WWDC2004 Session 616

Transcript

Kind: captions Language: en and welcome section 6 16 so what we're going to talk about today well we do this session every year and we typically talk about three or four different technology areas in depth we talk about how they work how developers can take advantage of them and so on and every year the server team has a real difficult time seeking those topics it's not because we don't have anything to talk about but because we have so many different technology areas to pick from as many of you know we have tens of different services and component in my question server and for each dds for each feature each service with it perhaps three or five new features so it's pretty challenging but unluckily some of these major areas such as open directory exclude ACL coveralls we have our own dedicated session so that makes it a little bit easier then anyway this year we pick these four areas to talk about and we talked about all these areas in ESS marketing server update session but today we're going to double click on them and then top step of 12 of them is more in detail so we're going to start off by talking about the managed network browsing so a brand new Tiger client-server feature will make it much easier for people to browse especially in a large organization then we're going to talk about the sharing locks between different file services the real good toys and geek geeky technolon technology area and fell over in high availability we have this feature since Jaguar server but we made some significant improvements industries in Tiger server we're going to be talking about this and also we're going to talk about how developers can take advantage of this and extend this capability and the last but not least we're going to talk about the certificate management feature it's again brand new feature in Tiger server so let's jump right into management work browsing so we introduced network browsing in Panzer the feature where a user can browse for file services and connect to them directly in the Finder window and management work browsing is built on top of the functionality it's incremental enhancement to make it even easier to use but before we talk about that let's take a look at how it works behind the scene for a panther to get these features work we actually have three different processes involved at the top level course we have the finder and to finder it over this network down then file servers actually shows up as folders and files and that's done by all manner which in turn talks to nsl or the network service location API do it into the system to find out all these observers in zone and itself talk to directory services so that many of you know the directory services have different plugins for accessing different directory system such as elders and active directory in addition it has number of service discovery plugins and one for each bottle and then the other ones that actually responsible for finding those servers on the network and deporting back up so that's how it works today very simple and this feature works very well for consumers and small work groups but it doesn't work too well in large organizations especially with large network so on look something like this there are just too much information you have too many network zones you have too many servers in each of them and a lot of these zones and service comes and goes so it's somewhat unpredictable unstable and also in most cases on these zones are organized by physical network infrastructure so usually by buildings rather than by more logical grouping such as by corporate or cars or by projects so these are the problems that we wanted to solve so manage network network browsing is the feature where you the network admins can customize the view of what you see inside finder when they both click on the network icon so instead of looking something like this where the bunch of road network data you can create something like this let's leave it more organized for your organization so let's look at some of the sub features you can create arbitrary neighborhoods the neighborhoods are those folders that you see here and you can miss them so it doesn't happy a flat list so for example may be inside the engineering further you may have server engineering find the engineering application engineering and so on you can also mix and match dynamic and static content meaning for each folder you can say i want each server so i'm going to specify to show up or you can say for this folder i want to show all the servers that are discovered at runtime on the client machine in these networks own and you can mix and match them you can also define multiple views so you don't have to have a single view for everybody you can create five or ten different views and ensure it to different set of people and the last thing you can be praised or obtained through the existing view that user would see today in answer so the screenshot here is the depressed version of that if you'd like instead you can do something like this so what you've defined shows up on the top and then below it you see the road network arm zone so let's do a quick demo so you can see friend talking about okay so we have a pencil client here and if you click on the network you see a bunch of zones what we did here was we're running a special tool that does a fake registration a bunch of different zones and server so we can really simulate the large corporation or institution so if you click content into different servers and so on and what we're going to do is we're going to create a custom view and appraise this and to do that we're going to launch work good manager is where we implemented a feature so if you notice we have a new iphone here for network go here and then that's where you can construct the view and then preview them so we're going to just wait and use a default view and let's add couple neighborhoods if you want call trails run cold marketing and another one cause over group and now we're going to start adding some servers into this neighborhood and there are three different ways that you can add static servers to each of these are neighborhood one way is if you haven't already have a computer record for that particular server or servers you can open up the drawer and you can just drag them in