WWDC2004 Session 625

Transcript

Kind: captions
Language: en
good afternoon hopefully all the dental
guards gods are fill in the room we have
a lot of demos this afternoon so
hopefully we all go it all go very well
I can see a lot of positive karma in
this room so I think we'll be I will be
fine I actually manage the apples
professional services group for the
enterprise and we do a lot of
integration work with a lot of a lot of
you in the room a lot of our customers
enterprise customers people buying
exurbs xserve raids we're helping a lot
of our publishing customers my grade
from OS 9 20 s 10 you know set up
network home directories integrate with
active directory so basically this
session is all about you know
integrating those macs into into your
environments into your corporations on
your networks and so what will show
we'll talk about a lot of that today so
we're kind of a kind of see yourself is
like a jumpstart team right so we come
in for a few days and we kind of help
you do that integration do that
integration work we're not the you're
not a you know a consulting firm that
stays four months in your company and
and you know spend hundreds of thousands
of thousands of dollars we're just in
for you know a week and we basically
help you get all that stuff up and going
and then basically mentor you and help
you you know basically maintain the
system moving forward on 10 so this is
kind of what what our team does so
what's really interesting the reason why
we started this team and this enterprise
special services group is because of
Panther I mean if we if I had given if
someone would have given me that job
before Panther I wouldn't have taken it
right Panther is really the first
operating system that is truly you know
an enterprise operating system and I
feel and we're very confident we go in
that we can get the job done and in your
and your companies and so really it fits
beautifully in a lot of a lot of
environments and so what we're going to
talk about today it's kind of review a
little bit of the desktop solutions that
are out there that make that max fit
into that enterprise properly and then
we'll talk a lot about the back end
because the back end is also very key
and that's why we have on stage right
now you know extra
a vector of raids which will all be part
of the of the live demo we'll also talk
about some third-party solutions there's
tons of third-party solutions of course
you've seen a lot of them this week but
I'm just going to focus on a few that i
thought we're kind of interesting again
that have come out in the past few
months or that will be shipping shipping
this month i also talked about some
myths vs. facts I meet a lot of people
and and and there's still some
networking terms and people are just
still think that we're running appletalk
on our network so what kind of what kind
of talk about those as well and then a
lot of people when we go in there like
well you know I'm running ls9 or I'm
running tend to you know Tiger is going
to be shipping next month which of
course we all know now it's not you know
should I wait to deploy and we'll talk
about those so fitting in right the
first thing that's important today is
for the macbook fit into your
corporations and we all understand that
at Apple and so the first thing I wanted
to talk about is email and collaboration
and we actually have a dedicated
collaboration session on Friday which
i'll be presenting at ten-thirty so if
you want you know the whole download on
collaboration tools and collaboration
suite please come to that session friday
at ten-thirty but i just wanted to
review some of the main applications
that we have today when we go into a
corporation you know basically email is
the number one you know application use
you know probably seventy percent of
your time is spent in entourage or an
Outlook or an apple mail right i mean
people spend their life in email
nowadays and so apple made a lot of
efforts and will continue to make
efforts to fit in with our own tool so
apple mail address book and we'll show
those in the demos a little later on
microsoft also you know they're very
committed to the macintosh they've done
a lot of important add-ons and new
features and addison some compatibility
exchange with entourage 2004 things are
working much better compared to to the
previous versions on mac OS 10 and so we
have pop IMAP as well as exchange
connectivity and of course they do they
do the same and they also have
calendaring lotus notes the law
note sweet I mean there's a whole bunch
of product from IBM and also Lotus is
also very committed to the mac and
they've got they've got a great product
that is pretty much on par totally on
par Mac versus PC and the novell just
announced groupwise 65 x and we don't
see as much novella me in the enterprise
but it's pretty big in in education and
so I just wanted to just wanted to
mention that as well desktop management
solutions you know so again I mean when
we talk to IT people you know for them
the most important thing is making their
job easy right I mean every IT person
you know they want to they don't want to
spend time you know extra time managing
computers they want to spend as much as
less time as possible to manage the
desktops and so you've been to the
sessions this week hopefully you were
able to get into the session with apple
remote desktop to you all have CDs that
that you know with your WC kid that came
with ard 20 and we've made a lot of
improvements we've listened to customers
and we endured some great features
around software distribution you know
remote assistant easy setup you know
asset management all that kind of stuff
we've made some great strides in that
area but also you know I wanted to
mention some of the some of the
third-party tools that are available
hopefully my clicker does work there we
go we also have some other desktop
management solutions that are compatible
with mac OS 10 like landesk netopia
marimba all tourists fall wave those are
all great third-party solutions that are
available that are cross-platform and
basically allow you to also manage your
your heterogeneous environments so I
wanted to make sure that that we
mentioned those as well Active Directory
support this has been key this is
something that we shipped in Panther and
we've improved it a tremendously since
we ship 10 dot 3 and 10 33 we added full
support for network home directories
that has to be done this is not a UI
that has to be done from the command
line you need to edit the Active
Directory the plist file but basically
allows you to truly have an SMB Network
home directory and not just have it
mounted on the desktop like when what
happened when we ship in 10 3 we just
hadn't finish that feature yet but we
have that also very interesting we even
have why
Ellis support when using Active
Directory so once you you're bound or
you're set up with your wireless account
you can actually reboot your machine
login and we actually have wireless
support through ad which is which is a
feature that some third-party products
don't one feature we are missing that is
interesting is a DSS support and love to
get feedback on that right now you have
to use the surgery product for that and
we understand that love to get feedback
is that is that is important to you
you'll have my email address at the end
