Review: Apple’s Leopard Server

As you may have read in my twitter feed, I have installed Mac OS X Leopard Server on a basically stock Mac Mini for my personal use. The Mini hosts email and webmail, calendars, directory services and a VPN without any problems at all.

For a little bit of background, by day I am a Windows and Linux admin and am responsible for about dozen servers and ~750 users. I am very comfortable with servers and how they work so this setup was not my first go in the world of servers. This web server is hosted on one of my Linux servers as a matter of fact.

First let’s look at the hardware and where it excels and falls short. The mini is a very small box, it’s 6.5″ square and 2″ tall. It includes within that space a processor, RAM, CD drive (in my case a CD-RW/DVD-ROM, other options are available), hard drive a good offering of ports including Firewire 400, USB 2.0, DVI/VGA video as well as bluetooth and WiFi. They manage to fit this all in by using clever engineering and basically all laptop parts. It’s a great and very quiet machine. The Mini’s hardware offers plenty of power for personal use, family use or a small office with one exception, hard drive speed and redundancy.

Step one for anyone looking at building a server is to make sure their hard disks are fast and fault tolerant. The internal drive is fine for a desktop user but when I’m storing email and other important data I want to be sure that should a drive fail I’ve not lost my data. To that end I have supplemented the Mini with two external Firewire hard drive enclosures which I have combined into a RAID1 using tools available within the OS. This is done using the app ‘Disk Utility’ and is available both on the install DVD and within the OS. For this I have used the ‘MiniStack v2‘ and two 500GB 7200rpm drives.

As an aside, the ministack v2 is a nice unit. I bought them without hard disks and installed my own. They include a fan and are the same size as the mini but with less height. Perfect for stacking. They include two firewire ports each so one ministack is plugged into the other and then that ministack is plugged into the Mini. The Firewire spec is much faster then the hard drives so there is no bottle neck. The fan could be quieter, it’s markedly louder then the Mini itself but this machine sit in my basement so it’s not an issue for me.

Once those drives were hooked and I booted the mac using the ‘option’ key so that I could choose which device to boot from. Ordinarily you would boot using the ‘C’ key to tell the Mac to boot the CD drive but I typically do installs from usb Hard drives so it was the ‘option’ key for me. I’m irresponsible with my CDs and DVDs so where ever possible I make backup images of them and store the CDs away from where I can easily my hands on them. To that end I used a similar process to install the OS on the Mini as I did installing Tiger on the G3. I imaged a laptop hard drive with the leopard server install image and mounted it using one of these. When I boot using the option key it comes up an a bootable disk and I’m off and running. Side benefit is that the install happens in about half the time as even a laptop hard drive is much faster then a CD or DVD. It seems like a lot of effort for one install but I had been doing test server installs on my Macbook for a week or so I used the drive about a dozen times before I even received the Mac Mini. I wanted to know what to expect and verify that leopard server would suit my needs.

Once the install is done Leopard asks for a license key and then runs though a basic configuration wizard. I tried several options but ended up using the ‘Advanced’ option which offers me the most control but is more cumbersome to setup. You may find one of their standard configurations suits you better as they are well thought out but I’m a control freak and when I see advanced I just have to choose it…

I’m not going to outline here my process of configuration. Apple has great documentation to assist with that and the odds of my configuration being helpful to you is unlikely. What I will do however is talk about my final result, what works well and what doesn’t. Overall I am very happy with Leopard server. The setup process is very intuitive and easy.

Setting up email is for me the most important and prolonged process. Email needs to be received, stored and sent quickly, securely and reliably with as little input from me as is possible. Leopard server does a good job at that while still presenting me with a full compliment of options. They include both spam filter (using SpamAssassin) and Anti-Virus (using Clam AntiVirus) which is great. SpamAssassin is arguably one of the best spam filters available today plus it is open source and free for anyone to use. Apple has done and OK job of integrating it into the server but does not readily expose all of it’s power to the administrator. They offer you a slider to determine how many ‘hits’ an email needs to be marked as spam and then provides a few options for what to do with email it deems spam. SpamAssassin uses a scoring system based on database of information to evaluate spam; They identify certain elements in the message and classify them as spam like or not. This method is very effective but it counts on a database of information to begin making those choices. Apple has made it pretty basic to fill this database but offers no wizard or information about it within the Server Admin utility. Basically, to teach SpamAssassin you need to create a ‘junkmail’ and ‘notjunkmail’ mail box and put email messages there for it to learn from. It’s simple to do and using Apple’s mail quite automatic. I have a rule setup in Apple’s Mail app on my desktops so if I classify a message as spam it automatically forwards it to the ‘junkmail’ address. All the needed information is in the manual but something in the interface would be nice. I would also like a good way to oversee this process. The email service also offers a way to check incoming messages against known bad senders, often called RBLs or real-time-blacklists, this is a really excellent first step against spam and will eliminate roughly 85% of spam messages from ever being delivered. Spamhaus is your best source for this and setting it up with the interface is dead simple, click, paste the proper address, and you are done. Overall the mail service is very fast and efficient. Processor use for mail is something so close to zero it’s hard to see at all. A welcome difference after using Zimbra which would use 40% of a Dual core 3Ghz Linux machine 24 hours a day.