ego so that's one way another way is you can just go and drive directly from finder so if you could get the arm QA folder see our server struggling that's another way and now let's actually create on listed neighborhood let's call this team members to point to all the servers are on bubbles to the server engineers and the third which creates them is by hand manually so let's say if I have an employee named Bob with working from Hawaii and we want to add a pointer to his personal washing machine you can just name it something Bob and then just type in the URL target added in here and then absolute computer report automatically gets created for that server for future and everything we've added to your sofa or the static servers if these or informations or stored in directory services but you can also add some dynamic content to that you just select this one and I happen to know that all the server guys are sitting on the fourth row of the undersea reading in a north and south zone so what we're going to do is go here and then select the under three force and north in south and add so what we are telling on management work browsing is when this neighborhood is click in the client machine chaussures embossed machine but as well as everything else that was discovered runtime in these two different our network zones so this looks good I'm going to go to settings and then set it to the place and save let's go back to finder you go to the network now you see the first on the custom view that we just created okay so now if you look at here you see everything that we've added and you can connect them or you can go in here you see searching boss machine here but you see all other servers that are discovered in those Network zones we actually mix and matching the data making static content and if you'd like you can also go back here and then set it to add and save there you go so now you see both arm what you be defined on top and then fats on when a network at the bottom and we have made changes to find that yet so we couldn't actually distinguish between these custom views and then put on our network so we did a video hack and then right now week with a new dash in the front so that she shows up on the top but by time we ship it should be a little bit that are looking alright so that was a demo thanks right so now let's look at how this works behind the scene but we did was in Tiger we made the NFL little bit smarter so now knows how to talk to directory services and then get the view configuration information and behave differently based on that information and of course we also made changes to the workgroup manager so if you can actually create and edit those configuration information and store them in directory services and by the way this technology this feature works in any directory system so it doesn't have to be held up it could be update directly with some schema changes or it could even be local net input on if you want to test it and that's actually how I just see the demo to just keep it simple we had all these three things running on a frame machine tip now stick look at web it's actually stored in a directory when we do it all this configuration editing there are three different report types that too involved we're interested in the network through labor food and computer code types so at the top we have network view record and it basically just contains information such as should i append what it plays and then pointers the top level neighborhoods that you've created something like this and the network neighborhood records contain basically pointers to all its content so it points to other neighborhood record if it's nested or two different computer records if you have a bunch of different server space slide or references to network zones if you have a dynamic content so what we then just demoed here would look something like this inside the directly if you wanted to eat a clerk at that system and again you can create multiple views that will happy just one view so you can create five or ten of these things or 50 of those things and that gets us to next topic and that is how does in itself a view when you have multiple different view records in directory system it seems to follow set of rules for it does is it first look at the directory and see if there's a computer records for the client machine that is running or not the server computer code but the crime computer record and he finds one it checks to see if there is a preferred view record specified in that and if there is one use it it's not it looks at the local preference file and see if there is a preferred view that should be using it not equals back to the directory and it looks for view food record name at if the mac address of the machine this NSO is running on it doesn't find one it looked for IP address match it doesn't find one look for the subnet match and if all about sales it's just quoting uses the default view which we've actually used and if there is no default view or if the focus turns off then it just goes back to the default answer behavior so it's sunrise with this feature you have complete control over what your users would see in finder when they click on that network icon you can easily create edit and then preview them in work with manager the tool you already know you can mix and match both static and dynamic content you can depress up and so you through the more flexibility there and you also can create different views for different set of users and all the configurations stored in directory which means when you create that it automatically gets propagated to all the replicas when directory system replicates and also you can use directory services command line tools for editing them from remote machine from SSH on even on the Linux machines and works with any directory system and lastly there is no pint-sized configuration change necessary or you have to make sure is that client machines bound to the right directory system and it should just work and you can even automate that portion by using option 95 each of DHCP so that's actually what i had for the management or browsing and i would like to introduce rusty tougher we're going to tell us about file services locking thank you good morning locking in file services is an important part of any file system or