Articles July 21, 2004 at 12:26 am

Tiger Server Preview

An overview of upcoming Tiger Server features

Tiger Preview

There isn’t too much to say about the upcoming Tiger Server other than what Apple has posted on the web. So I won’t get into too much detail here, but instead offer a bit of an opinion about what impact the new features might have.

Mobile Home Folders

For a lot of installations this feature alone will be worth the cost of a Tiger upgrade and then some. The ability to synch your laptop’s mobile home folder to a folder on a server is huge. Others have done this on their own, but having Apple fully behind this makes rolling out an OS X Server that much easier.

I’d say this is easily one of the top three feature requests that keep coming across my e-mail box, so it’s very good to see that Apple is aware of what people are asking about.


It’s still Postfix and Cyrus, which is good since you should have gotten a bit familiar with them by now and upgrades from a 10.3 server should be easy.

Tiger will have spam and virus protection, and I believe Apple is implementing a similar amavisd/clamav/spamassassin system to the one that I’ve outlined in previous articles on the subject. It’ll be interesting to see how much of the configuration files Apple exposes in the admin tools.

The webpage also mentions support for virtual domains. This is killer since you won’t have to manage all of this by hand anymore. Postfix can easily do this, as the many articles here and across the web have shown, so all Apple needs to do is wrap a GUI around it. I am curious to see how they manage the workflow. Ideally there would be a listing in the mail tab of the user record in Workgroup Manager that will allow the selection of virtual domains for that user.

Also it seems that Apple has put in GUI elements to allow you to manage quotas on other IMAP folders besides just the inbox and to define quota warning levels. No more running the Cyrus reconstruct from the command line either, it’s in the admin tools. Cyrus clustering support, what used to be called Cyrus murder, is in the Tiger GUI too.


Access control lists for the file system are a very welcome feature in the new system. Gone will be the long hours of custom crafting group membership and file permissions. Support for groups within groups and a multitude of file attributes for any user or group is one of the few places where Panther server was really behind other operating systems.

I imagine that a necessary evil of this will some interesting interfaces for file info. Also browsing file permissions on the command line will be a bit more involved.

Web Log Server

I don’t really know what to think about this. Apple is using Blojsom, which is a java version of a popular simple web logging solution called Blosxom. It’s a good solution for a simple log, but isn’t much more than that.

If you’re running a server you’ll probably be more interested in a full CMS solution, like Nukes, geeklog or the like instead of just a web log server. But what the hey. This is probably a pretty easy thing to integrate with the rest of the OS and if you want something else, you’ll just do what you would have done anyway.

iChat Server

This could very well be a sneaky killer feature. Apple is leveraging the open source Jabber project to create an internal, secure, multiplatform, kerberized iChat server. That’s right, the chat server is supposed to be kerberized. Leave it to Apple to bring kerberos to chatting.

Private encrypted multi-platform chat is something that a lot of enterprise environments are looking at right now. If Apple can make this easy to set up, and more importantly, integrate the chat server into directory services, including pulling users from the AD plugin, I can easily see organizations buying an OS X Server just for this.

Managed Network Browsing

This is another sneaky feature that not many people seem to have picked up on. With this, an admin can fully control what a user sees in the Network directory. No longer do you have to train the users to ignore the multitude of other machines in there. Instead you, the admin, have control over exactly what they see.

I think this will eliminate about half of the reasons why admins want to route Rendezvous across subnets. You’ll now be able to show your users the other servers on your corporate LAN by imposing a network view upon them that includes these other devices.

High Availabilty

The website is rather light on info on this. Hopefully this is the beginning of file service clustering, which would allow one server to take over for file sharing when the primary server goes down without any interruption to the clients.

Combine that with an Xserve RAID, or better yet Xsan, and you can quickly have a very robust file serving solution for not a lot of money. I’d still like to see, along with a lot of others, a full clustering solution for OS X Server that would allow you to load share across a group of Xserves. This could be a good start towards that goal though.

Windows Services

Apple seems to be putting some missing samba functionality back into OS X Server. While being able to be an NT Backup Domain Controller (BDC) won’t cause a massive increase in Xserve sales, it does make forward migration easier. Especially since this allows you to make your OS X Server a BDC of your old NT box. Import all the users and then promote your OS X Server to the PDC and an Open Directory master. This way you get all of your old users and passwords with a minimum amount of effort.

The BDC capacity will also give organizations that need to support larger numbers of PC clients a lot more peace of mind. Right now in 10.3 you have no failover support with the Windows PDC.

Software Update Server

Apple is going to let you locally cache all of the updates and have your client machines pull all Apple updates from your server instead of going through the internet. I imagine that this will all be transparent to the user.

This is a good thing, no doubt. It’s nice not to have to take the huge bandwidth hit of a couple of hundred clients getting the 10.4.1 update. Apple seems to be sticking to just the Apple updates here too. Which I don’t mind since I can get other updates done easily with ARD 2.0 or radmind.

Certificate Management

Being your own Certificate Authority just got a lot easier. A nice GUI to allow you to easily generate and manage SSL certs and then configure services to use those certs is very very welcome.

Right now it isn’t necessarily hard to get a number of services SSL wrapped, but it’s not very straightforward either. Plus I’m very happy to see more CLI tasks get moved into the admin tools.

Authenticated Printing

This is another feature that I haven’t seen too many people pick up on. While CUPS is great in 10.3, we are missing the ability, which was in OS 8, to authenticate to printers. This is a pretty serious oversight, so I’m very keen on seeing Apple put this back in.

