Switching from Windows network to full Mac

[malofx]

Hello everyone,

I have a friend that has a small size company and he was asking me about switching completely from Windows to Mac, which better place to ask other than here.

I got exited when he asked and I started talking about how good it will be, and now I'm wondering if it Mac can in fact make a difference, and can it be better.

He wants to be able to Share folders and give different folders access to different users, what does Mac have as Active Directory? he would also like some users to have Remote Access to desktops (iMacs)

He wants to remotely backup files to clouds, I'm sure there are tons of services out there.

Does Mac Server come with a firewall built in? what would one use for Anti-Virus?

thanks guys, I hope my friend can jump over to full Mac.

Let me know if I'm missing information.

He is thinking of getting Mac OS Server and iMac clients.

 

[Consultant]

Since you don't know much about the OS X Server features, your friend is better served by having Apple business help him.

The person can go here
http://www.apple.com/retail/business/
and use the "have us contact you" form

 

[northernmunky]

I'm about to set up a Mac OS 10.9 Server myself, I've found this guys tutorials to be excellent.

https://www.youtube.com/channel/UCD1-hwFmYAz5PcpgxHV7dDA

PS: you will not need anti-virus, just about everyone in this forum will attest to that. Firewalls are built in. Enjoy!

 

[Weaselboy]

PS: you will not need anti-virus, just about everyone in this forum will attest to that.

Well... not quite everyone.

There is a good argument to be made AV on a Mac is useful in a business environment to prevent spreading Windows viruses to other users or even clients.

 

[malofx]

Thanks guys, I'm just trying to save him some cash and of course if the cost is too much he will just want to keep his old Windows server.

 

[northernmunky]

Thanks guys, I'm just trying to save him some cash and of course if the cost is too much he will just want to keep his old Windows server.

Don't make the same mistake ALL IT managers do and focus on the cost of the kit alone.

Macs yes, are more expensive to purchase but cost a lot less to set up and maintain, plus the machines will last for years, uptime is higher and break down less.

I've worked for broadcasters that use an all Mac OS Server setup and is maintained by exactly one guy. When I worked for a broadcaster which uses an all Windows setup and there is a teams of engineers looking after its frail little Windows OS!

Weigh in the cost of one IT guy for a one time purchase Mac setup, vs. team of engineers/contractors for a cheap Windows setup... you do the math! I choose purchase more expensive kit... don't pay for dealing with Windows' many issues.

 

[malofx]

Don't make the same mistake ALL IT managers do and focus on the cost of the kit alone.

Macs yes, are more expensive to purchase but cost a lot less to set up and maintain, plus the machines will last for years, uptime is higher and break down less.

I've worked for broadcasters that use an all Mac OS Server setup and is maintained by exactly one guy. When I worked for a broadcaster which uses an all Windows setup and there is a teams of engineers looking after its frail little Windows OS!

Weigh in the cost of one IT guy for a one time purchase Mac setup, vs. team of engineers/contractors for a cheap Windows setup... you do the math! I choose purchase more expensive kit... don't pay for dealing with Windows' many issues.

That's exactly what I always say, and that is the main reason he is switching, because of having to deal with so many issues with Windows, but when I talk about cost, it's about keeping what he has now or spend on a new system, either way he will benefit in the long run.

Thank you for pointing that out thou.

 

[BhSimon]

We run an all-Mac network at our office and we have had great success.

Access Control Lists (ACLs) allow you to control access to folders on a user-by-user or group basis. Windows and Mac machines can both access the same shares without issues.

If you are just using your Mac server for networking, then this is quite a simple process. The interface for selecting folders and setting ACLs is straightforward.

From our experience, our Mac server is easier to administer than our previous Windows server.

The email service does have a virus-checking system. The real issue with email, however, is to train users not to open attachments from senders they do not know. In many instances, a virus checker will not be able to thwart the dangers associated with this behaviour. This is not so much an issue with the server as it is an issue with user behaviour. We do not run with a virus-checking system but we have trained our users not to open attachments -- or click on links -- from unknown senders.

We use Backblaze for our backup which is Mac compatible and very good. It is inexpensive ($5 per month) to send files to them, but to restore files is more costly though not excessively so. We use Time Machine on the server for incremental backups, but we also use an external drive to do whole-disk backups with Carbon Copy Cloner in addition to the offsite backups to Backblaze.

There is a firewall which is easy to administer. You can select the services which are exposed to the internet and obviously these should be kept to a minimum. There is a simple separation between internet-exposed and local network-exposed services. We allow all traffic from our local network to the server but only select specific services to be accessible from the internet. These services will depend on the situation, but for us it is website ports (80 and 443) and email services. It is a good idea to restrict access to ports like 22 (SSH) from the internet. We also use a command-line utility called 'fail2ban' which looks at log files to discover suspicious activity and then add a rule to the firewall automatically to block the offending IP address.

I have lots of experience with Mac servers so if there is anything more specific you are interested in knowing, PM me.

 

[malofx]

We run an all-Mac network at our office and we have had great success.

I have lots of experience with Mac servers so if there is anything more specific you are interested in knowing, PM me.

Thank you very much, very useful information. I will keep you in mind, I met with him yesterday and all he wants to be able to do is file share and active directory.

 

[gavinstubbs09]

I'll explain my experiences of last summer. A classroom at my school was full of Optiplexes using a Poweredge server all with Windows 7. We got Macs in a grant and my job was to make everything mac. One thing that was a total PITA was DNS. Took FOREVER to get it all working right, and the Apple Enterprise support team was able to help me make it work. We didn't hire anybody from Apple to come help, it was all on me. I'm only 16 and to do that was interesting! I didn't know a thing about Apple servers but I now do.

