devices, this is a great way to go about
| | 01:06 | doing it very, very quickly.
| | 01:08 | Once they're enrolled you've got
access to all that information right there.
| | 01:12 | I can also see whatever
restrictions are in place.
| | 01:17 | And under Details we can see the Build
of the operating system, the UDID, the
| | 01:23 | Ethernet Mac address this is a
great thing to use as an identifier, the
| | 01:26 | Bluetooth Mac address.
| | 01:28 | The Last Checkin Time the type of
machine it is and the Model Number, this
| | 01:32 | could be really helpful.
| | 01:33 | If you're planning something like a
RAM upgrade knowing that model number of
| | 01:37 | that device can help your RAM vendor to
choose the correct RAM to sell to you.
| | 01:42 | So just coming in here, looking at
Model Number and just saying my Mac is a
| | 01:46 | Mac Pro3, 1, your RAM vendor will be
able to say, oh, well, you need X type of
| | 01:51 | RAM and I'll send it right off to you, and
you'll get exactly the right type of stuff.
| | 01:54 | So I wanted to point out that for an
inventory, you've got your Serial Number,
| | 01:59 | you've got User, your Software
Version, how much capacity is left over.
| | 02:03 | We have got a lot of great information
in here and I wanted to point out that
| | 02:06 | it's here and available for you to use.
| | Collapse this transcript |
|
|
6. Protecting Your Information with a BackupBacking up your server| 00:00 | Hard drives fail, there's just no
getting around it, and so it's very important
| | 00:04 | to set up a system to back up, both
your client systems and your server.
| | 00:09 | I am going to show you how to
setup a backup using Time Machine.
| | 00:14 | All right, so Time Machine is software
granted that came out a long time ago,
| | 00:19 | that came out in X 5, it's been
available to back up Mac OS X clients and
| | 00:23 | servers for a while and it's got a
bit of a bad reputation on server.
| | 00:26 | In Lion they have done a lot of work to
make this even better than it was before.
| | 00:31 | So I want to show you how to configure this, I
think it's a reasonable thing to expect to do.
| | 00:36 | To get started, we're going to
click on the Apple, pull down the
| | 00:38 | System Preferences.
| | 00:40 | We've already prepared our hard
drive to be used by our server.
| | 00:44 | In a previous movie we
talked about storage in Chapter 4.
| | 00:48 | We are going to use that hard drive,
right now we are going to click on Time
| | 00:51 | Machine, we are going to click Select
Disk and we have our External Data Disk
| | 00:56 | that we created earlier.
| | 00:58 | I would like to also point out that
there is a Macintosh HD available here and
| | 01:02 | we could also set up a Time Capsule.
| | 01:04 | You could back your server up to a Time capsule.
| | 01:06 | I would caution you against doing that
if the Time Capsule is being accessed by
| | 01:13 | the server over a wireless network,
just because you might find that that slows
| | 01:18 | your wireless network down, your
server is going to have an awful lot of data
| | 01:22 | that changes quite frequently.
| | 01:23 | So I would not recommend that.
| | 01:26 | Probably better to have a locally
attached hard drive and being a Time Machine
| | 01:29 | back up, it's probably not a bad idea
to be an external hard drive that you can
| | 01:34 | disconnect and replace whenever you
need to, if this one were to fill up.
| | 01:38 | You could also choose to Encrypt your
backup disk, I think that's a very good
| | 01:41 | idea, and we are going to click Use Backup Disk.
| | 01:45 | Now, when you do that, because you've
chosen the option to Encrypt it, you're
| | 01:49 | going to be asked for a password that's
what encryption asks for, so here we are
| | 01:53 | going to offer that, and you can put in
a hit, it's Required, so it's probably a
| | 02:00 | good idea to just go ahead and do
it, and then click Encrypt Disk.
| | 02:10 | You'll spend a little bit of time
watching the blue bar across the screen, it
| | 02:13 | won't take too long, the disk
is already empty. There we are.
| | 02:17 | Now as soon as that's finished, Time
Machine will turn on automatically.
| | 02:20 | It'll tell you the countdown for the Next
Backup, and pretty soon, we'll start backing up.
| | 02:26 | You can choose to show the Time
Machine status in the menu bar, if you want,
| | 02:29 | we're going to leave that turned off,
just to leave our screen nice and clean.
| | 02:33 | I would like to point out, under
Options you can also choose to Exclude certain
| | 02:36 | items from the backup.
| | 02:38 | But being a server, I am going to recommend
that you not exclude a whole bunch of stuff.
| | 02:42 | I think that getting a full
backup is a really, really good idea.
| | 02:45 | I am going to click Save.
| | 02:47 | So at this point, you can simply
wait for the countdown to complete, the
| | 02:49 | backup will kick off, or you can
simply quit Time Machine preferences, and
| | 02:54 | move on and go back to your business,
because the Time Machine backup will
| | 02:57 | kick off on its own and it will run on
the regular Time Machine schedule from this point forward.
| | Collapse this transcript |
| Installing Server Admin Tools and backing up the Open Directory| 00:00 | All right, so we've kicked off our Time
Machine Backup, you can see it's running
| | 00:03 | over here in the corner.
| | 00:03 | We're going to just let that continue to run.
| | 00:06 | In this movie, I want to talk to you
about setting up an Open Directory Archive
| | 00:11 | of your Open Directory environment.
| | 00:12 | Remember, whenever we set up Profile
Manager, we got an Open Directory Master
| | 00:16 | kind of for free, we didn't have to do
much work, we just gave it a username and
| | 00:20 | a password and it went
and set the whole thing up.
| | 00:22 | Well, we need to back up that
environment separately from the rest of our server.
| | 00:27 | We do this because we are paranoid and
we are good server administrators and we
| | 00:31 | want to have our backups in a couple
of different pieces so that we can move
| | 00:34 | things around and migrate stuff.
| | 00:36 | So I am going to show you how to
create an Open Directory Master Backup, and
| | 00:40 | this, somebody ring a bell or something,
this is the first time we are going to
| | 00:43 | have to actually install the
Advanced Server Administration Tools.
| | 00:48 | I am sort of excited about this, we
are going to go to our Home directory.
| | 00:51 | We're going to go to our Downloads
folder, and there they are, we downloaded
| | 00:54 | them quite a long time ago or at
least it feels like a long time ago, we're
| | 00:58 | going to double-click on the disk image
and we're going to run the installer of
| | 01:01 | the ServerAdminTools.
| | 01:02 | It shouldn't take too terribly long.
| | 01:04 | So you are going to double-click on
the package, click Continue, and Continue
| | 01:08 | and Agree, and Install.
| | 01:11 | It's going to ask you for
Administrator Authentication.
| | 01:14 | Click Install Software,
and watch it write the files.
| | 01:17 | This should take very little time.
| | 01:19 | There is not a whole of
stuff being written in here.
| | 01:22 | Again, whenever the install of your
server software initially happened, if you
| | 01:25 | were doing this on a new system or when
you brought your new Mac mini out of the
| | 01:29 | box, all of the server software that's
really necessary for administration and
| | 01:33 | for the server to run is already there.
| | 01:35 | This is just the additional server
administration tools that you are going to be familiar with.
| | 01:40 | I am going to close this window
and I am going to go to Applications.
| | 01:43 | You're going to be very
familiar with this, here it is!
| | 01:46 | Our Server folder, just as it
would have been in 10.5 or 10.6 server.
| | 01:51 | If I open that, you can see right here
we've got our original Podcast Composer,
| | 01:55 | we have Server Admin, we even have
Server Monitor there that only works with
| | 01:59 | Xserves which Apple no longer makes.
| | 02:01 | We have our System Image Utility,
Workgroup Manager, and Xgrid Admin.
| | 02:04 | We are going to open Server Admin.
| | 02:06 | I am going to close that Finder
window back here just to clean things up.
| | 02:11 | Right off the bat, we see that we have
nothing there, it's going to tell us to
| | 02:15 | authenticate locally.
| | 02:16 | I am running this on the server.
| | 02:18 | So I am actually on the server device,
that's why it sees this as a local.
| | 02:22 | I am going to put in our
fully-qualified domain name.
| | 02:27 | We could have done that local,
would have worked just fine.
| | 02:29 | I just prefer to work with fully-
qualified domain name, so that I can always be
| | 02:33 | certain that my DNS is working
the way that it's supposed to.
| | 02:36 | I am going to put in Server
Admin, that's completely fine and
| | 02:40 | our authentication.
| | 02:41 | For the sake of convenience while I
am recording this course, I am going to
| | 02:44 | leave this Remember
password in keychain checked.
| | 02:47 | But if you are not in a secure
environment, if other people have access to your
| | 02:51 | machine, you probably
want to leave that unchecked.
| | 02:53 | I am going to click Connect, and it's
going to connect up to the server and we
| | 02:57 | get all of our normal summary stuff
here for us in our Overview area and if I
| | 03:03 | flip down my triangle, you can see that
lo and behold DNS was in fact configured
| | 03:08 | for us way back in the beginning and
Open Directory whenever we were in Profile
| | 03:12 | Manager, and we were setting that up,
Open Directory was configured for us as
| | 03:16 | well and we can see all of our
information about Open Directory right here.
| | 03:20 | So we came here for a reason though.
| | 03:22 | We came here to learn how to archive an Open
Directory environment, and that's important.
| | 03:27 | So we are clicking on Archive here in
the Open Directory area, and where it says
| | 03:31 | Archive in, we are going to click
Choose to choose a directory, and I am going
| | 03:35 | to go to this secondary hard-drive.
| | 03:37 | Inside of a Mac Mini,
you've got two hard-drives;
| | 03:39 | the first one is going to be named
Server HD and the second one will ship
| | 03:42 | named Macintosh HD.
| | 03:44 | It's completely normal.
| | 03:46 | It's a great destination for
something like an Open Directory archive.
| | 03:49 | I am just going to throw that right there.
| | 03:51 | In fact, I am going to put a new folder
at that level, so that it's inside of a
| | 03:54 | folder, ODArchive, and Create.
| | 03:59 | So I've got a folder right there.
| | 04:00 | I am going to click Choose.
| | 04:02 | It gives me the whole path,
notice that it says Volumes first.
| | 04:05 | Because it's a secondary hard-drive,
it's giving the full path for that folder.
| | 04:09 | If I click Archive, we get our
Archive Name and new, awesome, we have
| | 04:14 | Password and Verify.
| | 04:16 | In previous versions of the operating
system, we only had the Password field and
| | 04:19 | so if we got the password
wrong, we wouldn't have known.
| | 04:22 | Now they've fixed that. I am very happy.
| | 04:24 | Archive Name is going to
be OpenDirectoryArchive.
| | 04:30 | You might want to put-in
a date or something else.
| | 04:33 | I am just going to name it right here.
| | 04:34 | I am going to put in a
password right here, and click OK.
| | 04:40 | As soon as you do, it will go through
the process of backing up the LDAP master,
| | 04:44 | it'll back up Kerberos,
it'll do the whole nine yards.
| | 04:47 | Pretty soon you'll end up with a disk
image sitting inside of that folder.
| | 04:51 | I'll go ahead and show that to you as
soon as it's finished. Okay, it's done.
| | 04:56 | So now all we have to do is
go back here to the Finder.
| | 04:58 | I am going to go to our computer here
and we're going to scroll down to our
| | 05:02 | devices, and we'll go to Macintosh HD.
| | 05:04 | There is the ODArchive folder we
created and if I flip down the Disclosure
| | 05:08 | Triangle, there is our Open
Directory Archive sparse image.
| | 05:11 | If I ever needed to restore that, it
would be no problem at all, I would simply
| | 05:15 | click Restore from, Choose, go to where
I have the OpenDirectoryArchive, I would
| | 05:21 | click Choose, and then I
would click this Restore button.
| | 05:24 | I am not going to do that right now
because that would be a little bit
| | 05:26 | disruptive to our backup at the moment,
but that is what you would do and that
| | 05:30 | would restore the Open Directory
environment back to whatever state it was in
| | 05:33 | when you created the archive.
| | 05:35 | I recommend creating an Open
Directory Archive, every time you make major
| | 05:39 | changes to the directory, maybe after
you've added some new users or some new
| | 05:42 | groups or you've done some new profile
management, anything that you feel would
| | 05:46 | be a part of that Open Directory
database that would be valuable, that you
| | 05:51 | wouldn't want to have to
recreate again. So there we are!
| | 05:53 | That's creating an Open
Directory Archive in Lion Server.
| | Collapse this transcript |
|
|
7. Setting Up Software Update ServerHow caching software updates can save your network| 00:00 | The Software Update Service available in
Lion server is such an awesome stealth feature;
| | 00:06 | I just absolutely love this feature.
| | 00:08 | If you have not given any consideration
to enabling this, I would implore you to
| | 00:13 | just listen a little longer and
to understand why this is cool.
| | 00:17 | All right, so say you've got a small
office, maybe 25, 30 computers, right, and
| | 00:21 | you've got a relatively
narrow data pipe to the Internet.
| | 00:25 | Every time Apple comes out with a new
big Operating System updates, say its
| | 00:29 | 10.72 combo updater or
something along those lines.
| | 00:32 | That combo updater could be
an excess of a gigabyte right.
| | 00:35 | So one computer downloads it, that's
one gig downloaded through your pipe, two
| | 00:39 | doubles it, three triples it, etcetera.
| | 00:41 | What if you could have a Mac OS X
server sitting on your network and it would
| | 00:46 | just constantly be looking to Apple
determining what software updates were new
| | 00:51 | and which ones can be downloaded and
used and it would just cache them, it would
| | 00:55 | bring down all of those updates and
store them on the server's local hard drive.
| | 01:00 | And then whenever each and every one of
your 25 to 30 computers needed to go out
| | 01:04 | and get a software update, instead of
looking to Apple for that software update
| | 01:09 | they look to your server.
| | 01:10 | Now, do you have any idea how fast a
client system can download a software
| | 01:15 | update if that software update is located on a
local server being fed over a gigabit network?
| | 01:21 | The download happens in the blink of
an eye, it takes dramatically longer to
| | 01:25 | actually perform the installation of the
software update that it did to download
| | 01:29 | it, which is usually the reverse.
| | 01:32 | So this has the potential to save
you not only network bandwidth, but for
| | 01:36 | example, it can save you an
enormous amount of time if you're the IT
| | 01:41 | administrator or if you're a small
business owner and you don't have an IT
| | 01:45 | administrator and you're just doing
this on your own this could be the
| | 01:48 | difference between you spending 15
minutes running software updates or spending
| | 01:52 | an entire weekend to doing it.
| | 01:54 | This can save you time, and
therefore, it can save you money.
| | 01:58 | So obviously I'm incredibly excited
about this particular feature and I really
| | 02:02 | want to show you how to configure setup
and use Apple's Software Update Server.
| | Collapse this transcript |
| Setting up the software update caching service| 00:00 | Now that you know what a software
update service is and what it can do for you,
| | 00:04 | I'm going to show you how to configure it.
| | 00:06 | Now this is another place where
we do need those advanced server
| | 00:09 | administration tools.
| | 00:11 | So I'm going to go into my
Applications folder and go into the Server folder
| | 00:15 | right there and I'm going
to open up Server Admin.
| | 00:22 | Once Server Admin launches and gets
going, we're going to click the name of the
| | 00:25 | server, come over here to Settings,
click on Services, and we're going to come
| | 00:29 | down here and see where it says
Software Update, we're going to put a checkmark
| | 00:32 | right in that box and click Save.
| | 00:34 | That doesn't turn on the service;
| | 00:36 | it just makes it visible
over here in the sidebar.
| | 00:39 | And as soon as the server finishes doing
its thing, it will show up right there. Okay.
| | 00:44 | Now that we've got it, we can
click on Software Update right here.
| | 00:47 | So there are only a couple of
things we can really change here.
| | 00:50 | One of them is we can change
where the software updates are stored.
| | 00:53 | If you've got multiple drives and you
want to push this off to some place other
| | 00:57 | than its default location, you can
certainly do that by clicking Choose and
| | 01:00 | navigating to another directory.
| | 01:02 | But I'm going to recommend that you not do that.
| | 01:05 | The software update store is,
generally speaking, going to be between 13 and
| | 01:08 | 15 gigs of data, and it's probably not
going to be enough to fill up your boot drive.
| | 01:14 | Just plan for it, if you're going to
turn on Software Update, make sure that
| | 01:18 | you've got at the least that much.
| | 01:19 | And if that much extra data goes onto
your boot volume, then you'll have another
| | 01:23 | say 20% of your space still
available for other stuff at a minimum.
| | 01:28 | You can Limit user bandwidth, so this
would limit the amount of data that your
| | 01:33 | client systems could download at any given time.
| | 01:35 | I don't like doing that.
| | 01:36 | Part of the reason why I'm setting up
a software update caching server is so
| | 01:40 | that my client systems can get
their updates as fast as possible.
| | 01:43 | So I'm not going to limit bandwidth.
| | 01:45 | One thing you do need to do though is
you need to tell the software that you
| | 01:49 | wanted to copy updates from Apple.
| | 01:51 | Now you have two choices here.
| | 01:52 | You can either copy all of the
updates from Apple or you can copy
| | 01:56 | everything that's new.
| | 01:57 | Copying new updates will basically
copy anything that is released from this
| | 02:01 | point forward from Apple, whereas,
copying all will copy the entire
| | 02:04 | software update database.
| | 02:06 | I would recommend copying all
software updates from Apple.
| | 02:10 | It takes a little while and it
copies an awful lot of software updates.
| | 02:13 | But if you get systems on your network
that are slightly older, that don't have
| | 02:17 | updates that are necessary, and you
point them at your software update server,
| | 02:21 | there is a possibility that they would
never get the software updates that they
| | 02:24 | need, if they weren't
available from your server.
| | 02:28 | I'm going to leave this checkbox
checked, because I want to automatically
| | 02:31 | enable all copied updates.
| | 02:33 | This is more convenient
for me as an administrator.
| | 02:36 | It gives me a caching server that
always will mirror and have active updates
| | 02:42 | that are exactly the same as what
Apple has on their software update servers.
| | 02:47 | I could choose to delete outdated software
updates if I want to, if I wanted to save space.
| | 02:52 | But I'm going to leave my
software update server as full as I can.
| | 02:57 | I'm going to click on Updates, it
wants me to save before I change that view.
| | 03:01 | And when I come over here, it's going to
say, well, Last Check is not available.
| | 03:05 | That's because we haven't
started the software update server yet.
| | 03:08 | If I click Start Update, it will
also say last update not available.
| | 03:12 | And what you'll notice is if you just
click this button to refresh and find out
| | 03:16 | when that last check happened, it'll keep
saying not available for a pretty long time.
| | 03:21 | It'll probably take a good 5 to 10 minutes,
maybe longer for it to update this information.
| | 03:26 | I'm not the most patient person in the world,
so what I'll typically do is just ignore this.
| | 03:30 | I'll sort of walk away at this point.
| | 03:32 | I'll go and do something else.
| | 03:34 | Sometimes for as long as a day or two,
depending upon the speed of my network
| | 03:37 | connection to the Internet, because
remember, it's got to download 13 or 15 gigs
| | 03:42 | or so of software updates into
our software update catalog locally.
| | 03:47 | When it does that, you'll see that it
has a listing of how many updates have
| | 03:51 | been copied and of those updates, how many of
them are enabled and available for your clients.
| | 03:56 | And that's pretty much it.
| | 03:58 | If you have problems, you can
always look at the Log right here.
| | 04:01 | The Log gives you the ability to
look at the Updates Log and more
| | 04:05 | importantly, the Error Log.
| | 04:07 | So if you're having any problems with
your software update server, you can
| | 04:10 | come in here and look here to try to figure
out what's going on and to troubleshoot it.
| | 04:15 | You can also see the Access Log.
| | 04:17 | So anyone who comes into the system and
downloads updates, that will be shown in this Log here.
| | 04:23 | But we're going to leave this on our
Overview and we're going to just come
| | 04:26 | back to this later on.
| | 04:28 | In a future movie, we will show how to
configure client systems to access the
| | 04:33 | software update server once
these catalogs are all completed.
| | Collapse this transcript |
|
|
8. Teleporting Through VPNUnderstanding encryption| 00:00 | Some people, bad people with worse
intentions would be very happy to intercept
| | 00:05 | your username and password on a
public network so they could access your
| | 00:09 | accounts later to steal credit card
numbers, read secrets from emails or address
| | 00:14 | books or calendars or even see the
websites you think you're viewing privately.
| | 00:18 | You'd be surprised how easy it
is to eavesdrop on a network.
| | 00:23 | If you have ever made an unencrypted
connection to a wireless network in a
| | 00:26 | coffee shop, a hotel or a library your data
was exposed to everyone else on that network.
| | 00:32 | Of course, there are ways to protect
yourself from using SSL as we show you too
| | 00:37 | in this title to using VPN.
| | 00:40 | But SSL would only protect the
data you send and receive to and from
| | 00:44 | SSL protected sites.
| | 00:46 | What about everything else?
| | 00:47 | Well VPN is what you use
to protect everything else.
| | 00:51 | VPNs and SSL connections secure your
data through something called encryption.
| | 00:56 | Encryption is a cool technology and it's been
around for centuries in one form or another.
| | 01:00 | Encryption is code.
| | 01:02 | It's putting something that is easy to read
into a wrapper that obscures the information.
| | 01:07 | When a recipient gets the package only
the recipient knows how to unwrap the
| | 01:11 | package and once out of the wrapper
the information is easy to read again.
| | 01:15 | When you activate a VPN either some or
all of what your computer sends over the
| | 01:20 | network will be wrapped up while it's
traveling between your computer and the
| | 01:24 | server protecting it from
prying eyes along the way.
| | 01:27 | OS X server has VPN server software
included that is easy to set up between your
| | 01:33 | server and your devices
and it's even easier to use.
| | 01:36 | So let's get in the Lion
Server and configure our VPN server.
| | Collapse this transcript |
| Configuring your Lion Server to be a VPN server| 00:00 | Now that we've discussed what a VPN is,
we're going to talk about how to set it
| | 00:04 | up and it really couldn't be much easier.
| | 00:07 | We're going to click over here in
Server App on our VPN tab and you'll see here
| | 00:11 | we've only got a few
things that we could even do.
| | 00:14 | One thing we can do is we can
set our Shared Secret and this is
| | 00:18 | automatically generated for us.
| | 00:20 | If we want, we can just leave the
Shared Secret the way it is, auto-generated,
| | 00:24 | it's going to be unique on every system,
and we can set our Assigned addresses.
| | 00:30 | This is going to reserve a segment of
our DHCP pool, and because our server is
| | 00:36 | communicating with our AirPort Extreme
Base Station, all of this is going to
| | 00:40 | work together seamlessly.
| | 00:42 | All we need to do at this point is Save
a Configuration Profile out, and to do
| | 00:48 | that we just select where we want to
put it, select the existing name that pops
| | 00:52 | up for us, the VPN Host you'll get a
little green indicator light if this is
| | 00:57 | going to be correct, and you
click Save. It's that easy.
| | 01:02 | This VPN.mobileconfig file can then be
sent to your people with iPads or iPhones
| | 01:07 | or even their Macs, and all of this
is going to work really seamlessly.
| | 01:11 | But you don't even need to do that.
| | 01:14 | We click ON and we get a
little green indicator light;
| | 01:18 | you can see it whenever the service is
not selected, whenever it is selected, it
| | 01:21 | just shows up as a light color because
everything is sort of monochrome there
| | 01:24 | whenever it's selected.
| | 01:26 | But it's ON now and if you go back up
to, remember we configured a Profile
| | 01:31 | Manager, note that for our Default
Configuration Profile, we've just added
| | 01:36 | VPN into that list.
| | 01:38 | As we go through and add each of the
different services that are supported
| | 01:42 | by this configuration profile,
what you'll notice is we'll be adding
| | 01:45 | additional little icons.
| | 01:47 | At the end of the title, we're going to
show you how to get that configuration
| | 01:50 | profile loaded onto your devices
and then everything is automatically
| | 01:54 | configured for you. It's very easy.
| | 01:57 | That's all you need to know
about configuring your VPN.
| | 01:59 | All you would need to know beyond this
is that what's getting configured here is
| | 02:03 | a L2TP over IPSec VPN and not a PPTP VPN.
| | 02:10 | We're done with the part that you would
need to do in order to enable your VPN.
| | 02:14 | But I want to take us one step further.
| | 02:17 | I'm going to go into our Applications
folder and we're going to open up our
| | 02:20 | Server folder and we're
going to open up Server Admin.
| | 02:23 | I'm going to close that and I'll
minimize our Server App here so that when
| | 02:28 | Server Admin opens up,
you can just see it there.
| | 02:30 | All right, so we've got our services
configured DNS, Open Directory, Software Update.
| | 02:34 | Great!
| | 02:34 | If we come over here to Settings,
and Services, notice VPN is one of the
| | 02:39 | services that is missing here.
| | 02:41 | So this is one of those advanced user things.
| | 02:44 | If you've come to this product with a
prior experience in Lion Server, you now
| | 02:50 | have no way to configure a PPTP VPN,
and that's very, very important.
| | 02:56 | If you remember from 10.6 and 10.5, we
had problems whenever we configured L2TP
| | 03:02 | over IPSec because if we had a router
that was a different brand, maybe not an
| | 03:07 | Apple router, maybe it didn't support
passing the right kind of traffic, L2TP
| | 03:12 | over IPSec didn't work through those routers.
| | 03:14 | Usually, those are relatively
inexpensive low-end consumer or small
| | 03:19 | office/home office routers.
| | 03:20 | So that's going to be a
problem if you've got that type of
| | 03:23 | network infrastructure.
| | 03:24 | You can solve that problem very easily
by simply putting an AirPort Extreme Base
| | 03:28 | Station in place just as we've done in
this title because the AirPort Extreme
| | 03:32 | Base Station passes the L2TP
over IPSec VPN perfectly for you.
| | 03:38 | But I did want to point out that
that's missing here in Server Admin now.
| | 03:41 | You don't have the option of coming in
here and creating that PPTP VPN that we
| | 03:47 | had in prior versions of OS X Server.
| | 03:49 | So now that we've shown you what you can't do
there, I am going to show you one last thing.
| | 03:54 | We're going to go here into our Server
app and I'm going to come down here to
| | 03:59 | where we see our Lion.
| | 04:00 | This is our AirPort Extreme Base Station.
| | 04:03 | In order for your users to be able
to get access through the AirPort Base
| | 04:07 | Station to contact your VPN server to get
on the VPN, we have to expose that service.
| | 04:12 | And so this is the first time we're actually
doing that here in the AirPort Base Station.
| | 04:17 | I'm going to click the plus button and
it's going to ask us to Add a Service,
| | 04:21 | and I'm just going to select VPN.
| | 04:24 | It says that VPN port mappings may have
conflicts with MobileMe. That's fine;
| | 04:27 | we have not configured MobileMe on
the AirPort Extreme Base Station.
| | 04:32 | If we had done so, there are a
couple of different things that might
| | 04:35 | conflict with the MobileMe.
| | 04:36 | In this case, we don't have to worry
about that, we're going to click Add, and
| | 04:40 | you can see it's working here.
| | 04:41 | So now that the VPN service is here in
our available services, I'm simply going
| | 04:46 | to restart the AirPort.
| | 04:48 | It's going to request my administrator
password for the AirPort Base Station,
| | 04:54 | and once we have our admin password
in there, we're going to click Set.
| | 04:56 | All right, so once we click Set and it
starts applying the settings, it will
| | 05:01 | restart the AirPort Base Station.
| | 05:02 | This will temporarily shut down our
network, but it's very, very brief.
| | 05:06 | And once it's fixed, the AirPort Base
Station will start back up and we will be
| | 05:11 | able to get through our port mapping
that has been automatically set up for us,
| | 05:16 | and everything is going to work great.
| | Collapse this transcript |
| Configuring your Mac to access the VPN| 00:00 | There are a couple of ways to show
you how to set up VPN on your Mac.
| | 00:03 | There is the hard way and there's the easy way.
| | 00:06 | I'm going to start off by showing you
the hard way and you can walk through
| | 00:09 | this with me, but I'm actually going to ask
you to do this the easy way most of the time.
| | 00:15 | So we're connected up to an
outside network through a MiFi device.
| | 00:20 | This gives us a routable connection
out to the Internet that's in the outside
| | 00:24 | world, so we can come back in
and connect up to our server.
| | 00:27 | And we've set our service order for
that so that the MiFi card's interface is
| | 00:32 | right up at the top.
| | 00:33 | So all of our Internet connection
traffic is going to go through that device
| | 00:36 | rather than anything below it, okay,
so that's where we are to begin with.
| | 00:40 | So the first thing you would do is you
would click the plus button, you'd select
| | 00:43 | Interface, and then you would select
VPN, and we're going to go with the L2TP
| | 00:47 | over IPSec option here.
| | 00:49 | And you would name this something
appropriate like VPN (L2TP) or maybe
| | 00:53 | groundswellgear VPN, something like that.
| | 00:55 | And then you click Create.
| | 00:57 | Now when that's done, you'll end
up with another interface down here.
| | 01:01 | Make sure that's selected, come over to
Authentication Settings, and you can put
| | 01:05 | in your Shared Secret.
| | 01:06 | I happened to have my Shared Secret
already written down based on what we saw on
| | 01:10 | screen in the previous movie.
| | 01:13 | This is the automatically generated
Shared Secret that was created by the system.
| | 01:18 | So I've got that nice and saved in there
and the password for the user I'm going
| | 01:22 | to enter in here is there.
| | 01:26 | Click OK and you're going
to put in the Server Address,
| | 01:28 | server.groundswellgear.com and the Account Name.
| | 01:33 |
| | 01:33 | I'm going to log in as Justin.
| | 01:35 | All right, so we've got our Server
Address, our Account Name, and as of course
| | 01:38 | we already put in our
password and our Shared Secret.
| | 01:40 | All right, now all we need to
do is click Apply, and Connect.
| | 01:46 | Now if you see this error, it's
probably because you mistyped something and you
| | 01:52 | have very likely mistyped the Shared Secret.
| | 01:54 | This is why I'm going to
recommend that you do this the easy way.
| | 01:58 | Now you could create an easy Shared
Secret, but that's sort of is not the point
| | 02:03 | of having a Shared Secret.
| | 02:04 | It's supposed to be complex, it's
supposed to be hard for other people to guess,
| | 02:08 | it's supposed to be secure.
| | 02:10 | So one way to keep that secure and not
hand out your Shared Secret to all of
| | 02:14 | your folks out there in the
universe is to not do it this way.
| | 02:17 | So this would have been the hard way.
| | 02:19 | I'm going to show you the easy way to do this.
| | 02:21 | I'm going to delete that configuration,
I'm going to click Apply, I'm going to
| | 02:24 | quit the Network System Preferences entirely.
| | 02:27 | And what I'm going to do is I got this
VPN.mobileconfig file off of our server
| | 02:31 | in the movie where we created all of this stuff.
| | 02:33 | You saw me click the button that said
Save Configuration Profile and then that
| | 02:37 | ended up on the Desktop, that exact
mobileconfig profile, that file is what
| | 02:41 | I've got right here now.
| | 02:43 | All I'm going to do is I'm
going to double-click on that.
| | 02:46 | As soon as I do, it brings up System
Preferences, goes into Profiles, and says
| | 02:50 | hey, you want to install this.
| | 02:51 | I'm going to click Continue.
| | 02:53 | I created it so I know I can trust it.
| | 02:55 | The author it says is unknown because
it's not signed, but I made it, so I'm fine.
| | 02:59 | Click Continue, put in a
username, and click Install.
| | 03:04 | Authenticate, this is authenticating with
your local administrator username and password.
| | 03:11 | After hitting OK, it's in.
| | 03:13 | So we're going to come out of the
Profiles System Preferences and we're going to
| | 03:17 | go into Network to see the
result of our profile being added.
| | 03:21 | And here you can see down at the bottom
we've got a custom configured profile.
| | 03:26 | Now if I go to Authentication
Settings, our Shared Secret is already
| | 03:29 | been entered for us.
| | 03:31 | All we have to do is enter our user password.
| | 03:34 | That's very convenient because your
users, you can hand this VPN.mobileconfig
| | 03:38 | profile out to people, they can use it.
| | 03:43 | You could even make this something
available for download and I'll show you
| | 03:46 | later on how you can download this as
part of the profile management system.
| | 03:51 | But if they do this, the only thing
they will be asked for is their password,
| | 03:55 | which is something they already know.
