Moving on from 2008 Xserves

[erthquake]

I manage a small school network of about 125 MacBooks (white 2007/2009), and 40 iMacs (mostly 2008/2009) which are bound to a 2008 Xserve running 10.6.8. The laptops and desktops are also all on 10.6.8. It's been quite stable, but we're now running into software compatibility issues because of Snow Leopard's age.

More importantly we might be getting a bunch of new MacBooks for next year, and I need to help figuring out how to integrate them into the network. Since new machines will have Yosemite, I'll probably have to upgrade to OS X Server to Yosemite which isn't supported on 2008 Xserves.

How do I go forward? My predecessor, who created the network, suggested I get a linux box to host the network home and group folders, and use a Mac Mini to manage the logins. Does that sound like a reasonable plan?

We also have 30 iPads bound to a laptop running Configurator. Might be nice to use a new Mac server to manage those and anything more we might get.

A bit more info...

The Xserve isn't doing too much; all it does is authenticate network logins, and manage network home and group folders. It's also our DNS and DHCP server, and I also use NetBoot for re-imaging clients and for filtering out student mobile devices from accessing the network. It doesn't serve email, iCal, printers or apps. I use workgroup manager to create accounts and manage group access to shared folders. It also serves a few internal web pages.

Most of the client configuration (including setting ip printers) is done with login scripts using iHook.

I also have an identical xserve from when we had two campuses. All it does is run a proxy server to limit web access to whitelist for our younger students. And it also serves our library catalog software.

The iMacs and most of the laptops have maxed out RAM and can run Mavericks/Yosemite. I might even swap out the HDs with SSDs to get more life out of the old laptops.

Any and all advice is appreciated.

 

[ScottishCaptain]

I don't really have anything nice to say about the modern day versions of OS X Server. It seems like they kneecapped the entire system just to shove it through the Mac App Store, and now that they have it's impossible to download specific versions of Server.app (which is where all the server stuff lives now) if Apple happens to release a new version that inevitably breaks something somewhere and you don't have backups of the old bundle.

So if you're focused on long term stability and ease of maintenance, I'd recommend shifting as much stuff as possible onto other various systems (preferably using server grade hardware) running a more sane operating system like Linux or FreeBSD. At the minimum, you could probably use either for serving up files and handling Netboot (there's a couple of clever configurations out there for isc-DHCPd that implement just enough of the Netboot protocol to let Macs boot up from a non-OS X Server system). I'm not sure about OpenDirectory, that's probably something you should leave for a tiny Mac box running somewhere (since you're never truly going to get rid of OS X Server). If you want to ditch the proxy server, then I'd suggest moving that to a box running OpenBSD + Packet Filter (included) and Squid (easy to compile and install OOTB).

In any case, I truly do believe that you'll be better off relying on Apple as little as possible. OS X Server has become a bleeding edge OS, and I have yet to see an installation that truly runs the way it's supposed to (there's always a ton of workarounds somewhere). I hate to say it, but I doubt you're ever going to get your network running as smoothly as it is right now with the newer stuff, so you're going to want to be running other software that gives you the control to fix the stuff that needs to be fixed without waiting for Apple, since they clearly have other priorities that they're worrying about.

-SC

 

[kd5jos]

My simple answer..

Facing a similar situation I added a Mac Mini server running Yosemite and Server 4.0 as an OpenDirectory Replica to the existent 10.6 server.

New systems were tied to the new server (just had to join the correct node), and old systems didn't have to change.

I use squid on the old system too...

 

[erthquake]

Thanks SC. Great post!

----------

Facing a similar situation I added a Mac Mini server running Yosemite and Server 4.0 as an OpenDirectory Replica to the existent 10.6 server.

New systems were tied to the new server (just had to join the correct node), and old systems didn't have to change.

I use squid on the old system too...

Thanks kd. That sounds like a low stress way to go. Can I ask how many clients you're serving?

The thing about keeping old systems tied to the Xserve (and not bringing them up to parity with the new systems) is that most computers are shared. While staff and students are assigned laptops, sometimes they will go to the tech lab to use the iMacs to work on video and other projects.

Wouldn't it create a mess if they're logging into Yosemite and Snow Leopard systems?

 

[adam9c1]

If you have two "new" servers running server app 4, open directory master, and other open directory replica...
Can both units be set as a profile manager to have a true fail over in case one goes bad?

 

[erthquake]

So if you're focused on long term stability and ease of maintenance, I'd recommend shifting as much stuff as possible onto other various systems (preferably using server grade hardware) running a more sane operating system like Linux or FreeBSD. At the minimum, you could probably use either for serving up files and handling Netboot (there's a couple of clever configurations out there for isc-DHCPd that implement just enough of the Netboot protocol to let Macs boot up from a non-OS X Server system). I'm not sure about OpenDirectory, that's probably something you should leave for a tiny Mac box running somewhere (since you're never truly going to get rid of OS X Server). If you want to ditch the proxy server, then I'd suggest moving that to a box running OpenBSD + Packet Filter (included) and Squid (easy to compile and install OOTB).

I'm a bit wary of having to mix linux and OS X after I got a response on the Apple forums that "You'd have to know enough about Kerberos to to get the Linux box to accept credentials from the Mini. I've never got beyond the 'life is too short for this...' barrier on that one."