so well but that's you to receive those
that feedback mobile accounts is also
very important laptops a lot of people
use laptops today you want to make sure
that your credentials are cached on the
laptop so you can login logout reboot
your machine when you're not on the
network you can you can log-in so we've
got all that that those features in the
ad plug in some of the other directories
where we are compatible with because
have open directory and if you went to
the open directory session this morning
you have a better understanding of how
our directory system or directories
infrastructure is in the OS I mean we're
very open right and we're all based on
standards and a lot of those other
directories use ldap and so it's really
simple to plug in a mac desktop into a
son I planet back in or into a novell
back end or an IBM you know directory
server put it back in so we fit in very
very well even with some of the other
directories that are out there even this
for those of you still using this it
might be time to upgrade but you we
still have we still have that that
support in the operating system I wanted
to quickly touch on a few applications
and web browsers so of course Safari is
Apple's browser of choice and again
we've improved Safari tremendously and
Eric will show some of the some of the
cool Safari demos in just a second a lot
of applications are web-based and you
saw some of the announcements this week
with like PeopleSoft and salesforce.com
who are also very committed and full and
that are basically fully supporting
Safari as the browser of choice a lot of
banking we've been talked to all the
major banks as well to make sure they
fully support Safari as the browser of
choice on the Macintosh we also added in
Safari 12 we added live connect support
which is huge for a lot of customers and
in the end just mentioned some of you
the few tools are really useful when
you're a Mac user and you need to
connect to a pc you know a virtual pc
but our DC is a great tool as well
remote desktop connection it's free many
people don't know that and we'll demo
that today as well just so you can get a
feeling of what what you can do with
with the Microsoft RDC I say it's free
but it also requires a Calliphora and n
seven shipping this summer or later this
fall and then PeopleSoft 8's AP java GUI
people who are using SI p also there's a
client on them on the pc a 30 win32
client but there's also a great java
client that is available and that is
compatible with mac OS 10 so we also
have a CP availability and Oracle 11 I
and Salesforce of course and then 2004
office 2004 if you read a you know
Stephen Stephen Wolfram quote and from
Businessweek a few few weeks ago he
basically said you know that Matthew
does not have an office suite equal to
windows which is really good and we have
we actually have you know even more
features than the latest version
available on the under windows the
windows side hopefully my clicker keeps
on working there we go quickly touch on
Java and X 11 so again we've got some
great tools available on the mac and
we're seeing more and more developers
actually use mac OS 10 as their
development platform great tools
jbuilder sun java creator studio that
was announced this week at the java once
at conference IBM eclipse there was a
session on eclipse a few days ago and
eclipse is really really important
because we're i'm seeing a lot of
developers move to eclipse to write
their own applications and because we
have it clips on the macintosh it's
going to help us even get even more
applications on the platform because it
truly is a cross-platform development
environment and and it really helps IBM
and others to bring even more
applications to to the Macintosh and
then jboss macromedia and of course the
x11 client this is great i mean if
you've been to downstairs with some of
the vendors
went to the vendor fair a lot of them
the first step like in the backup area
they have they bring up the x11 server
and the x11 client for the Macintosh and
then it takes in a few months and then
they come up with a really nice native
cocoa you know gooey but at least we
have X 11 and people can actually run
their applications through x11 on the on
the Macintosh as well VPN clients just
wanted to quickly touch on that so we
have a native l2tp and pptp over ipsec
client built into the OS so for small
and medium businesses also on the server
side we have a built in VPN server that
is compatible with mac and windows so
make sure you take advantage of that of
that I mean if you have if you buy next
serve you know it's really it very
simple to set up as a VPN server and
again it will work with both your mac
clients and PCs and I still know quite a
few accounts are that are dialing in you
know using dial-up and the beauty of
this is if you set up an extra with VPN
you can go to pretty much you're on the
road you can go to any hotel they all
have they pretty much all have you know
dsl or cable modems and you can get pure
on your network without using any
dial-up which is kind of you know pretty
much outdated cisco as well oh by the
way we also in 10 34 we also improved
tremendously our nortel compatibility so
there was a bug on the North health side
and their VPN box which we basically
address by adding some new functionality
on the client to work around the bug
basically and now you should really look
at having your admin turn on l2tp on
your no tell box and you should pretty
much it should pretty much just work so
you can actually use the built-in mac
client to connect your nortel back end
there's some other ones net lock has
declined for nortel a canucks a VPN
tracker v1 and Gracie on software so
that's kind of a you know a quick
summary on the enterprise side and again
on the on the client side and again I
didn't touch on everything but I also
wanted to focus a lot on the back end
and on server solutions and how we fit
in into your network on the server side
especially with panther and then with
tiger it'll even it'll don't just get
better so what you're going to learn
first is basically this is stuff that
we've we've really done a lot of work
with on the integration side on the
professional services side is really
using a mac server a Mac os10 server as
a windows file server and the reason for
that is you know people security is a
big thing nowadays I'm sure you all
realize that and unfortunately there is
a lot of there are a lot of viruses and
worms you have to deal with on a daily
basis on the window side not saying that
we're not affected we definitely are on
some of the security patches but we
haven't been hit with a virus for the
past three years so you know we're much
more secure on the on the virus side and
on the warm side and so it's really neat
not only do you save on client access
licenses but you can really put a you
know put a eunuch machine you keep your
Active Directory back end I mean again
we understand you spent a lot of money
deploying ad if you go the ad route the
Active Directory route you're not going
back right we all we all know that and
so it's really nice you can keep your ad
back end but basically deploy deploy an
xserve also what's interesting is you
can also use your ex serves as Network
home directories so what I mean by that
is basically what's called roving
profiles right so I can log into one