file services especially so in mecco attend server where we have such a variety of different file services serving a variety of different clients so today we're going to start by taking an overview and review how locking works today for windows / sm b four carbon clients / AFP and unix clients over NFS then we'll take a look at how we're enhancing this file locking interoperability on our platform and for tiger finally then we'll wrap up with some notes for cross-platform developers can use to to develop collaborative applications i'm using this technology so we'll start with file locking in a fe and SMB fortunately the two protocols provide very very similar semantics in file locking both are using opens with deny modes so they can open files read-only with shared access read-write with shared access that would be a read/write with no not denying a read other readers or writers and the most common case of read/write with exclusive access which is what most applications do after opening a file read write with shared access collaborative applications will then ensure concurrency and serialized access to the files using range locks on for the ranges that they want to read or write in a FB and SMB these locks are our mandatory locks so that you it's just that other users are prevented from opening the files they don't have to test locks and so on so in UNIX file locking in contrast it's an opt-in policy so the locks are advisory you need to test for the presence of lock before opening a file and you can use using the S lock API to do so you can take out an exclusive or shared lock for on the full file but if you want to do range locking you would use the f control API and there again it's an advisory lock that you would test for both exclusive or shared access thiet there's both the advisory and mandatory schemes work I'm sorry Oh on the wrong back to slides thank you ok we all have a demo for locking like as I was saying both advisory and mandatory schemes work very well it's both but in both cases the applications have to agree on a scheme that they're going to use to ensure collaborative access to the files in the UNIX using unix locking you applications must choose whether they're going to use the F lock to guarantee for concurrency or F control it can't use both they're basically exclusive one or the other which leads us to the way that samba an AFP mapped they open and deny and locks onto UNIX onto the eunuch semantics standard zombie uses the f control the map is range locks to the f control so in this case it's not taking it's not mapping any locks when it takes an open or deny AFP on the other hand maps its hope and denies to the f lock and you can see here and this is basically the standard architecture for that so in tiger we want to enhance this and really unify the way that AF en s and B provide locking to their clients and doing this will provide it be able to support concurrent access not just ensure consistency but be able to have concurrent access over from the two platforms on a given file to where I'd shared editing for collaborative applications and working with NFS because we don't have a perfect mapping between the semantics of the AFP NS and be locking with the UNIX file locking will favor data integrity over concurrent access with NFS and then finally because we had underlying the servers we need to take out the UNIX locks will have to use strict locking to emulate the mandatory nature of the lot says provided see those two the clients on the Windows to Mac platforms all this will be delegated to a new system framework for range locking and so back to the architectural diagram as we see we'll have again AFP and Sabah talking to POSIX and carbon layer and between the two of them will be a range locking framework to negotiate access to files with the proper semantics so double-click on some details on how this is actually implemented in the framework as with AFP we're going to map the open deny calls to an F lock and you can see according to this chart we have basically three different options to do from the S lock we can take no luck at all we can take an exclusive block or a shared lock and so this is not doesn't provide the full match to the semantics provided by the opens and I calls so where the locking will give us concur give a consistency with NFS will use internally Maps the consistency between the opened and I calls within the framework so by train flocking will be fully enforced by the framework will won't be taking an F control because it won't be possible we already have the up law f lock on the file and the reason for doing this is that the the bite range locks are really more transitory in nature whereas the f lock persists for the entire time that the file is open giving us a better story around consistency with other applications NFS the lock database is memory mapped for better performance and will emulate the mandatory nature of the locks by testing within the framework and AFP and SMB for the presence of both the rain flocks and denies before we open files or perform read and write operations so a few notes for developers that want to take advantage of this and in collaborative applications on the mac platform you'll want to use the carbon api's to access this capability and first test towards the capability on the file system by testing for the opened and I've in a Mac os10 provides support for many different file systems each of them have a variety of capabilities and not all support open deny or range locking finally when you have found that that capability exists use the pph open that I think all and in this case specify I'll read write with shared access PP open that I think also has variations that allow for acen carnations and also operations on the resource fork and then finally use PB lock rains think and there's also anything variation of this to gain exclusive access to a range of bytes that you want to either read or write from the Windows platform you want to use to create file API and here the default is that you'll gain exclusive access so you want to define provide especially I should say that you want read/write shared access and then finally use the lock file API or lock file extended to gain exclusive access to the range of bytes you want to read or write from your application locking is just