| | 03:57 | I'm going to enter that here, hit OK, hit
Apply and hit Connect. And there we go!
| | 04:05 | So as you can see, that saved us having
to type a really long Shared Secret, it
| | 04:10 | also kept the Shared Secret
away from the eyes of our users.
| | 04:13 | So that kept that secure.
| | 04:15 | That's a good thing.
| | 04:16 | If you ever have a user that leaves
your company, you don't want to have to be
| | 04:19 | changing your Shared Secret every time
someone does just because they happened
| | 04:23 | to know the Shared Secret for your VPN.
| | 04:25 | So in a chapter later on, we will have
a movie that shows you how to download
| | 04:30 | the fully populated configuration
profile that contains not only your VPN
| | 04:34 | Settings, but other settings that
we have configured on the server.
| | 04:37 | But for now, this is enough to
get you started with your VPN.
| | Collapse this transcript |
|
|
9. File SharingWhat is file sharing?| 00:00 | So what is File Sharing?
| | 00:01 | Well for starters, it is probably the most
requested feature for any server product.
| | 00:08 | It is the point really, it's
sharing, it's what you do with a server.
| | 00:13 | A server sits out on the network and it
provides a centralized repository where
| | 00:18 | people can go authenticate.
| | 00:21 | The server can authorize them to access
services and then they can utilize those
| | 00:25 | services, but in this case we're
talking about one service and that service is
| | 00:30 | the service of sharing the
files that people wanted to use.
| | 00:34 | So for example let's say I have a
pages document, I've just typed up a
| | 00:39 | fantastic report on Cabbage.
| | 00:42 | So I'm going to put this report on
Cabbage out on the files sharing server.
| | 00:46 | My friend who works with me is also
interested in this report on Cabbage, they
| | 00:50 | can go to the same point, the same file
share on the server and there the file
| | 00:56 | share will serve up my report on
cabbage, you can download the cabbage report
| | 01:01 | you can even open the cabbage report right
there from the server, work on it and save it back.
| | 01:07 | Now that we have Macs Windows
machines iOS devices, we've lots of different
| | 01:12 | devices that all wants to access things
off of a server and file sharing is one
| | 01:17 | of the most important.
| | 01:19 | If I save a pages document out to a
site from my Mac, I want to be able to get
| | 01:24 | to it from my iPad, so that I can work
on it whenever I'm away from my desk.
| | 01:28 | Likewise, I might want to be able to share
with somebody who's using a Windows machine.
| | 01:33 | This ability to send things back and
forth without having to go into the email
| | 01:37 | to send attachments or without having
to go into iChat to send attachments
| | 01:40 | there, certainly there are lots of ways
to get files around, but a file server
| | 01:44 | gives us a place where we can
structure that sharing experience.
| | 01:48 | Since we know we need it, let's go into
this next set of movies and learn how to
| | 01:53 | use file sharing in Mac OS X Lion Server.
| | Collapse this transcript |
| Setting up file sharing to support many devices| 00:00 | Being that file sharing is probably
the single most requested feature for a
| | 00:04 | server, I think it's important that
we get in here and we show you all the
| | 00:07 | features and how to configure things
specifically, so you can connect with
| | 00:11 | several different types of devices.
| | 00:13 | So we are going to start with our four-
finger pinch that's going to bring up
| | 00:16 | Launchpad and we'll click on Server.
| | 00:19 | So we're going straight into File Sharing here.
| | 00:21 | If your server app didn't go directly
into file sharing, just click on File
| | 00:25 | Sharing underneath services here in the
Sidebar, and what you have now in front
| | 00:29 | of you is a list of the default Share
Points that are already set up for you
| | 00:34 | when you get your server.
| | 00:36 | If these Share Points are enough for
you, all you need to do in order to
| | 00:41 | configure file sharing is
literally just turn it on, walk-away.
| | 00:45 | If someone connects up to your server,
they are going to see the Groups folder,
| | 00:50 | the Public folder, and Users will be
able to see their own home folders inside
| | 00:55 | of the Users folder if they
have home folder specified.
| | 00:58 | That part is really easy!
| | 00:59 | But let's turn that off and look
at this in a little bit more detail.
| | 01:02 | First of all, the Groups folder;
| | 01:04 | let's click the Pencil and look
at what we have available here.
| | 01:06 | So first of all, whenever we look at
this Groups folder that's been set up for
| | 01:10 | us you'll notice that everyone has
Read Only permissions, the system in group
| | 01:14 | also has Read Only permissions, the
System Administrator which is the root user
| | 01:19 | has Read & Write permissions and the
Spotlight service has Custom permissions.
| | 01:24 | That's just so Spotlight can index things;
| | 01:26 | default permissions look pretty cool.
| | 01:28 | Down here under Settings we're
automatically sharing with Mac clients over AFP
| | 01:33 | and with Windows clients over SMB.
| | 01:36 | Now this is the SMBX that we were
talking about before that Apple has rewritten
| | 01:40 | from the ground up, so this is the new SMB.
| | 01:43 | Remember that Mac clients can also make
a connection to SMB just by specifying
| | 01:48 | it, and we'll talk about those two
things from a Mac client whenever we get into
| | 01:51 | the connecting to the service thing later on.
| | 01:54 | I'd like to point out
something really important here.
| | 01:57 | If you want to share a directory
with your iPad or your iPhone, your iPod
| | 02:03 | touch, as your iOS devices, you have
to click this checkbox here but you also
| | 02:09 | have to make a directory.
| | 02:11 | It doesn't have to be this directory
but it has to be some directory available
| | 02:16 | for home directories for users.
| | 02:18 | For iOS file sharing to work fully,
there has to be a home directory associated
| | 02:24 | with the user account
that's accessing the iOS share.
| | 02:28 | So let's just turn off home directory
availability for this particular share
| | 02:34 | and we'll click Done.
| | 02:35 | Once the settings are finished being
set, it'll return us to our main File
| | 02:39 | Sharing window and we can
click on the Users folder here.
| | 02:43 | This is a good one to use as a home
directory, I am going to click the Pencil
| | 02:47 | and I am going to make this
available for home directories.
| | 02:50 | I'm also going to share the
Users directory with iOS devices.
| | 02:54 | I am going to click Done.
| | 02:56 | So right now, I've got the Users folder
available for home directories and users
| | 03:01 | and groups are both available for iOS.
| | 03:04 | Now, there's one more step that we
need to take in order to make these things
| | 03:08 | available to our users whenever they
are connecting over their iOS devices.
| | 03:11 | If we go to our Users list,
let's use Justin as an example.
| | 03:16 | We'll click the gear and
we're going to click Edit User.
| | 03:20 | See how this is different now than
it was the last time we came in here.
| | 03:23 | Note that since we've done a little
bit of work here we've got new options,
| | 03:27 | these things just show up
whenever you start using them elsewhere.
| | 03:30 | So we have two things available to us;
| | 03:32 | one is you notice that because Justin
was the one that registered the Mac tower
| | 03:36 | when we were back in our profile
management area, we have the ability to wipe or
| | 03:40 | lock that device from
right here in his User pane.
| | 03:45 | That's interesting!
| | 03:46 | But what we just did was we set up a
Home Folder, and made that available,
| | 03:49 | and so now we can specify that
Justin's Home Folder is that Users folder we
| | 03:54 | were talking about.
| | 03:56 | This does a couple of different things.
| | 03:58 | If Justin is logging in locally on an
enrolled Mac, and we've got this network
| | 04:04 | Home Folder set up, he has the ability
now to be set up as a network home user.
| | 04:09 | So he'll authenticate against the
server whenever he logs in at the Login
| | 04:13 | window, and the user folder that he
uses on his Mac will not be local on the
| | 04:19 | computer he is using anymore.
| | 04:20 | It will be up here on the
server in this Users directory.
| | 04:24 | So that's one side-effect.
| | 04:26 | We don't have to
configure this in this way though.
| | 04:30 | We could configure it just so that the
home folders are available and not in use.
| | 04:37 | Click Done!
| | 04:37 | I just wanted to show you
that, that was available.
| | 04:40 | We come back here to File Sharing, and
at that point, we should be able to make
| | 04:44 | a connection from a Windows machine,
from a Mac, or from an iOS device.
| | 04:49 | So I am going to go back through those
steps just so that it's completely clear.
| | 04:54 | When you click the Pencil button on the
Users directory, what we did was we made
| | 04:58 | that available for home directories,
and we shared it with iOS devices.
| | 05:03 | On the Groups folder, we clicked the Pencil
and we just made it available for iOS devices.
| | 05:08 | Then we came over here, and I explained
to you that Justin Case has Home Folder
| | 05:16 | availability but we don't have to use it.
| | 05:19 | We can if we want to, but we don't have to.
| | 05:22 | The directory just has to be
configured, so it's available for network
| | 05:26 | home directories in order for iOS file
sharing on any iOS available directory to work.
| | 05:32 | So that gets us configured with
our basic file sharing settings.
| | Collapse this transcript |
| Setting up Time Machine destinations for clients to use for backup| 00:00 | Another neat thing that you can do is file sharing is you
can provide any network destination for your client systems to
| | 00:07 | back up to the via their copy of time machine so this is
kind of interesting right because we have file sharing between
| | 00:14 | a time machine down here and we've already configured time
machine on our server write our servers backing itself up to
| | 00:21 | an external hard drive
| | 00:22 | via a time machine locally will this is a totally
different thing. This is Time machine on the server and it sort of
| | 00:28 | pretending to be an external hard drive across the network
figure that like a time capsule in a way so if we select Time
| | 00:36 | machine down here in the sidebar of our server app that we
need to choose a backup destination and then click edit here
| | 00:42 | and you can see we've got several destinations available.
Basically it's every hard drive on our computer that I was
| | 00:47 | slipped Macintosh HD this is the other in
internal hard drive on my Mac. Any server here
| | 00:53 | than willing to click use for backup nice thing about
putting it on a drive. It's not your boot volume is that if this
| | 01:00 | were to fill up a lot. There is no risk of this interfering
with the operating system of the good fight, you can fill up
| | 01:05 | your boot volume and then suddenly have
problems with your operating system. So this is comical
| | 01:10 | use for backup tells us
what's available and we turn it on.
| | 01:14 | And that is just about it and mean there's not a whole lot
going on here for one thing that I should mention though is
| | 01:21 | that that's a limited amount of space. Its 465 gigs
available on the internal drive there is every possibility that that
| | 01:28 | drive will run out of space and that
you'll want to roll over to another hard drive.
| | 01:34 | At some point in the future so that your client systems can
continue to back up, but you will lose the back of history
| | 01:41 | that you've already built up in
this time machine destination.
| | 01:45 | If you want to do that. It's not a problem at all, all you
have to do is connect another hard drive go in here under
| | 01:51 | edit choose that other hard drive and click ease for back
up your clients will have to reconfigure anything the server
| | 01:57 | will take care of going over all you need do is tell your
users can listen to your next time machine back up is going to
| | 02:03 | take a really long time because it's going to be a full
backup and a back up everything because it's going over to this
| | 02:10 | new destination and you could continue to roll over
from 1 Hard Drive and asked for as long as you want
| | 02:15 | the feed don't want to do that
| | 02:17 | no trouble at all because the Time machine system on each
client machine will do the pruning that's necessary of the
| | 02:24 | oldest stuff in order to
make sure that a backup if that
| | 02:27 | the only time that that won't
work will be if you have too many
| | 02:31 | clients backing up to this Time machine destination and
there's just not enough space for everybody to hold a single
| | 02:37 | backup for each of them if you've got that many clients
connecting your going to need to connect a big external raid
| | 02:44 | array something like a promised Pegasus would be a great
solution here. They've got four in six Bayer raise their super
| | 02:51 | fast they can be connected over a thunderbolt to a Mac
Mini or anything else that's got under bowl now a great choice
| | 02:58 | for an network Time machine destination.
| | 03:00 | So there you go, that's configuring Time machine on your
server so that your network based clients can back up to your server
| | Collapse this transcript |
| Using your Time Machine destination to back up your computer| 00:00 | So we just got finished setting up
our server so that it can be a Time
| | 00:03 | Machine destination and since we're
here on a client system I thought it
| | 00:06 | would be cool to show you how to set
up your client to back up to that Time
| | 00:10 | Machine destination.
| | 00:11 | So I'm going to minimize this
window and I am going to go over here to
| | 00:16 | System Preferences.
| | 00:17 | Now in System Preferences on my Client
System I don't have Time Machine set up yet.
| | 00:21 | I need to.
| | 00:22 | So what we are going to do is click the
Select Disk and you can see right here,
| | 00:26 | boom, there we go, Backups.
| | 00:28 | And it says on Groundswell Gear
Server, so it knows exactly where it is.
| | 00:31 | All I have to do is click Use Backup Disk.
| | 00:34 | It's going to ask me for a User
Account and Password that is available on the
| | 00:40 | server so that it can authenticate against
the server so that it can get access to this.
| | 00:43 | So I am going to login as someone I
haven't logged into before. Let's do paige.
| | 00:49 | There we go!
| | 00:50 | And we click Connect.
| | 00:52 | It's going to kick this off automatically.
| | 00:54 | You see it already switched over to On
and if we want it, we can tell it to just
| | 00:58 | Back Up Now here in our menu bar.
| | 01:01 | It's going to look for the Backup Disk,
it's going to attach to the Backup Disk,
| | 01:04 | and it's going to start backing up.
| | 01:07 | Now through the magic of what we have
set up here we are going to do some screen
| | 01:10 | sharing with the server, and I'm going
to show you what this looks like when
| | 01:12 | it's happening on the server.
| | 01:13 | So I am going to Command+K, I am just
going to connect to the servers.local name
| | 01:18 | and we're going to go in as server admin.
| | 01:21 | There you see it's mounting the Time
Machine back up on the desktop of the client.
| | 01:24 | So I would better get over there quick.
| | 01:25 | I am going to go full-screen so that we
are now taking over our screen with the
| | 01:30 | screen that is on the server.
| | 01:31 | So I am going to do
Command+Shift+C on my keyboard;
| | 01:34 | that gives me a view of all of
the devices connected to my server.
| | 01:38 | That works on a client computer as well.
| | 01:39 | And I am going to Double Click on Macintosh HD,
and inside of Macintosh HD you already see;
| | 01:45 | it's already started, it's great.
| | 01:47 | We have got our Shared Items which was
created for us automatically, and Backups
| | 01:52 | and our Mac Tower.sparsebundle.
| | 01:54 | This is just initiated and it's going
to start growing, and you can see we
| | 01:57 | have no access in there.
| | 01:59 | But it's not like as an administrator,
we could go in there and mess with this
| | 02:02 | and screw things up without doing
something extra to log in and mess things up.
| | 02:07 | So if we just leave that alone,
we will be fine, but as you can see
| | 02:10 | whenever you're backing up your data
to the server, it's not like anyone
| | 02:14 | can see your backups.
| | 02:15 | They are just there and they can be restored.
| | 02:17 | This is especially useful if you are on
something like a MacBook Air, you move around a lot.
| | 02:25 | Most of the time that computer is
either on and it's in your lap or it's closed
| | 02:30 | up and it's in a bag someplace.
| | 02:32 | You're not going to just leave
that computer out on a desk with a USB
| | 02:36 | disk attached to it.
| | 02:37 | So if you want to get backed up, backing
up to a network volume is a great idea.
| | 02:41 | Now as I mentioned before, you could go
out and buy Apple's Time Capsule which
| | 02:46 | is their AirPort Express Base
Station with a hard drive in it.
| | 02:49 | It's designed specifically
to do this kind of thing.
| | 02:51 | But if you've got a Mac OS X Server,
you don't need to buy the Time Capsule.
| | 02:56 | You've already got the AirPort Extreme
Base Station which is performing those
| | 03:00 | networking functions, your server can
perform the function of your Network Time
| | 03:04 | Machine destination.
| | 03:06 | And it can do this for all of your
mobile laptop devices MacBook devices,
| | 03:10 | MacBook Air, your MacBook Pro, your
MacBooks, whatever you have there, plus your
| | 03:14 | clients, your iMacs, your MacPros, whatever.
| | 03:17 | So a great solution, the only thing like
I said before that you could really run
| | 03:21 | into that would be a big problem here,
would be running out of space on the
| | 03:23 | destination and I already told you
how to deal with that. So there you go.
| | 03:27 | That's setting up a client system to
back up via Time Machine to a Time Machine
| | 03:32 | destination on OS X Server.
| | Collapse this transcript |
| Connecting to file sharing from a Mac| 00:00 | Once you have your Lion Server setup
for file sharing, connecting to it from a
| | 00:04 | Mac just couldn't be any easier.
| | 00:06 | All you really need to do is open up
the New Finder Window, we can do that by
| | 00:10 | going to File, pulling down to New
Finder Window or we can hit Command+N on our
| | 00:17 | keyboard and that'll take us to the
same place, depending upon what your
| | 00:21 | preferences are in the Finder, you'll
either go to your Home Folder or to your
| | 00:25 | computer, or maybe even
to new All My Files area.
| | 00:29 | But one way or the other, you're going
to see your shared server in the sidebar.
| | 00:34 | Our's is here, it's computer name
is coming up, groundswellgearserver.
| | 00:37 | If we click on it, we have two choices.
| | 00:40 | We can either share the
screen or we can connect.
| | 00:43 | If we click Connect As, it will ask us
for the name of the user and we're going
| | 00:48 | to authenticate using the Username and
Password that we've created on the server for access.
| | 00:53 | So let's use Justin.
| | 00:55 | We put in the username and the
password, and we click Connect.
| | 01:01 | Before I click Connect, I would like
to point out that you have a Change
| | 01:03 | Password button right over here.
| | 01:05 | This gives Justin the ability to put
in an old password and create a new
| | 01:08 | password for himself.
| | 01:10 | But I am going to hit Cancel
and simply click on Connect.
| | 01:13 | Once I do, I have access to all the
SharePoints that Justin has access to.
| | 01:18 | So if I want to go to Groups, I can go
into Groups, and you see, if I have got
| | 01:21 | the preferences set this way in
the Finder, Groups will pop up here.
| | 01:25 | Now, what is that preference?
| | 01:27 | if I go over to the Finder and pull
down to Preferences, I can say, right here
| | 01:31 | that I want to show connected servers
on my desktop, if that button is checked,
| | 01:36 | then this will show up whatever
amount or volume, and that's it.
| | 01:40 | So that's connecting from
Bonjour using the sidebar.
| | 01:44 | What about connecting using the Go menu?
| | 01:47 | Go to the Go menu and pull
down To Connect To Server.
| | 01:50 | We can type in, afp for Apple file protocol.
| | 01:55 | afcp://and the fully
qualified domain name of the server.
| | 01:58 | This is useful if you're trying to
connect to your server, but you're not on the
| | 02:02 | same local network is your server.
| | 02:05 | So for example, if you have the holes
poked through the Firewall or through your
| | 02:09 | Network Address Translation on your
AirPort Base Station, then you would be able
| | 02:13 | to get to this from the Internet,
using the fully qualified domain name,
| | 02:17 | provided you have DNS setup on the
Internet, the way we have in this course.
| | 02:21 | If I click Connect, again, it asks me to
authenticate with the Username and Password.
| | 02:26 | Let's use paige this time and we click Connect.
| | 02:31 | This gives us a slightly different
view, but basically it's the same thing.
| | 02:35 | Here I get to choose Groups or
Users or even the Backups Area.
| | 02:39 | I am going to choose Users this time.
| | 02:41 | There's the Users folder and
there's Justin's Home folder.
| | 02:44 | We don't have a home folder for page,
because we haven't defined one in the
| | 02:48 | server app, under Users.
| | 02:49 | All right, so that's it.
| | 02:51 | I'm going to dismount this by clicking
this Share and by pressing the Command+E
| | 02:57 | button on my keyboard and that
ejects the volume, and that's it, that's
| | 03:01 | connecting from a Mac.
| | Collapse this transcript |
|
|
10. Authorizing the Use of ServicesUnderstanding authorization| 00:00 | I want to try to explain the
difference between two different words that we
| | 00:05 | need to really get in order to
understand how we are providing services to
| | 00:09 | people in OS X Server.
| | 00:11 | The first word is Authentication.
| | 00:15 | Authentication means that you have
provided a Username and a Password to the server.
| | 00:20 | The Username identifies who you are
logging in as and the Password is a shared
| | 00:24 | secret between you and the server that
proves that you are that person or that
| | 00:29 | user or at least that you have that
person or user's password and that you're
| | 00:33 | allowed to log in with that level of access.
| | 00:36 | So talking about levels of
access, that leads us to the next
| | 00:39 | word, Authorization.
| | 00:41 | Once you've authenticated to the server,
well then the server has to go back in
| | 00:45 | the back room and check
what you're allowed to see.
| | 00:48 | It says, all right!
| | 00:49 | So you say that you're Justin.
| | 00:53 | Well let's see here, Justin Case can
access file sharing and podcasting and mail.
| | 00:57 | What do you want to do?
| | 00:58 | So you have authorization to use
different services and that's where we get our
| | 01:02 | service access control lists,
because you're authorized to use a service.
| | 01:07 | But also in a file sharing sense,
Justin might have authorization to use a
| | 01:12 | certain file share and maybe not
another one, and so even within a service, you
| | 01:17 | may be authorized to use
part of it but not another part.
| | 01:20 | And so knowing the difference between
authenticating and being authorized to use
| | 01:25 | something is an important concept that's
necessary to your full understanding of
| | 01:29 | how OS X Server is
presenting and using services.
| | Collapse this transcript |
| Controlling who can use which service using Service ACLs| 00:00 | There are two applications you can
use to control service access control
| | 00:05 | lists in Lion server.
| | 00:06 | The first and the easiest to
get a hold of is our server app.
| | 00:11 | So if we go to our Applications
folder and we pop down here into the Server
| | 00:15 | application and open it, here we go, as
we get all situated here, we're going to
| | 00:21 | go up here to where it says Users,
and we're going to come down to the gear
| | 00:25 | inside of Users and we're going to
click on Edit Access to Services.
| | 00:32 | And in edit access to services we have a
service access control list I know that
| | 00:38 | sounds a lot more formidable than it looks here.
| | 00:41 | All it is, is you're saying I want
this user to be able to use Address Book,
| | 00:46 | which happens to be a service, right?
| | 00:48 | So as long as all of these things are
checked this user will be able to use
| | 00:52 | all of these services.
| | 00:53 | Conversely, if you have a user and you
want that user to only be able to access
| | 00:57 | their Mail Account, but nothing else,
you just uncheck the checkboxes for that
| | 01:03 | user, click OK, and as of the time
that it finishes saving this, from this
| | 01:09 | point forward, because we had Oliver
selected, Oliver will only be able to use
| | 01:13 | the e-mail service.
| | 01:14 | You can do the same thing for each of
your users and that's pretty much all
| | 01:19 | you've got right here in the server application.
| | 01:22 | Let's go back over, quit, and we're
going to go back into our Applications
| | 01:27 | folder and go into our Server folder
there, and let's take a look at this from
| | 01:31 | the perspective of this
Server Admin application.
| | 01:34 | When we double click on that the
Server Admin is going to open up and will
| | 01:39 | authenticate into the server there we go.
| | 01:43 | Authentication happened automatically,
because I have the checkbox checked to
| | 01:46 | keep that in the keychain, and remember it.
| | 01:48 | Now you see here, as long as we've got
the name of the server selected, if I
| | 01:51 | come up here to Access and go to
Services, this is our service access control
| | 01:57 | list as it is viewed in
the server admin application.
| | 02:01 | And here you can see sort of the same
thing but we have a few more services
| | 02:04 | available and so we can control
a couple of additional things.
| | 02:08 | For example one that's very popular is
controlling who can get in at the Login
| | 02:12 | Window right now I've got several
different users configured on my device.
| | 02:17 | If I want to say, you know what, I
really only want that local administrator
| | 02:22 | account to be able to
log in at the Login Window.
| | 02:24 | I can come over here and I can say only
allow users and groups below and I can
| | 02:29 | drag to the server admin user in here.
| | 02:31 | Once I click Save, the server admin user
will be the only user that will be able
| | 02:36 | to log in at the Login Window.
| | 02:39 | Now because we're screen sharing, I
can sort of show you what that means.
| | 02:43 | I'm going to Log Out over here.
| | 02:47 | So here we are at the login screen
on the server I'm going to type in the
| | 02:51 | Username and the Password I'm going
to click the little button and that's
| | 02:57 | going to log us in. And there we go.
| | 03:00 | Let's go a little further to prove this point.
| | 03:03 | Let's go back in the server
app, here's all of our users.
| | 03:09 | So I'm going to create a local
administration account and I'm just going to use
| | 03:14 | the account name ladmin and I'll put in
a password and I'm going to allow this
| | 03:24 | user to administer the server,
and I'm going to click Done.
| | 03:28 | We'll wait for the gear to
stop spinning, there we go.
| | 03:31 | There is our Local Administrator.
| | 03:32 | Now, the Local Administrator is not
in that service access control list for
| | 03:37 | login in at the Login Window.
| | 03:39 | So, when we do this and we try to log in
with ladmin, this should fail, and there we go.
| | 03:48 | Even though ladmin is a local
administrative account, it cannot log in at the
| | 03:53 | Login Window, because it's not in the
service access control list for the login window.
| | 04:00 | So this helps us to secure
our server really nicely.
| | 04:03 | It puts us in a position where only one
user account, the one we know, with the
| | 04:07 | password we know can login in.
| | 04:09 | Yeah we can still have other administrative
accounts on the system for other purposes.
| | 04:14 | That's service access control lists
in the server app and in server admin.
| | Collapse this transcript |
| Controlling who can use which files using file permissions and ACLs| 00:00 | Access control lists don't only extend to
services, but actually extend into the file system.
| | 00:07 | They work sort of differently.
| | 00:08 | We're going to open up our server
application in order to see what that looks like.
| | 00:13 | Go to the Applications
folder and let's open up Server.
| | 00:18 | So let's start here in File Sharing.
| | 00:21 | You can actually look at the access
control list or the permissions on files in
| | 00:27 | two different locations inside of Server app.
| | 00:29 | The first that I'd like to
point out is the File Sharing area.
| | 00:33 | The reason why I want to point this
out here is simply, because this is where
| | 00:36 | you configure different share points.
| | 00:39 | I mentioned before that we have Groups,
Public, and Users here because they were
| | 00:44 | set up for us whenever we installed the system.
| | 00:47 | We got Backups as a result of turning on
our Time Machine Backup destination for
| | 00:51 | our clients down here and
specifying Macintosh HD.
| | 00:55 | They set up a Backups directory for us
in that location and I can show that to
| | 01:01 | you in the file system by simply
opening up a new Finder window, going to the
| | 01:05 | computer list which shows us all of our
storage, and then if we look inside of
| | 01:09 | Macintosh HD, which is where we specified;
| | 01:13 | keep in mind, look at this over here.
| | 01:14 | Here's Server app, there's Time Machine and
there's our Backup destination on Macintosh HD.
| | 01:19 | But what we actually ended up with
was a Shared Items folder and a Backups
| | 01:23 | folder inside of that and then the
backups go inside of that Backups folder.
| | 01:27 | That Backups folder that we're seeing
over here is actually the Backups folder
| | 01:31 | that was set up for us automatically
whenever we configured time machine. Now that;
| | 01:35 | that's clear I want to create a new share point.
| | 01:38 | Click the plus button and I'm going
to go over here to Macintosh HD and I'm
| | 01:42 | going to set up a new folder.
| | 01:43 | We are going to call this one Sales.
| | 01:46 | I'll create and I am going to click on
the Sales folder that I just created and
| | 01:53 | click Choose, the display updates.
| | 01:56 | We can see here we've got our
folder Sales available as a share point.
| | 02:00 | But we still need to modify it.
| | 02:02 | So we are going to click the Pencil
button and we can make this available for
| | 02:06 | iOS devices, we can allow guest users
to access it or not, but I want to point
| | 02:11 | out this Access area up here.
| | 02:13 | The Server Admin which has the single
silhouette, the dual silhouette that has
| | 02:18 | Staff, and then the globe
that says Everyone Else.
| | 02:21 | The User, the Group, and Everyone are
the initial users that are applied to any
| | 02:26 | share point or any file or
folder in the file system.
| | 02:29 | We can control whether this user has Read &
Write, Read Only, Write Only, or No Access at all.
| | 02:34 | Same thing with the Group
and same thing with Everyone.
| | 02:37 | But we can only have one group here and we
can only have one user that's the owner here.
| | 02:42 | I like leaving Server Admin, the user
that we're logging in with at the login
| | 02:47 | window as the owner of my share point,
because I want to be able to navigate
| | 02:50 | through them whenever I get in
here to navigate the file system.
| | 02:54 | For example, if I come in here and I
want to open up Sales, I can do that in the
| | 02:58 | finder, because I'm logged in as Server
Admin and Server Admin is the owner with
| | 03:02 | read and write permissions.
| | 03:04 | If I want to add other people in here,
all I have to do is click the plus
| | 03:07 | button, and well, this is the Sales folder.
| | 03:09 | So it makes sense to me to put the sales
group in here and give them read and write access.
| | 03:17 | So all I have to do is do that and click Done.
| | 03:21 | Because that dual silhouette is
sitting above the other items, the single
| | 03:26 | silhouette, the first dual select, and
the Everyone group, those three at the
| | 03:30 | bottom, anything above those three is
called an access control entry or an ACE.
| | 03:38 | And the complete list of access control
entries for any given item is known as
| | 03:44 | an access control list. That's great!
| | 03:46 | We've just given the sales group
access to Sales, and in fact, I'm going to
| | 03:50 | click the Pencil button here and I am
going to come back and make sure that
| | 03:53 | everyone else doesn't have any access
at all, because I only want the Sales
| | 03:57 | group and I am going to
make Staff No Access as well.
| | 04:01 | That way anyone that's a member of
the Staff group on our server won't gain
| | 04:04 | access inadvertently.
| | 04:06 | Sales is going to have Read & Write,
Server Admin will have Read & Write, but
| | 04:10 | pretty much everybody else's
going to have nothing at all.
| | 04:12 | The other thing we get out of this,
because this is an access control list, this
| | 04:17 | Sales entry, inheritance that is the
ability to keep the permissions exactly the
| | 04:23 | same as people add additional files and
folders into this Sales folder will be
| | 04:28 | carried on down the line
throughout the hierarchy.
| | 04:31 | So if somebody connects up to the
Sales share point from their Mac and they
| | 04:35 | put a folder inside of it, and inside that
folder, there is a bunch of Excel spreadsheets.
| | 04:40 | All of those spreadsheets and that
folder will continue to have the sales access
| | 04:46 | control entry on them and everybody in
the Sales group will continue to have
| | 04:51 | read and write access to all of those items.
| | 04:53 | That's not true of those POSIX users and groups.
| | 04:58 | For these folks down here, Server Admin,
Staff, and Everyone Else, these don't
| | 05:03 | get that kind of inheritance by default.
| | 05:05 | When you're managing your permissions and
your access controls, keep that in mind;
| | 05:10 | it's very important.
| | 05:12 | The second place where you can access
your access control lists is going to
| | 05:15 | be hardware area and clicking on your
Server and then clicking on Storage over here.
| | 05:20 | Note that we have each of our hard
drives listed here and if I flip down this
| | 05:24 | disclosure triangle, I can see my Sales folder.
| | 05:27 | If I wanted to change my
permissions, I can edit them here;
| | 05:32 | I have a fuller access to
my access control lists.
| | 05:36 | I can remove inherited entries here,
I can sort access control lists
| | 05:40 | canonically, putting the highest
priority up at the top, and I can also make
| | 05:46 | inherited entries explicit.
| | 05:48 | You see this spotlight is light gray.
| | 05:50 | It's inherited that
permission from a parent directory.
| | 05:54 | Because that's an inherited permission,
if I change the permission above it that
| | 05:59 | inheritance is going to be left orphaned.
| | 06:02 | If I make the inherited entry explicit,
it changes that from light gray to dark
| | 06:07 | black like the rest of these and
gives me direct control over it.
| | 06:11 | I can also remove inherited
entries from this area if I want to.
| | 06:15 | So I'm going to add one
more access control entry here.
| | 06:19 | I want to explicitly say that the Paige
user has a specific type of access to this.
| | 06:29 | I want Paige to only have
write access to this folder.
| | 06:33 | It will make that folder into a
dropbox for her, but only for her.
| | 06:37 | So anything she drops onto that folder
will go into the folder, but she won't be
| | 06:41 | able to open the folder to
see the results of that action.