machine get to my files next day log
into another machine get to my files and
all my cells are stored on the network
and we fully support that on the on the
server side for both Macs and PCs policy
management so I call this policy
management because a lot of Windows IT
people understand that and that's what
we call work group management right so
we're group management is basically
policy management and and we'll talk
about that as well and then another
interesting thing is as you saw in some
of the sessions in the osm server we
basically talked about high availability
and how we're going to improve our high
availability active passive solution and
tiger well we have a pretty neat
solution today that we're we're
basically offering to our customers from
the consulting side and I'd like to demo
that to you and then we'll talk about
backup solutions so first thing I want
to talk about is using the server as a
home basically as your network home
directory and what you can see here the
beauty of it is so you have a mac client
you've got an SMB he's got a Windows
client and you've got a Linux client
right or UNIX client what's really
interesting is because the server
supports you know all three protocols
support AFP SMB sip and NFS basically
and in the max desktop support all three
you could basically connect over SMB
asafp or NFS to your to your home and
let's say your home is stored on an X or
an extra raid right on the pc pc only
supports SMB so you're doing SMB and of
course on the UNIX side you're doing NSS
but we basically support all three on
the Macintosh and ever and of course all
three protocols on the server side so
you've got a really interesting bundle
here for lesson you know thirteen
thousand dollars you've got a fully you
know you've got three and a half
terabytes of storage and you've got your
ex serve and you can use that as Network
home directories to store your network
home directories another thing that
we've been doing a lot or you know
pretty much since Panther ship its
policy management right now that we have
a truly enterprise-level operating
system people want to lock down and
manage their policies on the desktop
right and there's a couple ways to do
that and that's what this sly about so
the first way that usually we go with
and probably eighty percent of our
customers when we go and talk to the
windows admin right they manage their
schemas right and usually we start
talking to say well the first thing they
ask is you know are you going to modify
my schema it's like wow you know don't
touch my schema right that's usually the
way the IT people behave and that's fine
we've got no problem with that and I
mean we'll work both ways we can put
xserve in there and basically use the
xserve as kind of a dual authentication
you're still acenta cating the user to
active directory but you're being
managed through the xserve okay so that
means that you don't have to do any
schema extension and an eric will show
you that in the demo in a few minutes so
so that's the that's the first way is
you put an xserve and you're basically
you're still acenta cating to 80 but
you're being managed through the xserve
using workgroup manager the other way we
can do it is we can actually extend
extend the schema on your Windows Server
and that stuff that we also do on the
consulting side and that's also there's
about 30
what is it Eric 30 37 so there's 37
attributes you need to modify on your ad
server so that basically you could
actually run workgroup manager against
the Active Directory directly so you can
you can you can manage users groups
computers when you're modifying the
scheme on your ad server okay so people
usually don't like doing that manually
even though we have that it's all
detailed in the in arm in the open
directory guide but you know you don't
want to make any mistakes especially on
2000 because you can't delete a short
attributes once you put it in so we
basically develop the script it just
goes in and does it all pretty much
automatically so that's the other way of
doing it and so what I want to do now is
basically bring up Eric to kind of show
you some of some 80 demos and and kind
of go through a bunch of them Eric
thanks
so the first thing I'm going to do is
actually bind ad if you've never seen
it's actually really really easy so
we've got a tool called directory access
don't you load located in your utilities
folder on your application folder need
to unlock here so you notice there's a
plug in here called active directory
double click on that it'll ask you for a
little bit of information pretty easy
something I've mins have a hard time
right figure out what it is but you know
it's very easy information to find out
you're looking for your force and your
domain information it's ready enter in
here but i'm not bound yet so i'll
actually bind this client to the ad now
you can use a pre created computer
account all the kind of stuff you do on
a windows side if you got privileges to
do it it will let you bind to the
directory return now I'm bound that pass
had created a computer account and it's
down to the active directory there's a
couple of things you got to do before
you're done you actually want to say I
want to use this for authentication I
already done it in advance here but you
add that to the authentication chain one
very important thing people don't
realize if you've got exchange you want
to add it to the context one as well and
I'll show you why you want to do that
all you do is push the custom clicked
add and add it to the list so that's
pretty much how hard it is to bind but
if you launch the terminal the quick
test to make sure it really work so I
know there's an ad you'd rather called
win home ok that's the user out of
active directory you'll notice partially
because he's got you ID for those of the
unique IDs is very large because that's
dynamically generated from Active
Directory you also notice a group based
off of the domain information so he's
actually part of the engineers group an
ad so now I know ed is working great now
i'm going to log out i'm going to log in
as that user i just check so i went home
what's important about this user is my
column went home because this home is
actually on the windows server no
changes it's not running AFP it's
running just regular windows file
services I should show another user
where we're connecting to the xserve and
another example of how you can split
that up one thing that happens for you
is one your home directory on the
network gets mounted on your desktop and
actually put a shortcut in your dock
select create a folder here you know
this is a from the Mac this is stuff for
home etc those are files that are up in
my network called me which I could copy
files over settle from the local machine
if I wanted to see that networks it's
normal SMB share from a windows server
but let me go to log out and now login
as an OS x user now what's different
here is the home is actually on our one
of our x serves in the rack now the x
server is actually integrated ad as well
you know it's the same oh so calm added
to my dog and in this case is actually
using SMB to an excerpt which is kind of
interesting in reality is in your JD
mentioned ago if you switch that just to
show you real quick there's a command
line crop tool called vs config ad if
you run that there's a lop shun here