one of the many areas that application developers can take advantage of on the Mac OS 10 platform will be there's a session later on today best practices for application developers that session 108 today at five o'clock you can gain more information around performance and other AP is that are available to file system developers and there's a number of online resources that you can use to use to your advantage as well and with that like to introduce Chris Shelburne who will provide some information on the failover and high availability okay when we were working on the slides for this stuff it is something that failover high-availability has actually been in the server product for quite some time but it seems like not a lot of people know about it our sales engineers when they go out they they try to talk about some of the extra features that Mac os10 has mac OS 10 server and they'll they'll mention this and mostly customers like really so I think the first thing to talk about is is what is failover first of all it's part of a high availability solution Apple has a lot of different components to tell a story now about high availability and some that are hardware and some that are software failover is a software piece and it provides the transparency of availability for short-lived protocols primarily Datagram or which are best known as UDP based protocols and certain short-lived tcp protocol such as HTTP where you know you connect to the web service and you download a document and then continue making connections and the basic premise behind it is that when the primary node fails the backup will take over that primary IPS publicly accessible IP address and then offer the same services that were on the primary and it's typically backed by a raid or a sand file system for extra data integrity on the file system level so here's a typical hardware setup on the top you'll see that I've put a DNS server and the idea here is just the notion that you'll have the two servers your active server in your backup server but there needs to be something else out there that has some information that the clients are going to reference and the easiest thing to point out as a DNS server that's the thing that will resolve the IP addresses for the primary and the secondary and again we've demonstrated the the back up with the raid available to both machines one thing that's been omitted from this picture for simplicity is the fibre channel which is a stuff in blue often will have a special fiber fiber channel switch wired up in there so that both servers can access both sides of the raid it just has to do with a hardware configuration another thing to point out is that the private network which is on the right side of the diagram can either be Ethernet or firewire with the IP over firewire you can actually use that as your private network and it's a cheaper option by just kind of daisy chaining firewire between your servers without having to have an extra network network switch or hub and add additional reliability because you don't need that extra hub there so I think the first thing to point out is that failover and high availability have been around since Jaguar there was a failover product that we ship with that however the philosophy that we had when designing that was that no two sites are alike anytime that we tried to figure out well gee what would be a useful solution for customers what would be a typical scenario we couldn't come up with any and when we asked the sales engineers they were telling us oh well you know this customer needs quick time and this customer needs websites and this customer needs home directories so what we thought the easiest thing to do was well how about we just kind of provide the infrastructure and not the complete solution because everybody's not have to customize it everybody's flights going to be a little bit different and all we did for the infrastructure then was just to manage the state of the peers the primary and the secondary and then do the failover the IP address and email notifications and then ran executables which is the customized part of the site that the administrators would have to do themselves and we define it in docking so they could do so in the way that would meet their own individual requirements but there wasn't a lot of deployment from our customers because it was too difficult to set up and in particular the additional network interface and the previous releases had to be very carefully set up and most of the times when we would go to look at what had happened in a site that wasn't working it was related to the network setup and furthers not having a user interface really seemed to scare a lot of people away because it required fairly significant network knowledge about how the IP layer works and that they'd have to like use VI to edit the etc hosts config which seems to scare a lot of folks and lastly even though we're saying oh you need to customize everything we didn't provide any really useful sample scripts for them to start with because we had just assumed that these were all you know unix system administrators who knew all of you all this stuff so for tiger we decided that we were going to change that and focus on what customers were requesting and most customers were requesting automatic failover of file services so for home directories and that sort of thing and they also didn't like the automatic fail fail back so when the primary came back up in previous releases the secondary would immediately relinquish the address and it would go back to the primary and often what happened was that if the primary went down it usually went down because it had a problem so if it came back up and got the IP address it would usually go back down again so we were getting this ping-pong effect where in certain sites if there really was something physically wrong with the primary say it's the IP address feedback bounce back and forth so customer said you know when it goes down I want to look at it and when everything is okay at that point I want to be able to say yes it's okay now to fail back so that's what we're doing for tiger it's now going to be manual failback provided through the user interface and we've also simplified the setup by providing the user interface and more sample scripts for other services other