There are 27 iMacs and a Mac Pro server. The Mac Pro hosts Profile Manager/DNS/Users/NetBoot/all that stuff. On the iMacs I made one that was the way I wanted it to be and then imaged it, and used DeployStudio to clone it to each of the iMac's hard drives. Then when that was done I linked each iMac to the server with Open Directory and installed the profiles. Works well, although the biggest issue I still deal with is permissions and profile manager not working on each machine. This summer when we re-do it I'll get it right

For backups I Time Machine the 6TB RAID with the Server OS, student profiles, and the drives they access to every day. TM would backup every hour and this took a hit on performance so I made it backup every night at 3AM. Another hit on performance that will make it take 15 minutes for someone to sign in is when you empty the recycle bin. Do this when nobody is on the network.

 

[malofx]

I'll explain my experiences of last summer. A classroom at my school was full of Optiplexes using a Poweredge server all with Windows 7. We got Macs in a grant and my job was to make everything mac. One thing that was a total PITA was DNS. Took FOREVER to get it all working right, and the Apple Enterprise support team was able to help me make it work. We didn't hire anybody from Apple to come help, it was all on me. I'm only 16 and to do that was interesting! I didn't know a thing about Apple servers but I now do.

There are 27 iMacs and a Mac Pro server. The Mac Pro hosts Profile Manager/DNS/Users/NetBoot/all that stuff. On the iMacs I made one that was the way I wanted it to be and then imaged it, and used DeployStudio to clone it to each of the iMac's hard drives. Then when that was done I linked each iMac to the server with Open Directory and installed the profiles. Works well, although the biggest issue I still deal with is permissions and profile manager not working on each machine. This summer when we re-do it I'll get it right

For backups I Time Machine the 6TB RAID with the Server OS, student profiles, and the drives they access to every day. TM would backup every hour and this took a hit on performance so I made it backup every night at 3AM. Another hit on performance that will make it take 15 minutes for someone to sign in is when you empty the recycle bin. Do this when nobody is on the network.

Great information, thank you very much this was also very helpful, and good job getting that network going.

 

[Asrath]

The world is not black & white. Macs are not just good & PCs are not just bad. As always - it depends what you are trying to achieve.

When it comes to sharing calendars & address books in working groups I find exchange much more powerful & flexible. If you business friend needs a lot of these functions you might want to think twice.

I think I know both sides well. At work I'm administering PCs / Servers, at home it will always be Macs, for the reasons already mentioned above.

I've been using Macs over 20 years by now and I know Mac clients pretty pretty well. Still I've had quite some hassle to set up my first Mac Server at home this winter. Todds videos (also already mentioned above) are very helpful.
Now that my server is up & running it's working quite well. Still there are some features I'm missing:
The server is able to host user profiles centrally (network user), which works well with desktop Macs. Mobile Macs need to have local profiles as well (mobile users), which sync with the server while logging on/off. Still this takes long. Veeeeery loooong. Much longer than the same function on windows (roaming profiles). I've not found a solution for that so far.

I'm having respect for your decision to set up a Mac Server for a business environment. It's no piece of cake. I'd consider some time for that project & I wish you all the luck!!

 

[hiddenmarkov]

what exactly are your friend's business needs and current setup?

Business needs I am wondering for example if any aspect of it falls under regulatory/compliance needs and potential external auditing. Since antivirus brought up this a common item on any audit.

Windows has options galore for centralized reporting and monitoring for this. I know of none "off the shelf" for mac os. Would they need or want this a question I have.

You get enough fun on audits, if you can kill off low level stuff like this easy its less headaches (you get enough of those as they hit other areas).

Also what is his server/client layout in windows now. You are vague in small company reference. And looking at the pro's mentioned so far they are vague in what it is mac server(s) replaced.


Is it more a small business server all in one setup and what roles are on it? Or are roles broken up across servers.

Are there any apps business need no mac version exists for? Or if it exists what is the process to migrate data to it. If going mac all the way but business need has them running parallels or bootcamp windows installs..not exactly breaking the ties with Microsoft are they?


Does your friend run IIS and small intranet site(s) from a windows server? Is staff on hand that knows how to work at least Apache (if not MySQL and PHP to work the whole stack if applied that way). Who gets to convert any special site content (ie. .netframework dependency)?

Not trying to steer them off the path but....depending on their needs acl's on file shares and pushing of DNS entries can actually be the smaller issues of this migration. And should be researched now.

 

[charlielowndes]

Ive got 28 PC's, 10 iPads, and 6 Macs running off a MacMini Server. It's mainly file sharing, email, profile manager and wikis.

It was a complete PITA to get working correctly, not helped by the server being supplied with a corrupt file image from new.

Now it works it's great, but my advice would be don't play fast and loose with your friends business. They need to do some in depth research as to what is right for them, and sorry to say this, and I mean no offence, you don't sound like you have the skills to help them with an informed choice/be helpful if they plonk a huge amount of cash down and then it doesn't work, or troubleshooting becomes difficult. They can be difficult times my friend.

 

[satcomer]

Thanks guys, I'm just trying to save him some cash and of course if the cost is too much he will just want to keep his old Windows server.

If he running a small business then really consider going with a Synology NAS server. If it is a regular small business consider getting the DS1813+. The sever part of Synology NAS units will do 80% what older server used to do.

Here is a https://www.youtube.com/watch?v=pFuD1NDgOh0]video review:

 

[malofx]

Thanks everyone for your feedback, @charlielowndes you are right, and I appreciate your blunt comment, I will use all this information.

His company has a magazine and the main purpose for the server is to do file sharing and profile manager, and nothing else.

Currently they have a Mac Mini working as a server for a few Macs and they liked how it's been working and because of that they are wondering if going full Mac will work for them, they already use Macs for desktop publishing.

Thanks again people.