| | 06:45 | So she'll never be able to go into
that folder and see what other people
| | 06:48 | have put into it, but she'll always be will
put stuff into it for other people to see.
| | 06:53 | So I am going to click OK and if I
wanted to, if this Sales folder had a lot of
| | 06:58 | stuff inside of it, I could propagate
those permissions so that the permissions
| | 07:02 | I just said would apply to
absolutely everything inside of that folder.
| | 07:07 | So those are the two ways that you can
get to your file system access control
| | 07:11 | lists inside of Server app.
| | Collapse this transcript |
| User-level login to wireless networks using Server Admin (RADIUS)| 00:00 | Lion Server makes something that used to
be a little on the tough side really easy.
| | 00:06 | So there's this thing called Radius and
what Radius basically is, is it's going
| | 00:11 | to give your AirPort Extreme Base
Station, the ability to accept a Username and
| | 00:17 | Password for authentication into the
wireless network which allows you to
| | 00:22 | control access to your wireless network
individually by person or user account.
| | 00:28 | This gives you a lot more control over
who has access to your Base Station and
| | 00:32 | therefore to your wireless network.
| | 00:34 | So we are going to show you how this works.
| | 00:35 | I have clicked on Lion which is our
AirPort Extreme Base Station down here in
| | 00:39 | the Hardware section and all I need to
do under Settings is click here, Allow
| | 00:44 | username and password login over Wi-Fi.
| | 00:46 | It comes in here and it
starts setting the settings.
| | 00:49 | You can see the gear churning,
and churning, and churning.
| | 00:50 | As soon as it finishes setting it,
all we need do is click Restart AirPort.
| | 00:55 | Anytime you are going to change an
AirPort Setting in here, you need to click
| | 00:59 | Restart AirPort in order
for those settings to apply.
| | 01:02 | We are going to do that.
| | 01:04 | The AirPort Extreme Base Station is
going to disappear for a short time, and
| | 01:07 | then when our network is back, we are
going to connect up to another remote
| | 01:12 | system that we have in screen sharing
here and we are going to make it connect
| | 01:17 | up to the wireless network
via a username and password.
| | 01:20 | So clicking Restart AirPort.
| | 01:21 | All right, so once it finishes with all
of its gear spinning, we can safely say
| | 01:28 | that this has restarted and we're in
good shape and we can do our username and
| | 01:31 | password login over Wi-Fi.
| | 01:33 | So I'm going to do our three-fingered
swipe and what we're going to do is we are
| | 01:36 | going to go into different spaces.
| | 01:38 | I am going to go three fingers up to
give in to Mission Control and here you can
| | 01:41 | see we are screen sharing with
Groundswell Gear and with Lion Mini over here.
| | 01:45 | So I'm going to click on the Lion Mini,
and now we are in the screen sharing
| | 01:48 | environment of that client system.
| | 01:51 | All we need to do is access our AirPort
menu up here in the menu bar, and if we
| | 01:57 | access Lion Network 5 GHz, see here how
it asks us for a username and password.
| | 02:04 | And I am going to check Remember this network,
because I want it to be saved in my keychain.
| | 02:10 | I am going to click the Join button.
| | 02:14 | And it tells us Authenticating
to network Lion Network 5 GHz.
| | 02:17 | So we're going to show the certificate
just so we can see that this is what we
| | 02:22 | expect it to be, the server.
groundswell.gear.com certificate that we have
| | 02:26 | chained up to our Go Daddy
certificate. So this is great.
| | 02:29 | It's a valid certificate, it's fantastic.
| | 02:31 | I am going to click Continue.
| | 02:33 | And it's going to ask us to
put in a Username and Password.
| | 02:36 | This is going to your local admin
Username and Password on the client system
| | 02:40 | that's trying to connect
to the wireless network.
| | 02:44 | Once you click OK, it authenticates and
that gets you on to the wireless network.
| | 02:48 | Notice we didn't have to
put in the WPA2 password.
| | 02:52 | It accepted my Username and
Password to get on the network.
| | 02:55 | So this gives you some
additional control over your network.
| | 02:58 | For example, if you've got a small
number of employees that you want to
| | 03:01 | have access to this network and say one of
those employees leaves to take another job.
| | 03:06 | If you don't want that employee to be
able to come back and get on your wireless
| | 03:09 | network, with this type of
authentication all you have to do is disable their
| | 03:13 | user account and they no longer have
access to the network, because you never
| | 03:17 | handed out the WPA2
password for the Wi-Fi network.
| | 03:22 | So I am going to use Mission Control
to go back to my regular desktop here,
| | 03:26 | where I have to Server App running.
| | 03:27 | That's all you need to know about
configuring your name and password login for
| | 03:32 | your AirPort Extreme Base Station
using the Server App in Lion Server.
| | Collapse this transcript |
|
|
11. Collaborating with Calendars, Contacts, and iChatCollaborating in a group| 00:00 | In this chapter, we've merged together the
concepts of iCal, an Address Book, and iChat.
| | 00:07 | All of those services on Mac OS X
Server work in a similar way to allow you to
| | 00:13 | communicate effectively the information
you need to communicate with your peers
| | 00:18 | and your organization.
| | 00:19 | For example, Calendar Server allows you to
have a personal shared calendar on the server.
| | 00:26 | But it also allows you to share
other calendars with other people.
| | 00:29 | It allows for delegation, it
allows for shared resources.
| | 00:33 | All of these are available through the web
interface as well for the Calendar Server.
| | 00:37 | So this becomes a very flexible solution.
| | 00:40 | You can access it from a Mac, from
an iOS device, even from Windows.
| | 00:44 | All right, now, Address Book Server.
| | 00:46 | Address Book Server is one of those
things that is extremely useful in a
| | 00:50 | small organization where everybody
is trying to keep track of the same
| | 00:53 | address information.
| | 00:54 | Say you've got a group of contacts;
| | 00:56 | maybe they're all customers or maybe
they are sales prospects, whatever it might
| | 01:00 | be, if you've got a shared group of
contacts that you want everybody in your
| | 01:04 | organization to have access to, but you
don't want to constantly be sending new
| | 01:09 | contact cards or revisions or sending
emails to people saying, I just changed
| | 01:13 | this person's contact info.
| | 01:15 | The easy way around that is to
have a central contact server that has
| | 01:19 | everybody's information on it, where
if somebody changes one contact card,
| | 01:23 | that's simply synced around and
everybody has suddenly got that update.
| | 01:27 | iChat server works a little bit differently.
| | 01:29 | The iChat server sits there on your
server and acts as a host for instant
| | 01:34 | messaging conversations between
people who are on that server.
| | 01:39 | So for example, if you've got a small
workgroup of say 10 to 15 people, and they
| | 01:45 | all want to be able to instant
message each other, but you don't want those
| | 01:48 | instant messages to be going
outside of your organization.
| | 01:51 | For example, maybe you don't want AOL
servers to have record of all of your
| | 01:55 | conversations, you don't want all
of those conversations to be going
| | 01:58 | through Facebook servers.
| | 02:00 | Well, you can easily accomplish that.
| | 02:02 | All you have to do is enable your iChat
server and you'll be able to have those
| | 02:06 | secure conversations.
| | 02:07 | In fact, if you're in a doctor's
office or a lawyer's office where it's
| | 02:10 | important for you to be able to go back
and find records of those conversations
| | 02:14 | later on, your iChat server is a great
solution for that too, because you can
| | 02:18 | simply turn on that capability.
| | 02:20 | You can archive all of your text
messages back-and-forth between your employees
| | 02:24 | and a special directory on your server.
| | 02:26 | So collaboration is really
important in a small workgroup.
| | 02:30 | It allows you to be more functional
than you would be otherwise and allows you
| | 02:34 | to share information in a really simple
and intuitive way that doesn't require
| | 02:38 | any additional training for you users.
| | 02:40 | So let's dig into this chapter and
learn how to configure those services.
| | Collapse this transcript |
| Enabling iCal Server to provide server-based calendars| 00:01 | To get started setting up
collaboration services, we are going to open up the
| | 00:05 | Server application and we are going
to go directly to the iCal service.
| | 00:09 | Now you're going to see here that ours
is already all refreshed and up-to-date.
| | 00:13 | If yours is still got the little
gear spinning, don't worry about it.
| | 00:16 | Just wait till the gear stops spinning
in the lower right-hand corner of the
| | 00:19 | Server App, and once it does you
will be ready to look at your stuff.
| | 00:23 | The first thing I want you to notice
is that we are allowing invitations
| | 00:26 | using an email address.
| | 00:27 | This allows the iCal server to send
invitations to any users that are not
| | 00:33 | users on your server.
| | 00:35 | So how does it determine whether
or not a user is on your server?
| | 00:39 | It goes into the user record and any
user that's set up here, I am going to
| | 00:45 | go Edit User, any user that set up on
your server is going to have a properly
| | 00:50 | formatted email address provided, you've
entered the one in the Email Address field.
| | 00:55 | Once our gear stop spinning here we
will be able to see this for Justin Case.
| | 00:59 | Okay, so our gear just stopped
spinning and we can scroll up to the top here.
| | 01:04 | You can see we have got our Full Name and we
have the got the Email Address that we entered.
| | 01:08 | So what is iCal doing?
| | 01:09 | Well, iCal is looking at these Email
Address fields for all of our users.
| | 01:14 | So if we enter Justin's address into
iCal and we want to invite Justin to a iCal
| | 01:21 | event what the server is going to do is
it's going to check against these email
| | 01:26 | addresses and if the email address
exists on the server it will just send it
| | 01:30 | internally on the iCal server.
| | 01:32 | If there isn't an email address that
matches the one that you've put into the
| | 01:36 | invitation in iCal, it will then send
that as an email using this email address,
| | 01:43 | the email address that's right in this
field here and this is actually a real
| | 01:47 | user on your server.
| | 01:48 | You don't need to change this email address;
| | 01:50 | it will simply use that as the address
that it uses to send stuff back and forth.
| | 01:55 | Now if you wanted to you could create
a calendar user or something like that.
| | 02:00 | Just make sure that it doesn't conflict
with the built-in calendar user that's
| | 02:04 | already there as a system user.
| | 02:06 | So you could make it something like
invitations@groundswellgear.com or something
| | 02:10 | like that and you could custom enter
that if you wanted it to be recognizable as
| | 02:14 | such when people receive
these emails from the outside.
| | 02:18 | The next thing I want to show is how you
give your users access to services like
| | 02:23 | iCal and iChat and Address Book.
| | 02:26 | So I've shown this in another movie but
it's worth bringing up here just in case
| | 02:30 | you're skipping around here in the title.
| | 02:31 | If I select Justin Case and I come
down here to the gear and I select
| | 02:36 | Edit Access to Services.
| | 02:38 | I can change the access
control list for services for Justin.
| | 02:42 | You will notice that there's a checkbox
here and there's a checkmark in it next
| | 02:46 | to iCal server and Address Book and iChat.
| | 02:48 | If we were to uncheck those then that
user would not have access to those services.
| | 02:53 | There's nothing you need to do to
specifically enable services for these users
| | 02:57 | because if you created them in the
Server App they are enabled by default in the
| | 03:03 | service access control lists.
| | 03:04 | If you use the advanced tools in
Workgroup Manager then those users will not be
| | 03:09 | automatically added to those service
access control lists and you would need to
| | 03:13 | go in and enable those
users on a case-by-case basis.
| | 03:16 | So just be aware of that
difference between the tools.
| | 03:19 | So we are going to go back to iCal.
| | 03:21 | Now we have talked about service access
controls, we talked about email invitations;
| | 03:25 | the last thing we are going to do
here is set up a Location or Resource.
| | 03:29 | A Resource should be something like a
projector that maybe people would check out.
| | 03:32 | I'm going to set up a location and I'd
like to set up a conference room specifically.
| | 03:37 | So we'll just call this Front
Conference Room and we'll Accept the
| | 03:43 | Invitations Automatically.
| | 03:45 | Setting up a Delegate is setting up
someone as it says right here that can view
| | 03:49 | and manage these resources
using their copy of iCal.
| | 03:52 | So for example if I set Justin Case
after we started typing Justin's name it
| | 03:57 | automatically found him just as it does in so
many other interfaces here in the server app.
| | 04:02 | We click on Justin's name, it auto
completes for us and we can click Done.
| | 04:07 | I think it's a very good idea to wait
for the server to auto-complete the name
| | 04:10 | because then you're absolutely certain
that the server has locked onto that user
| | 04:14 | as a resource there.
| | 04:16 | Once we have our Location set up and
we've got our invitations for email all set
| | 04:20 | up, all we need to do
now is click the ON button.
| | 04:23 | Now when we do it's going to ask us to
allow pass-through to the Internet and we
| | 04:28 | are going to say well, yes of
course we want that to happen, right.
| | 04:31 | This is one of the reasons why we are
using Server App in the first place to
| | 04:35 | help us manage our AirPort Extreme
Base Station is because all of that really
| | 04:40 | difficult port mapping stuff that is so
challenging for some folks now is being
| | 04:45 | handled for us automatically.
| | 04:46 | And as soon as we click Allow, the
system is going to go out, reconfigure the
| | 04:52 | AirPort Extreme Base Station and put
that into the port forwarding for us.
| | 04:55 | So that's just fantastic and that's
done now so we can move on to configuring
| | 05:00 | our next service in collaboration.
| | Collapse this transcript |
| Enabling Address Book Server| 00:00 | Once you have set up your iCal Server we
are going to move over to Address Book,
| | 00:05 | we click On, then we click Allow in
order to tunnel it through our Airport
| | 00:10 | Extreme Base Station.
| | 00:13 | That sends the data out to the
appropriate place on the Airport Extreme Base
| | 00:17 | Station, and you notice it's also
writing Profile Manager Settings.
| | 00:21 | We are pretty much done.
| | 00:23 | There are some advanced things that we
can interact with on Address Book server
| | 00:26 | at the command line but as far as our
turning it On and enabling it, that's it.
| | 00:32 | If you wanted to be able to do a
search of your internal employees, that's
| | 00:36 | people that are in the Users area up
here under Accounts, then we would put
| | 00:41 | check mark here in the Include
directory contacts in the Search area but we
| | 00:46 | are not going to do that because really
what we are using our address book for
| | 00:49 | us, so that we can have a shared
address book amongst all of our employees of
| | 00:52 | our shared contacts.
| | 00:53 | That's sort of the point.
| | 00:55 | Now, that that's done we are going
to move on to our next collaboration service iChat.
| | Collapse this transcript |
| Enabling iChat Server| 00:00 | All right, having just configured and
enabled Address Book on our server and
| | 00:05 | through the AirPort Extreme Base
Station we are now moving on the iChat.
| | 00:10 | We click on the iChat service and we
have a little bit more that we can do to
| | 00:14 | configure this here.
| | 00:15 | First of all, we can Archive all
of our chat messages on our server.
| | 00:21 | So there's not a lot to do here in
the iChat Server section of Server App.
| | 00:25 | But we can turn on
Archiving of all chat messages.
| | 00:29 | And I wanted to just briefly go into this.
| | 00:32 | So if you enable this option, all of
the text chat messages that are sent
| | 00:38 | through your server will be saved
on your server for later retrieval.
| | 00:42 | This can be very, very useful in a number
of scenarios, but I wanted to mention that.
| | 00:47 | So all you need to note here is that;
| | 00:50 | that only will affect your text chat
messages, not your audio or your video chat
| | 00:56 | messages, because the server can't
hold all of the video, because the server
| | 01:00 | doesn't actually ever see it.
| | 01:01 | The server is used to make the
initial connection between you and another
| | 01:05 | chat client to start a video chat, but in fact
that video never actually hits the server itself.
| | 01:12 | The chat messages on the other hand are
constantly flowing through the server.
| | 01:14 | So it can archive all of those.
| | 01:17 | That could be useful if you have got a
small law practice or maybe a doctor's
| | 01:19 | office where you want to have an archive
of all the chat messages that are being
| | 01:23 | hosted by your server, and another
reason why you might want to have your server
| | 01:27 | in the first place, maybe you are
having secure conversations that you don't
| | 01:31 | want somebody else's chat server to know about.
| | 01:34 | It's possible that you don't want the
Facebook servers to have all of your
| | 01:38 | private client conversations.
| | 01:40 | So if you want to have your own
that's what this is all about.
| | 01:43 | But if you do want to
federate with other people's server;
| | 01:46 | say for example, you are a law firm,
small office and you've enabled your
| | 01:49 | chat server here and you want to be
able to have secure communications with
| | 01:54 | someone else's Lion Server. You can do that.
| | 01:58 | Right in here you can click Edit and
when you get into the Server-To-Server
| | 02:02 | Federation configuration sheet, you
can Require a secure connection between
| | 02:07 | servers that means that all of the
communication will happen over SSL, and you
| | 02:11 | could Allow federation with all the domains.
| | 02:13 | That's kind of neat because that allows
you to federate with things like Gmail
| | 02:16 | for example, if you've got
people that have Google Talk.
| | 02:18 | But if you wanted to restrict that
federation, that communication between your
| | 02:23 | iChat Server and someone else's, then
you could restrict it to just those other
| | 02:27 | servers and you can just click the
plus button here and enter the fully
| | 02:31 | qualified domain name of that iChat
server, whatever it happens to be.
| | 02:34 | You would click OK and move right along.
| | 02:37 | So that's how you configure that and set it up.
| | 02:39 | All we need to do to get it going is
click the ON button right here and once
| | 02:44 | again, we're going to allow the iChat
service to be funneled through our AirPort
| | 02:49 | Extreme Base Station.
| | 02:51 | Server app is taking care
of that configuration for us.
| | 02:54 | We are going to click Allow right here,
and you see the gear going down here in
| | 02:57 | the lower right-hand corner.
| | 02:58 | As soon as it finishes, we should be
all set, we should have an update in the
| | 03:03 | Lion AirPort Extreme Base Station
and we should also have updated Profile
| | 03:07 | Managers for services here.
| | 03:09 | So if somebody goes out to their My
Devices site and downloads the General
| | 03:12 | Settings Default Configuration Profile,
they will get settings for VPN now, they
| | 03:16 | will get iCal settings, they will get
Address Book settings, they will get iChat
| | 03:20 | settings, because we've got all of
those services set up on our server now.
| | 03:24 | So very, very convenient stuff going on here.
| | 03:27 | That's it we just configured iChat
Services and having that past through our
| | 03:31 | AirPort Extreme Base Station
everything should be working now.
| | Collapse this transcript |
| Setting up all your collaboration services at once| 00:00 | So we have just shown how easy it is to
configure the collaboration services on
| | 00:06 | Mac OS X server using the Server App.
| | 00:08 | I'd like to show you how easy it is to
configure access to the services from Lion client.
| | 00:13 | We are going to start by going
to the Apple and pulling down to
| | 00:16 | System Preferences.
| | 00:18 | In System Preferences we are going
to go to Mail, Contacts & Calendars.
| | 00:21 | We will click on Add Account, click on
Other and we will click on Add a Mac OS X
| | 00:27 | server account and we will click Create.
| | 00:30 | It finds our server on the network
over Bonjour and click Continue after
| | 00:34 | selecting our server and then with the
Full Name we enter the full name of a user.
| | 00:38 | We are going to use Tom because we
haven't used him much so far in the title and
| | 00:44 | we are going to put in his Password.
| | 00:46 | Remember that this will fail if you've
turned off access to services using a
| | 00:51 | service access control list but your
services will all be on by default if these
| | 00:56 | users were all entered in the server app.
| | 00:58 | So that's where you should be.
| | 01:00 | Click on Set Up and it automatically
finds all of the services that we've
| | 01:04 | already got set up on our server.
| | 01:06 | We have set up the Address book, the
Calendar and Chat so it's telling us that
| | 01:10 | these are what are available and
simply leave the checkmarks in the checkbox
| | 01:13 | and click Add Account.
| | 01:16 | It goes out and automatically
configures everything for us.
| | 01:18 | We can look at Details and change those
details if we want, but here is not much
| | 01:22 | here to change, so the next thing to
do is simply to open up each of the
| | 01:25 | applications and prove to you that this
actually worked because that's actually
| | 01:28 | all you have to do, it's that easy.
| | 01:30 | I am going to go to the
Applications folder and we will start off by
| | 01:34 | double-clicking on Address Book.
| | 01:37 | Here it is right here on
the sidebar, Mac OS X server.
| | 01:40 | If I click in and I click the plus button down
here to add a new user, I can add somebody new.
| | 01:47 | And I can add a phone number and
when I am finished I can click Done.
| | 01:53 | I could have put in a lot more
information obviously, but this gets a contact
| | 01:55 | into the book and if I click Back, if I
go to All on My Mac and I click Forward
| | 02:01 | that's not in there.
| | 02:02 | So this particular address
book entry is only on the server.
| | 02:07 | If I come back in here into Address Book
and go to Preferences, here's my Mac OS
| | 02:10 | X server configuration.
| | 02:11 | There's not much to it.
| | 02:13 | If I click Edit Account it just takes
me back to System Preferences, so I can
| | 02:16 | look at my settings there. It's super easy.
| | 02:20 | That proves that one is working.
| | 02:21 | Let's go in iCal next.
| | 02:22 | So here is the new iCal big and
beautiful as it is, we are going to go to the
| | 02:29 | iCal Preferences just to show you that
the account is there. See here we are.
| | 02:33 | We can control Delegation.
| | 02:36 | For example, I can add Justin, there we are.
| | 02:41 | I can even allow Justin to write
into my calendar. Click Done there.
| | 02:45 | If other users had allowed me to
configure their calendars, I would see
| | 02:49 | them listed in this box.
| | 02:50 | And click the Close button on
Preferences and let's just create a new
| | 02:54 | appointment just for fun.
| | 02:58 | Add it, double-click on it.
| | 03:00 | Tell it which calendar I want it to go into.
| | 03:03 | By putting it into the Mac OS X server
calendar, puts it online and makes it
| | 03:06 | available to other people who
have visibility into this calendar.
| | 03:10 | Change the time to something that's a
little bit more realistic for a nice early
| | 03:13 | dinner and there we are.
| | 03:16 | You probably missed it because it went
very, very quickly but the iCal system
| | 03:20 | tells you it's updating the server
with a little text message right next to
| | 03:23 | the word iCal here.
| | 03:25 | So next let's take a look at iChat.
| | 03:27 | We will open this up and I
can simply take it right online.
| | 03:33 | Select Available and in we go.
| | 03:37 | If you want to look at the
Preferences no problem at all, right there, it's
| | 03:40 | enabled, here are all the account settings.
| | 03:42 | It was all set up for us. So that's it.
| | 03:46 | We have just shown you that we've
successfully configured the settings, so that
| | 03:49 | our client system here online can
connect up to our Lion Server System.
| | Collapse this transcript |
|
|
12. Wiki Server 3 and Web ServiceHow the Wiki helps you use your iPad, iPhone, or iPod Touch| 00:00 | In this chapter, we will cover the
Wiki, the Blog, and the Web Service.
| | 00:04 | We will cover these altogether because
they are all essentially the same thing.
| | 00:08 | They're all running off of Apache and
they're all either websites or services
| | 00:12 | running in your web browser.
| | 00:14 | So, what are they though?
| | 00:16 | They are very different things and we
need to understand the differences between
| | 00:19 | them so we can use these services appropriately.
| | 00:22 | So let's start with wikis.
| | 00:23 | If you think of a wiki as a static
subject with ever-changing information within
| | 00:28 | that subject, you've got a pretty
good idea of what a wiki would be.
| | 00:31 | So for example, if I were to do a
thing on cathedrals that would be a
| | 00:36 | good subject for a wiki.
| | 00:37 | I could do a page on cathedrals and
then as I create the page, I could add
| | 00:42 | things about a few cathedrals that
maybe I went and saw when I was on
| | 00:45 | vacation in Europe.
| | 00:46 | And then maybe later on I would add some
more information and so on and so on and so on.
| | 00:50 | As I add more information into the
wiki page, I continue to add more depth to
| | 00:56 | that subject matter.
| | 00:57 | But I'm not changing where that page
is located, I am not adding additional
| | 01:01 | posts, I am just changing
the information in that page.
| | 01:05 | A blog is different.
| | 01:07 | If I were to do the same thing with a
blog, a blog would be more appropriate if
| | 01:11 | I were doing posting about my
vacation to Europe, while I was on the road.
| | 01:16 | And so everyday I would go
and see something different;
| | 01:18 | maybe I would see a cathedral one day
and maybe I would see a garden the next
| | 01:22 | day and I could write posts about what I was
seeing as I was going through that vacation.
| | 01:27 | The posts would be individual
iterations of an ongoing conversation.
| | 01:32 | This is very effective for
something like a journal.
| | 01:35 | Okay, so that's more of a blog.
| | 01:38 | Now the Web Service is
really not the same thing at all.
| | 01:41 | The Web Service is a place for you to
copy your custom-built website into so
| | 01:47 | that it can be served up on your server
to anyone who comes to the either Port
| | 01:51 | 80 or Port 443, for either a
non-secure or a secure website.
| | 01:55 | And once you've turned on the Web
Service and you've put your site in the
| | 01:59 | correct folder, your site will simply
be the site that served up to people when
| | 02:04 | they visit, and that's really it.
| | 02:06 | A lot of people use websites as
their own personal digital brochure.
| | 02:11 | There are a lot of other
people use them as stores.
| | 02:13 | Really the sky is the kind of the
limit and lynda.com has a lot of classes on
| | 02:16 | web design and what you can do with a website.
| | 02:19 | But once you have got your website
designed, the Web Service is what you are
| | 02:22 | going to turn on in order to use it.
| | 02:24 | All right, so those are the three
services we are talking about here.
| | 02:27 | Let's get into this chapter
and see how to configure them.
| | Collapse this transcript |
| Turning on and configuring the Wiki| 00:00 | Probably the most fun
feature in OS X server is the wiki.
| | 00:04 | I know a lot of people that really love
the wiki in 10.5 and 10.6 and in 10.7,
| | 00:09 | it's been completely rewritten.
| | 00:11 | So let's get into server app and
configure it so we can start playing with it.
| | 00:14 | And I'm going to do our forefinger
pinch to get into the server software.
| | 00:18 | I am going to wait for it to connect
to the server and update its information
| | 00:22 | and then as soon as this gear finishes
spinning, we're going to click on Wiki
| | 00:25 | and we will start the service app. Here we go.
| | 00:28 | So let's come over to where it says
Wiki here and we have the opportunity here
| | 00:32 | to create a form of a
service access control list.
| | 00:36 | We were looking at the users earlier
and we were talking about those checkboxes
| | 00:41 | and whether or not things would
be turned on for each user or not.
| | 00:44 | This is yet another service access control list;
| | 00:46 | it's just in a different location.
| | 00:48 | This is one where you can define
I want maybe sales to be able to
| | 00:52 | configure wikis and maybe I want All Employees,
for example, to be able to configure wikis.
| | 00:58 | You can configure this however you would like.
| | 00:59 | I am going to take Sales out
and leave All Employees in their.
| | 01:03 | So right now all employees and
Administrators are both available that means
| | 01:06 | pretty much everybody that's
configured at this point can create a wiki.
| | 01:09 | So that's done and I can click ON.
| | 01:12 | Before I turned this ON, I would like
to point out that what I just did is
| | 01:16 | essentially the same thing
is configuring all users.
| | 01:19 | If you wanted to do only some users you
would probably configure it, so you were
| | 01:22 | limiting that ability to some subset.
| | 01:25 | But again, that would be your own
preference whatever you would like to do.
| | 01:28 | When I click ON and there we go;
| | 01:30 | the Wiki server is now started.
| | 01:32 | So to get to it, all we would have to do
is click the next button down here that
| | 01:36 | just appeared, View Wiki, and we're
going to do that in the next movie.
| | Collapse this transcript |
| Navigating the Wiki| 00:00 | We have just configured and turned on
the wiki which didn't take a whole lot.
| | 00:03 | So I am going to show you where most of
the actual work happens by clicking on
| | 00:07 | the View Wiki button here in the server app.
| | 00:11 | So this is opening up a Safari window
for us and just so we have got more screen
| | 00:15 | real state, I am going to click the
Full Screen button here in just a second.
| | 00:18 | But before I do it, I would like to
point out that this is actually at https://,
| | 00:23 | the fully qualified domain name of
your server/wiki, very straightforward.
| | 00:28 | So we will go to full-screen and here we are.
| | 00:32 | Navigating this wiki is
just navigating a website.
| | 00:35 | There's not that much to learn here
aside from just what each of these things
| | 00:40 | is and what they do.
| | 00:41 | So we are going to do a little bit of a tour.
| | 00:43 | First thing is right up here in this
corner, clicking on this button up here
| | 00:46 | that looks a bit like a strip of
film, gives you this bar where you can
| | 00:50 | easily navigate to the Home page, the My Page
interface, your Updates page, Wikis and People.
| | 00:58 | This home strip will be available to
you no matter where you are in the wiki,
| | 01:02 | it just takes you directly to each of
those links and we'll be navigating to
| | 01:05 | each of those soon.
| | 01:06 | But this is the heart of
navigating the Mac OS X wiki system here.
| | 01:11 | So I want you to know that this will
always be there for you and you can get
| | 01:14 | to it really easily.
| | 01:15 | Now, next thing I wanted to
show you is this pencil button.
| | 01:18 | This is how we edit the wiki page.
| | 01:20 | In our next movie, we will
talk about editing the page.
| | 01:23 | Plus button, that allows us to
create new content on the wiki.
| | 01:27 | The gear, and again, this is
all pretty straightforward.
| | 01:30 | We've got really good indications here
from our little yellow text boxes here.
| | 01:34 | This is our action button.
| | 01:35 | So this is contextual.
| | 01:36 | In this case, all we can
do is go to the Help screen.
| | 01:39 | But the Help wiki is awesome.
| | 01:42 | If we click on Help, it takes us to
this Wiki Help section that tells us all
| | 01:46 | about wiki's navigation, organization,
calendaring, podcasting, all of it.
| | 01:51 | So this is a really good long read.
| | 01:53 | The only downside to it is
that it's kind of exhaustive.
| | 01:56 | There's a lot of information there.
| | 01:58 | So I recommend coming in and using the
search feature, and if you want to find
| | 02:01 | out about podcast, you can just click
on that and hit Return and there you are.
| | 02:07 | So you want to find out how to view
wiki services or how to view a podcast, you
| | 02:11 | just come here, click on it and
it tells you exactly how to do it.
| | 02:14 | Really, really good help system, just
like the rest of the really awesome help
| | 02:18 | system that's built into the
entire server product this time around.
| | 02:21 | We had a search feature here.
| | 02:23 | This is going to search all of the
content on our wiki server, and down here,
| | 02:28 | this is sort of the Home page for the wiki.
| | 02:30 | And it starts off with this Welcome
to Mac OS X Lion Server stuff, and all
| | 02:35 | of this is changeable.
| | 02:37 | You can change every last bit of this
and make this a completely custom site by
| | 02:41 | just clicking this pencil button and
going into an editing screen like this, but
| | 02:45 | we are going to get into how to use
all those tools in the very next movie.
| | Collapse this transcript |
| Editing the home page| 00:00 | In the last movie, we got to and
navigated around within this wiki server.
| | 00:05 | I wanted to show you how to edit this homepage,
because like I said, this is all placeholders.
| | 00:09 | So if we click the Pencil button here,
we get in and we are able to edit, and
| | 00:13 | you can see this is set up as a table
and if you select this, you can delete the
| | 00:18 | table and you can say, all right,
that's going away and you can click on this
| | 00:21 | and you can delete that and that's
going away and these are useful links.
| | 00:25 | I'm going to leave these links down
here at the bottom and I'm going to get rid
| | 00:29 | of all of that and come back here.
| | 00:31 | So, I want to start off by
welcoming people to my site; nice and easy.
| | 00:36 | Next thing we're going to do
is add an image to the page.
| | 00:39 | We'll click the Add an image button up
here and click Choose File and what we'll
| | 00:44 | do is we'll navigate back to a sites
folder that I've got just here on local
| | 00:47 | hard drive with some images and
here and down here. There we go.
| | 00:54 | That's one I was looking for.
| | 00:55 | I've got a banner right there;
| | 00:56 | I'm going to click Choose and I'm
going to click Upload and there's my little
| | 01:00 | banner and I can put some more text in here.
| | 01:06 | And so, we're just going to invite
people to come into the wikis and let us know
| | 01:08 | what they think and that's all I'm going to do.
| | 01:11 | But I wanted to talk to you
about other stuff that we could do.