called local home and mount style you
can switch the mountain style to AFP so
if I were to switch today FP would
actually use Apple file protocol to
connect to the xserve instead of SMB
which more reliable for us so that's
pretty much it for lashes logging in
it's amazing how easy that is but little
more details people don't realize is
that can actually launch Safari I've got
actually got exchange 2003 installed
with Outlook Web Access only just click
through outlook web access you notice I
didn't do anything it signed me in it
used my career both credentials that I
got when I signed into the computer and
just logged writing dialogue box just
like you do on your pc i can click on
email read email sandy email etc and i
can show you the fact that i got
credentials it's on a command line with
a civil Kerberos command called kate
lift this is the the credentials i got
when i signed in and this is the
credentials to connect to the exchange
server all automatic but remember that
comment i made a little earlier about
the Contacts tab and why that's
important most of them realize once you
do that if you launch address book you
can actually look at active directory
and find users you know I want to send
an email to somebody i know there's demo
user out there actually just three of
them i can double click on the user you
know this is all confirmation all of
this is coming out of Active Directory I
can for example I could actually drag
that to my personal address book if I
want so I don't have to worry about
being on active directory and now that
users now in my local directory all
completely seamless for you so just to
prove a couple of things let me go ahead
and login here if go back to adrics
looking children to thinking the ice
equal exchange so the insider address
book you can actually go to preferences
and you'll notice there's a synchronized
with exchange so if you actually got an
exchange account and you
integrated gmail as well on schmale and
set it up to actually sink your address
book with mailed and exchange back and
forth so all the addresses are always in
sync for your personal address list your
gal or what people call the gallon the
window side is auto ready and address
book by default there's nothing to
synchronize the great thing is if you
launch mail and you type in user names
it will find them in a nad automatically
the autocomplete that we have in mail it
works with ad as well all automatic
interobserver number four please move
them out there yeah so let me actually
show you a quick those users nad I've
actually got the ad administrator up
here tues I just logged in as you know
the cosx home you notice his account
just a normal account but his profile
was on the xserve under the users folder
with this OS X home and the same thing
on the win home you'll notice the
difference is it's actually on the
windows 2003 server not only login on
another pc with that same user
so that's a home folder stored on a
xserve from a windows box if I actually
click on the short link here you'll
notice that it's actually going to the
server and the files are in there you
can also go to my computer notes that
it's actually mounted on the desktop or
on the system as a drive all
transparently they don't even know it's
an xserve on the back end so that's
candidate for that but let me now go
through some quality examples can we go
back to number two please so I've come
other user setup actually number three
please oh sorry sorry right so I've got
a couple of the user setup to actually
show the policy management first of all
let me show you a user that has actually
been extended directly in ad so this is
the we've done the schema changes and
I've applied a policy to the user nad
using our tools nothing special I login
is used just like Dario's would now I
didn't do anything special here this
actually came from the policy management
I said to put his dog on one side
actually enable magnification it's all
coming from the policy management toys a
slight delay logging in here
notice the network home isn't listed in
the folder so I've kind of control that
users experience which is very handy I
could lock out applications anything you
can do working management you can do the
user right then and there and I'll show
you what that looks like in our tools so
you see how I actually set the settings
I'm gonna login it is a different user
and this is a group user and this is
because I'm going to control his
policies from an OS 10 server with a
separate directory so I want login first
without anything set up so you see it's
just a normal user everything exactly
the way you would have first time let me
signed in but I'm going to make a slight
change i'm going to add the OS 10 server
to the authentication tab you saw what
that's going to do is find any other
groups the user might be part of we
should a little chillin here so if I
launch IDC am not part of any groups for
the troubles will smaller there got some
only part of staff and no extra groups
last director access authenticated the
admin now I want to actually add the
ldap server from our server into the
list well if everything is working right
for us here I should log in with the
thing user again in this everything will
look different
demagogues aren't with us the double
check to make sure to actually talk to
the server manage settings are cached so
there was some danger in this the fact
that it didn't go the director game
because he knew that he didn't have any
managed I think that need to be
refreshed just just open up a terminal
and show them that but I will but you'll
see that I'm actually part of another
group actually it did take that back now
there you go I have a simple finder so
that was the big change more simple
finder is really simple so at work so
next thing we launched the worker
management tool thing see what this kind
of looks like in the directory couldn't
write as daily users pretty restricted
there
so I click it's over here so i connect
that opened arcing master and then
connect to the xor that's bound to ad as
well so this is the open directory
server you notice or some other users
edging adding do anything special but
you'll notice a group called manage
group yes the group user is in in that
group you come over here this is the
xserve and here's a machine connected to
ad I could do the same thing under the
menu and you notice there's a view
directories ask you the same less
because i'm connected ad as well as on a
client if i click groups you see the
engineers etc the nice thing is if i
click on this extended user and go to
preferences enough he has some
preferences set up now i can
authenticate
and I can actually change from the floor
but you know if I click on one your
settings and coming here say always if I
didn't make a change and it just saved
that directly to active directory so I'm
modifying the user directly now if I go
to the open directory server i can click
on the manage group go to preferences
you notice the finder setting that I had
set and I said always make it a simple
finder so that user got that policy from
a completely different directory such a
cool thank you so see demo gods are
actually with us it's a good thing and
there's more coming next thing that I
wanted to talk about is mac OS kind of
the PDC that was pretty interesting last
year we did a similar session not not as