If I can't truly get all the way from Mac Server, I feel like I should go all in. Even if there are problems (and I know there are), at least it's all on one platform. Hopefully the next version of OS X being more of a maintenance release will tighten everything up.

I think I'm going to get a refurbished new Mac Pro that has Mavericks on it and go from there.

I discovered today that I can no longer buy Apple batteries for our 2009 MacBooks, so that is probably going to accelerate new purchases.

 

[Canubis]

I discovered today that I can no longer buy Apple batteries for our 2009 MacBooks, so that is probably going to accelerate new purchases.

I fear I am not much of a help with the server topics, however I believe ifixit (and presumably others too) should still be able to help with the need for new MacBook batteries:
MacBook White Non-Unibody: https://www.ifixit.com/Store/Mac/MacBook-Battery/IF186-009-1
MacBook White Unibody: https://www.ifixit.com/Store/Mac/Ma...2009-Mid-2010-Replacement-Battery/IF160-065-1

Hope this helps.

 

[crazzyeddie]

Facing a similar situation I added a Mac Mini server running Yosemite and Server 4.0 as an OpenDirectory Replica to the existent 10.6 server.

New systems were tied to the new server (just had to join the correct node), and old systems didn't have to change.

I use squid on the old system too...

I think this is the best bet for you. Setup a new Mac mini as an OD Replica and let the new Macs talk to it. They still access their home directories on the older servers. There shouldn't be an issue with that, but, if you do have any issues, that then positions you well to convert the OD Replica to a Master and begin building an updated environment.

Keep in mind that Apple is now moving OS X toward using SMB as its primary filesharing protocol, so you could theoretically migrate all of your home directories to a Windows or *nix box while still using OS X for the services (netboot, OD, etc...).

Honestly, I don't know if using a non-OS X setup is worth your headaches, as you stated. Mac mini servers are cheap, and so is external RAID storage. I say test the newer OD Replica method, then if needed, rebuild the remaining environment using an additional Mac mini.

I used to managed approximately 300 Macs in a mixed lab/instructor/student environment, so I feel your pain here. We had the added joy of integrating with AD. The golden triangle is more like the Bermuda Triangle...

There is one other option, if you're feeling really adventurous... You can run VMware on the Xserves and then run multiple OS X VMs on top of that. It doesn't violate Apple's EULA as long as you purchase the licenses for OS X Server properly. I did this in my previous environment (using 2006 Xserves and 2008 Mac Pros) and it worked fairly well. Let me know if you'd like more info.

 

[erthquake]

I fear I am not much of a help with the server topics, however I believe ifixit (and presumably others too) should still be able to help with the need for new MacBook batteries:
MacBook White Non-Unibody: https://www.ifixit.com/Store/Mac/MacBook-Battery/IF186-009-1
MacBook White Unibody: https://www.ifixit.com/Store/Mac/Ma...2009-Mid-2010-Replacement-Battery/IF160-065-1

Hope this helps.

Thanks Canubis. Unfortunately, they're not genuine Apple batteries. I've read too many complaints about third party batteries to waste time, money, and stress on batteries that will probably fail sooner rather than later.

I do appreciate your help, though.

 

[erthquake]

I think this is the best bet for you. Setup a new Mac mini as an OD Replica and let the new Macs talk to it. They still access their home directories on the older servers. There shouldn't be an issue with that, but, if you do have any issues, that then positions you well to convert the OD Replica to a Master and begin building an updated environment.

But don't the master and replica OD servers have to be using the same OS?

Ultimately, everything will probably have to be on the same OS because it's going to be a big pain when someone uses iWork on Yosemite and then has to use it again on a Mavericks machine. I suspect things like Safari preferences can also get out of whack.

 

[zorinlynx]

I'm going to add to the recommendation that you depend on Apple as little as possible in a corporate environment.

It's truly sad, but Apple doesn't seem to care too much about corporate and educational users these days. Just keeping Mac OS X clients (workstations) working correctly on Active Directory with networked home directories is a challenge. I had to create symlinks in user home directories pointing to local temporary directories for the iOS Simulator to work for our networked users, for instance. Each new OS X release presents a new set of issues that I have to come up with workarounds for.

We never had OS X server on our (edu) site and pretty much depend on Linux and Windows server for our back end. It's going to stay that way.

 

[kd5jos]

I'm going to add to the recommendation that you depend on Apple as little as possible in a corporate environment.

It's truly sad, but Apple doesn't seem to care too much about corporate and educational users these days. Just keeping Mac OS X clients (workstations) working correctly on Active Directory with networked home directories is a challenge. I had to create symlinks in user home directories pointing to local temporary directories for the iOS Simulator to work for our networked users, for instance. Each new OS X release presents a new set of issues that I have to come up with workarounds for.

We never had OS X server on our (edu) site and pretty much depend on Linux and Windows server for our back end. It's going to stay that way.

I'm confused. You've never used OS X server. You are not happy with OS X's compatibility with Linux or Windows (you mention having to find work arounds).

Why not try OS X server? Then when OS X updates, you don't have to find workarounds.

The biggest problem I faced was when Windows changed authentication types and I could no longer attach a Windows Client to an OS X domain without a huge amount of shoe horning. So we quit trying and finished the transition to OS X.

You also wouldn't have to worry about sync errors when people make changes to OS X locally and Windows (Active Directory) doesn't update.

If you hate the solution you are using (I use solution in the broadest possible sense here), WHY are you recommending it to someone else?