| | 01:14 | So we can upload attachments;
| | 01:16 | we can choose a file here, for example,
and I could come in here and I could
| | 01:20 | upload this catalog Photoshop document and
say okay choose, I am going to upload that.
| | 01:25 | Cool!
| | 01:25 | And I'm going to also come down here
and hit Return a couple of times and we'll
| | 01:30 | also edit this and we'll add a quick
little movie file, which I've got located
| | 01:37 | in a different location over here.
| | 01:38 | All right, and now that I've got my
catalog.psd file in here and I've got my
| | 01:48 | movie file attached, I attached those in the
special ways that they need to be attached.
| | 01:52 | So now we've already seen attaching a
file that can't be represented on the
| | 01:56 | wiki, because Safari doesn't
know how to render PSD files.
| | 02:00 | So I did that as an attachment
with our little paperclip button.
| | 02:02 | I attached our JPEG up here or
groundswell navigation bar up here with our
| | 02:08 | little picture tool and then I
attached the movie down here with our little
| | 02:13 | Media tool and that's cool.
| | 02:16 | You saw me deleting a table earlier.
| | 02:18 | If we want to add another table, we can
click on that button there and then this
| | 02:21 | button here allows us to add snippets
of prewritten HTML if we happened to have
| | 02:26 | those snippets already around.
| | 02:27 | So if you're an HTML coder, you
like to do that sort of thing.
| | 02:30 | You can just throw your own
HTML right in there like that.
| | 02:33 | And then on this side of the bar, we
have all of our little text editing tools.
| | 02:36 | So we've got our Paragraph tool
and we got our Character tool.
| | 02:39 | We can even create links just as we've
done in the past and we've also got the
| | 02:43 | ability to justify our text and we can
create bulleted numbered lists that's
| | 02:48 | sort of thing and we can create in
dense and out dense right there, all the
| | 02:51 | standard page editing kind of
stuff that you would expect.
| | 02:53 | So we click Save whenever we finished
entering our information and you'll notice
| | 02:57 | that we've kept some functionality from
previous iterations of our wiki server.
| | 03:02 | For example, PSD is not renderable by
Safari at all, but we do have Quick Look still.
| | 03:07 | So if I press the Quick Look button, the
Quick Look generator on the server will
| | 03:11 | render our PSD file for us so we can
see it full-screen there and that's really
| | 03:14 | nice and then down here
we have our movie embedded.
| | 03:17 | If we click on it, it's going to load for us;
| | 03:20 | it'll take a couple of seconds to load,
because it's a big movie, but we also
| | 03:24 | get some really nice Web Player tools in here.
| | 03:27 | For example, the ability to go full
screen with a movie with a tool right there
| | 03:31 | embedded in the wiki that's really, really cool.
| | 03:35 | So we got some really nifty
surfing video now on our front page.
| | 03:39 | We've got our banner right
up here, we've got a welcome.
| | 03:42 | I like where we're right now.
| | 03:43 | So I'm going to lock that down and log
out and if we wanted to log in, do more
| | 03:48 | services, we can click Log in right there.
| | 03:50 | But with everything, I've still got my
links down here on the bottom which are
| | 03:54 | going to help me out a lot, I've got my
link to our Profile Manager, I've got a
| | 03:57 | link to the Change Password
page, a link to the Calendar.
| | 04:01 | We're going to explore each of
those links in the next set of movies.
| | Collapse this transcript |
| Creating a new wiki| 00:00 | So we've seen how to edit the
homepage, now are going to create a wiki.
| | 00:04 | We are going to do that in Safari.
| | 00:06 | We are going to go to server.
groundswellgear.com, we go to our Home Page, and
| | 00:11 | the first thing we need
to do is log in as a user.
| | 00:13 | I am going to log in as an administrative
user, so that I have access to create wikis.
| | 00:18 | Of course, we also created that extra
group that has access to create wikis, but
| | 00:23 | I am going to log in as an administrator.
| | 00:24 | I am going to login as serveradmin,
and I'm going to click Log in.
| | 00:28 | I'm not going to check Remember me,
however, because I want to switch back and
| | 00:31 | forth between several
different users. I'll click Log in.
| | 00:34 | All right, so we now have access in here
| | 00:37 | Next, I want to click on our Home
button and we're going to go to wikis.
| | 00:42 | From within wikis, I would like to
click the plus button and I am going
| | 00:47 | to create a new wiki.
| | 00:48 | I am going to create the name of the new wiki
here, we are going to just call this Surfing.
| | 00:53 | And the description going to be simple,
and I am going to upload a simple image
| | 00:59 | here just to be part of this.
| | 01:01 | So I found this small icon that I wanted to use.
| | 01:04 | I am going to click Choose
there and click Upload. Cool!
| | 01:06 | So my icon is in place,
now I am going to click Next.
| | 01:10 | Now I can set wiki access
for different levels of users.
| | 01:13 | So right now, sever admin is the
owner and nobody else has access.
| | 01:16 | If I wanted to just let everybody
who's logged in have Read access and all
| | 01:20 | guests have Read access, I can do that easily.
| | 01:23 | If I want to make someone else an
administrator, may be I want someone else
| | 01:25 | to be able to write into this, I can
do so by just typing that user's name
| | 01:30 | and selecting them.
| | 01:32 | So Justin and Paige both are going
to be given Read & Write access, and
| | 01:36 | we'll click Create.
| | 01:39 | Next, we click Go to Wiki and
now we are in our Surfing wiki.
| | 01:45 | That's how you create a wiki.
| | 01:46 | We already know how to edit, we click
the pencil button, right there, we get our
| | 01:49 | familiar editing bar across the top here.
| | 01:52 | This editing bar stays the same, no
matter what you're trying to edit, whether
| | 01:55 | it would be the Home page, a wiki or
a blog, so that's going to be the same
| | 01:57 | from one to the next.
| | 01:58 | And if you want to control Settings, you
always are going to go up here to the gear;
| | 02:03 | you are going to see these controls
repeat themselves from wikis to blogs
| | 02:07 | throughout the entire wiki system.
| | 02:09 | So if I wanted to go to Settings, I
could upload a new image, I can modify my
| | 02:14 | permissions, I can even give different
permissions for comments, for example.
| | 02:19 | I can also enable a calendar just
for this wiki, and I can enable a blog
| | 02:24 | just for this wiki.
| | 02:25 | If I click down here on About page,
I have the opportunity to change my
| | 02:30 | sidebars for the About page.
| | 02:33 | If I click Create, it allows
me to create a custom sidebar.
| | 02:36 | I am going to create one based on
surf and the tag is going to be surf.
| | 02:41 | So any pages that I create that are
tagged with the word surf will show up
| | 02:44 | in that sidebar set.
| | 02:46 | I click Save to save my settings.
| | 02:48 | Now I've got a quick link to the About page.
| | 02:51 | My Documents for this particular wiki,
my Calendar page for this wiki, and a
| | 02:58 | More link that takes me to blogs
and a Special page just for tags.
| | 03:04 | So that's creating a wiki here in X 7 server.
| | Collapse this transcript |
| Creating a personal blog| 00:00 | So we have seen how to create a wiki.
| | 00:02 | Now I would like to the show you how to
create a personal blog for an individual user.
| | 00:06 | I am going to open our wiki backup, and
I'm going to log out and I am going to
| | 00:12 | hit the Home page, and I am
going to log back in as a person.
| | 00:17 | I am going to Login as justin
and I am going to click Log In.
| | 00:21 | Now you will notice that it didn't
really do anything, I didn't go any were else.
| | 00:24 | If I come over here, click on My Page, and
I click on the gear and I click Settings.
| | 00:30 | I can go to Services and under
Services I can click on the Blog link.
| | 00:34 | If I do that and click Save,
it will create a blog for me.
| | 00:38 | Now I can upload an image just for me
if I wanted to do that. That'd be fun.
| | 00:44 | There we go.
| | 00:46 | It's got my email address.
| | 00:47 | It's pulling all of this from
our open directory database.
| | 00:50 | Right now, All logged in users have No access.
| | 00:52 | I am going to give them Read access
and going to say Authenticated users
| | 00:56 | can comment, and I am not going to do any
kind of Moderation, click Save on that one.
| | 01:01 | After checking my settings, click and
save one last time for good measure, and I
| | 01:05 | am going to pop back out into my personal page.
| | 01:08 | Now you will notice up here
along the top now I've got my Blog.
| | 01:12 | If I click on the Blog, all I need to
do is click plus >New Blog Post in My
| | 01:17 | Blog, Title, click Add, and here's my blog post.
| | 01:23 | How I got to the fair.
| | 01:27 | Hit Save, and there's my first blog post.
| | 01:30 | I come back Justin Case, you can see
here we have Recent Documents there, I have
| | 01:35 | got History, it's not showing me
anything in that History, but if I come back to
| | 01:38 | the Blog, I can see here
is How I got to the fair.
| | 01:41 | And there is the post.
| | 01:42 | I would like to use this
opportunity to talk about Document Info.
| | 01:45 | We have access to Document Info in both
wikis and the blogs, but I want to talk
| | 01:49 | about it right here, because
we've got it here and it's convenient.
| | 01:52 | The Tags are available here.
| | 01:54 | We can add a new tag.
| | 01:55 | So this is obviously about surfing.
| | 01:57 | So I am going to create the tag surf
and hit Return so that pops a surf in
| | 02:01 | there as a tag for this.
| | 02:02 | That's going to help me with searching
later on in this search field or in other
| | 02:06 | search fields elsewhere in the wiki.
| | 02:08 | I can click and say what things are
related like for example, if Justin is
| | 02:12 | related to Paige in someway, I can click Paige.
| | 02:14 | That'll link them for searchability.
| | 02:16 | We can add Comments and anybody else
who is authenticated, because I have
| | 02:20 | changed that setting, can add comments in here.
| | 02:23 | So I've just made a funny
comment on my own posting there.
| | 02:27 | I can also have email sent to me
whenever a Document is updated or when
| | 02:31 | a Comment is added.
| | 02:32 | That way I don't have to constantly
reopen this document in order to see if
| | 02:36 | somebody has added anything or edited something.
| | 02:38 | I can get notifications in email
based on the email address that I put into
| | 02:43 | the Server app users interface based
on whatever the document is updated or
| | 02:47 | when a comment is added.
| | 02:48 | So these are pretty convenient things to have.
| | 02:50 | In the next movie we are going
to talk about web-based calendars.
| | Collapse this transcript |
| Using the web calendar| 00:00 | Mac OS X servers have the ability to do
web calendaring for a while, but we've
| | 00:04 | got some neat new features now.
| | 00:06 | Let's open up Safari and take a look at them.
| | 00:09 | Come back here to our homepage and
let's log out and be sure that we are logged
| | 00:16 | in with the user we want to log in with.
| | 00:17 | I want to log in with Justin right now,
because we've added him into a few
| | 00:21 | different things as we have
been going through these movies.
| | 00:25 | So we are logged in as Justin.
| | 00:27 | If I click down here on the Calendar link,
you will see that the link up here at
| | 00:32 | the top, it's our domain name, /
webcal, and it tells us that this is the
| | 00:36 | Calendar for Justin Case.
| | 00:39 | So if we click on the 12th here
and we are suddenly in August.
| | 00:42 | If we click in the box and we create
a New Event just by clicking there;
| | 00:46 | we didn't have to do anything else.
| | 00:47 | I am fond of lunch, so I'm going to put Lunch
in here and we will do lunch at the Lunch Room.
| | 00:53 | And it's not an all day event, not at all.
| | 00:55 | We are going to make this happen at 12:
00 o'clock PM and it will shift to 1:00
| | 00:59 | o'clock PM for the End Time and we are
going to leave it on my Calendar here on
| | 01:03 | the server and I'm going to make that
Repeat>Every week and it will end, let's
| | 01:12 | have it End, now let's have it
end back over here. So we click OK.
| | 01:16 | So we get a couple of repeating
calendar events. That was fun.
| | 01:19 | That was basic calendar
functionality. That's all cool.
| | 01:21 | If we click on settings over here
we can set our Timezone useful, our
| | 01:26 | Availability if we only want to be
available weekdays 8:00 AM to 6:00 PM, we
| | 01:29 | can totally do that.
| | 01:30 | We can Start our week on a Sunday as it
is normal and then we can add Delegates.
| | 01:34 | If we say you know what I'm logged in
as Justin and I want Paige to be able to
| | 01:38 | get to my stuff and I want Oliver to
be able to get to my stuff as well and I
| | 01:44 | want Paige to be able to Read/write but
I want Oliver to only be able to Read.
| | 01:49 | I can set that right here on the web calendar.
| | 01:51 | So that's pretty convenient stuff.
| | 01:53 | But then do you remember how we created that
resource that Front Conference Room resource.
| | 01:57 | Well, if I wanted to book the
conference room for a period of time, all I have
| | 02:00 | to do is flip over by clicking on that
link up at the top and say I'm going to
| | 02:04 | do a training that's going to last all
day long every day for the whole week
| | 02:09 | of the 18th of the 22nd and that training is
going to be on, well, what else, Lion Server.
| | 02:14 | And of courser the Location is the
Front Conference Room and we go OK.
| | 02:20 | So that blocks off the Front Conference
Room force right there and if I wanted
| | 02:24 | to do something like create notes on that
I could say something like that. Click OK.
| | 02:31 | So now that resource is
blocked off for that period of time.
| | 02:35 | So that's a brand-new feature here,
calendaring with web resources here in the web calendar.
| | 02:40 | I am going to go back to My Calendar
here, because I'm logged in as Justin Case
| | 02:44 | and you can see this now here.
| | 02:47 | So we've configured some lunch
appointment for Justin, we've set aside a
| | 02:50 | conference room in the shared schedule.
| | 02:53 | Let's look at Paige's schedule.
| | 02:56 | Paige had let us look at her schedule
and look at that Paige has a lunch event
| | 03:00 | right here that was pre-scheduled.
| | 03:02 | We put that into the calendar before
and we can even look at the attendees, if
| | 03:05 | we wanted at an attendee to Paige's
because she gave us write access as Justin,
| | 03:10 | I can say, I'm going to add Oliver here
and let's look at Oliver's availability.
| | 03:16 | So let's take back and say OK.
| | 03:20 | So now we have got Oliver out there
and we can put some more notes in here.
| | 03:23 | We can say and come back here to
general and Location I will just put Corner
| | 03:31 | Caf? with a question mark
there and we will click OK.
| | 03:35 | So we are logged in as Justin, we've
edited Paige Turner's calendar, we can
| | 03:39 | switch back to my calendar here as
Justin, go back over here to my days here in
| | 03:45 | August, and we can see that we've
got our lunch still configured here.
| | 03:48 | So there you go, that is entering and
editing information in the web calendar
| | 03:53 | here in Lion Server.
| | Collapse this transcript |
| Enabling the web service| 00:00 | Now that we've talked about all of the
different web apps that are available
| | 00:03 | through the wiki and blog system and web
calendar, we've talked about just about
| | 00:08 | everything, but we haven't really
addressed putting your own website up on your
| | 00:13 | Mac OS X Server and getting it
served up by the web service.
| | 00:16 | So let's get that done right now.
| | 00:18 | Now before we get started I want to point out
that we have a Default.zip file on the desktop.
| | 00:23 | That file contains a folder that contains the
website we're going to be using in this movie.
| | 00:29 | That is in our Exercise Files and you
can use the same thing as you follow along.
| | 00:35 | We're going to come down
here and open up our Server app.
| | 00:38 | That time I just chose to click on it in the
Dock, and we're going to go to the Web service.
| | 00:43 | We're also going to remember to wait
for the gear down here to stop spinning so
| | 00:47 | we can see all of the stuff
that's running on our system right now.
| | 00:50 | All right, now that the gear
stopped spinning, we can click over here.
| | 00:54 | Here in the Web service we don't
have that much that we can control.
| | 00:57 | We only have an ON/OFF switch and we
have our controls over our websites and
| | 01:02 | whether or not we want to turn on PHP.
| | 01:04 | If you have PHP web applications, just
put a check in the checkmark box and it
| | 01:08 | will be turned on for you.
| | 01:10 | If you come here to your default
website, I'd like to point out two things.
| | 01:13 | One is, this is the fully
qualified domain name of the site.
| | 01:17 | It matches the fully
qualified domain name of our server.
| | 01:21 | However, because of the work we've
done on network solutions to point our DNS
| | 01:26 | so that we've got mail.groundswellgear.
com and www.groundswellgear.com and just
| | 01:32 | groundswellgear.com to our external IP
address, anyone who goes to any of those
| | 01:36 | addresses in Safari or any web
browser will hit that external IP address on
| | 01:41 | Port 80 or Port 443.
| | 01:42 | 80 would be unsecure web traffic
and 443 would be secure web traffic.
| | 01:48 | And because those get forwarded through
to this server, they will get whatever
| | 01:52 | site is located here.
| | 01:54 | Even though the names look different and
because we bought our UCC cert, if it's
| | 01:59 | SSL-encrypted, everything will
just pass through and work just fine.
| | 02:03 | So we're going to click on the Pencil
button down here in order to see the
| | 02:08 | default configuration of this site.
| | 02:10 | And you can see there's not a lot you can do.
| | 02:12 | All of this is not configurable.
| | 02:15 | So we don't get the opportunity to
change the IP address or the port number or
| | 02:19 | where the site files will be stored.
| | 02:22 | In fact, we can't even
control who can access it from here;
| | 02:24 | that's somewhere else.
| | 02:25 | But we can allow our users
to change their passwords.
| | 02:29 | And this is just an additional
feature here in the Web service.
| | 02:33 | So once you've turned that on people
will be able to access your website, go to
| | 02:36 | the proper link, and change their
passwords for themselves right there in the
| | 02:40 | middle of the web interface.
| | 02:41 | That could be very convenient.
| | 02:43 | Now I want to point out this
link that's right down here.
| | 02:46 | Before we've clicked Done or anything or
even turned on the Web service, we have
| | 02:50 | this link that allows us to
view the Document Root Contents.
| | 02:54 | So what does that mean?
| | 02:55 | Well, let's click on it and I'll
take a look here and we will tell you.
| | 02:58 | And I'll drag this out so we
can see the pathway more easily.
| | 03:01 | This gives us a link to the directory
where our website is actually stored.
| | 03:07 | So if we wanted to put our custom files,
I'm just going to change the width of
| | 03:11 | these columns here so you can see the
entire path if we can get it all on screen here.
| | 03:16 | If you drop your own custom site
into this area here called Default, then
| | 03:21 | whenever somebody goes to server.
groundswellgear.com in Safari or
| | 03:26 | www.groundswellgear.com, they
will hit whatever site is in here.
| | 03:30 | So all you have to sure of is that
you've got a website configured and that it
| | 03:34 | has an index.html file in it so
that the system can find that for you.
| | 03:38 | So let's scroll all the way back
here and look at where we're going to.
| | 03:41 | So the default Web directory is in
Server HD>Library, and I'm going to scroll
| | 03:48 | down here and look at where
the next one is. So there it is.
| | 03:52 | So we can see here, it starts at
Server HD>Library>Server>Web>Data>Sites, and
| | 04:00 | then inside of Sites, we go to Default.
| | 04:03 | The Default directory by default will
go to that front page that we've seen
| | 04:08 | several times so far with the big blue globe.
| | 04:10 | It's the default Mac OS X website actually.
| | 04:14 | It's got this graphic in
it so you can recognize it.
| | 04:16 | When we drop our own site
in here, that will go away.
| | 04:20 | So off camera because this is
not a website writing class;
| | 04:25 | we've actually pulled together a quick
website here for groundswellgear and I've
| | 04:31 | put it in this Default.zip file
just to make it nice and small.
| | 04:34 | But here inside of this Default
folder I've got everything I need.
| | 04:37 | So all I need to do is drag-and-drop
this over into the correct web root and I'm
| | 04:44 | just going to click Apply to All and Replace.
| | 04:47 | That's going to put
everything we need right in here.
| | 04:50 | So the next thing I'm going to do
is I'm going to remove all of these
| | 04:54 | default.htms just so we don't end up
serving up the wrong stuff to our customers.
| | 04:59 | So now when people go to our site,
they're going to hit our index.html page.
| | 05:05 | So the next step we have to go through,
let's close all this back down, is we
| | 05:10 | click Done on the Web service and
we'll need to turn on the Web service once
| | 05:15 | that screen goes away.
| | 05:16 | So all we need to do to turn it on
is click the ON button right here.
| | 05:20 | Here this is wonderful, because we've
got our AirPort Extreme Base Station
| | 05:25 | tethered to our Mac OS X Server, it
knows that we're going to need to poke a
| | 05:29 | hole in the port forwarding there.
| | 05:32 | So it just asks us if we want to do that.
| | 05:34 | All we have to do in order
to allow it is click Allow.
| | 05:37 | Wait for the gear at the bottom of the
screen to stop spinning and when it does,
| | 05:41 | and you get your indicator light on
the Web, we should be ready to go.
| | 05:45 | I'm going to go to the added step of
coming down here to the Lion AirPort
| | 05:48 | Extreme Base Station and just checking
to make sure that lo and behold, our Web
| | 05:53 | service was added to the
publicly available services.
| | 05:56 | At this point, it's a great
idea to always check your work.
| | 05:59 | I'm going to open up Safari and we're
going to go to our website. So let's do that:
| | 06:05 | server.groundswellgear.com.
| | 06:09 | It automatically redirects us to our
secure site, because we've got our SSL
| | 06:14 | certificate in there.
| | 06:15 | So people can see right here where we
got our certificate and that it is valid.
| | 06:20 | People who are surfing our website can
know that everything is encrypted in the
| | 06:24 | tunnel between them and us.
| | 06:25 | So it's a nice safe connection.
| | 06:27 | The other thing I'd like to point out
is we did something to this front page
| | 06:30 | just to make it more functional and you
should probably think about doing the same thing.
| | 06:35 | Normally, we would have a Terms and
Conditions and a Privacy Policy and
| | 06:38 | those types of things at the bottom of this
type of document, but we added a few links.
| | 06:43 | We added a link to our Wiki which is
just our fully qualified domain name /wiki.
| | 06:49 | We added a link to our Webmail which
we don't have turned on yet, but when we
| | 06:53 | do, that'll be a nice convenient
link for people who visit our site.
| | 06:56 | Webcal, that'll get us to our calendars.
| | 07:00 | Again, this is password-protected, so
not everybody is going to be able to get
| | 07:03 | in there, but our people will.
| | 07:05 | And lastly, the My Devices link.
| | 07:07 | This is something we added on our own,
this isn't on the default Mac OS X
| | 07:11 | Server webpage, but I think this is
very useful because by going to our
| | 07:15 | webpage, our employees and folks who
want to enroll their devices with our
| | 07:19 | server can easily get here, navigate in,
authenticate as themselves, click Log
| | 07:25 | In, and then enroll their devices.
| | 07:26 | So that's a nice link to have there
right on the front page. There you go!
| | 07:30 | That's all you need to do to get your
website served up by Lion's Web Server.
| | Collapse this transcript |
|
|
13. MailHosting an email server to maintain control over your messages| 00:00 | Anyone watching this movie is going to
know what an email is and they're going
| | 00:04 | to know how they use email.
| | 00:05 | So you probably got that part.
| | 00:08 | But if you are a small business owner
or you have no technical background with
| | 00:12 | mail, you probably don't know how it works.
| | 00:16 | So what we are going to be doing in
this chapter is setting up a mail server.
| | 00:21 | You're used to using a mail client.
| | 00:23 | The mail client is going to log into a mailbox.
| | 00:26 | Well, that mailbox is located on
the server and it will be sending mail
| | 00:30 | messages to people.
| | 00:31 | Well those mail messages that are sent
will be sent through an email server,
| | 00:36 | and out on the Internet there are lots
and lots and lots of email servers that
| | 00:40 | all know how to talk to each other because
of the way DNS is structured on the Internet.
| | 00:45 | So in our Fundamentals chapters at the
beginning of this title, we talked about
| | 00:49 | setting up DNS records and when we set
up our MX record that was the record that
| | 00:54 | was necessary to tell Internet-based
email servers where to send messages when
| | 01:00 | they go to our domain.
| | 01:01 | So as long as our fundamentals are set
up ahead of time, turning on our mail
| | 01:05 | server is a relatively trivial thing.
| | 01:08 | Configuring some advanced settings can
be interesting and fun, but all of this
| | 01:13 | is stuff that we're going to
get through in this next chapter.
| | 01:16 | It doesn't take that much time and I am
excited to show you, so let's dig in to
| | 01:19 | setting up your Lion email server.
| | Collapse this transcript |
| Enabling mail service| 00:00 | Mac OS X Server has always come with a
mail server and we've gone through many,
| | 00:05 | many iterations of different mail
server packages on the backend, but Apple has
| | 00:09 | always tried to provide a good mail
server solution for those who wanted it in a
| | 00:13 | small workgroup or a small office environment.
| | 00:16 | This version is no different.
| | 00:17 | We've got a great mail server and
we've also got a fantastic Webmail client.
| | 00:21 | I am going to show you how
to set those up right now.
| | 00:23 | I am going to go into the Server app
and we're going to wait for our gear to
| | 00:30 | stop spinning here at the bottom,
make sure that we've got all our setting
| | 00:33 | up-to-date, and once that's finished, we
come over here and we click on the Mail Service.
| | 00:38 | There are only a few options
we can really work with here.
| | 00:41 | But we're going to talk about them briefly.
| | 00:43 | So the first thing is,
you can change the domain.
| | 00:46 | I don't recommend changing the domain,
but you can certainly come in here and
| | 00:50 | change it if you wish.
| | 00:51 | groundswellgear.com, we went to
a lot of trouble to set up our
| | 00:54 | foundations properly here.
| | 00:56 | So I would definitely not change this,
but the feature is available there.
| | 01:01 | You can also set up Mail Relay
through another company or another
| | 01:04 | Internet Service Provider.
| | 01:05 | If you are behind an Internet Service
Provider that does not allow SMTP to go
| | 01:10 | out through their network, they probably
have some sort of SMTP Relay available,
| | 01:17 | and so you will put in their fully
qualified domain name that they gave you, you
| | 01:21 | will have to contact them and some
of them may require authentication.
| | 01:26 | You can also provide some sort of
limitation of how much space on the hard drive
| | 01:31 | of your server each mail user can
utilize for their primary mail store.
| | 01:36 | Since we're going to be using IMAP
instead of POP for our mail for most of our
| | 01:41 | users if not all of them, it's very
important that we provide some kind of
| | 01:45 | limitations so that the users don't fill up our
internal hard drive and make our server crash.
| | 01:51 | So we're going to limit this, I think
200 megabytes isn't bad, but I'm going to
| | 01:56 | limit this to something a little bit
higher, I am going to go up to 750.
| | 02:00 | I'm also going to enable the Webmail service.
| | 02:03 | This is going to turn on
the RoundCube Webmail client.
| | 02:07 | We are going to show how to configure
that and tweak it later on, but turning it
| | 02:10 | on is just a matter of clicking that
checkbox, and then lastly down here, we
| | 02:14 | have the ability to edit
some filtration settings.
| | 02:17 | The only thing that's turned off
here that I would do beyond going with
| | 02:21 | the defaults for filtering and
junk mail and viruses is I would also
| | 02:25 | enable a blacklist.
| | 02:26 | A blacklist server is going to check
with, in this case zen.spamhaus.org just
| | 02:32 | to see if mail is coming from a place
that is known to be a source of spam and
| | 02:36 | if it is it will shut it off right there
before it even gets delivered to your users.
| | 02:39 | We are going to turn all
of that on and click OK.
| | 02:42 | Server app will then write out your
Mail Server settings and whenever it's
| | 02:45 | finished doing its little spinning
thing with the gear down here, we are
| | 02:48 | going to click the On button, and
once again because we are tethered to our
| | 02:53 | AirPort Extreme Base Station it's
going to ask if we wanted to custom-write
| | 02:57 | some port forwarding rules so that
our mail server will work through our
| | 03:01 | AirPort Extreme Base Station.
| | 03:03 | We're going to click Allow.
| | 03:04 | All right, so that's how you turn on
and configure the mail service here in
| | 03:08 | Server app and LAN server.
| | Collapse this transcript |
| Working with advanced mail service configuration, including virtual domains| 00:00 | The Mail Service is one of the few
services that Apple has allowed to remain
| | 00:04 | in two different apps.
| | 00:07 | We have the Server app here where we've
already configured our basic server settings.
| | 00:11 | But we also have the Server Admin
program where we can control some more
| | 00:15 | advanced Mail Server settings
and we're going to go in there now.
| | 00:17 | I'm going to quit our Server app and
I am going to go to our Applications
| | 00:21 | folder, scroll down to the
Server folder and open Server Admin.
| | 00:27 | The reason why we have the Server
Administration tools if you are coming to
| | 00:30 | this chapter by bouncing around is because we
downloaded them and installed them separately.
| | 00:36 | If you need to go get them,
remember they're at support.apple.com.
| | 00:40 | Once Server Admin opens up and all the
gears stop spinning and we have our most
| | 00:44 | up-to-date settings, we are
going to click on the Mail Service.
| | 00:47 | Now notice, we've got a green
indicator light next to it already.
| | 00:50 | We didn't need to come in here and
enable the service to be viewable.
| | 00:54 | It all shows up for us automatically
because we have it turned on over in Server app.
| | 00:58 | So there are just two ways
of viewing the same thing.
| | 01:02 | We have our Overview window just as we
normally would, and if we come over here
| | 01:06 | to Settings, I just want
to point out a few things.
| | 01:08 | our Domain name and Host name are
configured properly for us. That's great.
| | 01:12 | Our Push Notification Server was
automatically configured for us correctly, also
| | 01:16 | really, really awesome.
| | 01:17 | We can configure all of the settings we used
to be able to configure in 10.5 and 10.6 server.
| | 01:22 | We can hold outgoing mail, we can copy
all mail to another address, we can even
| | 01:26 | copy undeliverable mail to an
administrator address if we want to.
| | 01:30 | This is actually something I like to turn on.
| | 01:32 | I think this is very, very useful and
what I'll usually do is I'll make this
| | 01:36 | into something like a
server administration address.
| | 01:39 | If you're going to do this you
have to obviously set up the server
| | 01:42 | administration user, the serveradmin
user on our system has mail available for
| | 01:48 | it because we've got the service turned
on in Server app, so all I need to do is
| | 01:52 | put in the email address.
| | 01:55 | So once I've got that configured I
can come over to the next screen.
| | 01:58 | The next thing I'd like to point out
is that right now we've got Accept SMTP
| | 02:02 | relays only from these hosts and
networks unchecked and I really like to
| | 02:06 | check this because I want the server
to only accept relays for sending mail
| | 02:12 | from systems that are either on my local
network or are considered my local host address.
| | 02:18 | So by default, this is set to the
local host range, but it's way too open.
| | 02:23 | So what I'd like to do is focus
this back down on just my address.
| | 02:29 | It's a very, very focused site or
notation that just gives me 127.0.0.0 to
| | 02:34 | 127.0.0.1 and I'll click OK, and then
the next thing I want to do is I want to
| | 02:39 | put in our local address range.
| | 02:41 | So I am going to put in site annotation/
24 which gives us an addressable range
| | 02:47 | that equals the addressable
range on our local network.
| | 02:50 | Our subnet mask on our local
network is 255.255.2550 which gives us our
| | 02:56 | 192.168.19.0 through 19.255.
| | 03:01 | It's just a function of the subnet
mask and the router address and the IP
| | 03:05 | address range that we are in.
| | 03:07 | This is the proper setting for that.
| | 03:09 | This way our server will only accept
sent mail from its local host address or
| | 03:15 | from our own local network.
| | 03:17 | You can see here we've got spamhaus down here.
| | 03:19 | We also have the ability to simply block
anything coming from an email host that
| | 03:24 | we don't want to send a mail to us.
| | 03:26 | So if we are getting a lot of spam
from one address for example, we can just
| | 03:29 | check this checkbox, click plus here,
enter the IP address or the domain name
| | 03:34 | and click OK and it will add it in there.
| | 03:37 | Filters, I really recommend that
you just leave all of these at their
| | 03:40 | defaults, but I'd like to point out
that down here at the bottom this is where
| | 03:44 | we are allowed to turn on server side
mail rules so that people can configure
| | 03:49 | mail to go to specific folders or
things on the server side directly from
| | 03:54 | their Webmail client.
| | 03:55 | So that's how you turn that on
there and it's on by default.