in-depth as this one because of course
Panther wasn't shipping at the time and
customer came at the end and basically
told me a you know we've got about 500
max and about a hundred PPS you know
should I go to active directory right
and I said absolutely not I mean there's
no reason to do that because panther now
has PDC support built-in so really I
mean you just basically set up an open
directory master and open directory
replica and you have you have the PDC
built in so all your PC's can
authenticate you know canis indicate
directly to the the open directory
master box so there's no need for
deploying any any active directory
server to manage your pcs and login and
so forth and so on so basically we've
gotten you know native supports active
the PDC and as you saw in the session
will also add a well as a backup domain
controller in in tiger as well which is
which is useful when you need to manage
the server and then what's also
interesting is we we also mentioned that
we were going to come up with a
migration tool but again you know
Panther is shipping today and Tiger will
shift you know the first half of 2005
and and we understand that you know the
NT support is going away at the end of
the year so I wanted to make sure that
people there are two tools that are one
is available today one is coming very
shortly I one is from das technology and
the other one is from verso
aura and basically they're going to have
a tool that will allow you to migrate
your NT servers over to a Mac os10
server an open directory PVC so those
tools are available or one is available
one will be avail shortly by this fall
and then we also have some documentation
so please look at the windows
documentation it's not as easy we don't
have that that automatic tool yet but
the documentation is pretty explicit on
how to help with the with the migration
and again what our recommendation is you
know if you have about under 400 users
our PVC will work great for 2 600 it's a
perfect solution for that if you're the
lesson 6 you know for 2 600 pcs you'll
be fine of course when you go you know
in that enterprise level you know that
the PDC is you know Active Directory or
a Sun solution or a novell solution it's
probably better for for the high-end
enterprise but for the small to medium
business it's a great solution so what
I'm going to do is have Eric shall I
give you a PDP demo yep the first on the
Mac here I need to show you the fact
that I have a user in open directory
this is a ldap server and we close out
the ad one over here so you know there's
a PDC user but he's got a Windows setup
I think Reynie profile so until I don't
feel like dealing with creating a login
script and profile and such but you will
notice I'm going to map his home to the
server the mac server she's got a
typical path on the map h2r excerpt it's
number four please
yeah so now I'm out next p and you can
see I'm actually bound to the ODP DC I'm
going to sign in here put that the right
password actually good it's actually a
security feature in windows it doesn't
let you in if you don't type the right
bathroom and you'll notice my H Drive
got mapped automatically nothing special
ok so it's like number three work please
and I don't you go to the start menu
have the start button just like and
click on the start button here just to
show them that actually you can see that
the PDC user it's actually the PDC user
and again the beauty of it even you can
change passwords on the pc it saves that
back to the mac and you change in on the
admin side I mean all that stuff is
totally transparent on the desktop and
on the server we're going to be pleased
so you start what is looking a worker
manager real quick I just want to
actually bring up server admin and so
you can see that particular setting
where those servers
as you can see some of the log on to
have been a little long and that's
because of our little mini dns server we
set up at lunch so bear with us the dns
might not be completely configured
properly here and dns is extremely
important for those of you who have set
that up before saying that's on our
windows there's some settings another
finish refreshing there and i'm just
configured as its primary domain
controller i said on my domain is OD PDC
my computer name and it's set up great
hide you thank you so i wanted to touch
base also another topic which is
migrating to open directory and what's
also interesting is we've been talking
to a lot of people who have Sun Sun I
planet servers and again you know
they're spending a lot of money with
some servers and especially the main and
support and the support and so what I
wanted to mention is it's actually
pretty simple to migrate if you're only
using your son for authentication and
again you're not we're not talking you
know 500,000 user records right i mean
again you have to within reason you know
our server can support today and Panther
over you know we've tested over a
hundred thousand user records so if
you're in that area you know zero to one
hundred thousand you can definitely use
our master replicas scenario and
definitely very interesting from a from
a migration 22 from I planet what's also
interesting is again built into
directory services you can very quickly
authenticate to to I planet but also you
can use workgroup manager to help you
migrate that so what you could do is you
can basically tie in to work group
manager on your son a box you see all
the list of users and you basically use
the export feature and we're group
manager you save that file and basically
you bond to your open directory server
and then you import that file and you've
got a great way to basically import and
export the basic user settings right SN
CN password definitely not usually what
we recommend their password migration is
not easy for for those of you who know
that in the
but you know you can use workgroup
manager to quickly set up a default
password and users can come in and
change it at first logon but a lot of
you know we've talked at least four or
five people in the past few months who
want to migrate to open directory from
Sun and you can do that because again
son use ldap we use ldap therefore we're
very compatible next topic I wanted to
cover is high availability and so again
if you were in the end of session you
saw some of the announcements around
tiger and tiger server we're basically
going to have an active/passive failover
mechanism but you know tiger again is
shipping next year and a lot of you and
in the publishing world or in the
enterprise world want you know that the
exurbs you know they have one power
supply so I hear that all the time right
people want to make sure that if the
server goes down my users get back
online you know immediately right and so
what we've put together is basically a
scenario this is a simple scenario and
the scenario is I've got a master server
serving files so I are serving Network
home directories again SF AFP SMB and FS
you know doesn't really matter and so
this master server is actually connected
to a fibre channel switch you know it
doesn't matter it could be you know Vic
sell brocade qlogic those are the three
that we support and basically the server
is connected to an xserve raid okay it
could be one it could be two and the
demo today we have one but if you know
no big deal and the more ports the