Hopefully they go the next step and compile CUPS with SSL support. Now that we have a certificate management interface it would be nice to be able to wrap the print server in SSL. Plus, if Apple starts to do this I think we’ll see a lot of vendors that will start supporting this on their network printers.

64 bits of speed

As with Tiger client, the OS is going to be highly 64-bit enabled. This takes us well over the 4 GB of memory per application limit that we have now and into the realm of ridiculously big numbers. Apple should have a nice long while before hardware starts to hit the addressable RAM limits again.

Directory Services

The beauty here is that it doesn’t look like much has changed. Thank you Apple!

It’s really nice to have things which were pretty robust before stay the same. I’ve heard of some things that Apple is planing to add into Open Directory that are very good to see coming, but for the most part you won’t have to relearn anything. The added bonus of this is that a Tiger server should play very nicely with a Panther server.

Other odds and ends

Tiger server will be able to aggregate ethernet links and support interface failover with 802.3ad. This is something that you can do now with third party software, but it’s certainly nice for Apple to bring this into the system.

Also a site-to-site VPN functionality will be available with Tiger Server. The pieces have been in place since 10.2, so it seems that Apple has finally had enough time to put a GUI on it. This is nice, but I think most of this is being down at the network appliance or router level. However, small organizations will be able to significantly raise their security level very easily.

I’m assuming that the Gateway Setup Assistant will tie into the site-to-site VPN. Apple is billing this as an easy way of setting up your server to provide NAT, VPN and firewall services to your network. Again, Apple is putting a GUI onto services that are already there, and that are usually better served by a network appliance than a nice shiny Xserve that could be put to much better use. However, like a lot of the other Tiger features, this is something that’s nice to have.


Tiger seems to be shaping out to be a nice comfortable evolution to Panther. You won’t need to have to relearn directory services or buy another shelf full of O’Reilly books to run this one. And as much as the geek in me was crying out for revolutionary changes, I think I’m kind of happy the road ahead seems to be a bit smoother than it has over the last 3 years.

What’s Missing

There’s still time for Apple to make some changes. However I won’t hold my breath for these, however there are a few things that I’d like the server engineering team to take a think about.

1. Groupware Server – I think this is the biggest missing feature on Tiger Server. I’m hoping that Apple is looking at this space as a stand alone product, which is why it isn’t in the feature set for Tiger.

In all fairness though, this is a space that Apple really hasn’t been in before, and might not be real interested about getting into it. They certainly have the client side pieces, at least on OS X, ready to go, but the massive amount of work involved in getting Outlook on the PC to play nice with an iCal server is certainly something Apple must be looking at with some hesitation.

In the meantime there are some third party solutions in this area. First Class and Communigate already have complete messaging solutions that run on OS X. Also, keep on eye on Kerio which is currently beta testing an upcoming messaging server.

On the open source side you should take a look at eGroupware and Open Groupware. Right now eGroupware installs very easily on OS X Server, and Open Groupware is working on a package installer. eGroupware is currently missing an off-line way of viewing calendar information, but otherwise is very complete.

2. LVM – Linux Volume Manager support, or equivalent functionality would be really really nice on OS X. This would allow you to resize volumes on the fly and give you more configurability on RAID creation. However the real sexy LVM feature that I’m interested in is the ability to split an active mirror RAID. This allows you to mount the split member to run a backup off of. Now you won’t have to worry about backing up an active mail database. When you are done you can just rebuild the RAID. Or better yet, mirror three drives. Split alternating members off every night so you can run your backup of a non-live drive, but still maintain your mirror RAID for the live volume.

3. AD domain controller – I don’t have any hope on this one. Microsoft is just too slippery with Active Directory for Apple to really be able to play in this space. I’m sure that Apple is very hesitant to get into a code tweak race with MS where every MS security patch would require Apple to re-engineer AD all over again.

There may be some hope in this area from the Linux/samba side. However, this is something that they have been working on for quite some time and haven’t produced much. Most likely for many of the same reasons that Apple hasn’t done this.

Barring the holy grail of an AD server on OS X, I’d like to see an Open Directory client for Windows machines. pGina is a decent start, but it’s hardly more than authentication right now. A true OD client for the PC would allow managed preference information to be enforced on the Windows side. While this would be more technically possible than an AD controller, I don’t have too much hope for this either. It just doesn’t seem to be something that Apple is very interested in.

Hopefully I’m wrong though, because this would really be a shot across the Active Directory bow and would go a long way to putting more Xserves in everywhere from data centers to small accounting firms.

4. Server Admin SDK – This is a bit of a personal pet peeve of mine. It’d be really nice if Apple could open up Server Admin to third party modules. I’ve been promised this before, but I still don’t have anything on my machine.

No Comments

  • 6 to 4 should already be in 10.3. Or are you looking for more than the client

    Now where did I put that IPv6 network again….


    Changing the world, one server at a time.

    Joel Rennich

  • For my money, ACL’s are the biggest boon on this list. It’s been a long dark 3
    years since I upgraded my AppleShare 6 server to Mac OS X Server
    10.1, only to find that I could no longer assign a group as the owner of a
    folder/file, something I had happily done with AppleShare server since
    version 5.

    From Apple’s Tiger server page:

    Access Control Lists

    Tiger Server goes beyond the limitations of traditional UNIX file permissions
    to give you greater flexibility over assigning access permissions to files,
    folders and network services.

    Although I’m thrilled to see the feature, it’s humorous to see them patting
    themselves on the back, seeing as Apple is one of the few commercial
    Unix vendors that still does NOT support ACL’s.

Leave a reply

You must be logged in to post a comment.