| | 03:58 | You can also turn on Quotas.
| | 04:00 | You can refuse messages that
are larger than a certain size.
| | 04:03 | The default size for the Mail Server
for some reason is 10 megabytes, I think
| | 04:07 | that's very, very small.
| | 04:08 | A lot of businesses will set up their
own Mail Server specifically so that they
| | 04:12 | can receive very large email attachments.
| | 04:15 | Keep in mind that the setting you put
here where it says to Refuse messages
| | 04:19 | larger than a certain size must make
sense given any restrictions you've placed
| | 04:25 | into the server app in the Mail
Settings area related to the amount of space
| | 04:30 | that a user is allowed to
use on your Mail Server.
| | 04:34 | If you set this to not refuse messages
that are over a certain size, there is
| | 04:38 | the possibility that a user could
receive an email message with an attachment
| | 04:42 | that would basically make your server blow up.
| | 04:45 | It would make the server become
unresponsive because the attachment would be too big.
| | 04:50 | So this is a way to keep the server
from having to deal with attachments that
| | 04:53 | are larger than it can really deal with.
| | 04:56 | 10 megabytes is probably a little bit too small.
| | 04:59 | So I am going to take this up and
say we are going to do 100 megabytes.
| | 05:04 | The last place I'd like to take
you is over here under Advanced.
| | 05:08 | Okay, I'd like to point out that by
default Server app configures your Mail
| | 05:12 | Server for CRAM-MD5 for both SMTP and
IMAP and so that's going to be a setting
| | 05:16 | your clients are going to need to use.
| | 05:19 | Additionally, we've already been
set up to use our SSL certificate.
| | 05:23 | You don't need to change this, but this is
another place where you can go to look at it.
| | 05:28 | Lastly, under Hosting, I would like to point
out this checkbox here for a virtual hosting.
| | 05:33 | If you turn on virtual hosting and then
you put in a completely different domain
| | 05:37 | name, so let's say we were going to use
explorecalifornia.org, and we click OK.
| | 05:46 | So once this name is in the locally
hosted virtual domains area here any mail
| | 05:51 | that arrives out on our Mail Server
will be accepted as long as the username
| | 05:56 | exists in our username database and
we can figure all that back over in
| | 05:59 | Server app under Users.
| | 06:01 | That means that now we can receive
mail to Justin for example and Justin can
| | 06:06 | receive mail at justin.groundswellgear.
com and Justin can also receive mail to
| | 06:11 | justin@explore.california.org.
| | 06:13 | The only thing that you need to add in
order to make this work is you need to
| | 06:17 | set up the explorecalifornia.org
domain on the Internet to point to the IP
| | 06:22 | address the same way that groundswellgear
.com points to our external IP address.
| | 06:28 | That's how you control the
advanced features of mail in 10.7 server.
| | Collapse this transcript |
| Using the new webmail service| 00:00 | Probably my favorite new feature in
line server is the new Webmail, and only
| | 00:06 | because we've been asking for
something new and beautiful.
| | 00:09 | For so many years Apple has moved from
SquirrelMail now into something called
| | 00:14 | RoundCube, and I can't
wait to show you how it looks.
| | 00:18 | So we are going to open up Safari, and
once we are in Safari, we are going to go
| | 00:22 | directly to server.groundswellgear.com.
| | 00:24 | That's as if it's your own domain.
| | 00:27 | Just go to your own domain and you are
going to add Webmail to the end of this
| | 00:31 | and you can see here it's got task,
whatever, but I'm going to just go straight
| | 00:34 | to Webmail and that's going to
take me right where I need to be.
| | 00:37 | So you can already see it's a much
cleaner interface right here we've got
| | 00:42 | prettier graphic elements and it tells you
that you're in Apple Webmail right off the top.
| | 00:47 | All you need to do is enter a username
and a password in order to get in here.
| | 00:51 | So I have already sent just in one
email message as page I wanted to show you
| | 00:56 | what that looked like.
| | 00:57 | So I am going to login as justin and
we'll click Login and so this is what it
| | 01:03 | looks like when you first login and
you've got one new email message, here it
| | 01:06 | is, From, Subject, Date, we've all been
doing email for a while now so we know
| | 01:10 | how this works, we click on the message,
we read the message, we see what's all
| | 01:13 | about and we've got these big shiny
pretty buttons up here at the top, so we can
| | 01:18 | put stuff into the Recycle Bin.
| | 01:20 | We have Delete, we have Forward, we can
reply, we can reply to sender, create a
| | 01:25 | new message or check for new messages,
all with the buttons right up here.
| | 01:30 | We also have the ability to
download in an eml format or emlx format.
| | 01:35 | That'll just bring the
entire mail message down locally.
| | 01:39 | We can print, send it again, so just
take it basically and send it out to
| | 01:43 | someone else that's basically the
Webmail's equivalent to redirect, and we
| | 01:48 | can show HTML source.
| | 01:49 | If we wanted to do that, we
could also open it in a new window.
| | 01:52 | Okay, so this is all of the sort of tour of
what this looks like and how this functions.
| | 01:57 | If we open up a new message,
this is a brand-new message.
| | 02:00 | It's going from Justin and you
will notice right here it says
| | 02:03 | justin@server.groundswellgear.com.
| | 02:05 | You'll notice that by default the
system is going to give you the fully
| | 02:10 | qualified domain name of the server.
| | 02:11 | There is nothing wrong with that, but
some folks don't love the way that looks.
| | 02:15 | So I'm going to show you how to change
that in just a second on a per user basis.
| | 02:21 | To start off let's just send something
over to Paige, paige@groundswellgear.com.
| | 02:29 | We don't have to use server., we can
just use groundswellgear.com, DNS is all
| | 02:33 | configured correctly so don't' worry
about that, and Subject, and we are
| | 02:40 | going to send something from Justin here
real quickly, and we're going to click Send now.
| | 02:47 | Message is sent successfully.
| | 02:51 | It goes off into the ether and now
Paige's mailbox will be listing a new
| | 02:55 | message from Justin.
| | 02:57 | So that completes our tour of the
email portion of this interface.
| | 03:01 | I just want to give you a brief tour of
the Settings area and then we'll be done.
| | 03:05 | So here in Preferences you can
control aspects of your user interface, how
| | 03:11 | you're viewing, your mailboxes,
preferences for composing messages and
| | 03:15 | displaying them and then you can set
up special folders so you can change
| | 03:19 | the names of various folders and we
can add a few special server settings,
| | 03:24 | we'll talk about those in a little
bit, but I wanted to also talk about
| | 03:26 | server side folders.
| | 03:29 | In the Folders section, we can add
additional folders or remove them on the
| | 03:33 | server level that's awesome.
| | 03:35 | We can also edit our identities and this
is where I wanted to show you how could
| | 03:39 | change the identity so that
it doesn't include the server.
| | 03:43 | in front of groundswellgear.
| | 03:44 | If you just come over here to E-Mail and
you select this part right here and hit
| | 03:47 | Delete from that point forward
Justin's email address is just going to be
| | 03:52 | justin@groundswellgear.com.
| | 03:54 | Click Save and there you go.
| | 03:57 | That's now been changed.
| | 03:58 | So that makes that very easy.
| | 04:00 | We also have a nice signature area here
and we can compose HTML signatures if we
| | 04:04 | want to, so that's very pretty, and
over here under Filters we can create
| | 04:09 | special filter sets that use those
custom folders that we may have created so
| | 04:14 | that the server can on its
own send things back and forth.
| | 04:18 | So there is our brief tour of the
new RoundCube-based Webmail here in Lion Server.
| | Collapse this transcript |
| Connecting to Mac OS X server mail| 00:00 | When you're setting up a client
computer, at least a Mac client computer
| | 00:04 | to connect up to your Mail Service, you're
going to be presented with a Setup Assistant.
| | 00:09 | So let's get in there and see how to
configure your mail client to connect to
| | 00:12 | your Mac OS X server mail server.
| | 00:14 | The first thing you will see is Welcome
to Mail and you'll have to put in your
| | 00:18 | Full Name, your Email
address, and your Password.
| | 00:20 | I am logging in as Justin.
| | 00:27 | When I click Continue, it takes us to
the next screen where we have to choose
| | 00:31 | whether we are setting up POP, IMAP or
Exchange, well we are clearly not setting
| | 00:35 | up Exchange and we don't want to use POP
we are going to use IMAP instead and we
| | 00:39 | are going to put in a brief description.
| | 00:41 | I am just using GSG for Groundswell Gear.
| | 00:47 | Incoming Mail Server is going to be
our fully-qualified domain name, and
| | 00:56 | the User Name and Password is already there
because we put it in before, click Continue.
| | 01:00 | If you have problems where your
Setup Assistant is hanging or it can't go
| | 01:06 | further or if it says that SSL is not
enabled or whatever, you probably have a
| | 01:10 | problem with your SSL certificate, you
are going to want to go back and look at
| | 01:13 | that and try to get it set up properly.
| | 01:15 | So brief description here, and again
the fully-qualified domain name of the
| | 01:22 | server, and our server of
course requires authentication.
| | 01:27 | So we are going to check the checkbox
and because we entered the information
| | 01:31 | before, it carries that User
Name and Password forward for us.
| | 01:34 | Don't need to change that at all.
| | 01:35 | Just click Continue.
| | 01:37 | It's telling us here that we found the user.
| | 01:39 | Fantastic, we've actually logged in
successfully to the server using SSL.
| | 01:44 | It's on for both sending and receiving
everything looks great so we'll just hit Create.
| | 01:49 | And as soon as we do we log into mail
and here we go, here is Justin's Inbox.
| | 01:54 | If we click on the message, there is
the same message that we saw whenever we
| | 01:57 | logged into the Web client and this
just brings up an important point.
| | 02:01 | It's the same thing.
| | 02:03 | Whenever you're in the Web client or
you're in a client system here or even
| | 02:06 | connecting from your iPad or
your iPhone it's all the same mail.
| | 02:10 | These are just different
windows into the same universe.
| | 02:13 | So here's the message that we got from
Paige and if I wanted to hit Reply, I
| | 02:17 | can reply, I just hit Reply All, but
I could have just hit the Reply button
| | 02:20 | just as easily and I can say Hi Paige,
I already sent you a different email
| | 02:31 | about where I'd like to go. Let's see MacBeth.
| | 02:37 | Justin, and there we are.
| | 02:40 | So I have sent Paige our response now
and I can go into a different user account
| | 02:45 | and login as Paige and look at that and
see those responses, but this shows you
| | 02:49 | exactly how to connect up your
Mac OS X Mail Client to Lion Server.
| | Collapse this transcript |
|
|
14. PodcastingDifferences between Podcast Producer and Podcast Publisher| 00:00 | In 10.7, in Lion and in Lion Server we
have some really neat podcast tools now.
| | 00:06 | We always had Podcast Producer Server,
not always, but in 10.5 and 10.6, we had
| | 00:10 | Podcast Producer Server and that
was a great tool if you were a big
| | 00:14 | organization or a university and you
needed to get a whole bunch of podcast
| | 00:19 | material post processed and uploaded to
a bunch of different locations and you
| | 00:24 | needed to do it all automatically.
| | 00:26 | Starting back at the beginning in 10.5,
configuration was really challenging.
| | 00:29 | In 10.6 they made it a little bit easier,
and in 10.7 they haven't changed that at all.
| | 00:34 | So if you want to do Podcast Producer
Server, awesome, but we've got those
| | 00:38 | instructions back in the 10.6 class
and we saw no reason to just say the same
| | 00:42 | thing over again exactly the same way.
| | 00:44 | But what is interesting is Apple has
added some really easy-to-use podcasting
| | 00:48 | tools just for the regular person.
| | 00:51 | Stuff that you can use on your client
Lion Mac without even having a server.
| | 00:57 | if you wanted to just use Podcast
Publisher and you wanted to record a screen
| | 01:02 | capture or record something with your
embedded camera on your Mac and just save
| | 01:05 | it your desktop or email it
to somebody, you can do that.
| | 01:09 | But if you've got OS X server, the
podcast service ties in with that podcast
| | 01:14 | publisher component and allows
you to upload stuff with very little
| | 01:18 | configuration necessary up to your wiki
site into a special podcasting area and
| | 01:24 | it makes the announcement of those
podcasts really easy and there are some
| | 01:28 | really beautiful emails that get sent
out automatically if you want to announce
| | 01:32 | the existence of your podcast to people.
| | 01:35 | All of this stuff super-easy to use, a lot of
fun, I can't wait to get in here and show you.
| | 01:39 | Let's dig in and see how to
configure the podcasting tools.
| | Collapse this transcript |
| Setting up the podcast service and configuring admins| 00:00 | To configure the podcast service, all
we have to do is go into Server app.
| | 00:04 | So let's do our pinch and let's open up
Server, and again we are going to wait
| | 00:10 | for the gears to stop spinning.
| | 00:12 | If you jumped around the title you may
not have been told this before so I'll
| | 00:15 | just mention it again.
| | 00:16 | You're not seeing the next steps at the
bottom because I've clicked this button
| | 00:19 | in order to hide them.
| | 00:20 | All right, so it's done and then come
over here and click on where it says
| | 00:25 | Podcast right there.
| | 00:26 | We only have a few settings that we can
control in the podcast service here in Server app.
| | 00:31 | We'll start off by looking at the
settings here for our service access control
| | 00:35 | list for podcasting.
| | 00:37 | You will notice here it says Podcast
library feeds are viewable by, we can
| | 00:40 | either choose Authenticated
Users, Podcast Owners or Anyone.
| | 00:44 | This is sort of that owner group or
anyone kind of model that we have been used
| | 00:49 | to seeing in the past.
| | 00:50 | If I select Authenticated Users right
here, that simply means that someone has
| | 00:53 | to actually login with a username and
password in order to view the podcast.
| | 00:58 | If I like select Podcast Owners that
just means that only the person who posted
| | 01:03 | the media can login and view the media.
| | 01:06 | And if we select Anyone, which is
probably what a lot of you will want to do,
| | 01:11 | this means that you can publish stuff
up to your own podcast and anyone can go
| | 01:16 | along and subscribe to it and have
it downloaded into iTunes and they can
| | 01:20 | watch it all they want.
| | 01:22 | The second area down here is
where we configure administrators.
| | 01:25 | Now administrators are people who have
the ability to change the settings for
| | 01:28 | the podcast service once
we get into the website.
| | 01:31 | So to do this we click plus , we can
choose any of our users to be administrators.
| | 01:36 | I'm going to select Server Admin and I
am also going to make Paige Turner and
| | 01:41 | Justin Case, admins.
| | 01:44 | You don't have to select
everyone, you can select just a few.
| | 01:47 | It's entirely up to you.
| | 01:49 | Once that's all done, we'll just click on.
| | 01:52 | The Podcast Server starts up and we can move on.
| | Collapse this transcript |
| Working with Podcast Publisher| 00:00 | Once you've set up your Podcast Server
you're going to need to configure some
| | 00:04 | stuff and upload it in.
| | 00:05 | So we are going to use a brand-new
application from Apple, new in Lion that is
| | 00:10 | located in your Applications Utilities folder.
| | 00:12 | We got here by going to Launchpad.
| | 00:15 | It's called Podcast Publisher.
| | 00:16 | We're going to click on it here and open it up.
| | 00:19 | When you do, it'll show
you a brand-new corkboard.
| | 00:21 | This corkboard interface is the
new podcast publishing interface.
| | 00:26 | It's sort of an idea where you know
you can have your media and you can post
| | 00:30 | it up on the corkboard and that sort of a
place where you can get to it and review at.
| | 00:34 | The entire product is designed to
be simple and easy to use like a
| | 00:39 | corkboard would be.
| | 00:41 | You can search through all your podcasts
with a simple search interface over here.
| | 00:45 | You can create new assets by clicking
on this arrow here and if you have a
| | 00:50 | camera attached or embedded in your
computer, you can just select New Movie Episode.
| | 00:55 | If you've got a microphone, you can do
a New Audio Episode that's why that's
| | 00:58 | only available there for us.
| | 00:59 | You can click New Podcast right here if
you want to create a new corkboard which
| | 01:04 | would create a whole different podcast.
| | 01:06 | But we are going to come over here and
click on the name Sean Colins' Podcast,
| | 01:09 | we are going to make a change here.
| | 01:11 | So this is the Groundswell Podcast now.
| | 01:13 | Now to add a new episode, we could
click the plus button right here on this
| | 01:16 | Sticky Note or we could simply go
into the Finder and drag in assets.
| | 01:21 | So I'm going to go to a new Finder
window and our Movies folder where I've got a
| | 01:25 | couple of pre-compressed movies.
| | 01:28 | Now this one is only 13 megabytes and
this one is only 22 megabytes, they're not
| | 01:33 | that big, yet they're
still going to look fantastic.
| | 01:36 | So I am going to drag both of these in
here, I am going to select them both,
| | 01:39 | drag them over the corkboard,
and close my Finder window.
| | 01:42 | As you can see in the background here,
it says it's importing both of those
| | 01:45 | things into our podcast, and when it finishes,
it puts a little pushpin in each one of them.
| | 01:50 | I am going to click on one right here and
it's going to take me directly into the movie.
| | 01:57 | I've got trim tools just like I would
have on an iPhone so I can come in here
| | 02:00 | and I can sort of change my In Point,
maybe I want to be right there where it
| | 02:04 | starts getting exciting and I can
change my Out Point as well. All right!
| | 02:08 | So I am finished there,
I am going to click Trim.
| | 02:11 | There aren't really complex editing tools here.
| | 02:13 | You have the ability to trim your In
and your Out Point. That's about it.
| | 02:17 | But for most people that's
probably going to be enough.
| | 02:20 | For example if you've recorded an
onscreen thing or if you've recorded something
| | 02:24 | with your embedded camera maybe you'd
want to take out the first couple of
| | 02:27 | seconds and the last couple of seconds
because there were stuff going on around
| | 02:31 | you whenever you were every recording it,
but you want to keep the middle, this
| | 02:34 | would be a great tool just for that,
you don't have to use any other editing
| | 02:37 | tools, you'd just use this simply and easily.
| | 02:39 | When you're done you can click the Done
button and it will take you right back
| | 02:42 | here to the rest of your stuff.
| | 02:44 | Let's go into this other one.
| | 02:45 | We'll do something kind of similar
over here and we'll watch him go a little
| | 02:50 | bit, all right, and then we'll click
Trim, there we go and when we are done
| | 02:55 | we just click Done.
| | 02:56 | When we are finished with all of this,
we can go up to the Share menu and we
| | 02:59 | can share everything to our Podcast
Library, but I'd also like to point out if
| | 03:03 | we went into one of these individual
movies, we could also click the Share
| | 03:05 | button here and we could send each
individual episode up to the Podcast Library as well.
| | 03:12 | We can also send things to iTunes.
| | 03:14 | We can send things into an
attachment in a mail message.
| | 03:17 | We could just copy them out to the
Desktop, if we wanted to do something else
| | 03:20 | with them and if we have a Podcast
Producer Server installed at some place, we
| | 03:24 | could send this to a remote
workflow if that was what we wanted to do.
| | 03:28 | We're going to do the Podcast Library
option, but we are going to do it from
| | 03:31 | right back here where we've
got our entire podcast organized.
| | 03:34 | We're going to go up to Share, pull
out the Podcast Library, we are going to
| | 03:37 | authenticate with the Username and Password.
| | 03:39 | I am going to go in as
justin and we'll click Share.
| | 03:48 | This is going to send all of
our content all the way up.
| | 03:51 | Word of the wise, don't send
ridiculously huge content up to your Podcast Server.
| | 03:56 | It's not intended for that.
| | 03:58 | This is intended for short
clips that are easy to digest.
| | 04:01 | So once it's been published, we have the
option of clicking the Announce button here.
| | 04:05 | I just love this.
| | 04:07 | So Announce is going to open up our Mail Client.
| | 04:10 | It's going to open up and
create a brand-new email message.
| | 04:13 | Look at how nice this is.
| | 04:15 | I just love the icon that they used
here and they gave you a handy Subscribe
| | 04:18 | button right at the bottom.
| | 04:20 | I'll send this out to my wife.
| | 04:21 | I am going to copy the Paige account and I
am also going to copy the Oliver account.
| | 04:32 | So we've got our Subject, Announcing
the Groundswell Podcast, we have our
| | 04:37 | button here at the bottom that will link
through and subscribe to this podcast using iTunes.
| | 04:44 | We also have our pcast link here and I
want to talk about that a little bit.
| | 04:48 | You will notice the link starts with
pcast:// instead of http, so it's going to
| | 04:53 | take you right into it as
a podcast feed in iTunes.
| | 04:56 | When we are done with that, all we have to do
is click the Send button and it heads on out.
| | 05:01 | Now that we've sent out that
announcement, we've covered pretty much everything
| | 05:05 | we want to cover here in the Podcast
Publisher application, but we still haven't
| | 05:08 | seen what it looks like in the website.
| | 05:10 | So let's go over and do that now.
| | 05:12 | Let's click on Safari here
and we are going to go to
| | 05:16 | server.groundswellgear.com/wiki, and
from there we are going to click on the
| | 05:22 | Home button and go over to
Podcasts, then we are going to log in.
| | 05:26 | I am going to log in as justin because
we published this as justin, I am not
| | 05:31 | going to remember me because
we're switching back and forth between
| | 05:34 | different user accounts.
| | 05:35 | Click Login and there's our Podcast,
we click on it, we can see the different
| | 05:40 | movies that were uploaded and we
could even come over here and click Play.
| | 05:43 | Now couple of oddities about this
interface that I want to point out, first
| | 05:47 | thing is clicking on a movie doesn't
play it, clicking on a movie extends down
| | 05:51 | and gives you some additional
information about the episode.
| | 05:54 | You can show the description right here
in the exact same way, these two things
| | 05:58 | do exactly the same thing, and then
you see how this turns into a pointer.
| | 06:02 | When you come over here and mouse over
the Play area, you don't get a pointer.
| | 06:06 | It shows up as an insertion point, but
if you click on Play with that insertion
| | 06:10 | point, it does play the movie
and here we can see our content.
| | 06:15 | You'll also notice that we get this
letter box in here which is unavoidable.
| | 06:19 | In our testing, we found no
way of getting rid of that.
| | 06:21 | It is going to be in a square box, even
if you are playing widescreen format stuff.
| | 06:26 | But I do want to show you -- let's close
this and let's get out of Safari entirely.
| | 06:31 | I want to show you going into mail.
| | 06:33 | I am going to go to our Sent messages
and here's that announcement that we sent
| | 06:39 | and it's got the Subscribe
to Podcast button down here.
| | 06:42 | If I click on that, that's going to open up
and this is just as if I were on her computer.
| | 06:47 | She would get this exact same thing
where it would go out, it would find the
| | 06:51 | podcast, it would subscribe to the podcast.
| | 06:54 | You can see I've just double-clicked into this.
| | 06:57 | I am looking at the entire podcast.
| | 06:59 | It automatically pulled down Surfing 05.
| | 07:02 | If I want to get Surfing 07, I can
click GET and if I want to change my
| | 07:05 | subscription settings, I can say, hey,
check for new episodes every hour.
| | 07:09 | Instead of using default settings I want
to download everything whenever the new
| | 07:12 | podcasts are available and keep it all.
| | 07:15 | And click OK and then I can refresh
it and then it will find new stuff.
| | 07:19 | I can click this GET ALL button and it
will download the most recent content.
| | 07:23 | But then from here, I can just double-
click and if I double-click and I pull it
| | 07:27 | up full screen I get a nice full screen
video of our podcast and you see this is
| | 07:33 | the edited version that we put together
where right after he goes over that lip,
| | 07:37 | boom, there goes the surfboard
and we come back here into iTunes.
| | 07:41 | So that was Surfing 05.
| | 07:43 | If we look at Surfing 07,
we get the same effect.
| | 07:46 | If we pull it out of full screen it
will come right back down here into our
| | 07:50 | iTunes window, but these are all
based on our iTunes preferences, right?
| | 07:53 | So we've just subscribed to our podcast.
| | 07:56 | We've seen it in the web, we've
seen it in iTunes, there you go.
| | 08:00 | So now you know how to upload content,
trim it, view it in the web, view it
| | 08:05 | in iTunes, I think you're well on your
way to having a great experience with Lion Podcast Server.
| | Collapse this transcript |
|
|
15. Image DeploymentDeploying software to many Macs at the same time| 00:01 | NetBoot is a service that's
been with us for many years.
| | 00:04 | In Lion it's been updated to deal
with some of the idiosyncrasies and
| | 00:09 | specific needs of the Lion operating system
and the way that it deals with disks and volumes.
| | 00:15 | So what is NetBoot?
| | 00:17 | NetBoot is essentially a service that
allows a Client Mac be it a MacBook Pro
| | 00:24 | or an iMac to boot across the network off of
an image file that's being hosted on a server.
| | 00:31 | The image files are stored within
something called a NetBoot set or an NBI set
| | 00:37 | and that NBI set is used by clients
all over the network to boot up and to
| | 00:43 | either work, to install a new OS,
or to restore a previously configured
| | 00:49 | computer configuration.
| | 00:51 | So let's talk about each of those in turn.
| | 00:53 | NetBoot is there so that you can boot
up your client computer from an image on
| | 00:59 | the server and work and work and work,
save your stuff to a file SharePoint at
| | 01:04 | some place, but you can then shut down
your computer having never even used the
| | 01:09 | internal hard drive on your client computer.
| | 01:12 | A NetInstall set is something that
is used to boot up a computer from a
| | 01:16 | network location, but then you're
going to install a payload that is applied
| | 01:22 | based on the installation media and
that's either going to be based on a DVD
| | 01:27 | that came with your computer if you're
talking about Leopard or Snow Leopard
| | 01:31 | or it could be the Install Mac OS X
Lion application bundle that you download
| | 01:36 | from the Mac App Store.
| | 01:37 | Either way whenever you NetBoot into a
NetInstall set what you'll be presented
| | 01:43 | with is an Installer that is there
specifically and pretty much exclusively to
| | 01:49 | install that operating
system onto your hardware.
| | 01:52 | The third type is a NetRestore set
and a NetRestore set takes a image of a
| | 01:59 | fully-configured Mac that you may
have attached via FireWire or Thunderbolt
| | 02:04 | in Target Disk Mode.
| | 02:05 | It takes all of the data off of that
Client Mac, puts it into a disk image and
| | 02:10 | puts that together into a payload.
| | 02:13 | The NBI set then allows their client
system to boot from that NetBoot set,
| | 02:18 | access the payload that's being held
there and redeploy that payload down to a
| | 02:24 | local hard drive, therefore
allowing you to duplicate one computer's
| | 02:27 | configuration to many
different computers on a network.
| | 02:31 | So those are the three different
use models for the NetBoot service.
| | 02:35 | In this chapter we're going to explore
how to create a NetInstall set and how
| | 02:41 | to install software based on that
NetInstall set onto a Client Mac, so let's get started.s
| | Collapse this transcript |
| Using System Image Utility to create a NetInstall set| 00:00 | In this movie I am going to show you
how to create a NetInstall set so that you
| | 00:04 | can install Lion across your entire
network on whichever system has the
| | 00:08 | capability of booting to the NetBoot set.
| | 00:11 | To start, we had to get a copy of the
Install Mac OS X Lion application from
| | 00:17 | some place and put it on this system.
| | 00:20 | I said some place because it really
doesn't have to be downloaded to this
| | 00:23 | system from the App Store.
| | 00:25 | You could download it to another
computer from the App Store, copy it to an
| | 00:28 | external drive and move it over to this machine.
| | 00:31 | But the point is, you need a copy of
this software on your computer in order to
| | 00:35 | do what we're about to accomplish.
| | 00:37 | I am going to start by doing the
pinch and going to the Server folder and
| | 00:41 | opening something called System Image Utility.
| | 00:45 | When you open System Image Utility,
it will look at your local computer and
| | 00:48 | if you've got a copy of this
software on it you'll see a Install Mac OS X
| | 00:53 | Lion workflow source.
| | 00:55 | The rest of this process is
just single button click easy.
| | 00:59 | We are going to create a NetInstall image.
| | 01:02 | If we were creating a NetBoot image
that would create an image that computers
| | 01:06 | could boot to across the network and
people can continue to work on that
| | 01:10 | NetBooted image all day long if they wanted
to and a NetRestore image would be different.
| | 01:15 | A NetRestore image would give us a
restorable fully-configured computer if we
| | 01:21 | had another computer perhaps attached
to this one via Target Disk Mode over
| | 01:26 | FireWire or Thunderbolt, but we are
going to create a NetInstall image.
| | 01:30 | We can click Continue if we want to
proceed or we can click Customize.
| | 01:34 | Once we click Customize, it will ask
us to agree to the license agreement and
| | 01:38 | then we can start adding
additional workflow elements.
| | 01:42 | This is very much like Automator,
in fact it uses the same interface as
| | 01:46 | Automator in order to give us additional
options when creating our NetInstall set.
| | 01:50 | For example if we wanted to
partition the disk before we created our new
| | 01:56 | installation, we could do that.
| | 01:57 | I am going to stick with the defaults however.
| | 02:01 | Simply hit Back, click Continue.
| | 02:03 | It will ask you to provide a
Network Disk name and a Description.
| | 02:09 | The defaults are very obvious.
| | 02:11 | They tell you exactly
what these are going to do.
| | 02:13 | So I am going to recommend
staying with the defaults here.
| | 02:16 | If your image will be served for more
than one server, put a checkmark in here.
| | 02:20 | However, you probably don't have more than
one NetInstall server so leave that unchecked.
| | 02:26 | Once you're finished click Create,
agree to the License Agreement and choose a
| | 02:31 | location where the NetInstall set will be saved.
| | 02:34 | If you're doing this from your server
itself, you can actually save this to your
| | 02:38 | local desktop and then drag it
to wherever it needs to go later.
| | 02:42 | You can do the same thing if
you're doing it from a client system.
| | 02:46 | This can be done from either Mac OS X
server or from a new client, and that's a
| | 02:52 | really good idea, if you go out and
buy a brand-new system and the current
| | 02:57 | shipping version of Mac OS 10.7 is 10.7,
5 or 6 or something like that, you'll
| | 03:03 | probably want to create an install set
from that latest version rather than from
| | 03:10 | the original version or from
your server which is probably older.
| | 03:13 | Always make your images on
your latest and greatest hardware.
| | 03:17 | When you are ready, click Save.
| | 03:19 | It will ask you to authenticate as an
administrator, and when you do it will go
| | 03:26 | through the process of creating a disk
image copying information to the source
| | 03:31 | volume, creating the NetBoot system
and then it will wrap things up and tell
| | 03:35 | you that it's done.
| | 03:38 | So when it finishes, on your desktop
you'll be left with something called an NBI set.
| | 03:43 | It's a folder that has a name that
ends in .nbi and what this is, is the
| | 03:49 | entire NetInstall package.
| | 03:51 | So if we click Done here, it will take us
back to our Create a Network Disk Image screen.
| | 03:55 | We can just quit this, so System Image
Utility, now done, and we did this for
| | 04:00 | from our client system.
| | 04:01 | So I am going to hit Command+K.