merrier and and then you've got to
failover server and this failover server
is basically in a waiting mode right and
and yes the server's not doing much but
at least you know you're back up and
running if something happens you know
that server bowl pretty much instantly
take over and that's really what people
what people care about and and the of
course none of the volumes are mounted
on the failover server right now right
that's a big thing that people have run
into they think they can have both
volumes mounted from the raid on both
servers not at all right you don't want
that because then that's how you call it
corruption so all the volumes are not on
the main on the master server and when
the failure hope and we basically
automatically mount all those volumes
over to the failover server and
and we'll do a demo in just a second
what's what's also interesting is
usually those kinds of solutions are you
know pretty expensive there you know ten
to fifteen thousand dollars and you know
basically we we have a scenario where
you know we sell it for you know
probably the four thousand dollars which
is really really good using easing
scripting and so what I want to do is
bring up Eric and eric is going to
basically show you this high
availability demo of the best way we
actually put up remote desktop on our
servers we've got two minutes up handing
this I've got the master and I get the
failover you know if the decimals are
similar but all the volumes are set up
on a master over here and say these are
really live windows so I can create a
new window so I'm observing in observe
so these are real live windows and I'll
actually connect to try connecting the
master it's no problem now they're
actually they're gonna notice that Eric
is connecting notice the IP address
right he's connecting to 162 and its
connecting to you know to the volumes
and we basically we have you can see we
have 10 volumes but we've only shared
we've only shared for in this case right
so he's connected everything is going is
going fine what I'm gonna do now is I'm
going to do I'm going to simulate a
power failure or a power supply blow up
so you can see there's no no trick here
in this demo I'm going to turn off the
server
server is now off and you can look at
the failover server and in a matter of a
few seconds it takes usually you know
around 10 seconds you'll see that not
only all the volumes mount but also what
we do is we start asp as well on the
services side and you can see all the
volumes I am I connected exactly eric
adobe connect you to the same IP address
write a piece parts to launching
forgiving them hopefully
we might not have thought a fee can you
make sure if he started or just just run
it from the from ard try catch our quick
that he's not running a scene I might
not be running
there you go just matter of time for
things to come up so again we've have it
a little bit of dns issues here but
usually it's pretty instantaneous we're
basically the user the user will get
disconnected okay and that's that's
there's nothing we can do about that but
the point of it is that anything could
happen right your switch could be going
bad right or is it might be a power
failure or something and in a matter of
10 seconds your user will say oh I got
disconnected let me just reconnect to
the server the same server was connected
to and it's very transparent for the
users I'll be connecting to the failover
but again the raid will move underneath
the failover server and then we also
have failed back and again that's for
you to decide if you hump if you want
automatic fail back or not our scripts
are able to do automatic fail back and
so when I fight start the server again
all the volumes will move back over to
the to the master server thank you so
moving forward what's also very
interesting is evolved heard and maybe a
lot of you have been to the X and
sessions and what's interesting is is if
you deploy this high availability
failover solution that we talked about
you can deploy that today right but when
X and ships later this fall what's
interesting is you could actually
install X and on a very similar scenario
now grana I didn't put the you know the
metadata you know switch in there or I
didn't not it's not all fully wired up
but it would be a very similar scenario
where you would load xn on the master
and on the failover and what's
interesting there is because of X and
now your raid volume could actually be
mounted on both machines right and so
you could actually run other services on
that failover server right so you
wouldn't be run AFP but you could run
some of the other services that are out
there you could use that to do you know
netboot net restore you know cutie SS I
mean you name it right anything but AFP
and then when the you know or SMB and
when that machine fails basically you
start those services on the failover on
the failover server so great you know
great migration path you start with the
high availability can't really use that
second server for now
or when X 10 ships you can basically buy
two copies of xn and loaded on the
master on the failover and basically
come up with a really nice little xn
environment what's also very interesting
moving forward with with with Apple xn
and xn is you know really the whole the
whole sand environment and we talked
about that in the XM session again
what's interesting here is you can have
a mixed platform sand solution using X /
aids and and that's really interesting
because that gives you true enterprise
data management and using some of the
wonderful tools from from a DIC you
could actually you know have a mixed
environment of X serves of Windows
servers and Linux servers because of our
of our compatibility because we're one
hundred percent compatible with EA DIC
sell at file system you could actually
host exurbs windows servers Linux
servers and your back-end could be all
apple xserve raids what we see in the
enterprise a lot is people have emc
storage or hitachi storage and what you
can do now is you can basically you can
still use that storage right I mean that
stores it's really expensive right and
usually you don't want you know hundreds
of terabytes of that storage because
it'll cost you you know couple million
dollars right quite a few Porsche GT
that's my car I mean I'd love to have
one but anyway so what's really
interesting is you can use the X and in
that middle storage range right so using
using ad ICS a total life management
system basically when the files haven't
been touched for a few days or a few
weeks that's for you to set up the
policies those files will get migrated
automatically to an xserve raid and then
if they haven't been touching another
month then they can be moved to tape
right and that's all done totally
automatically using a DIC software and
we can integrate with that very very
nicely so again just food for thought
for thought on the enterprise side using
using xn
I also wanted to quickly touch base on
backup solutions and again we had a
great backup solution or backup session
yesterday but again I think it's
important to mention that you know last
year you know we didn't have a lot of
backup solutions available for Mac OS 10
and you can see that the list has grown
pretty dramatically from IBM to veritas
EMC legato see a backbone tolis dance a
tempo a veil solution actually a lot of