than file services and we've removed the manual configuration of the private network and that was primarily by leveraging the ipv6 stuff that's now built in and with that the daemon can actually auto configure as much as possible on the system so it'll the daemon comes up tries to figure out where it is in the world and then Auto configures what it can auto configure for the private network and be able to communicate sort of auto discovers what's going on and then we'll start the heartbeat between the two nodes the one thing that people did seem to like where the external scripts that allowed customization so we're definitely keeping that in this release and we're improving the documentation and again providing some more samples for that and the real reason for this change is to build the foundation for future directions that we can go with once we have these to damon's that are sitting there to talk to each other about the real I reliability of hardware and the step that we took for that was to expand and secure the communication model so the daimons are actually now talking over ipsec so that the authenticated IPSec for those who actually know much about IP seconds with the learning experience for me so that when one node talked to the other they know that yeah it's okay that's that's coming from somebody that I can trust and that allows additional communication like one node to actually tell the other node to shut down generally you don't want to do that unless you can trust where it's coming from and so those future directions are require this kind of secure communication model and we're on to the next there we go so the other thing to talk about is what's not in Tiger there's something known as instant or live failover this is a very very difficult thing to accomplish which means that as soon as the primary node is offline the secondary takes over as if nothing happened it has the complete state of information and and that's a it's a very sophisticated problem and again we're building the foundation for the for the future this is our first step and this is not something that we can accomplish in the tiger time frame load balancing load balancing is often solved with other devices existing hardware there's some open source software to actually be dealing with that again we're building a foundation so load balancing is not in Tiger the other things that we we added a restriction that the file services can only be running on one note at a time on the primary and not on the secondary other services can be running on the secondary but the file services the blocking stuff that they added and the file system itself underneath we were worried that there might be some issues about concurrent access and stuff like that so to be safe we wanted to make sure that data integrity was primary as was mentioned earlier so for this release the file services can only run into primary when it fails over it'll switch the secondary and then be handed back on the manual fail back again we're building a foundation and we hope to improve on that in the future the other thing is there are no multi-node access to the raid and again this is kind of a sort of the reason of the side effect for that file services only on one node if you want multi-node access to the raids there's a product called X and and there's a lot of sessions about it here you're welcome to go those sessions can get more information so here's the user interface that we propose you'll notice it's actually fairly simple up at the top is what I've been calling the public node and we're still trying to come up with a better name for that that's basically just the DNS name for the primary node that's where everything is keyed off so you enter that in and that's what the secondary machine will babysit we've added additional email addresses in the previous release we could only have one so now you can have as many as you want and then the all-important failover now and fail back which will change the fail back now to do the manual fail back and the status window inside sir Redmond will show you the status of where you are with some explanatory text to help guide you through it also we tried to provide some explanatory text to help you set it up again it's somewhat of a complicated scenario but we're trying to simplify it as much as possible for our customers so in Tiger we currently have a single Damon process and previous releases we actually had to we had one that was sort of broadcasting another one that was listening so we've combined them into one to simplify the communication model and help with the enrichment of the communication model it runs over authenticated IPSec for our security and it uses standard key lists for communication so it's a you know a command sequence with arguments and passes data and you know something that looks like notifications and and commands and stuff like that and it's all based on plist and then for the private network we use ipv6 which is automatically set up so that means that the customers don't have to set up a whole other private network and give 10 addresses or anything to their firewire address or their their private Ethernet address and then the daemon Auto configures from the DNS name as I mentioned on the previous slide we've enhanced some of the helper scripts that were where they are previously they were notify failover and process failover and we've added some the site-specific scripts sorry that the customized stuff that customers would use that's in the same location so if someone actually managed to set up IP failover in the previous releases and got exactly what doing exactly the way that they wanted to do it when they upgrade to Tiger they won't lose that customization and it will still function for them as it did previous with the exception of the manual fail back so how do you enable your service for failover well first of all when possible don't be tied to specific IP addresses because much like in a mobile environment where you've got your laptop that's going ethernet and airport and different airport zones when you're dealing with failover IP addresses will come and go so if you're tied to a specific IP address and that IP address goes out from under view then your service generally is going to be a little confused so one of the ways to get around