Things to think about before upgrading to Panther Server

—by Joel Rennich, mactroll@afp548.com

28 October 2003

1. Maybe now is a good time to set up your server to boot off a mirrored RAID? If you’re going to be doing a full install anyway this is a great time to put in a second drive and mirror it.
2. Set your reverse DNS records up now. Panther is as much, if not more, dependent on DNS then Jaguar was. When you create an Open Directory Master you are setting up a Kerberos Key Distribution Center (KDC) at the same time. The KDC will take on the DNS domain that your machine has when first starting up. So, make sure it’s right, or be prepared to redo some things later.
3. Take a good hard look at your user setup. If you are currently using multiple NetInfo domains, now might be a good time to consolidate. Since you can enforce who can log onto what machine through workgroup management you don’t need to do this with complicated domain hierarchies. If you don’t have a huge number of users, pick one Server to be the master and then replicate that Open Directory user database out to your other servers. This way everyone knows about everything. All the servers have a locally cached copy of the user database and the network is used most efficiently.
4. Think about your mail system. Panther Server really brings a very full featured mail system with it. Postfix and CYRUS should be able to handle most everything you need. CYRUS uses a significantly different metaphor for mail storage than other servers. You’ll need to think about how, or even if, you are going to migrate your users' mail from your old server to your new. If you are currently using Apple’s mail server you’ll finally get your reward for using it as all your mail will be imported into the new mail system.
5. Think about network home folders. Panther really improves the the process of setting up a network home folder. Gigabit switches are getting cheaper along with high-capacity disk drives. All the pieces should be in place to give this a shot. Combine this with Panther’s ability to create mobile users for laptop systems and you should have the flexibility you need to finally put this in place.
6. Don’t forget the FAX! Panther Server and client have faxing capabilities including being able to share one machine’s modem to other fax users. Maybe you never thought you’d need this, but what the heck, give it a try.
7. Drop your basic passwords. Authentication methods have been greatly expanded in Panther Server. Basic passwords are bad and should be changed. Going to an advanced password will allow you all the goodness of password aging and other controls on password complexity. Plus you can take advantage of being the first admin in your building to implement a full Kerberos authentication environment. It’s so easy you might not even know that you’ve done it.
8. Test your compiled applications before migrating. Since the authentication methods have changed you’ll want to compile your applications with PAM support. Older applications that are looking for crypt passwords aren’t going to find them and break. Since Panther has very good PAM support built in this shouldn’t be hard, but most likely will require a recompile. UW IMAP, for example, is one of the applications in need of this.
9. Start getting interested in SSL. Security becomes much easier in 10.3 Server since most services can easily be wrapped in SSL. SMTP, POP, IMAP, HTTP and LDAP can all be wrapped in SSL through the GUI. You may need to drop down to the command line to create the certificate, but after that it’s all GUI baby!
10. Speaking of security, wow your users by setting up a robust VPN solution. Panther Server can handle both a PPTP and an L2TP/IPSec VPN quite easily. Take a poke at the manual for this and give it a go, you’ll be surprised at how easy it is. Plus Windows 98 and later should be able to use the same VPN setup that your Mac OS X 10.2 and 10.3 clients can use. Heck, it’s so easy you might even want to think about setting up a software VPN for all of your remote locations.