My first real gripe with Leopard Server is the webmail. I consider Apple a very forward looking company with an eye on usability. To that end I expect to have a webmail client that offers me a lot of power and an experience not unlike the Apple Mail desktop client. Most webmail these days does offer this. Zimbra has a killer webmail interface, Microsoft’s Exchange product offers an experience almost identical to Outlook desktop client through a web page. Apple offers a totally text based webmail that looks like something I would have expected to see in 2000 or earlier. It is unchanged since Tiger server and who knows how long before that. They are using SquirrelMail to make this happen and I don’t want to criticize them. SquirrelMail is a great product and very fast but I expect Apple to offer something a bit richer. Apple’s own .Mac service offers webmail that looks almost exactly like the Mail desktop app and I expect a similar experience using their server product. When I need it, it works, but it could be so much more.

Onward and upward though. Apple has revamped the way the default website on Leopard server looks and has made it quite a bit more usable. It’s simple to access the core web componets they offer such as Wikis, blogs and the webmail. The best part though is how simple it is to enable these services. Though the Server Admin console you click on the site and then check the boxes next to the services, Web Calendar, Webmail, Wiki ect, just a click away. Typical mac ease and simplicity. Securing the site using SSL is just a simple, Check the box, click save and you’re done. It would be nice if, when enabling the iCal server or the mail server if they offered to enable making the services web accessible but I can appreciate making enabling new services a extra step. There is nothing worse with servers then finding out you have a bunch of extra services and ports open when you don’t need or want them. The smaller your vulnerable window the better.

The iCal server is very effective as well. Works great with iCal both on the local network and abroad over an SSL connection but it is again missing a crucial feature. I can use a calendar client with no problem but I cannot access my calendar using the web site. You can, oddly enough, after logging in navigate a directory structure where you calendars are kept but you can’t just view and edit it through a web page. Zimbra, Scalix, Exchange ect all offer this functionality. Not a big deal for me but one of those things that is nice to have in a pinch when I am without my laptop ect.

VPN setup is… VPN like. It’s easy to do if you know how VPN’s work. Click a couple buttons, enter some information and your are off. It’s fast to connect to and routes as well as I expected. The only pitfall there so far is my clients aren’t receiving any DNS information so I can’t resolve names of computers on the remote network. I can specify the DNS servers on the client side though so it’s not a crisis. I had this same problem with Server 2003 but Microsoft sorted it out for me with Server 2008. I’ve added the DNS servers into the config on the server but I’ve probably missed something somewhere. I don’t care enough to put any work into it. I use the VPN a lot but, it’s only me who uses it on basically one remote machine so I’ve added the DNS servers to it and I’m fine.

Using the server as a Time Machine end point is pretty excellent as well but brings up one other configuration problem I had. Any Leopard mac can share a drive or folder to be used over the network for Time Machine backups. Through the Server Admin console it’s dead simple to setup, couple of clicks and you are all set. What is weird though is that even if you have not enabled any file sharing services (SMB, AFP and NFS are offered) you can access and use the ‘file sharing’ panel without any warning. I setup my Time Machine end point and was greeted with nothing but errors on my iMac when I tried to connect. I couldn’t connect to the share point. After looking around a bit it occurred to me that no file sharing services were enabled. Once I checked the box for AFP on the ‘Services’ tab everything started working fine. Seems to me that the ‘File Sharing’ Pane should be greyed out or it should present you with a warning if you are not running anything to allow sharing. It’s an oversight and probably not a big issue as I would assume 90% or more of people share files from there server and likely check the box during initial configuration. Once up and running Time Machine has been working great. It backs up each hour and I don’t see any lag when I load the restore console even though the data is stored across the network.

As I said, over all it’s great. I’m used to have to dig though text files and the mess that is Windows Server so it’s a breath of fresh air and simplicity for me. I’m shocked at how fast it is, especially on the Mac Mini which is sporting the standard 1GB of memory, but the machine flies. The external disks are working fine and offer me all the redundancy I could want. If I needed to serve to more then maybe 10 people I would buy an Xserve or a Mac Pro but this Mini is hard to beat. I got it for a good price on the refurb site and should it ever die all I would need to do is move my disks to a new machine and boot back up.

I’ll continue to post updates as needed. I plan to use this Server until the the next version comes out so in a couple of years time my opinions may change… I assume Apple will keep updating and refining between now and then so we’ll see. From my use of it I would recommend it highly both for it’s easy of use and speed. They make all the admin tools usable from any mac on the local network (and across a VPN, though more cumbersome if you are on a slow connection) which is very nice. You have the exact same tools remotely as you do on the server so you only need to learn them once. The mini has power, network and firewire plugged in and that’s it. Once the OS was installed I put it in the basement and walked away. Everything can be done across the network either through remote desktop or the remote admin tools.

It averages about 2% utilization most of the time and is currently backing itself up using Time Machine to it’s internal 80GB laptop Hard drive. It’s a great system and totally integrated. There is some discussion on the internet as to weather the mini can handle the Server OS. I give it a resounding yes. I didn’t have to trick the OS to install and it runs perfectly. All the tools work just fine and low power use makes it even better. From box open to completion, including the OS install and all configuration and testing it took me about 5 hours. I did stop for dinner though and I was watching some shows for most of that time. Configuration and setup took about 3 hours and the rest of the time was spent tweaking and testing from different computers both local and remote.

It’s not perfect, all things have their flaws, but it’s pretty darn close. I would be totally comfortable setting this up in a mostly Windows environment as well as a mac environment. It’s very well thought out and intuitive. It’s more powerful and much easier to use then Microsoft’s Small Business Server which is designed for small and home offices and is more then twice the price I paid for Leopars Server. If you are looking to host your own email, a website or manage a group of computers Leopard server deserves a look. I can’t think of a more power setup for a small business and with all of the integrated clustering load sharing tools it comes with there is no doubt it will easily scale up to server much larger groups of users.

[EDIT: Two Weeks Later – Thought on use after two weeks.]


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.