the vendors were downstairs if you saw
them for the past three days and the in
the vendor fair so a lot of great backup
solutions available for for Mac os10
both on the client and as well as on the
client server side and that's really
exciting and again the reason why we
have all those is because of you know
Mac OS ins unix foundation is that it's
much easier now for developers to come
on the mac platform and right tools
because they support linux they support
windows and for now it's really easy for
them to support mac OS 10 another big
thing is near line back up and that's a
solution that i wanted to talk about
because this is actually a true
deployment that we did in in washington
DC and basically the customer decided to
completely get completely get rid of
tape no tape libraries they wanted
basically true disk to disk backup and
basically they bought an xserve and they
bought for xserve raids and about 20
miles away our 10 miles away they have
another set 1x or 4x of raids and
basically the way they're doing in is
they're doing their backups their daily
backs up backups and they basically kind
of segmented the backups you know day
one day two day three day four day five
up to date and then at the same time
every day they're mirroring the data
over to the to the off side to the
disaster recovery site about 20 miles
away and I don't know if you guys can
you guys actually see that the
performance of the throughput number
right here ok this is this is 2720
megabytes per minute ok that's the
throughput they're getting when they're
doing this to disk backup ok and that's
actually using retrospect on Mac OS 10
retrospect 6 with 10 3 4 pretty amazing
now how many people know how much you
get when you back up the paper yeah yeah
it's a big difference and and we're not
saying that you shouldn't back up the
tape we're just saying that basically
the disk to disk to tape is a great
scenario and that's what people are
moving moving to simply because there's
not enough time in the day to back up
all your machines right and in this
scenario they're backing about 250 to
300 desktops and they're doing that in
less than two hours okay so that's the
kind of you can't do that i mean people
leave at night they've got about eight
to ten hours to back up their systems
and use as a backup online in the
morning and if the backup is going on
what happens user calls the IT guy and
says hey my machine is really really
slow well yes well because I'm still
having to do the backup right I haven't
picked up your machine yet and so that's
the beauty of this two-disc you backup
to disk and then you can take whatever
time you want to back up that disk over
the tape right and then take that tape
off site but this two-disc is a great is
a great scenario and again with the
xserve raid for those who don't know
this an extra raid is three dollars per
gigabyte okay that's our cost three
dollars per gigabyte it's unbeatable and
the performance is absolutely stunning I
mean you're looking at 350 to 400
megabytes per second on the throughput
on the extra raid sustain and and so
we've got it we've got a really great
solution from your line back up quickly
talk on talk about Apple imaging
technology and that's because again a
lot of you are migrating from nine to
ten or from 10-2 to 10 3 or from 10 3 x
2 10 3 4 and basically you use tweet
your image your Mac os10 image and you
want to basically reload it on your on
your desktop and we did that actually at
a customer probably bout six months ago
and they had about 600 max and in less
than five hours we basically loaded a
three gigabyte image on each desktop
less than six hours all those machines
were upgraded from 10 to 10 3 and that's
using some of the great imaging tools we
have in there using network image
utility we use a little bit of net
restore as well we use the disk utility
so your use disk utility to make your
image and then we use ard as well to
basically set up the machines to netboot
and the machine would net boot in this
net install mode and would basically
load and in less than 10 minutes would
load the image on the on the desktop and
that's how we're able to achieve you
know that migration and so for those of
you who are in the room just wanted to
give you a little heads up so as you
know network image utility today does
not support block coffee and so it
usually takes 20 to 30 minutes to load
an image and again this is a
confidential session right so you don't
repeat that of course but in a very near
future software update network rimage
utility will now supports law copy I
knew I would get applauses for that and
I ask the product manager can I say that
I said I really wanted to pause it on
around that so he said yeah you can do
it just have fun so quickly talk about
third parties and and this is this is a
very interesting few products here we
have a couple of really big ISPs who are
now using Xers to basically make sure
that they're not being attacked or not
being hacked into their network and the
xserve is a phenomenal box for for doing
that this customer which I can't name
basically did a lot of testing they
tested you know Dells with red ha they
tested Sun boxes be tested computer
associates hundred-thousand-dollar
systems that basically do you know check
their network and make sure you're not
being you know hacked into and they when
they did all their testing we also ship
them an xserve and what they did is they
used snort which is an open source tool
and they installed snore and the the
excerpt was the only machine and you're
talking you know isp so you're talking a
lot of packets going on and the extra
was the only machine that did not drop a
single packet and any solution under a
hundred thousand dollars couldn't even
come close to the xserve so they were
really blown away and and that was last
year in the past six months there's been
two you know enterprise-level solutions
that are now available at symbiote
which is a company based in austin and
not only they defend your network but
they'll go and attack the the attack
back at the hackers so that's kind of
cool and then arcsight is another
solution available as well on mac OS 10
so two great solutions to put Xers in
your in your environment and basically
secure your network you know another
really fun one I talked to this
developer on Monday night and he told me
that basically he's the you know he's
working on some solution that runs on
the Mac that will basically go in and
find the worms that are living on the
PCs and it was funny because a few a few
years ago another big account they were
using power books all their windows
servers were down because they were all
head by the code red worm and so they
were using power books to go in and shut
down all the servers and find the
servers that were infected that was
pretty pretty funny another solution
that was announced this week from Bruce
aura is called progression web and that
is a basically a migration tool and it
sells for under three hundred dollars
which will basically migrate from I is
from Microsoft is over to Apache and as
you know Apache is pretty you know well
used on the web browse on the web
serving side you know over sixty percent
market share and this is an automated
tool to migrate from is to to Apache and
then one that I thought was really
interesting that was announced this week