It's going to say Connect to Server.
| | 04:05 | This is just another way
to connect up to the server.
| | 04:07 | I am going to type afp://server.
groundswellgear.com/ and I can put in the name
| | 04:17 | of the SharePoint if I want to and
I am just going to just go to the
| | 04:20 | serveradmin users home folder.
| | 04:23 | It asks me to authenticate,
I hit Connect and I am in.
| | 04:29 | That just kept me from having to
select the particular share that I wanted to
| | 04:33 | access because I knew exactly what it was.
| | 04:35 | If I double-click on Desktop, I can move
this from my Desktop folder here on the
| | 04:39 | client system over to the
Desktop folder of the administrator.
| | 04:44 | It's 3.8 gigs, but we're going over
gigabit networking, so this should
| | 04:48 | be relatively quick.
| | 04:49 | But I want to be absolutely certain
that it finishes copying the entire thing
| | 04:54 | before I go over to the server and try
moving it around which would make the
| | 04:58 | NetBoot set unbootable.
| | 05:00 | Now that it's finished copying over to
the server, I can unmount the server and
| | 05:04 | can close this window and I am
just going to do my Lion thing here.
| | 05:08 | I am just going to go into mission
control, click on Screen Sharing and here I
| | 05:11 | am magically over on the
server screen, love this.
| | 05:15 | Here is the NBI set that
I just copied over here.
| | 05:17 | I am going to open up a new
Finder window here on the server.
| | 05:23 | So I'm going to hit a key command
to go directly to my computer view.
| | 05:26 | That's Command+Shift+C, and that shows
you automatically all of the drives and
| | 05:31 | all of the options that are
directly connected to your device.
| | 05:34 | It's a very handy keyboard command to learn.
| | 05:36 | If I double-click on Server HD, I can
then go into Library and I am going to
| | 05:43 | show you where something should be,
but it's not going to be there.
| | 05:47 | Right in this list, there should
be something in the ins when sorted
| | 05:51 | alphabetically called NetBoot, but
it's not there yet and it's not there for
| | 05:56 | a very good reason.
| | 05:57 | We are going to go to another new
window and I am going to go to Applications
| | 06:02 | > Server and this is yet another service
that requires the Server Admin application.
| | 06:08 | I am going to open up Server Admin.
| | 06:13 | Unfortunately, you cannot
configure this service in the Server app.
| | 06:17 | The Server Admin application is going
to be how you are going to do this in a
| | 06:21 | graphical user interface.
| | 06:23 | As soon as Server Admin opens up again
always wait for that gear to stop spinning.
| | 06:29 | We are going to click on the Settings
button, go to Services, click on the
| | 06:34 | NetBoot checkbox and click Save.
| | 06:38 | When the gear stops spinning, we will have
the word NetBoot over here in our sidebar.
| | 06:42 | I am going to close this window in the
background just to make things a little
| | 06:45 | bit cleaner here for us.
| | 06:46 | All right so our gear stops spinning.
| | 06:50 | I am going to click on NetBoot.
| | 06:52 | To start, we need to define a port
over which NetBoot is going to function.
| | 06:59 | I'm going to click on the primary
Ethernet port and we also need to create a
| | 07:03 | directory location for
Images and for Client Data.
| | 07:08 | Images is what's going to hold the NBI set.
| | 07:10 | Client Data is what would hold shadow files.
| | 07:13 | That's basically if you're going to
be in a true NetBoot environment where
| | 07:17 | client files need to be written back
like cache files and such because these
| | 07:21 | images are read-only.
| | 07:23 | So we are going to hit Save.
| | 07:25 | All right, so it's finished its
configuration in the background.
| | 07:30 | I'd like to click on Images just to
point out that there is nothing here yet and
| | 07:33 | we can't put anything into this interface.
| | 07:36 | This is simply showing us everything
that's located in the local NetBootSP0 folder.
| | 07:42 | So back in the Finder we are
going to go to the computers again.
| | 07:44 | Now we'll hit Server.
| | 07:46 | I am going to go into column view here
so you can see this pathway more easily,
| | 07:49 | going to go to Server HD > Library, I
am going to scroll all the way down and
| | 07:54 | now you see it, there is NetBoot and NetBootSP0.
| | 07:58 | This is the folder where we
are going to put our NBI set.
| | 08:01 | I am going to hit Command+H, temporarily
hiding our Server Admin application and
| | 08:08 | I am going to drag NetInstall
over into the NetBootSP0 folder.
| | 08:13 | Of course this is in a folder that
requires an administrator level of access to
| | 08:17 | modify so we must authenticate.
| | 08:19 | I tap the Authenticate
button and type-in my password.
| | 08:23 | Now that I've authenticated, it allows
me to send this thing right over here.
| | 08:29 | We have our NBI set in place.
| | 08:31 | Now let's go back to Server Admin, click
around a little bit, let it refresh its interface.
| | 08:37 | As soon as our gear stops spinning, we
should see the image that we just placed
| | 08:42 | in the NetBootSP0 folder, pop up and up here
and make itself available for us to enable it.
| | 08:50 | Clicking Enable, I then can click Save.
| | 08:54 | Now this is the first time I've been in
a position where I can click the Start
| | 08:58 | button on the NetBoot service.
| | 09:00 | I click the Start button, we get a
green indicator like next to NetBoot.
| | 09:06 | We should be all started up.
| | 09:08 | I'm going to quit Server Admin.
| | 09:10 | I'm going to do my mission control
thing and flip back over my client system
| | 09:15 | and I'd just like to show you what it looks
like when we've got a NetBoot set on your network.
| | 09:19 | On the client I am going to go to the
Apple and pull down to System Preferences.
| | 09:22 | I am going to go to the Startup Disk
System Preference and it may take a couple
| | 09:29 | seconds, but eventually you're going
to see your existing Startup Disk and
| | 09:33 | that's perfectly normal, but what
you'll also see is a new icon, a globe with a
| | 09:38 | green arrow on it pointing down and
this is the icon for a NetInstall set.
| | 09:43 | In the yellow box, it tells you the
name of the volume that's the name that you
| | 09:47 | created and it also tells you the version.
| | 09:50 | This is exactly how you
would get in to your NetBoot set.
| | 09:54 | You can select it right here in the
Startup Disk, Preference Pane and click
| | 09:57 | Restart right there.
| | 09:58 | Of course that's only one way
to get into a NetInstall set.
| | 10:02 | Another way you can do it is at the
Startup screen and in our next movie, we'll
| | 10:06 | show you how to do that.
| | Collapse this transcript |
| Installing the Lion client from your NetInstall image| 00:00 | So I mentioned that there is more
than one way to do a NetBoot and to do a
| | 00:05 | NetInstall and this is the second way.
| | 00:07 | What we've done here is
we have booted a Mac Mini.
| | 00:12 | This is one of the aluminum
-bodied Core 2 Duo models.
| | 00:15 | This system is going to work just fine
with our NBI set because this system is
| | 00:21 | from right around the same time as
the system where we created the NBI set.
| | 00:25 | This NBI set for example would not boot
one of the brand-new Mac Minis because
| | 00:31 | the brand-new Mac Mini is shipped with a
slightly different build number of Lion
| | 00:35 | than the one that's
available through the App store.
| | 00:37 | So that would create an incompatibility
and you need to watch that sort of thing
| | 00:41 | whenever you're creating NetBoot
sets because the operating system in the
| | 00:46 | NetBoot has to support the hardware
you are trying to boot on and the new
| | 00:50 | hardware won't be bootable on older software.
| | 00:54 | It's just a general rule of the trade.
| | 00:55 | So we are going to select
our NetBoot set right here.
| | 00:58 | You can tell the difference because
we've got our Macintosh HD volume right here
| | 01:02 | and this one has got a great big globe over it.
| | 01:05 | It looks like a network volume.
| | 01:07 | It's a very good graphic.
| | 01:08 | So we'll click the little
arrow button right below it.
| | 01:11 | Therefore, just a second you had a little
rotating globe right underneath the apple.
| | 01:15 | That tells you that it's found what
it needs to get started booting on the
| | 01:20 | network and very, very soon we are
going to flip over into a screen that will
| | 01:25 | give us the Installer screen.
| | 01:26 | Now remember, we created a NetInstall set
not a NetBoot set and not a NetRestore set.
| | 01:34 | So these are going to look slightly
different, but here is our Installer screen
| | 01:37 | and it's available to us here
while booted from the network.
| | 01:40 | This is a fairly unique and cool
thing, and we go directly into our
| | 01:45 | Installer which gives us our restore from Time
Machine option, our Reinstall Mac OS X option.
| | 01:52 | We can open up Safari now in this
screen and go to get some online help in
| | 01:56 | Safari, because at this level we've
got a DHCP address, we should be able to
| | 02:01 | route to the Internet, so
why not have Safari there.
| | 02:04 | That makes a lot of sense.
| | 02:05 | We also have the ability
to get into Disk Utility.
| | 02:08 | If we want to get into Disk Utility
right before we start our installation we
| | 02:11 | could do all sorts of things like
erase our volume, maybe reformat it, maybe
| | 02:15 | create additional partitions, maybe
if we had multiple drives we could even
| | 02:19 | mirror them or stripe them together into a ray.
| | 02:22 | Disk Utility gives us the
ability to do all of those things.
| | 02:25 | Another thing that we get from this menu
if you look at the menu up here we have
| | 02:29 | our Firmware Password Utility which
allows us to set a Firmware Password, this
| | 02:34 | will make sure that people put in a
password right at boot time so that they
| | 02:39 | can't use startup key modifiers
like the one that we just used.
| | 02:42 | We got into that Startup Manager
screen by holding down our Option key.
| | 02:46 | If we wanted people not to be able to
do that all we'd have to do is set a
| | 02:50 | Firmware Password and it would block
them from getting into their own installers
| | 02:54 | or their own external hard
drives that might be bootable.
| | 02:57 | We can also run the Network Utility to
troubleshoot any networking problems we
| | 03:00 | might have and of course the old standby
we can get into Terminal and we can run
| | 03:05 | a whole raft of amazing terminal applications.
| | 03:07 | So now that we know of all the options
that are available to us here, all the
| | 03:11 | way down to Terminal, let's just go
into Disk Utility really briefly here.
| | 03:15 | I want to show this to you.
| | 03:17 | A good practice, if you're on a new
system and you want to just get your
| | 03:21 | operating system nice and clean down
there you want to start off with a clean
| | 03:25 | slate, you want to start with a blank
hard drive, and one really easy way to do
| | 03:28 | that is just to come in here and either
select the device or the volume and come
| | 03:33 | over here to the Erase tab.
| | 03:35 | If you click on Erase, make sure that
you're setting it up to be journaled
| | 03:38 | unless this wouldn't be the case here
because we are doing a NetInstall of
| | 03:43 | client, but if you are installing
server and you planned on having a Web server
| | 03:47 | on your system, it would be a good idea
to install case-sensitivity because that
| | 03:51 | would support certain features
in Apache really, really nicely.
| | 03:55 | But that's not the case here.
| | 03:56 | We're doing a plain old Mac OS Extended
Journaled file system just the baseline
| | 04:01 | requirement for Lion and
we are going to click Erase.
| | 04:06 | That erases the internal hard drive and gives
us a brand-new volume that we can install onto.
| | 04:12 | So that's going to be really nice and clean.
| | 04:15 | So we are done with Disk Utility,
let's click Reinstall Mac OS X and click
| | 04:18 | Continue, and we'll click
Continue here and Agree and Agree again.
| | 04:24 | We'll select the internal hard drive
that we just erased and we'll click
| | 04:29 | the Install button.
| | 04:31 | And this is going to take a little
while because after all we are installing a
| | 04:34 | brand-new operating system.
| | 04:35 | But what's interesting about this is
we are doing it over the network from
| | 04:40 | our Mac OS X server.
| | 04:43 | After the initial restart in the
middle of the NetInstall process you will be
| | 04:46 | rolled to another screen where it
continues to install MacOS X on the
| | 04:51 | internal hard drive.
| | 04:52 | This part of the process will take a
little bit longer than the previous part,
| | 04:55 | but once it's done that you'll have
the opportunity to restart into Lion and
| | 04:59 | start using your newly
installed operating system.
| | Collapse this transcript |
|
|
16. Using Lion Server Services with iOS DevicesEnrolling devices for autoconfiguration| 00:00 | Configuring an iOS device to connect up
to OS X server's services is much easier
| | 00:06 | now in Lion than it was in previous versions.
| | 00:09 | To do so all we're going to do is
download a configuration profile that's going
| | 00:14 | to configure everything for us.
| | 00:16 | This is something that we
can only do with Lion Server.
| | 00:19 | So this is a great advantage to
using Lion Server in your environment.
| | 00:23 | Let's start by clicking
the Home button on our iPad.
| | 00:26 | We are going to unlock it, then we are
going to go to Settings and I am going
| | 00:30 | to just show you that we currently in Mail,
Contacts and Calendars have no accounts.
| | 00:36 | in General we have no profiles.
| | 00:37 | We're at a basically standard configuration.
| | 00:40 | I hit the Home button again to go back to
the Home screen and I'm going to go Safari.
| | 00:46 | When I get into Safari I'm just going to
get on our wireless network, logging on
| | 00:51 | to the wireless network, we'll now
require us to enter a Username and Password
| | 00:54 | because we have that enabled on
our Airport Extreme Base Station.
| | 00:57 | I am using paige for our
example and then tap join.
| | 01:02 | That gets us on except the
certificate and you are in.
| | 01:06 | So when you see the Wi-Fi symbol
active in the upper left-hand corner of the
| | 01:10 | screen you know you're on your wireless network.
| | 01:12 | You see a checkmark next to
the network that you're on.
| | 01:15 | Remember, if you're on a different network
other than your own, none of this is going to work.
| | 01:21 | Tap the Home key, now we are going to
go back to Safari and once in Safari
| | 01:25 | we're going to enter the name of our server
followed by a slash followed by My Devices.
| | 01:34 | When you have all of that in and
you've checked your spelling, tap Go.
| | 01:37 | It will ask you to authenticate.
| | 01:39 | I am going to
authenticate as paige and tap Log In.
| | 01:44 | When logged in you'll note that
this is a familiar interface for us.
| | 01:48 | We see that we have not yet enrolled this
device, but we can still download our profiles.
| | 01:54 | And here you see the
settings for every one profile.
| | 01:56 | You can Show Contents and it will
show you that you have a CardDAV
| | 01:59 | configuration, a CalDAV configuration,
that's your address book and your
| | 02:03 | calendar, iChat, iMAP, and VPN settings
all in this Settings for Everyone set.
| | 02:09 | I am going to tap Install.
| | 02:12 | It's going to ask me to
install, tap Install now.
| | 02:15 | Enter your password for the VPN account page.
| | 02:18 | So this is specifically for the VPN
portion of this configuration profile, hit Next.
| | 02:24 | Again it's asking for your Password.
| | 02:26 | This would be different if
you were on different servers.
| | 02:28 | But since all of your services are
on one server, it's going to be the
| | 02:31 | same password for each.
| | 02:34 | Once again tap Next and one more time.
| | 02:41 | When you go through your last one, your
settings will all be accepted into the
| | 02:46 | iPad and we click done, all right.
| | 02:50 | So the last thing I want to do here before I
leave is I want to install our Trust Profile.
| | 02:55 | Tap Install, tap Done.
| | 02:58 | Now, we're finished with the Profiles area.
| | 03:00 | Let's go over to devices.
| | 03:02 | Before we leave this area since we're
already here it's very convenient at this
| | 03:06 | point to enroll this iPad as a
device for management on our system.
| | 03:10 | Let's tap Enroll, again Install,
Install Now, Install one more time and Done.
| | 03:19 | Now, if we need to we can always come
back to this My Devices area and we can
| | 03:23 | Lock or remote Wipe or Clear a
Passcode on this specific device and we can do
| | 03:28 | this from any device that we go to this
website on as long as we're logged in as
| | 03:32 | the current user or the system administrator.
| | 03:35 | So, we are going to tap Logout, tap the
Home button again and now let's go here
| | 03:41 | to Settings and we'll take a
look at what we've accomplished.
| | 03:44 | We have settings for everyone.
| | 03:46 | The Trust Profile for Groundswell Gear,
our Remote Management profile, all of
| | 03:50 | these things are here and we can look using
More Details at the details for each of them.
| | 03:56 | All of that was easily installed
by just a few taps on a website.
| | 04:00 | If we go to Mail, Contacts and Calendars
you can see our accounts have all been set up.
| | 04:05 | We have Mail, Calendar and Address Book.
| | 04:07 | If I tap the Home button again and I
go to the Mail, here are the e-mail
| | 04:13 | messages that we've been sending
back and forth throughout this course.
| | 04:16 | There is a message from Justin
to Paige and another and another.
| | 04:20 | So you can see just how
quickly and easily that works.
| | 04:24 | We didn't really have to do much more
than tap a few buttons and to enter our
| | 04:27 | Password a few times.
| | 04:29 | So that's how easy it is to set up
profiles and set up your settings on an iOS device.
| | Collapse this transcript |
| File sharing in Pages| 00:00 | When an iOS device is file sharing
with a Mac OS X Server, it's very likely
| | 00:06 | going to be doing so with one of the
applications or apps in the iWork package
| | 00:12 | and that's going to be pages or
keynote or numbers and they all do their file
| | 00:16 | sharing in very much the same way.
| | 00:18 | So what we've chosen to do here is we're
going to show you how to do this in Pages.
| | 00:23 | So I am going to tap on the Pages app
which I've downloaded from the App store.
| | 00:28 | As soon as you do you'll see that you
get into this document that says Tap to
| | 00:31 | Get Started with Pages.
| | 00:33 | It's sort of a template document
on how to use the Pages application.
| | 00:37 | If I tap the plus button in the upper
corner here I can create a new document
| | 00:42 | and it will ask me to choose from
a long list of available templates.
| | 00:47 | So if I just choose something, let's
just say this recipe for example, it will
| | 00:51 | open it up and I can create and
edit and change this as I like.
| | 00:55 | I am just going to leave it with what
it's got because the point of what we're
| | 00:58 | showing here is how to then save
this someplace else, because if I tap on
| | 01:02 | documents it's automatically saved here
within the Pages application on my iPad.
| | 01:08 | But if I wanted to actually save that
to the server I can do so by being within
| | 01:13 | the document, tapping on the Wrench
button and then tapping on Share and Print.
| | 01:19 | If I tap Copy to WebDAV, it will ask me for
a Server Address, a Username and a Password.
| | 01:25 | Now this is where this gets a little
complicated, but after you've done this
| | 01:29 | once, you really won't have to worry
about it too much, because it will be
| | 01:33 | automatically saved for you.
| | 01:35 | So, first we put in https because we do
have a secure connection to our server.
| | 01:42 | Then we type :// and we type the
fully qualified domain name of our server.
| | 01:48 | And following the .com we type a slash
and then the most important part WebDAV.
| | 01:53 | Once that's done, all we have to do is
put in a Username and a Password, I am
| | 01:58 | going to Log In as Justin.
| | 02:00 | Once I am finished typing the
Username and Password, I can tap Sign In.
| | 02:04 | It will then ask me what format,
I want to save the document in.
| | 02:08 | If I'm happy with the Pages format,
because I'm continuing to work on this in
| | 02:12 | pages or maybe my colleagues
also have Pages, I simply tap Pages.
| | 02:16 | Then I am asked where I'd like to
save it, note that at the top it says
| | 02:20 | server.groundswellgear.com, so we
know we're on our server and it's also
| | 02:24 | providing us with links to Justin's
home folder, because we're logged in as
| | 02:28 | Justin and we have his network
home folder configured properly.
| | 02:31 | We also have links to the Users folder
and to the Groups folder and that's based
| | 02:35 | on the permissions that
we have set in server app.
| | 02:38 | I'm going to go to the Groups folder,
into Workgroup and I'm going to tap Copy.
| | 02:44 | And it just puts it there.
| | 02:45 | Now, let's say somehow, I managed to
delete that document or maybe I'm accessing
| | 02:51 | this from an entirely
different iPad, I am going to tap Done.
| | 02:54 | So I have just deleted the document.
| | 02:56 | If I hit the plus sign and instead of
creating a new document I tap WebDAV,
| | 03:01 | because I've already entered my
server's information, Pages is remembering it
| | 03:05 | for me and I can navigate through
Groups to Workgroup and there's my recipe.
| | 03:11 | If I tap on it, Pages will open it up,
download it from the server and now I can
| | 03:15 | tap on it and I can work on it.
| | 03:17 | It's now stored locally on my iPad once again.
| | 03:20 | You can access these shares in similar
ways or through AFP from a Mac and you
| | 03:25 | can access the share from
SMB on a Windows machine.
| | 03:27 | However, if you are using a Windows
machine, obviously you'll probably want to
| | 03:30 | save the document out as a Word
document or as a PDF. So, that's it.
| | 03:35 | That's how you connect up to
your file share using your iPad.
| | Collapse this transcript |
| Browsing a wiki| 00:00 | The iPad is a fantastic device to
browse media and it should be no different
| | 00:05 | when it's browsing Mac OS X Server.
| | 00:08 | So let's open up Safari
and let's go to our website.
| | 00:11 | So all you have to do is type in the
URL for your site and it's going to pull
| | 00:15 | up the main webpage.
| | 00:17 | To get your Wiki, all you'd have to do
is tap on the URL field, tap right at the
| | 00:22 | end and type the word Wiki.
| | 00:25 | You could also set up a link on your
front page if you wanted to, but if you tap
| | 00:28 | Go, it will go straight to the Wiki page.
| | 00:31 | Now it won't make you
authenticate automatically.
| | 00:34 | You can tap on this little lock
up here and put in your Username.
| | 00:38 | I am actually going to Log In as
Paige and I am going to tap Log In.
| | 00:43 | Now when logged in as Paige, it's not
going to change anything I look at right
| | 00:47 | off the bat, but it will affect the
permissions I have to access different media
| | 00:52 | as I navigate around the Wiki.
| | 00:53 | So, if I come here and I go to My Page,
because I'm logged in as page, I am
| | 00:58 | going to go to Paige's, My Page interface.
| | 01:01 | If I tap on the Home button again, and
I go on Updates, it'll get the updates
| | 01:05 | the page has the ability to
see based on her permissions.
| | 01:09 | I tap on the Home button again, I go
to Wikis, similarly it will only show me
| | 01:13 | the Wiki that she has access to.
| | 01:15 | If I tap on the Wikis name,
it takes me to the Wiki.
| | 01:20 | So we can tap on documents and see any
documents that are attached to the Wiki.
| | 01:24 | So for example, if I tap on surfing
right here, we go back to the main page
| | 01:27 | for the surfing Wiki.
| | 01:29 | If I tap on Calendars, we'll point out
here that calendars are currently not
| | 01:33 | supported in Mobile Safari.
| | 01:35 | Mobile Safari is the version of
Safari that's running on the iPad, with the
| | 01:38 | iPhone and the iPod Touch.
| | 01:39 | If I tap on More, I can go to the blog.
| | 01:42 | There are no entries found.
| | 01:44 | I'd like to point out one other thing.
| | 01:47 | As I navigate around, notice, there's
no plus button, there is no pencil button
| | 01:52 | and there's no minus button.
| | 01:54 | I don't have the ability to edit in
Mobile Safari in anything prior to iOS 5.
| | 02:01 | Now at the time that we are recording
this title, iOS 5 has not yet been released.
| | 02:07 | It should be released in the fall of 2011.
| | 02:11 | After it's released we will publicly
know what is or is not possible here and
| | 02:16 | these features may and probably will
change, though we don't know exactly how
| | 02:21 | until they come up with the final release.
| | 02:23 | So, if you have an iOS 5 device and
you're looking at this and you're seeing
| | 02:27 | something slightly different, don't be
alarmed it's probably completely normal.
| | 02:31 | Pay attention to the Home bar, use
the Home bar to navigate around the site
| | 02:37 | that's designed to make it very, very
easy to navigate through the site, even if
| | 02:41 | you're here and a Mobile Safari
environment where you're tapping on the
| | 02:44 | interface rather than clicking and typing.
| | 02:47 | So that's navigating the Wiki in iOS.
| | Collapse this transcript |
|
|
17. Accessing Your Lion Server from Other DevicesUsing Snow Leopard to connect to file sharing and collaboration services and mail| 00:00 | If you happen to be in an environment
where Lion is not the only operating
| | 00:05 | system you're working with, which is pretty
likely, you're probably going to have some mix.
| | 00:10 | Maybe even some Windows devices that you
need to connect up to your Mac OS X Server.
| | 00:15 | In this chapter, we're going to talk
about how to do that and we're going to
| | 00:17 | start off in this movie by showing you
how to connect your Snow Leopard devices
| | 00:23 | up to your Lion Server.
| | 00:24 | So we're going to start by simply showing
connecting to a server via file sharing.
| | 00:30 | So we go the Go menu, we
pull down to Connect to Server.
| | 00:34 | We can also do that by tapping the
Command key on the keyboard and the K key, so
| | 00:39 | Command+K is also Connect to Server.
| | 00:41 | And we can just type afp:// and type the
fully qualified domain name of our server.
| | 00:47 | Hit Connect.
| | 00:48 | It goes out to our server, makes a connection.
| | 00:51 | So we authenticate with a username and
password, I'm going to go in here as justin.
| | 00:55 | Hit Connect and it gives us access to all of
the different folders that we have access to.
| | 01:01 | I'm just going to select
Justin's home folder here.
| | 01:04 | And here we can see the things that we've
put into Justin's home folder. All right!
| | 01:10 | So that's a pretty simple connection.
| | 01:12 | If I want to, I can always take Justin's
folder here and I can drag it down to the Dock.
| | 01:17 | Now if I drag it over the Eject button,
it'll disconnect me from the server.
| | 01:21 | But if I drag it over a little bit and
just drop it into that space, it gives
| | 01:24 | me a nice little link to Justin's home folder
right there in the Dock, right on the network.
| | 01:30 | Okay, so that's one way.
| | 01:32 | I'm going to click on this and hit Command
+E to eject it, and now I'm disconnected.
| | 01:37 | You see now it shows up as a little
share point and if I click on it, it just
| | 01:41 | asks me to authenticate.
| | 01:43 | And because it was authenticated
first time with justin, it asks me to
| | 01:47 | authenticate with his
username again. All right!
| | 01:49 | So that's pretty easy, lot of fun there.
| | 01:51 | So let's talk about Address Book next.
| | 01:53 | I'm going to go to our Applications
folder and going to go to Address Book and
| | 01:57 | we'll double-click on Address Book right here.
| | 02:00 | Now the last time we logged into
Address Book, I believe we did so as paige.
| | 02:04 | So let's do that again over here, click
on Preferences, go to Accounts, hit the
| | 02:10 | plus button down here, select CardDAV
as the type of account you're creating,
| | 02:15 | and just use the username, I'm using
paige, put in a password and the server
| | 02:20 | address, and click on Create.
| | 02:23 | Once you do, you can select how
often you're going to refresh contacts.
| | 02:28 | Over here under Server Settings, I
recommend you leave all of these server
| | 02:31 | settings alone, but you can certainly
look at them, see the port number that's
| | 02:34 | being used, whether or not SSL
is in use, that sort of thing.
| | 02:38 | I'm going to close that.
| | 02:39 | And here you can see, right down
here, I've got Paige's personal
| | 02:44 | on-server address book. That's fantastic!
| | 02:46 | Now a note here and this is something
that you might be interested in doing, if
| | 02:50 | you want one shared address book for
everyone, you'd want to actually create a
| | 02:55 | new user account named address shared
or something like that inside of Server
| | 03:00 | app and then have everybody access
that one address book. Just a little tip.
| | 03:04 | All right!
| | 03:04 | I'm going to quit Address Book
and now we're going to go into iCal.
| | 03:09 | Back to the Applications folder, down to
the iCal application, and here we are in iCal.
| | 03:17 | If we go to iCal Preferences, go to
Accounts, click the plus button, select
| | 03:23 | CalDAV from the menu, put in a username.
| | 03:26 | I'm going to use justin again, and put in
a Server address, then we'll click Create.
| | 03:34 | It goes out, it finds that Justin is there.
| | 03:38 | You can again select how
frequently you're going to refresh
| | 03:40 | calendar information.
| | 03:42 | I like to select five minutes,
but 15 is fine. It's the default.
| | 03:45 | You can do whichever you like.
| | 03:47 | it's just a preference.
| | 03:48 | You can change your
Description field if you like.
| | 03:50 | If you don't want it to say that full
name there, we can just say Justin's
| | 03:55 | Server Calendar for example.
| | 03:58 | You can set your Server Settings here.
| | 04:00 | Same thing is over in the Address Book area.
| | 04:02 | You probably don't want to mess
with these settings, but over here in
| | 04:05 | Delegation, you can see those people who
have given you access to their calendar.
| | 04:09 | So for example, Paige has allowed me to
see her calendar and Tom has allowed me
| | 04:14 | to see his and I've also got
visibility on the Front Conference Room.
| | 04:17 | I can click the Edit button here and I
can control who is or who is not allowed
| | 04:22 | to write into my calendar.
| | 04:23 | For example, if I wanted to
add Tom here, I can do that.
| | 04:27 | And this is all supported.
| | 04:28 | This isn't going to break just because
we're going between Snow Leopard and Lion.
| | 04:32 | This will work just fine.
| | 04:34 | And over here in iCal, you can see
I've got all of my delegate calendars and
| | 04:38 | there's that Lunch appointment we had
scheduled, so we know that this is working just fine.
| | 04:42 | All right! So that's iCal.
| | 04:44 | Let's quit out of this.
| | 04:45 | Next I want to show you Mail.
| | 04:47 | Let's go back to our Applications folder,
scroll down to the Mail program, we'll
| | 04:52 | double-click on that and we'll just
go through the setup process here.
| | 04:55 | So I'm going to go and put in Justin's
name here and I'm just going to put in
| | 05:00 | his Email address and his Password.
| | 05:05 | We'll click Continue.
| | 05:06 | The system will go out and
search and find his account.
| | 05:09 | We're going to select IMAP here just
because I want to keep all of his mail on
| | 05:13 | the server and the Incoming Mail Server
address and we'll click Continue again.
| | 05:19 | And we'll put in a brief
description and the server's name here.
| | 05:26 | Outgoing Mail Server has to be the
fully qualified domain name of that server
| | 05:30 | and we definitely want to
use authentication to do it.
| | 05:33 | Click Continue, the system will want
to take the account online, go ahead and
| | 05:36 | let it, click Create, and here we go!
| | 05:39 | And because we're using IMAP, it doesn't
matter that we're on a new system. It's just fine.
| | 05:45 | It's going to find that mail in that mailbox.
| | 05:47 | Now it seems like Mail thinks that this
is junk, so this is the first time we've
| | 05:51 | opened up Snow Leopard's Mail.
| | 05:52 | We're going to have to do some training
on Snow Leopard's Mail in order to get
| | 05:56 | it to know what is and what isn't junk.
| | 05:57 | To do that you just click Not Junk
and it'll go away, and over time it will
| | 06:01 | learn what is and what is not junk. All right!
| | 06:04 | So that's Mail.
| | 06:05 | Now I'd like to show you iChat.
| | 06:07 | So let's quit Mail right now and let's
go back to our Applications folder and
| | 06:13 | let's come over here and
find our iChat application.
| | 06:18 | I'm going to close that Finder window.
| | 06:20 | So we're just going to walk
through the process of setting it up.
| | 06:23 | There's a really nice
configuration setup assistant here.
| | 06:26 | So let's just click Continue, pull down
on this menu to Jabber, so Account Type
| | 06:32 | is going to be Jabber.
| | 06:33 | I'm going to use the justin account,
but you could use any account you want
| | 06:37 | that's set up on the server.
| | 06:38 | And if you flip this down, you can see
here you have lots of server options.
| | 06:42 | We don't need to fill these
out so long as we do this,
| | 06:45 | justin@server.groundswellgear.com.
| | 06:51 | And remember that thing about those
extra DNS records we had set up in order to
| | 06:56 | make it so you wouldn't have to
put in server in this section.
| | 06:59 | I think it's just as easy
to just add server here.
| | 07:01 | It's not going to hurt a darn thing,
so let's click Continue and Done and
| | 07:06 | it logs us right in.
| | 07:07 | And you can see we already know that
we've got a buddy, remember we had tom there.
| | 07:11 | tom is in there as our buddy on the
server, so it doesn't matter that we're now
| | 07:16 | connecting from Snow Leopard.
| | 07:17 | The fact that we already connected from
Lion and we also already connected from
| | 07:21 | our iOS device means that he's in
there and the relationship is all set up.
| | 07:25 | So those are all of the connection types
I wanted to show you from Snow Leopard.
| | Collapse this transcript |
| Using Windows 7 to connect for file sharing| 00:00 | If you have Windows machines on your
network, you'll probably want to connect to
| | 00:04 | file sharing from them.
| | 00:04 | So we wanted to show you the
specific steps you need to take to make
| | 00:08 | that connection happen.
| | 00:10 | They're very, very specific, so
please do this exactly as we do it.
| | 00:14 | If you vary your technique you'll probably fail.
| | 00:17 | So we are going to start with the
Start bar and we are going to click on the
| | 00:19 | Start menu and go to Computer.
| | 00:21 | Next, we are going to click on Map Network
Drive in the toolbar. We'll map a drive.
| | 00:28 | It doesn't matter what letter you
select and we'll type \\ and then in all
| | 00:33 | capitals whatever the first part of
your server's fully qualified domain name
| | 00:40 | happens to be on your server.
| | 00:43 | Our server is server.groundswellgear.
com, so for us we're just typing in
| | 00:49 | all capitals, SERVER.
| | 00:51 | If your fully qualified domain name was
mini.myserver.com then yours would be mini.
| | 01:00 | All right, so we are typing in \\SERVER,
another backslash and then the name of
| | 01:07 | the SharePoint you want to connect to.