that is to use the system configuration framework and become Network aware there's actually another session I think it's tomorrow on how to write your app to be network aware and that it applies to the server product which is generally a much more static environment than a desktop particularly laptop but it's still important for dealing with failover the other thing is that you need you should be able to gracefully handle the mounting or unmounting of file systems in a failover case we're dealing with file services generally that means the home directories are going to come up on the secondary machine and in the fail back case those home directories are going to go away so that means that if you're depending on stuff in the file system they may come and go on you and when possible don't keep open references to those files on the file system because it could go away and the other thing is you might want to consider if you're writing a a client side of this is to consider automatic reconnect so when that service is lost temporarily you can automatically reconnect if you've got contentious or if you're using the single sign-on technology just to be able to reconnect to the server once the secondary takes over and the other thing you might want to consider for future directions is an automatic redirection of clients so if there is a bank of servers like in the case of the primary and the secondary or perhaps more if the customers have set that up that way when you connect to the first one the service could respond to the client you know I'm sorry I'm really busy right now please try this this other site instead so that's something else to consider that is just an enhancement on top of the failover that would that we think would be beneficial to customers ok so for services that can't be modified so for things that are open source you know things like Apache or you know an open source ftp that isn't really designed to have a lot of customization just for mac OS 10 you can use these customized scripts that i talked about before and there's a well defined sequence of what happens when an IP address is to be acquired or released and it will process the directory in library IP failover each directory will have as its name the IP address that will be acquired or released so first it runs a test script to determine whether or not it should acquire or release the address and if it fails if it returns a non-zero status then it will abort the acquisition or the release this is much less important in tiger and previous releases this was the way to prevent automatic failover or automatic fail back if you just wanted to be able to be a notification mechanism you could have the test script do this but with this feature added a little more control for the users this script in particular becomes much less useful however the other scripts which are the post acquisition of sorry pre-acquisition and pre-release scripts in addition to that the peers which are the post acquisition and culturally scripts are that we're all the meat happens in terms of dealing with those services that aren't failover ready so the in the case of an acquisition will run the test scripts will run the all of the pre-acquisition scripts so all the scripts that begin with this pre acq and then it will actually acquire the address using ifconfig and then run the post acquisition scripts so in the release case it's very similar but it's clearly using the release version of the scripts so this is a case where let's say the primary is running the web service and on failover you want the web service to be running well you wouldn't do anything in the pre acquisition but in the post acquisition you would start off your website service and then the release you want to shut it down before you get rid of the IP address so you would shut down Apache in the pre-release script so that's something that will be one of the samples just to demonstrate so in previous releases we didn't pass any arguments to the script we figured there was enough information that the scripts are executables could figure it out however to simplify some of the logic so that all of the scripts and executables are doing the same thing we've changed the invocation a little bit to pass in whether or not we're acquiring or releasing and exactly which IP address that were operating on so to summarize about failover we currently offer a bunch of components for high availability there are some that are software like watchdog and launch d launch d is actually we'll have another session later in the week failover which I've talked about there's also automatic hardware reboot which if the machine freezes I think is actually how the user interface specifies it it will reboot after some period of time which is typically five minutes and we also have some hardware solutions like X an and an extra braid one of the things about failover and tiger compared to the previous versions it's going to be a lot easier so we hope that a lot of customers will be using it but that also means that your services could be affected so where possible design your services would fail over in mind and generally that doesn't require a lot first it means to be network agnostic to be aware of changes in the network in the file system and to be fault tolerant and which I know is a really broad word but it just generally means that you know when you go to open a file it it may fail and you just need to be able to to handle that kind of stuff gracefully and for those services that can't be modified you can leverage the failover scripts and provide sample scripts to your customers to ensure that your services stay up or come back up on the secondary when a failover does in fact happen so the second topic that we'll be talking about today is certificate management I'm having a little problem of the clicker so certificate management there was some stuff and Panther there were a lot of different services that could actually make use of certificates most of them were based on open source projects open directory although that was our creation makes use of some certificates primarily in the ldap for ldap over ssl male host fix and IMAP can actually use ssl certificates there as well VPN uses certificates for its l2tp protocol and web of course the original ssl however the configuration