and they'll be shipping by the end of
the month it's cari o and Carrie 06 cure
has been around for about four years now
and they've shipped quite a few version
of their other email solution but what's
really missing right i mean you all know
that what's really missing on the mac is
calendar right there is no email there
is no solution today that has really
good that it's kind of medium sized
business right that has good calendaring
and and good and good email and that
it's cross-platform and so what curio
the curio saw that and what they did is
they basically develop their version 6
which basically allows you to have a
migration tool which allows you to
totally migrate from exchange over to
carry oh and it's very seamless on the
back end so you just migrate the server
over to an xserve also very interesting
is that you don't have to touch anything
on the client
just load this mapping connector on the
window side but on the undie on the mac
side they are totally compatible with
entourage ten and two thousand four
right so basically you've got a really
nice solution that is cross-platform and
they support you know free/busy and
they've got all that oh that's all that
nice microsoft stuff and so so really
for small to medium business they've got
a really good solution their pricing is
amazing I mean you're talking you know
with the antivirus with the mcafee
antivirus and the spamming and the
backup all that stuff you're talking
seven hundred dollars for 425 users and
you're talking you know five thousand
dollars for an additional 100,000 users
so that's five dollars for mailbox right
that's pretty cheap if you know how much
exchange is you know it's usually a
hundred to maybe two hundred dollars per
mailbox so it's not not not not cheap
but again you know this is not you know
I wouldn't go beyond a thousand users on
the product yet we're working with them
on adding X and support as well for
clustering but for small to medium
business great great solution all
running on Mac OS 10 and great migration
tool and they also tie right into ad and
open directory so on the back end you
can keep your ad infrastructure and you
just basically migrate your exchange 55
or 2000 over to carry all and then
finally I want to quickly talk about
myths vs. facts and you know it's pretty
funny because I tucked it again some
pretty large companies and and you know
there's a lot of people think that asp
the apple following protocol is
basically appletalk and just again to
make sure that you we've gone away from
appletalk years ago right so there is no
more appletalk running on the network so
AFP is like SMB for the pc but it's pure
tcp/ip protocol there's no apple talk
going on on the network so that's just
you know for you if your if your network
person you know tells you you know we
don't like max because they still want
Apple talking we really don't SMB is
faster than AFP that is not the case and
and you know really we've tuned AFP
because our customers work with really
large files you're always better using
AFP when you can and and even today on
the mac OS
inside it's always better to use an
xserve to serve your mac users simply
because the protocol is as evolved
throughout the years you still microsoft
still uses asp 22 on their servers and
that is just not the it's just not a
good protocol to use especially when
people are running Photoshop InDesign
and all those big application a daily
basis and then they still have to deal
with resource and data fork so really
it's better to have the mac connector
AFP worse than a SMB AAFES chatty not at
all that you know they used to be the
case with Apple talk but you know
netbios is also very chatty but AFP is
not chatty okay again people can choose
Apple talk with with AFP and then
rendezvous is proprietary or chatty well
this week we basically announced
rendezvous support for Windows you've
got a rendezvous browser for Windows and
for Linux which is available if you saw
that and it's open standard and open
source and since we announced rendezvous
I mean you've seen how many printer
manufacturers and game manufacturers and
devices are now supporting rendezvous
and so it is not a proprietary standard
whatsoever so what about tiger right so
you know should you wait for tiger well
you know we don't think so we think that
you know Panther is a phenomenal release
on the desktop on the server side and
and really when you look at the
maintenance plan that we have we've got
the three-year maintenance plan where
you buy for our thousand bucks you're
covered for three years on the server
side we've got a similar maintenance
plan on the desktop and when you see all
the stuff that we're basically
announcing in tiger server with no more
16 group limitations full ACL support
method group support software update
server you know high availability I chat
server web block server full thinking of
my home directories you know it's really
important that that you plan ahead and
that you get that maintenance because
you know you will want to upgrade no
doubt to the tiger server when it's
available because of all those that
functionality so make sure you get the
maintence plan you're covered for three
years you know tiger ships first half of
2005 get the maintence today and you're
covered you get your software when
ship it and in and this is the best way
to do it so you know today we've got a
great solution tomorrow is looking you
know a ton better with with acls and no
more group limitations so as a wrap up
just wanted to kind of review again that
you know Apple has made great strides in
the enterprise right I mean if you look
at all the solutions that are available
today from key enterprise developers
like IBM Microsoft Oracle I mean you saw
those people today or this week we've
got phenomenal solutions on the
enterprise side and they keep coming
right every week every month we get new
solutions on the platform and the reason
we have that is because the server our
server product is so affordable and our
storage is so affordable those
developers don't have to fight for the
hardware they can focus on selling their
software solution and the hardware is
now you know it's nothing I mean a four
thousand dollars server is nothing
compared to a 16 way you know HP HP
superdome or some some other box like
that and then in summary I just wanted
to say you know we've done a lot of work
and Panther Panther server around the
enterprise we keep moving forward with
tiger in that direction peak your pick
your directory wisely if you haven't
gone to ad and you're on still an empty
please consider open directory I think
it's a great alternative to 80 much less
expensive deploy technologies around
open standards and if you need help for
to set up those environments that's our
email address consulting services at
apple com and we'll be glad send us an
email will be glad to help you with your
your integration projects and help you
get started so this is my email address
JD at apple com and Chris Bledsoe who's
the enterprise alliance manager on the
developer side and you know more
information we've got a lot of
documentation you've got all your CDs so
all that is available great server
documentation which is available for
free off our website and of course a lot
of information on the Apple raid and xn
and ard available as well
you