| | 01:09 | I'm going to connect to Justin's Home
folder, but I could connect to any other
| | 01:14 | SharePoint on the server.
| | 01:15 | Select Reconnect at logon and select
Connect using different credentials.
| | 01:21 | This allows you to use different
credentials than you used to log into
| | 01:24 | your local account. Click Finish.
| | 01:28 | Come up here, if you've done this before
it will say the correct thing above and
| | 01:33 | you'll just have to put in your Password.
| | 01:35 | If you want to do this completely from
scratch, you'll type in all uppercase the
| | 01:40 | name of your server.
| | 01:41 | Keep in mind, there is no slash at the
beginning there, so we are starting with
| | 01:45 | the first letter of your server's name.
| | 01:48 | At the end of that type a slash and
you'll notice that right down here at the
| | 01:52 | bottom where it says Domain, it says SERVER.
| | 01:54 | This is basically saying, hey I am going
to enter the User account that's on the
| | 01:58 | SERVER, use that server's
username and password to authenticate.
| | 02:03 | I'm using Justin and I'll put in
Justin's Password, click Remember my
| | 02:08 | credentials and click OK.
| | 02:10 | As soon as you do you should notice that
you're able to get onto that SharePoint.
| | 02:15 | Let's show what it looks like to
connect up to another SharePoint.
| | 02:18 | Here you can see in our Network Location, we
have that shared drive available to us now.
| | 02:23 | Click Map a network drive, choose
another letter \\, your server's first name in
| | 02:29 | all caps, another slash and
now a different SharePoint.
| | 02:34 | Connect using different
credentials again, Finish.
| | 02:37 | This time you should be able to just put
in the Password and Remember my credentials.
| | 02:43 | Okay and there you go, and here's our
workgroup and there is our Recipe.pages
| | 02:48 | file that we put in
whenever we run our iOS device.
| | 02:51 | So, that's how you map a network
drive from Windows and remember we're on
| | 02:56 | Windows 7 Professional
here over to a Lion Server.
| | Collapse this transcript |
|
|
18. TroubleshootingTroubleshooting file sharing| 00:01 | In this movie we're going
to troubleshoot file sharing.
| | 00:03 | First we're going to verify file system
Permissions with a Command Line command
| | 00:08 | called ls or just list.
| | 00:10 | To start we're going to login, and as
soon as we login we're going to connect
| | 00:16 | up to our Terminal application and
when we get into Terminal, I am just going
| | 00:21 | to type clear so we can clear up the screen
here and I am going to make this nice and big.
| | 00:24 | So here we are.
| | 00:25 | We are going to do a man entry on ls.
| | 00:28 | So man is just short for manual.
| | 00:30 | It's going to give us the manual on the
ls command and ls just stands for list
| | 00:35 | and you can see you've got a whole
bunch of things that you can add to ls to
| | 00:40 | give it additional functionality.
| | 00:41 | We call this flags or switches.
| | 00:45 | You can see there are a lot of them.
| | 00:46 | We can list all entries, we can
list directories, we can list things in
| | 00:51 | human readable format.
| | 00:53 | Back up here, you see here -e
prints Access Control Lists.
| | 00:57 | So there's a lot of
functionality to be found here.
| | 01:00 | Let's hit q, q gets you to out of a man page.
| | 01:03 | I am going to type ls -Flaeh and
this is going to give you a whole raft
| | 01:10 | of different things.
| | 01:11 | I've been using this one for a long time.
| | 01:13 | You basically are listing everything,
you're listing human readable, you're
| | 01:16 | listing Access Control Lists.
| | 01:18 | So you can see a whole bunch.
| | 01:19 | So I am going to go to /Users and I am
just going to list the contents of that
| | 01:24 | directory and here you can see I've
got some stuff here that's a directory,
| | 01:29 | you've got a couple of things that are
folders here, we've got Shared, we've got
| | 01:33 | Justin's Home folder, we
got some POSIX permissions.
| | 01:36 | But we've also got ACL's down here and
you can find really interesting problems
| | 01:42 | that are listed as ACL entries
sometimes, sometimes you've got inheritance
| | 01:47 | where you didn't expect it, sometimes
you've got read or write access where you
| | 01:50 | didn't expect to find it.
| | 01:51 | I am also going to show you a different thing.
| | 01:54 | Let's type clear again, get back up to the top.
| | 01:56 | Okay, so I am going to cd into the
second internal hard drive on our Mac mini
| | 02:00 | server, this is Macintosh HD and I am
going to just do a straight ls on that,
| | 02:04 | and that tells me what we've got there.
| | 02:05 | If I type ls -Fla that shows me sort of
everything here, including things that
| | 02:12 | are invisible because they have a
Period in front of them in their filename.
| | 02:15 | Just to give you a brief explanation of
what's being shown here, on this column
| | 02:18 | over here you've got POSIX permissions,
the d stands for directory, the rwx
| | 02:23 | stand for read write and execute and
these three sections are owner, group and
| | 02:29 | anybody else that connects up.
| | 02:31 | This is the user that owns the file or folder.
| | 02:33 | this is the group that owns the file or folder.
| | 02:36 | Dates modified and then the name and whether
or not it's got a directory or it's just a file.
| | 02:41 | So these are all directories, Shared
Items, Sales and ODArchive, and because I
| | 02:46 | haven't typed the e I don't know if
there are any Access Control Lists on this.
| | 02:49 | So I am going to hit the Up Arrow, I
am going to type in e after what I just
| | 02:54 | put in there ad I am going to hit
Return again, and that's the same command
| | 02:57 | listing the same stuff, but this time look at
all the additional stuff I've got down here.
| | 03:02 | I've got all of this access control
list entry stuff going on, and these are
| | 03:06 | really, really important.
| | 03:07 | If I break these, that's going to break
my file sharing to a larger degree, right?
| | 03:12 | There are bunch of things here.
| | 03:13 | Spotlight has access because it needs to
do spotlight, searches on files for the
| | 03:17 | network, and you've got the group:
| | 03:18 | sales that's allowed a whole bunch
of stuff here. You've got a user:
| | 03:21 | paige that's allowed a
whole bunch of stuff here.
| | 03:23 | But if you ever gets the point where
your ACLs are not working the way you
| | 03:27 | expect them to, if they're just downright
broken and you want to go back to scratch.
| | 03:32 | You want to turn off file sharing, you
want to go back to no permissions or no
| | 03:36 | ACLs at least on these files at all,
there's a command that will let you do
| | 03:40 | that and this is the last thing I am
going to show you to troubleshoot your
| | 03:42 | file sharing problems.
| | 03:43 | This is going to be sudo, this is just
issuing command as if you were the root
| | 03:47 | user, chmod, which is change modify permissions.
| | 03:50 | We're going to just type chmod -R which
means recursive and N, which basically
| | 03:56 | you can think of it as mean no ACLs
and then you type the path to the folder.
| | 04:01 | So if we were going to go
Volumes and I am hitting Tab here to
| | 04:04 | auto-complete once I've got the first
few letters and Macintosh HD, again I
| | 04:08 | tabbed to auto-complete.
| | 04:09 | You can see here where there is a
space in the filename and that's just a
| | 04:12 | backward slash that's escaping it.
| | 04:15 | And I could just hit Return right here
and that would clear all of the ACLs on
| | 04:19 | that entire hard drive.
| | 04:20 | It's like setting off a little
bomb inside the drive, right.
| | 04:23 | This is those ACL permissions will be wiped out.
| | 04:26 | Now I don't want to do that here because I
don't need to fix the permissions in that area.
| | 04:30 | In fact, if I remove my ACLs, a
whole bunch of things are going to break.
| | 04:33 | So don't just do this willy-nilly, but
be aware that if you've got a problem
| | 04:37 | that has to do with your Access
Control Lists, you can clear them out using that command.
| | Collapse this transcript |
| Configuring Software Update Server without using Profiles| 00:01 | Let's say just for the sake of argument
that you're not actually doing profiles.
| | 00:06 | Even though we showed you how easy it is,
there might be an occasion, maybe on a
| | 00:09 | Snow Leopard system or an older
Leopard system, where you need to do software
| | 00:14 | update, but you don't have the
ability or the desire to use the built-in
| | 00:18 | management tools in Lion.
| | 00:20 | Well, there's a way to manually do it
and I'm going to show it to you now.
| | 00:24 | It's going to require that we go into
the Terminal application which is in the
| | 00:27 | Utilities folder inside of
your Applications folder.
| | 00:30 | We're going to open Terminal and I'm
going to type clear in order to get the
| | 00:34 | screen emptied out and I'm going to
make it a little bit bigger so we can see
| | 00:37 | better what we're doing.
| | 00:39 | Now I am going to type a long string
of text and then I'm going to explain to
| | 00:45 | you what that string of text does.
| | 00:47 | We're going to start with the
word sudo and we'll go from there.
| | 00:52 | Let's talk about what this
is and what it's going to do.
| | 00:55 | sudo is what we type when we want
to issue a command as the root user.
| | 01:00 | This gives us the root capability without
actually logging us into the root account.
| | 01:06 | defaults is a command that writes a
preference into a preference file or reads
| | 01:12 | from a preference file so that you can change
or read what's going on inside of a preference.
| | 01:17 | write is the flag we use to write.
| | 01:20 | And the Library/Preferences is the
location where this preference file is, and
| | 01:26 | com.apple.SoftwareUpdate is the
pertinent part of the preference file name.
| | 01:32 | If you were to go and read the
preference file later on, it would be
| | 01:35 | com.apple.SoftwareUpdate.plist.
| | 01:37 | That's followed by the words CatalogURL.
| | 01:39 | There is no space between here.
| | 01:42 | It wrapped on the line, but you should
be aware that it's capital C and then
| | 01:46 | lowercase atalog, capital U, capital R,
capital L followed by another space, and
| | 01:53 | then the rest of this is all the URL
that leads us to the software update
| | 01:58 | catalog on our software update server.
| | 02:00 | So we start off with http and then we
move on to :// and then we put in the
| | 02:04 | fully qualified domain
name of our server, :8088.
| | 02:09 | That sends it to port 8088 which is where
the software update service needs to look.
| | 02:13 | We could then follow that with a slash
and then we're going to type this very
| | 02:16 | long sucatalog name, index-lion-
snowleopard-leopard.merged-1.sucatalog.
| | 02:24 | And that will find the correct catalog
to give all updates for any client that
| | 02:29 | you might be going with.
| | 02:31 | This is going to be Lion, Snow Leopard
or a Leopard, all we have to do at this
| | 02:34 | point is hit Return, type in
our Password and we're good.
| | 02:39 | So that is how you get the client configured
to check for software updates from the server.
| | 02:45 | And then we can prove that that worked
by going to the Apple, go to Software
| | 02:49 | Update, it will check for new software,
and you'll see in the next screen that
| | 02:53 | comes up, it will list the name of our
server instead of just a blank bar at
| | 02:58 | the top of the screen.
| | 02:59 | Don't be alarmed if this process takes
a little bit of time, and here we are.
| | 03:03 | So when you run Software Update, it
will say Software Update and in parenthesis
| | 03:07 | it will say the name of your server.
| | 03:10 | If we show our Details, it
will show us hey, look at this.
| | 03:12 | There's a Printer Software
Update that just came out.
| | 03:15 | All I have to do to install
it is click Install 1 Item.
| | 03:18 | It will download the installation.
| | 03:19 | Look at how fast that comes down.
| | 03:21 | That's 100 Megabytes almost of stuff
that just came down in the blink of an eye.
| | 03:25 | The rest of the process is installing
those files and that will take as long as
| | 03:30 | it normally would take.
| | 03:31 | But as you can see, that process goes
much, much faster than it would if you
| | 03:36 | were connecting up to Apple's
software update servers on the Internet.
| | 03:39 | If you make this change to your
system and your system is mobile, if it's
| | 03:43 | moving around a lot, then you'll find
that when you're not connected to your
| | 03:47 | network or when your system can't
find your server then it won't be able to
| | 03:52 | contact any software update server
and so it won't be able to complete a
| | 03:55 | software update process.
| | 03:57 | So you're only going to want to do this
on machines that you want to only update
| | 04:01 | their software through your server.
| | 04:03 | When this is finished, we're going to
move over to the server screen and I'm
| | 04:07 | going to show you how to start this
service without even needing to download the
| | 04:11 | advanced server tools.
| | 04:15 | Okay, so now it's going
to check for new software.
| | 04:18 | It's just completed our previous installation.
| | 04:20 | And when it finds that there is nothing
left to install, it will allow us to move on.
| | 04:25 | I'm going to leave this running in the
background and switch over to our server
| | 04:29 | screen so I can show you the next process.
| | 04:31 | Now that we're over on the server,
I'm going to open up the Terminal
| | 04:34 | application, here I want to issue sudo
-s and I'm going to enter my password.
| | 04:40 | If it doesn't ask you for your password,
it's only because you've entered the
| | 04:43 | sudo password in the last five minutes.
| | 04:45 | It holds it for five minutes and then
it will ask you for it again after if you
| | 04:49 | let that five minutes expire.
| | 04:51 | When you type sudo -s, it will
probably ask you for your password.
| | 04:55 | It's not asking me for my password
because I've already authenticated with sudo
| | 04:59 | in the last five minutes.
| | 05:01 | sudo has a five-minute timer, and
once that expires it will ask you
| | 05:05 | to re-authenticate.
| | 05:06 | So let's get started with the command.
| | 05:08 | serveradmin is the command line
equivalent to the Server Admin program that
| | 05:12 | you've seen inside of the Server folder.
| | 05:14 | This was part of the advanced
server administration tools that we
| | 05:17 | downloaded separately.
| | 05:19 | So if we run serveradmin, we can do
a whole bunch of cool stuff with our
| | 05:22 | services without having to
actually download those extra tools.
| | 05:26 | This is actually part of our server
installation whether we download those
| | 05:30 | additional tools or not.
| | 05:32 | If we wanted to, for example, stop our
software update service, all we would
| | 05:35 | have to do is type serveradmin stop swupdate.
| | 05:42 | Hit Return and it tells us that it's
stopped and it gives us a little log about
| | 05:45 | what's going on with it.
| | 05:46 | If I wanted to start it, I can hit the
Up Arrow to get the last command that
| | 05:50 | I typed, back up here, type start, hit
Return, and it starts it up and tells
| | 05:57 | us that it's running.
| | 05:58 | So I can start and I can
stop services relatively easily.
| | 06:01 | One last thing I wanted to tell you
about software update, you'll notice
| | 06:04 | right here it says that our
update documents root is in
| | 06:07 | /var/db/softwareupdate or swupd.
| | 06:10 | That directory can sometimes get blown up.
| | 06:14 | It can get just completely out of whack.
| | 06:16 | If the software update engine starts
downloading more updates than it should,
| | 06:20 | you may find that it grows enormous.
| | 06:22 | Anything more than say 15, 16,
certainly no more than 20 Gigabytes, would
| | 06:27 | be way, way too big.
| | 06:29 | And if it grows large enough that it
fills up your entire boot volume, it
| | 06:32 | could crash your server.
| | 06:33 | So if you find that you're running out
of disk space on your boot volume and you
| | 06:37 | have no idea why, this is a great place
to go and check, but then when do you do
| | 06:41 | about it if there's a problem?
| | 06:42 | Well, that's actually quite easy.
| | 06:44 | Remember, we've already typed sudo
because we're in this sudo -s environment, so
| | 06:48 | we don't need to type that.
| | 06:50 | But we would want to type rm.
| | 06:53 | rm is the remove command, and if we type
a -R after it, so it's rm -R space, and
| | 07:02 | then we type /var/db/swupd.
| | 07:08 | If we were to remove the entire thing,
I'm not going to issue this command now
| | 07:11 | because we want to keep our software
update, it's completely fine, but if yours
| | 07:17 | was broken, if you had a catalog that
was just out of control, you could get
| | 07:20 | into sudo, type rm -R, space, and
the path to the swupd directory.
| | 07:26 | Hit Return and it would delete the entire thing.
| | 07:29 | Of course, before you do this, you would
want to issue the serveradmin stop swupdate.
| | 07:36 | Then you would issue your rm command,
and once that was finished, you would
| | 07:40 | issue your serveradmin start
swupdate and it would start downloading your
| | 07:44 | catalog all over again.
| | 07:46 | So this is just a couple of really cool
tricks and tips that you can do with the
| | 07:50 | software update service on Lion Server.
| | Collapse this transcript |
| Enabling PPTP VPN for older clients| 00:00 | The VPN software that you set up when
you enable VPN in the server app enables
| | 00:05 | something called L2TP over IPSec VPN.
| | 00:09 | Now this is a very powerful,
very good VPN solution.
| | 00:13 | It has grade encryption. It's very secure.
| | 00:17 | I highly recommend it.
| | 00:19 | But it's not going to work in every case.
| | 00:21 | Sometimes you're going to need to enable
PPTP VPN in order to be compatible with
| | 00:27 | older Windows clients or maybe to get
around firewalls that won't let you get
| | 00:32 | your L2TP over IPSec connection through.
| | 00:34 | So we're going to talk in this movie
about how to enable PPTP VPN without having
| | 00:42 | to get into a graphic user
interface, because Apple has removed it.
| | 00:46 | So there's something called PPTP VPN.
| | 00:49 | It's just a different type of protocol.
| | 00:51 | And it is possible on Lion Server, but
you can't do it in any graphic app at all.
| | 00:57 | It's all got to be done at the Command Line.
| | 01:00 | And while that's difficult, I do want
to at least show you how to do it, and
| | 01:04 | we're going to do it in kind of the
longhand way of doing it and I am going to
| | 01:08 | show you what that is.
| | 01:10 | So I am just going to swipe over to my
server and using our Lion screen sharing
| | 01:14 | thing here, and what we're going to do
first is go to Utilities and we're going
| | 01:18 | to go into the Terminal application,
and just typed t-e-r after hitting
| | 01:23 | Command+Shift+U and Command+O will
open up that application, just fine.
| | 01:28 | I am going to type a few things here.
| | 01:30 | So sudo -s because I want this whole
session to be done as root that we've done
| | 01:36 | before and I'm going to get
my little cheat sheet here.
| | 01:41 | I've got a sheet filled with parameters
for the VPN server that need to be added
| | 01:45 | in using the serveradmin settings
capabilities here in the Command Line.
| | 01:51 | So what we are going to going to do is
we are going to type serveradmin settings
| | 01:56 | and then we're just going to copy a line.
| | 01:58 | It's just going to be vpn:Servers
because we're providing settings to the server
| | 02:03 | admin application for the VPN service.
| | 02:05 | It's basically how that works.
| | 02:07 | And we are just going to copy and
paste each of these in here because that is
| | 02:11 | way easier than typing it all by hand.
| | 02:16 | I am going to do several of these.
| | 02:21 | We're going to include this file as an
exercise file because even though you
| | 02:26 | will probably never need to do any of
this stuff again after you've entered it
| | 02:29 | once, it can be very, very helpful to
have this here, so that you can just copy
| | 02:34 | and paste this stuff in here.
| | 02:35 | It will save you a ton of typing.
| | 02:37 | I am going to fast-forward to
the point where we're finished.
| | 02:39 | Okay, so we are finished.
| | 02:41 | Now when we're done I am going to
type serveradmin fullstatus vpn and what
| | 02:47 | that's going to give us is a complete
list of everything that's on our system.
| | 02:51 | So here you can see all of our PPTP
settings that are in here as a result of all
| | 02:57 | of the stuff that we put in.
| | 02:58 | So if we were on serveradmin stop vpn
and then run serveradmin start vpn it's
| | 03:10 | now running with our new PPTP settings,
we should be able to connect up any
| | 03:15 | Windows machine over PPTP to our VPN.
| | 03:19 | All we would need to do at this point
is forward the appropriate ports from our
| | 03:24 | AirPort Extreme Base Station to our
server so that PPTP VPN would be supported.
| | 03:29 | To do that I'm going to show you the
last thing I wanted to show you in this
| | 03:33 | movie about PPTP VPN and I am going to
do that over here on our client-side.
| | 03:38 | So I am going to do my pinch, we are
going to open up Safari and from Safari
| | 03:42 | we're going to go to support.apple.com.
| | 03:46 | From Apple support I am going to do a
simple search on the words well known
| | 03:51 | ports and you see the first hit whenever
you type that and is Well Known TCP and
| | 03:56 | UTP ports used by Apple.
| | 03:58 | You can get to this from
Apple support site from anywhere.
| | 04:01 | it's of great page that
Apple keeps updated frequently.
| | 04:05 | I'll click on that there and here it is.
| | 04:08 | And you can see that as we scroll down
every single port number that Apple uses
| | 04:13 | for their products to function is listed here.
| | 04:15 | So to find the PPTP port numbers that
I need to forward, it's very simple.
| | 04:21 | If I type Command+F in my browser and I
just type PPTP, it will take me straight
| | 04:26 | to the ones I need to forward.
| | 04:27 | 1723 over TCP will take PPTP through my
firewall and it will take it through my
| | 04:33 | router and it will get to my server.
| | 04:36 | There are three matches for PPTP though.
| | 04:40 | The third is down here where it has
a note for a 10.3 VPN service using
| | 04:44 | something called IP-GRE
protocol or IP protocol 47.
| | 04:49 | If you're on the type of firewall where
you can enable or disable that, you'll
| | 04:53 | need to make sure that that's
routing through your firewall.
| | 04:55 | Otherwise, don't worry about it
because most devices handle that
| | 04:59 | completely automatically.
| | 05:01 | So I just wanted to show you that
fantastic knowledge base article, again that's
| | 05:05 | knowledge base TS1629.
| | Collapse this transcript |
| Viewing user and group information directly| 00:00 | All right! So we are over here on our server
and I wanted to show you how to read raw
| | 00:05 | user and group data.
| | 00:06 | This is more of a thing that you can do
for fun than it is something that you're
| | 00:10 | going to need to do for
troubleshooting most of the time.
| | 00:13 | If you're in a situation where you
can't login or you think you can't access
| | 00:17 | user information, some of
this stuff might turn useful.
| | 00:20 | But it's good just for the foundations of
your knowledge to know where these things are.
| | 00:23 | I am going to show you two ways
to find user and group information.
| | 00:27 | specifically we're going to navigate to
Paige's user record inside of the directory.
| | 00:32 | We are going to do that using dscl at
the Command Line and then I am going to
| | 00:35 | show you how to do the same
thing in the directory Utility.
| | 00:38 | So let's get started with dscl.
| | 00:39 | I am already in a Terminal window and
going to type sudo -s because I just want
| | 00:44 | to be in a sudo session.
| | 00:46 | Now I am going to type dscl, Enter and
that enters me into dscl or Directory
| | 00:52 | Service Command Line Utility interactive
mode and all I have to do to find users
| | 00:57 | is figure out where I am.
| | 00:58 | Well this uses regular Command
line commands for a lot of navigation.
| | 01:02 | So for example, I can type ls and I
can see where I am and I can type cd
| | 01:07 | to change directory.
| | 01:08 | So if I know that Paige is inside of my
LDAPv3 directory which I do, I can type
| | 01:14 | the first couple of letters, case
sensitive here and hit Tab and it will
| | 01:18 | auto-complete for me.
| | 01:19 | I can hit Return and now it
returns that I'm in LDAPv3.
| | 01:23 | See how that works? Very cool!
| | 01:25 | So if I ls here I can see, ah!
| | 01:27 | Well of course, that's my local LDAP
directory, so let's just cd into that.
| | 01:32 | 127.0.0.1, okay great, now let's hit
Return there and let's ls again. Wow!
| | 01:37 | Look at all that cool stuff.
| | 01:39 | We've got the entire directory in front of us.
| | 01:41 | If we cd into users and we type
ls, look at that, there is paige.
| | 01:46 | Now if I type read and paige's name
there is paige's full user record.
| | 01:54 | I can scroll up through it
and look through the hash.
| | 01:57 | The record starts right about up
here and you can see all sorts of useful
| | 02:02 | information, including the Kerberos
user name and the realm and the node of
| | 02:08 | the directory she's in.
| | 02:10 | You can see the MetaRecordName right there.
| | 02:13 | Down here you can see her FirstName,
LastName and her GeneratedUID and again, a
| | 02:18 | lot of this stuff may not be useful to you.
| | 02:20 | But what you know from looking at this
is that the user record absolutely exists
| | 02:25 | that you can navigate to it
that it's in the directory.
| | 02:28 | So this tells you that there's
definitely a user account there to be
| | 02:32 | authenticated against.
| | 02:33 | If you're having problems
accessing this user or this user was having
| | 02:36 | trouble logging in, this might be a nice first
step in trying to figure out what was going on.
| | 02:42 | Anyway, let's type exit here and we'll
exit out of that and that's the third
| | 02:47 | exit in order to get
completely out of our process.
| | 02:49 | And we'll quit Terminal.
| | 02:51 | So where are we going to go next?
| | 02:53 | Well, let's hit Command+Shift+C in
order to go right to our computer level and
| | 02:58 | then we are going to navigate
through Server HD > System > Library >
| | 03:03 | CoreServices, this is where all the
cool apps are and we are going to come down
| | 03:07 | here to where we have the Directory
Utility and we'll double-click on it.
| | 03:12 | Inside of Directory Utility we now
have this cool Directory Editor, and if we
| | 03:16 | look at the Users area in the Directory
Editor we can see there is Paige's user
| | 03:21 | record and we can scroll through it and
we can see all of the same information
| | 03:25 | that we were looking at in the dscl.
| | 03:27 | Difference is, this is prettier.
| | 03:29 | So, that is how you access user
record information using both the Directory
| | 03:34 | Utility and dscl at the Command Line.
| | Collapse this transcript |
| Using the Terminal to check and change settings| 00:00 | Here on your server there are a few
advanced things that you can do that are
| | 00:05 | kind of system level, and I'm
going to start with the most basic.
| | 00:08 | Probably the single thing that I get
the most questions about from previous titles is DNS,
| | 00:13 | and you may have noticed
in this title we didn't talk about DNS
| | 00:16 | hardly at all, except for how to set
DNS up on the outside world so that people
| | 00:21 | could get to you on the inside.
| | 00:22 | But we're using mini DNS on the server.
| | 00:24 | We're letting it handle it on its own
and that's working for us really nicely.
| | 00:29 | I wanted to keep it that way so folks
got the idea that this is not the end of the world.
| | 00:33 | You don't have to get in
there and start monkeying around with your
| | 00:36 | DNS in order to make things work.
| | 00:38 | In fact, you've seen everything is
working great for us and it's doing so
| | 00:43 | because we didn't mess around with it.
| | 00:44 | So what I'm going to show you now is
how to confirm using the command line
| | 00:48 | that your DNS setup is actually correct,
because if you're having problems, maybe it's not.
| | 00:53 | So we're going to get to our
Utilities folder here and we're going to
| | 00:57 | scroll down to Terminal.
| | 00:59 | All right, so now we're in Terminal,
we're going to type the word hostname.
| | 01:02 | It's all one word, no space in the
middle and hit Return, and this is going to
| | 01:06 | tell us what the server thinks
its fully qualified domain name is.
| | 01:10 | I'm going to then type host and I'm
just going to type exactly what it returns
| | 01:15 | to me and hit Return. Fantastic!
| | 01:17 | So this tells us the result of a DNS lookup.
| | 01:19 | and it knows that our name
has an address of 192.168.19.2.
| | 01:25 | Well, that's right, that's exactly where we are.
| | 01:27 | So let's do that again, except this time
I'm going to type host and I'm going to
| | 01:33 | type 192.168.19.2, and we get
the result of our reverse lookup.
| | 01:36 | So this tells us that we have a
forward lookup and that's correct in DNS and
| | 01:41 | this tells us that our reverse lookup is good.
| | 01:43 | Typically you want to do this type of
lookup before you go through the step of
| | 01:47 | creating an open directory Master,
and I went ahead and did that one.
| | 01:51 | We did ours in the first place, but I
just wanted you to know that this is a
| | 01:54 | backend tool that you can use.
| | 01:57 | Command Line might be a little scary
for new administrators, but it's a really
| | 02:01 | useful thing that you can
do to double check your DNS.
| | 02:04 | One last thing here about DNS,
and that is changeip -checkhostname.
| | 02:09 | Now this has to be run a sudo.
| | 02:11 | So I'm going to hit Ctrl+A to go back
to the beginning of my line, type sudo
| | 02:15 | space so that I got the
whole thing and hit Return.
| | 02:17 | Authenticate with my password.
| | 02:19 | If you get a result like
this, you're in great shape.
| | 02:22 | It tells you your Primary IP address,
your Current HostName, your DNS HostName.
| | 02:26 | If they match, and it tells you, hey,
they match, there is nothing to change.
| | 02:30 | So I'm going to type exit here
and we'll get out of Terminal.
| | 02:34 | The next thing I want to show you
about system level advanced tips and
| | 02:38 | tricks here is that you can find
manual pages, these are the manual pages on
| | 02:43 | how different Command Line commands work, by
doing a search for different subject matter.
| | 02:49 | So what if you don't know the name
of the command you're looking for?
| | 02:52 | What if you want to just find
something about say, users? That's a good one.
| | 02:57 | Well, let's go back into Terminal and
we're going to type man -k space, and
| | 03:04 |
| | 03:05 | what did I say, users?
| | 03:06 | Let's do that, users and Return.
| | 03:09 | And here are a whole bunch of different
commands that have something to do with users.
| | 03:14 | Some of them have the word users write
in the name of the command, some of them
| | 03:19 | don't at all, and they give you an
explanation of what it is and why it is.
| | 03:24 | For example, let's do this,
sudoers. That's great.
| | 03:26 | Let's type man sudoers and here is a
man page that explains what the sudoers
| | 03:33 | file is and how it works.
| | 03:35 | You read through this, you got
your aliases, they are at the bottom.
| | 03:39 | You're going to usually have some
special usage instructions with some examples
| | 03:44 | of how to type the command.
| | 03:45 | sometimes these things are
very long like this one is.
| | 03:49 | So clearly a lot of great information
about the sudoers file, and a lot of
| | 03:54 | fantastic information that you can go
through, you can read, and you can learn
| | 03:58 | about how to use these
different Command Line commands.
| | 04:01 | Okay, so that one is going to open up
just a whole huge can of worms for you,
| | 04:05 | because you're going to get in and
start exploring and just love the command
| | 04:08 | line all of a sudden.
| | 04:10 | The last thing I want to talk about
here that is sort of a command line
| | 04:13 | system-level tip or trick here, is
that in Lion, Command+Shift+H takes you
| | 04:19 | directly to your Home directory, and in
prior versions of OS X, you'll remember
| | 04:24 | we had a library folder in our Home folder.
| | 04:28 | Note that if you look at the contents
of your Home directory now and this is
| | 04:31 | either on server or online client, there
is no library folder. Now they hid it.
| | 04:36 | It's there, but they made it invisible.
| | 04:40 | So how did they do that?
| | 04:41 | Well, there are a lot of things that are
hidden in Mac OS X. If you wanted to go
| | 04:46 | to that folder, you could say Go to
Folder, you could use the Tilde because
| | 04:50 | that's a shortcut for your home folder,
and then slash , and then Library and
| | 04:58 | there you are, look at that.
| | 05:00 | So the Library folder is there, but
look at what they're doing with it.
| | 05:03 | If you select something inside of the
Library folder, you'll notice that it's
| | 05:06 | sort of ghosted out.
| | 05:08 | it's showing you that it's there, but it's
not supposed to be there, like it's a secret.
| | 05:12 | Well, you can make that permanently
visible if you want to, and again, this is
| | 05:17 | going to be using the Command Line, so
we're going to switch over to Terminal.
| | 05:20 | I'm going to open up a new Terminal window.
| | 05:23 | We're going to use a command called chfLags.
| | 05:25 | Let's just bring up the CHFLAGS man
page really quickly here, just so you can
| | 05:30 | see the command and I'd like to point out this.
| | 05:35 | This is a line in the CHFLAGS man page
that references something called hidden,
| | 05:40 | which sets a flag on a file or
folder called the hidden flag.
| | 05:45 | So what I'd like to point out here is
that each and every one of these commands
| | 05:49 | and flags could have the word no put before.
| | 05:51 | You see that right here at the
bottom of the screen right there.
| | 05:54 | So any of these hidden uappend whatever can
work with no, which of course, we'll unhide.
| | 06:01 | So let's see how that works.
| | 06:02 | By the way, I'm only showing you
how to do this if you want to do this.
| | 06:07 | If you choose not to, that's
perfectly fine. So here we go.
| | 06:11 | We're going to type the command.
| | 06:12 | We're going to go sudo chflags
nohidden and then we're going to with the path
| | 06:18 | directly to our Library folder.
| | 06:21 | And now if we go over to the Finder, and
we go to our Home folder, there we are.
| | 06:28 | It is now visible and it won't go back away.
| | 06:31 | If you want to return that to a hidden
status, all you have to do is Up Arrow
| | 06:38 | and remove the word no
from the beginning of hidden.
| | 06:40 | As soon as you do, it's gone.
| | 06:44 | So a little bit of magic here in OS X server
and OS X client, this is pretty cool stuff.
| | 06:49 | So the next thing I want to show you
is not in the Terminal at all, this is
| | 06:54 | something that we have to
reboot our computer for.
| | 06:57 | So I'm going to get out of this movie,
we're going to go into a different movie
| | 07:01 | where we're going to show you how to
use a Command key combination to reboot
| | 07:08 | into the system recovery partition
that's new and big part of how you're going
| | 07:13 | to troubleshoot Lion, how you're going
to install it, how you're going to work
| | 07:17 | with discs whenever you're not
booted from your main OS volume.
| | 07:21 | Okay, so we're going to talk about
several of those options in this next movie.
| | Collapse this transcript |
| Booting from the Recovery HD partition to restore from a Time Machine backup| 00:01 | Welcome to the Startup Manager screen.
| | 00:03 | So we got here by starting up our
computer and in this case this is a Mac mini
| | 00:09 | a Mid 2011 Mac mini and we started this up
holding down the Option key on our keyboard.
| | 00:14 | The Option key on your keyboard is
what gives you the Startup Manager and it
| | 00:17 | allows you to see any bootable
device that's available for you.
| | 00:22 | So for example if we had a net boot
server out there that we had serving up a
| | 00:26 | boot set at the moment, we would see that there.
| | 00:29 | But what we see right now are just
Macintosh HD there and we see the
| | 00:33 | recovery hard drive partition that is new in
Lion and this is what we're here to show you.
| | 00:39 | You can also get into the recovery HD
partition by holding down Command+R during
| | 00:44 | startup it will go straight to it.
| | 00:47 | Command+R only works on the new hardware.
| | 00:50 | So right now that's the new Mac mini's
and the new Macbook Airs, and of course
| | 00:56 | that includes the Mac mini Server.
| | 00:58 | We're going to press the Return button
or the Enter key in order to startup in
| | 01:02 | this recovery HD partition.
| | 01:05 | We start off by seeing the background
screen that we would normally associate
| | 01:09 | with an iPad for example.
| | 01:10 | It looks very iOS, very cool, and
we get our Mac OS X Utilities window.
| | 01:17 | The first one is Restore From a Time
Machine Backup and we will be doing that
| | 01:21 | as part of this title.
| | 01:23 | The next is Reinstall Mac OS X.