was very inconsistent across them and required a lot of manual setup you needed to generate the keys by hand and needed to enter in the appropriate information in the user interface and the services often couldn't share certificates you had to create a certificate for each service instead of having sort of one global for the machine there we go so for tiger we've changed that and we've centralized certificate management and the certificates tab in the server settings so there'll be some UI screenshots and I'll show you what I mean by that but the idea is that all the certificates to create you do so in a central location and then you get alinta great in with a certificate authority website so we actually have the means to take a certificate signing request and you can either paste it in their website or email it to a certificate authority and we leverage the new certificate assistant that's in tiger so you can actually email those certificates to the local CA for signing and inside each service that could actually leverage the certificates we present a list of those available certificates rather than the previous see why so here's the new certificates tab you'll notice that we have a list here we show when it was created and the date of expiration and these are currently only self signed because after all their examples but this UI is very similar to you know most of the table views where you can add it delete stuff you'll also notice that it's on the top level it's actually a server a global setting for the server so the general tab has things like the server name and the serial number and the certificates are just a peer of that so this is how you would actually create a certificate standard stuff for setting stuff and once you actually creates a self-signed certificate we have a couple of buttons to to request a signed certificate from a CA and then once you get that result back to paste it in and these are what the dialogues look like it's fairly simple it can actually email it directly from the admin app so you don't even have to cut and paste anything it'll just generate the email and send it off or you can drag that little icon over there it'll actually drag a clipping with the certificate and then once you get the result back you just paste it in click OK and you have a bona fide signed certificate so that centralized list will really simplify the user experience and the following services hi I'm sorry I didn't mean to say it like that we do have a bunch of services that actually use the the new API and the user interface again it's the same ones that you've seen from previous releases but we're leveraging it with this new interface so just to show you an example this is what configuring SSL for open directory was like in previous releases so you could turn it on but then you had to specify each of the different files and all that stuff well in Tiger I think the battery's dying on our clicker here in tiger it looks like this it's just a pop-up you pick one of them and we do all of the stuff behind the scenes necessary to activate that certificate for ldap over ssl thank you I'll pass the word alone likewise here's a the old web UI same kind of thing all these multi lines and you know clearly when you ask the customer hey make sure you spell that right well that's the new UI so greatly simplified they just pick one out of the list if it needs to be exported because the web server only you know understands openssl again we do that in the background so it's automatically activated for that particular service so what can you do to take advantage of certificate management and tiger well there's two command line tools there's one that's was available in Panther server admin and we've added a new one search admin to simplify your use of certificates so if you wanted to see all of the certificates on the system and get it as a plist because you're abusing foundation or core foundation and you want to be able to parse it and get all the parameters you can execute this command go ahead i'll let you all copy down and that will actually generate a large p list with all all of the certificates in it and all of the different settings associated with it most of the stuff that came from that settings panel did the creation panel you know about the site name and and the csr and all that stuff so this is a very rich output however if you wanted to put this in New York your UI well that's a lot of parsing so we've provided a more simplified tool and that's the cert admin tool and if you just say cert admin list it just spits out the the name so you can populate that pop up just like we do and if you need to export the certificates to openssl because the service you're using only does openssl instead of using apple security framework then we have a fairly simple command to export it and you just give it a the certificate name so we've tried to provide tools to really simplify your ability to leverage this what we hope will be a very cool new feature for users to increase the security of their product and hopefully these tools will allow you to to leverage that as well so why do we care about this well because we all know that certificates are important tool for securing data SSL is a key thing and more protocols today or have SSL extensions and maybe your protocol wants to do that as well with tiger server we've really simplified and centralized the certificate management and provided tools for you to leverage that and to be able to integrate them into your own service and that's it for certificate man I'm sorry I really think the batteries are dying here clicking out on me so hopefully you'll be able to leverage certificate management in your products as well so for more information on all the things that we've talked about today there's a lot of different stuff available on the DVDs there's some documentation and release notes and as additional draft come available those will show up through the developer websites and you know we have man pages on on the stuff on the DVD and we're adding more every day so a lot of different resources on the web and a lot of different sessions as well to be able to get some additional information about some of the things we talked about like Network awareness and the best practices for file systems and things like that