This allows you to do a complete
| | 01:26 | reinstallation of Mac OS X directly
from here onto the internal hard drive on
| | 01:31 | your machine or onto another hard
drive, maybe an external hard drive that
| | 01:36 | you've got attach to your computer.
| | 01:38 | You can also Get Help Online and this is a
new thing, because we are internet enabled.
| | 01:42 | If I click Continue here, you can see I
can get into a help system and I can get
| | 01:48 | out to the Internet.
| | 01:50 | I can actually route through.
| | 01:51 | If I've got DHCP on my network and I'm
able to route out I can get out to any
| | 01:56 | website I need to in order to get help.
| | 01:58 | So I can go to Apple and their support
site for example at support.apple.com.
| | 02:07 | This is just the recovery HD
partition and here we've gone to the
| | 02:10 | support.apple.com website and we can search on
a knowledge base for example on Lion startup.
| | 02:20 | We can do a search and we can find
relevant things that we need for our help.
| | 02:25 | So that's very cool and very new.
| | 02:27 | I am going to quit that.
| | 02:29 | We can also get into Disk Utility
to prepare hard drives go up here.
| | 02:34 | We can look at our Installer Log.
| | 02:36 | Another cool thing about this is if
you run your Mac OS X installer and you
| | 02:39 | leave the Installer Log open whenever
it finishes the installation it won't
| | 02:44 | restart the computer and that's very
helpful, because if you have a failure in
| | 02:49 | your installation you might want to go
back through the Installer Log to find
| | 02:53 | out why you had that failure and
so that log can be very helpful.
| | 02:56 | If you leave it open that
won't be a problem for you.
| | 02:59 | You also have access to the
password a utility here for the firmware.
| | 03:03 | So you can enter a Firmware Password,
you can use the Network Utility to
| | 03:08 | troubleshoot your network connection,
and of course you've got Terminal with a
| | 03:11 | wide array of command line utilities.
| | 03:15 | So the thing we came in here to do was
to Restore From a Time Machine Backup.
| | 03:20 | We have our Time Machine Backup
drive plugged in to the system.
| | 03:24 | So what we're going to do here is
we're going to select Restore From Time
| | 03:28 | Machine Backup and I'm going
to click the Continue button.
| | 03:34 | So we've got our Restore Your
System list of things to do and not do.
| | 03:38 | Mostly they're trying to teach you in
this screen how to proceed if you're
| | 03:42 | trying to do various things.
| | 03:42 | We need a full restore of our server
onto a drive, because we're saying for
| | 03:47 | example maybe we've had a
catastrophic system failure.
| | 03:51 | So we'll hit Continue.
| | 03:52 | So here's our backup drive and you do
remember we encrypted that whenever we set it up.
| | 03:57 | So we're going to click Unlock and it
will ask us for the password to unencrypt
| | 04:01 | the disc and we'll click Unlock.
| | 04:07 | Now it's decrypted and we can see that it is
indeed a FireWire hard drive. Click Continue.
| | 04:15 | This is a really, really nice.
| | 04:17 | We can very easily select any
state the server has been in since we
| | 04:22 | started backing up.
| | 04:23 | So if we know that we did something
between backups, we no longer have this
| | 04:28 | problem where we can only get the
most recent backup back onto our server.
| | 04:33 | We can go back to anything we want.
| | 04:35 | We're going to go to the most recent
one just because that happens to have
| | 04:38 | the information that we really, really want
back on this machine and we'll click Continue.
| | 04:44 | Then you select your
destination and we click Restore.
| | 04:49 | It gives you one final warning that
you're about to erase all of the data on
| | 04:53 | your internal hard drive and asks if
you're sure you want to do that, go ahead
| | 04:55 | and click Continue and it begins to
restore the Server HD onto the disk that we
| | 05:02 | have in here named Macintosh HD.
| | 05:05 | Whenever it's finished we should
have a fully functional system.
| | 05:09 | This process should take
quite a long time though.
| | 05:12 | In the next movie we're going to show
you what to do if for some reason your
| | 05:16 | recovery HD partition is removed from
your internal drive perhaps you've put in
| | 05:21 | a brand-new drive or perhaps your
existing drive has been completely wiped.
| | 05:26 | Either way you're going to need to do
something to get that recovery HD back so
| | 05:30 | you can install your software back on
your computer, and we're going to show
| | 05:33 | you how to do that.
| | Collapse this transcript |
| Restoring your operating system from the internet| 00:00 | One of the great features of the Macs'
released after Lion is the Restore function.
| | 00:05 | On these new models you can hold down
Option+Command+R while booting the Mac.
| | 00:11 | This loads into a recovery environment
like you're seeing here that kick starts
| | 00:15 | the Lion installer from the Internet.
| | 00:17 | What you're looking at here is the Mac
actually downloading software from Apple
| | 00:23 | across the internet.
| | 00:24 | You've got a cool rotating globe there and a
progress bar to show you how long it will take.
| | 00:29 | On a typical broadband connection
it will take six to seven minutes.
| | 00:33 | You have to have an active internet
connection for this to function, but that's about it.
| | 00:37 | All right, so as soon as it finishes
loading that software from the internet, we
| | 00:41 | will be presented with the
Mac OS X Utilities menu again.
| | 00:45 | That gives us the opportunity to
restore from Time machine, install Mac OS X or
| | 00:49 | fix our discs with this utility.
| | 00:50 | Then we'll move into the Installer and
it will proceed to download the rest of
| | 00:56 | the Mac OS X software necessary to install Lion.
| | 00:59 | We agree to our License agreements,
select the internal hard drive we want to
| | 01:05 | install onto and click Install.
| | 01:08 | The rest of this process
takes a pretty long time.
| | 01:12 | When you get to the end of the
initial process, the system will reboot.
| | 01:17 | After the reboot you'll find
yourself in an Install Mac OS X window you
| | 01:21 | can't really ctrl, you'll just be
sitting here waiting for it to finish
| | 01:24 | doing the installation.
| | 01:25 | Of course, this is the point
we've all been waiting for.
| | 01:29 | Our installation was successful and our
system will now be restarting so that we
| | 01:33 | can start using Lion.
| | Collapse this transcript |
| Disabling Time Machine snapshots on the local machine| 00:00 | In this movie I'm working from the Mac
mini-server that we set up on-the-fly
| | 00:05 | just off of our client and we've
just changed its network identity.
| | 00:09 | This happens to be a Mac Mini, but this
could just as easily be a MacBook Air.
| | 00:16 | Those are supported.
| | 00:17 | If you leave it on, it'll be
accessible and Apple will absolutely support a
| | 00:21 | server installation on a MacBook Air now.
| | 00:25 | But because of that there are some
things that you might want to do in order to
| | 00:28 | improve the performance on that machine,
and one of those things has to do with
| | 00:32 | a brand-new command line utility
that helps you control Time Machine.
| | 00:37 | That's a new thing and I'm a big fan of it.
| | 00:39 | So to get to that, we're going to
open up the Terminal application.
| | 00:43 | We are going to go to the Utilities
folder and we'll scroll all the way down the
| | 00:48 | Terminal, we are going to double-click
on Terminal and make the window a little
| | 00:51 | bit bigger, so we can see it better.
| | 00:53 | We are then going to type sudo -tmutil,
followed by disablelocal, and hit Return.
| | 01:02 | If it asks you to authenticate, that's fine.
| | 01:04 | Go ahead and put in your local admin password.
| | 01:07 | But what this has just done is it has
disabled all of the little local snapshots
| | 01:11 | that Time Machine normally would do on
a client system, so that it doesn't have
| | 01:16 | to take up all of that background processing.
| | 01:18 | It gives more processing power to all of the
other server services that you might set up.
| | 01:23 | So this is just a little tip on how to
improve the performance of your server
| | 01:27 | using Mac OS X server Lion.
| | Collapse this transcript |
| Troubleshooting NetBoot in a multi-subnet environment| 00:00 | When you're running your NetBoot service,
it's very important that the clients
| | 00:04 | you're trying to NetBoot from are on the
same subnet as the server. very important.
| | 00:11 | Or at the very least you have to set
up ports 67, 68, and 69 to go between
| | 00:17 | subnets and if you're a crossing
subnets or if you're going between VLAN's on a
| | 00:22 | managed network, you're going to have
to set up helper addresses, because the
| | 00:27 | Boot Service Discovery Protocol
that's being used to figure out where that
| | 00:32 | NetBoot server is from the
client is very similar to DHCP.
| | 00:36 | It travels over the same ports and it
happens at roughly the same time after
| | 00:40 | you've already received an answer
to the request for an IP address.
| | 00:44 | So if you just set up the same DHCP
helper addresses that you would for a DHCP
| | 00:48 | server, except you point them to the
NetBoot server, that'll enable that NetBoot
| | 00:53 | server to respond to those requests
when they pop out of your client systems.
| | 00:57 | Now the other thing is that TFTP, NFS,
and DHCP are all being used in this process.
| | 01:03 | So those can't be obstructed
between the client and the server.
| | 01:07 | Lastly, most networks use
something called Spanning Tree.
| | 01:11 | that is a branded term from Cisco.
| | 01:13 | That basically means that the switch is
going to hold on to all of the traffic
| | 01:17 | that comes through a port whenever it
first detects a signal on that port.
| | 01:23 | So basically as soon as a computer
starts up or as soon as a connection is made
| | 01:27 | on a switch that has Spanning Tree
enabled, that port is going to hold all of
| | 01:31 | that traffic until the switch can
determine if that port is a loop, because
| | 01:36 | loops are bad in networks.
| | 01:37 | So if somebody were to plug a cable
from one switch into another switch on the
| | 01:41 | same network it would create a loopback
which would cause damage on the network.
| | 01:45 | Cisco creates a Spanning Tree to avoid
that, but the problem is by the time the
| | 01:50 | switch determines if there's a loopback
happening, it will have already caused
| | 01:54 | your Macs that are trying to NetBoot to
time out, and they'll just roll over to
| | 01:59 | the internal hard drive or tell you that
they don't have something they can boot from.
| | 02:02 | So to solve this problem Cisco came
up with something called PortFast.
| | 02:06 | PortFast just allows all of that
traffic to go through that switch port.
| | 02:10 | It still does the analysis to
determine whether or not there's a loop and it
| | 02:14 | will shutdown the port if there is.
| | 02:16 | The PortFast allows all of our traffic
to go out through the port to make its
| | 02:20 | way to the server, so the server can
respond appropriately. So remember this:
| | 02:25 | the rule is if you have Spanning
Tree you've got to turn on PortFast.
| | 02:31 | If you tell your network administrator
that they will know exactly what you're
| | 02:34 | talking about and everything will be fine.
| | 02:35 | If you're not a managed network you
won't have Spanning Tree so you don't
| | 02:39 | have to worry about it.
| | Collapse this transcript |
| Reviewing the boot modifier keys| 00:00 | If you hold down Command+
Option+R you will be taken to an
| | 00:07 | Internet-based download.
| | 00:08 | It will in the Firmware, go to Apple.
| | 00:11 | Download just enough to run
a new recover HD partition.
| | 00:16 | Then when it's got all of the software
it needs, which takes about 6-7 minutes
| | 00:20 | over a fast broadband connection.
| | 00:22 | It will restart your system into that
recover HD partition where you can run all
| | 00:29 | of the recover HD utilities, like Disk
Utility, Time Machine restore or even
| | 00:34 | reinstall OS X operating system.
| | 00:37 | If you want to boot into single user
mode, press Command+S at Startup, and you
| | 00:41 | will be dropped into a
black screen with white text.
| | 00:44 | This is the Single User mode.
| | 00:46 | this allows you to be in the Unix's
system before the hard drive is mounted in
| | 00:51 | a read/write fashion.
| | 00:53 | This is going to allow you to do all
sorts of cool things to run utilities
| | 00:56 | against your hard drive, if
you are ever having problems.
| | 00:59 | If you hold down Command+V at boot up, it
will show you a black screen with white text.
| | 01:04 | This shows you all of the Unix stuff
that's going on underneath the surface
| | 01:08 | while your computer is booting.
| | 01:10 | If you hold down the D key while
you're booting up, this will take you into
| | 01:14 | a Diagnostics Mode.
| | 01:16 | This allows you to run hardware tests
on your computer and the Diagnostics Mode
| | 01:21 | is included with your computer if
you're running on a computer that was made
| | 01:25 | after roughly the beginning of 2010.
| | 01:28 | If you hold down Command+Option+P+R at
system boot, your system will restart and
| | 01:35 | you'll hear the system chime at full volume.
| | 01:37 | This resets your nonvolatile RAM and
can reset many settings that otherwise
| | 01:42 | would be causing you problems.
| | 01:44 | This is a great troubleshooting tool, if
you're having problems with your system
| | 01:47 | that you can't otherwise figure out.
| | 01:50 | If you hold down the T key while you're
booting your computer, it will take you
| | 01:53 | into Target Disk Mode.
| | 01:54 | Target Disk Mode puts your computer
into an open state where you can connect
| | 01:59 | your computer via FireWire or
Thunderbolt if you have it, to another computer.
| | 02:04 | The Target Disk Mode enabled computer
will appear to the other computer as an
| | 02:09 | external hard drive.
| | 02:11 | This can be a very effective way to
transfer information from one computer to another.
| | 02:15 | This is especially helpful during an upgrade.
| | 02:18 | Holding down the Shift key
during boot is called Safe Booting.
| | 02:21 | When you're in Safe Mode Apple stops
the operating system from loading any of
| | 02:26 | the extra bits that you might have
installed with third-party applications and
| | 02:31 | it also stops the system from loading
a lot of the modifications you may have
| | 02:34 | put into your user folder.
| | 02:36 | This can help you to run your system
cleanly if your system is misbehaving.
| | 02:41 | The stuff that's left out while you're
in Safe boot, is stuff that's in your
| | 02:45 | Home folder, in your Library folder,
like your Preferences, any additional fonts
| | 02:50 | that you may have
installed there or startup items.
| | 02:53 | Safe Mode also stops the system from
running anything that's located in the root
| | 02:57 | level library folder.
| | 02:59 | That's the library that's right at your
hard drive level when you first open up
| | 03:03 | your hard drive in the Finder.
| | 03:05 | By disabling items in your Home folder
and the root level Library folder, Apple
| | 03:09 | is ensuring that what is being loaded
is only the pristine original operating
| | 03:14 | system that was shipped with your computer.
| | 03:16 | That's why we always tell people
never to modify the contents of the folder
| | 03:21 | labeled system at the root
level of your hard drive.
| | 03:25 | If you want to learn more about
Apple's keyboard shortcuts, you can go to
| | 03:29 | support.apple.com/kb/ht1343.
| | 03:34 | There you'll find extensive
information about all of the keyboard shortcuts
| | 03:39 | that are available, a handy
translation guide that will help you to translate
| | 03:43 | the symbols for keys into what that
key actually is on your keyboard and more information.
| | Collapse this transcript |
| Assigning an address and name to an upgraded server| 00:00 | If we open up System Preferences and go
to Network, the first thing you're going
| | 00:04 | to notice here that's different from
our other server setup is this is all
| | 00:08 | happening over DHCP.
| | 00:10 | We've gotten an address that in our
DHCP pool and because DHCP can change this
| | 00:16 | could be moving around a lot.
| | 00:18 | That's going to be fine
for a lot of services, right?
| | 00:20 | If we're setting up file sharing and
our clients are connecting to us over
| | 00:25 | Bonjour, and when I say Bonjour I mean this.
| | 00:27 | If we had a new window here and we
look at what's in the Shared sidebar over
| | 00:32 | here, well, you can see here I've got a
Mac Tower that's got file sharing turned on.
| | 00:36 | That's a client system.
| | 00:37 | It doesn't have a static IP Address.
| | 00:40 | It doesn't need one.
| | 00:41 | It's sharing over Bonjour and
people can find it there using Bonjour.
| | 00:46 | We can do the same thing with our OS X server.
| | 00:48 | Now this is something that was not
supported previously, but is now and that's fine.
| | 00:53 | But this is where we need to shape your
expectations, because there are a lot of
| | 00:57 | services that really won't work if
your IP Address is changing frequently and
| | 01:02 | those are the ones that don't depend
on Bonjour for functioning like profile
| | 01:05 | management for example.
| | 01:06 | Kerberos, if you're setting up an open
directory master which again would be
| | 01:12 | necessary for profile management.
| | 01:14 | These types of services and mail for
example won't work if there is not an IP
| | 01:20 | Address that maps to a name
that maps to an MX record.
| | 01:23 | There are a lot of things that all
need to map to each other so that whenever
| | 01:26 | somebody throws the traffic out it
supposed to go to a certain location.
| | 01:30 | The server is actually where it
supposed to be when the traffic gets there.
| | 01:34 | Now if you've set up your server and
it's been on a DHCP network up until the
| | 01:39 | point where you've got it set up, now
you're in exactly the condition that this
| | 01:43 | server is in here and you're probably
going to want to change this IP Address.
| | 01:48 | I'm going to select the Configure IPv4
menu and select Manually instead of DHCP.
| | 01:53 | I am then going to use an IP address that is
within our subnet, but outside of our DHCP range.
| | 02:02 | That's going to be something like .3 for
example which we haven't used yet. It's low.
| | 02:06 | It's right above where our other OS X
server is sitting and it won't conflict
| | 02:11 | with anything on our network.
| | 02:13 | Once I hit Apply that's
going to change some stuff.
| | 02:18 | We get our static IP Address.
| | 02:20 | It changes our location on
the network within the subnet.
| | 02:24 | We just need to make a couple of more changes.
| | 02:26 | When we get into the Advanced area
we're going to go over here to DNS and under
| | 02:31 | DNS we're going to put in our own IP Address.
| | 02:34 | I want this thing to set up its own mini
DNS to support its naming and we'll click OK.
| | 02:40 | We'll also click Apply and at this
point if I were to open up Safari,
| | 02:44 | nothing would work.
| | 02:46 | It would be a pretty big nightmare.
| | 02:47 | But what we are going to do is we're
going to close this, we're going to open
| | 02:53 | up Server app and when it brings up
our Hardware configuration area click on
| | 03:00 | the Servers name under Hardware, and we're
going to come over here to what says Network.
| | 03:04 | You really want to wait for this gear
to stop spinning before you change any
| | 03:07 | settings in the server app, because
while that's spinning the Server app is in
| | 03:11 | the middle of making changes to settings
and if you go and change settings while
| | 03:15 | it's in the middle of making
existing changes to settings, you can end up
| | 03:18 | sandwiching things together
and making a mess. There we go!
| | 03:22 | Now that the gear has stopped
spinning we can move forward.
| | 03:25 | Then next thing I want to do is I'm
going to change the name of my Server.
| | 03:29 | So I can easily change the
Computer Name and this Local Hostname.
| | 03:33 | I am going to call this big-mini-server
and the Local Hostname is going to also
| | 03:41 | be that, big-mini-server.
| | 03:42 | I click OK there and then I come
down here and click on the Host Name.
| | 03:49 | What's going to happen whenever this
Change Host Name screen comes down is it's
| | 03:52 | going to evaluate the network.
| | 03:54 | This might take some time.
| | 03:55 | Wait for the gear to finish spinning.
| | 03:57 | But when it does it'll let you walk
through the process necessary to change your
| | 04:02 | computer's hostname and its IP address
properly so that it will be sitting on
| | 04:06 | the new network identity.
| | 04:08 | You can restart the server and
it will start functioning better.
| | 04:12 | Once you've restarted the Server with
its new IP Address and its new Host Name
| | 04:15 | you can do things like connected up to
an AirPort Extreme Base Station and have
| | 04:19 | the port forwarding work, but you can
even port forward to it from a third-party
| | 04:23 | router and have things
work really, really nicely.
| | 04:25 | Of course, that's going to happen
because now your Server will be sitting on an
| | 04:29 | IP address where it won't be changing.
| | 04:32 | It'll always be at that number,
because you set it up manually. Great!
| | 04:36 | It's just finished evaluating our
network and our Continue button is available.
| | 04:40 | We're going to click it now.
| | 04:42 | Notice here it's giving us an
opportunity to make a choice.
| | 04:45 | It knows that we want to change things
and so it's about to explain to us once
| | 04:50 | again what it originally explained to
us when we set up our other server during
| | 04:54 | the initial server setup.
| | 04:56 | It's saying listen if you want this
to be available for local services like
| | 04:59 | I just explained for file sharing for example,
a local host name is going to be just fine.
| | 05:05 | If you want to be able to VPN in, you
could use a host name for private network,
| | 05:09 | and if you want it to be able to accept
traffic from the Internet, you're going
| | 05:12 | to need a real Internet-based domain name.
| | 05:15 | I am going to say a Host name
for a private network in this case.
| | 05:20 | So the Computer Name is going to be big-
mini-server and the Host Name is going
| | 05:24 | to be big.groundswellgear.private.
| | 05:30 | This is going to be keep
it off of our.com domain.
| | 05:32 | It will be in a different private
domain, but it still allows us to recognize
| | 05:36 | the company we're in.
| | 05:38 | I can also go in here now and I
can configure my Network interfaces.
| | 05:43 | Once again this is just
another place to do this.
| | 05:46 | If I want to disable FireWire I can
come in here and make it Inactive, do the
| | 05:50 | same thing with Wi-Fi, do the same thing
with the Bluetooth interface, and leave
| | 05:55 | my Ethernet interface available.
| | 05:57 | I can add my Search Domain if I want to,
but I don't need to and I can check my
| | 06:01 | Configure IPv6 and in this interface I
have the ability to turn IPv6 Off if I
| | 06:06 | want to, which I didn't have in
the Network System Preference pane.
| | 06:11 | Once all of that's done I can click Apply.
| | 06:13 | It will reevaluate the Network again,
it'll bring you back to the screen, and
| | 06:18 | you can click Continue.
| | 06:21 | It will then proceed to change the Host
Name for you, change the interfaces, and
| | 06:26 | get everything all set up.
| | 06:27 | I highly recommend that the next thing
you do is restart your server, which I'm
| | 06:32 | going to do now and I'll
see you in the next movie.
| | Collapse this transcript |
| Verifying open ports on the AirPort Extreme| 00:00 | Once you've got your server all set up
I want you to go back into the AirPort
| | 00:04 | Utility, because Server app is
controlling and interacting with the AirPort
| | 00:09 | Utility doesn't mean that all the
settings necessarily reset properly.
| | 00:14 | So double-checking your work.
| | 00:16 | Always a good idea.
| | 00:17 | So I'm going to go to the Utilities folder.
| | 00:19 | I am going to go to the Go menu, pull
down to Utilities, and then I'm going to
| | 00:23 | open up the AirPort Utility here.
| | 00:24 | Here you can see we've got our Library
and our Lion I am going to go into the
| | 00:29 | Lion AirPort Extreme Base
Station and click Manual Setup.
| | 00:34 | Then I'm going to go over to Advanced
and I am going to go over to Port Mapping
| | 00:38 | and I am going to look at all of the
different Port Mappings that are available
| | 00:42 | and there are couple of things
that I want turned on that are not.
| | 00:45 | You see here we've got iCal Service,
Address Book Service, we're going to go
| | 00:50 | with the defaults, and click
Continue and Done and that will be on.
| | 00:55 | VPN Service, remember we
configured our custom PPTP VPN rules.
| | 00:58 | Well, that's not going to work
at all unless we turn this on.
| | 01:00 | So I am going to click Continue here and Done.
| | 01:03 | Now we could tell the AirPort Extreme
Base Station to port forward all File
| | 01:08 | Sharing Services through its Port
Mapping as well, but we're not going to do
| | 01:12 | that, because we really want everyone
to connect to our VPN in order to have
| | 01:17 | access to our internal network so
that they can access this file shares,
| | 01:21 | especially since File Sharing is
not encrypted via AFP or SMB using SSL
| | 01:26 | unlike iCal Address Book, iChat, all
of the other services that we do have
| | 01:31 | securely configured.
| | 01:32 | Now that being said I do want to
show you something about File Sharing.
| | 01:36 | As soon as we try to turn on port
sharing for port 548 for AFP, it's telling us
| | 01:42 | that we're conflicting and the
reason is because we never turned off file
| | 01:46 | sharing on the AirPort
Extreme Base Station itself.
| | 01:48 | So I'm going to click Cancel here, go
over to Disks really quickly here, go to
| | 01:53 | File Sharing, and I am going to turn
off file sharing on the AirPort Extreme.
| | 01:57 | This is a cool feature if you've got
a USB hard drive attached your AirPort
| | 02:01 | Extreme it can be offered up as a place
to store files, but we've already got OS
| | 02:04 | X server, so we probably don't
need to turn this on in this case.
| | 02:07 | I am going to comeback over here to
Advanced, I'll turned on File Sharing again
| | 02:12 | and we won't get that warning.
| | 02:13 | We click Continue > Done and now
that'll get passed through as well.
| | 02:18 | If we want to Screen Share with our
machine through our Internet connection, so
| | 02:22 | say you're at home and your server is at
the office and the AirPort Extreme Base
| | 02:26 | Station we're working on here is at the office.
| | 02:29 | Well, from home you won't be able to
Screen Share with the computer unless
| | 02:32 | you're connected VPN.
| | 02:33 | That is unless you enable VNC.
| | 02:37 | I'm not going to recommend that you
turned on Remote Login Service or SSH
| | 02:41 | through your AirPort Extreme Base
station unless you're using SFTP to get
| | 02:48 | through that problem of
not having FTP file services.
| | 02:52 | If you're turning on SFTP and you're
doing that by enabling SSH on your server,
| | 02:57 | you're going to need to turn on SSH access.
| | 03:00 | But hackers love trying to hit SSH
and find a way to log into your servers.
| | 03:05 | So I am going to recommend you leave
this off unless you really believe that you
| | 03:10 | need SSH to be turned on.
| | 03:12 | I am going to leave Screen Sharing
Service off too, because frankly if I am
| | 03:15 | going to Screen Share with my
server I want to connect through my VPN.
| | 03:18 | The rest of this I'm going to
leave on except File Sharing.
| | 03:21 | I turned that on so I could show you
the thing about the Disks, but I really
| | 03:25 | don't want to turn on File Sharing
access through my router, because it's not
| | 03:29 | SSL encrypted Web is, Mail, iChat,
even Address Book and iCal, these are all
| | 03:35 | SSL encrypted services.
| | 03:37 | So they're already secure on their own.
| | 03:38 | The VPN services there to secure
anything that would not be encrypted and File
| | 03:43 | Sharing, well, it's not.
| | 03:44 | So I am going to leave this off and
tell my users, hey, you need to connect to
| | 03:48 | your VPN if you want to
get access to File Sharing.
| | 03:50 | Now that I have my settings exactly
the way I want them I click Update
| | 03:53 | and that'll be that.
| | Collapse this transcript |
|
|
ConclusionA fond farewell| 00:00 | I hope you enjoyed our time together learning
about Apple's latest Server operating system.
| | 00:05 | This is an elusive product to master. It is very easy to
set up on the surface and it is easy to use for years without
| | 00:12 | much care or upkeep.
| | 00:13 | But there is so much going on
under the surface to explore
| | 00:17 | that I want to give you some references for
your next steps in the study of the subject.
| | 00:21 | In this course I reference several other titles here at
lynda.com and I'd like to give you more information about them now
| | 00:27 | so you can easily find them.
| | 00:29 | The first is DNS and Network Services.
| | 00:32 | This course covers the fundamentals of the subject of
Network Services in a way that will feel relevant to anyone,
| | 00:38 | even if you aren't administering an OS X server.
| | 00:41 | We start each chapter of that course with the fundamental
look at the theory behind each service and each has its own
| | 00:46 | fun animation to explain how
things work. I highly recommend it.
| | 00:50 | The second is the last version of this course,
| | 00:52 | Snow Leopard Server Essential Training.
| | 00:55 | In that course, I showed how to set up all of the
services in 10.6 Server including Podcast Producer Server,
| | 01:01 | which is in Lion Server
but hasn't changed a bit since 10.6.
| | 01:05 | Take a look at that class to
learn about Podcast Producer Server
| | 01:09 | and to take a look at the services and
tools as they existed in Snow Leopard.
| | 01:13 | I think you'll enjoy it.
| | 01:15 | We also have a wide variety of
courses on Adobe CS5, CS4, and CS3.
| | 01:21 | So whether you want to use Photoshop or Dreamweaver to make the
elements of the website you will host from your Mac OS X Server,
| | 01:28 | we have a course to teach you how to do it.
| | 01:30 | Outside of the lynda.com site, there are
additional terrific resources for further learning.
| | 01:35 | Arek Dreyer, a good friend and talented trainer, has
authored two books that are relevant to the subject.
| | 01:40 | The first is available as an EPUB
| | 01:43 | from Peachpit Press on the iBookstore at Apple.
| | 01:46 | It's called Managing
iOS Devices with OS X Server.
| | 01:50 | The second by Arek is called Apple Pro
Training Series OS X Lion Server Essentials
| | 01:56 | Using and Supporting OS X Server.
| | 01:59 | That's a mouthful for sure,
| | 02:01 | but it is the official book to prepare
you to get certified as ACTC by Apple,
| | 02:06 | which will be the highest OS
certification available from Apple for Lion Server.
| | 02:10 | Both are great books and
I highly recommend them.
| | 02:13 | Ed Marczak is the editor-in
-chief of MacTech magazine,
| | 02:17 | which is a great technical
magazine for the Macintosh community.
| | 02:21 | MacTech Conference happens once a year and exists to help people
hone their skills to become advanced systems administrators.
| | 02:28 | I love to hear from students,
| | 02:30 | so if you enjoyed this class, please find
CoreQuick on Facebook or on the Internet and let me know.
| | 02:35 | Take care and keep learning.
| | Collapse this transcript |
|
|
