WWDC2004 Session 625

Transcript

Kind: captions Language: en good afternoon hopefully all the dental guards gods are fill in the room we have a lot of demos this afternoon so hopefully we all go it all go very well I can see a lot of positive karma in this room so I think we'll be I will be fine I actually manage the apples professional services group for the enterprise and we do a lot of integration work with a lot of a lot of you in the room a lot of our customers enterprise customers people buying exurbs xserve raids we're helping a lot of our publishing customers my grade from OS 9 20 s 10 you know set up network home directories integrate with active directory so basically this session is all about you know integrating those macs into into your environments into your corporations on your networks and so what will show we'll talk about a lot of that today so we're kind of a kind of see yourself is like a jumpstart team right so we come in for a few days and we kind of help you do that integration do that integration work we're not the you're not a you know a consulting firm that stays four months in your company and and you know spend hundreds of thousands of thousands of dollars we're just in for you know a week and we basically help you get all that stuff up and going and then basically mentor you and help you you know basically maintain the system moving forward on 10 so this is kind of what what our team does so what's really interesting the reason why we started this team and this enterprise special services group is because of Panther I mean if we if I had given if someone would have given me that job before Panther I wouldn't have taken it right Panther is really the first operating system that is truly you know an enterprise operating system and I feel and we're very confident we go in that we can get the job done and in your and your companies and so really it fits beautifully in a lot of a lot of environments and so what we're going to talk about today it's kind of review a little bit of the desktop solutions that are out there that make that max fit into that enterprise properly and then we'll talk a lot about the back end because the back end is also very key and that's why we have on stage right now you know extra a vector of raids which will all be part of the of the live demo we'll also talk about some third-party solutions there's tons of third-party solutions of course you've seen a lot of them this week but I'm just going to focus on a few that i thought we're kind of interesting again that have come out in the past few months or that will be shipping shipping this month i also talked about some myths vs. facts I meet a lot of people and and and there's still some networking terms and people are just still think that we're running appletalk on our network so what kind of what kind of talk about those as well and then a lot of people when we go in there like well you know I'm running ls9 or I'm running tend to you know Tiger is going to be shipping next month which of course we all know now it's not you know should I wait to deploy and we'll talk about those so fitting in right the first thing that's important today is for the macbook fit into your corporations and we all understand that at Apple and so the first thing I wanted to talk about is email and collaboration and we actually have a dedicated collaboration session on Friday which i'll be presenting at ten-thirty so if you want you know the whole download on collaboration tools and collaboration suite please come to that session friday at ten-thirty but i just wanted to review some of the main applications that we have today when we go into a corporation you know basically email is the number one you know application use you know probably seventy percent of your time is spent in entourage or an Outlook or an apple mail right i mean people spend their life in email nowadays and so apple made a lot of efforts and will continue to make efforts to fit in with our own tool so apple mail address book and we'll show those in the demos a little later on microsoft also you know they're very committed to the macintosh they've done a lot of important add-ons and new features and addison some compatibility exchange with entourage 2004 things are working much better compared to to the previous versions on mac OS 10 and so we have pop IMAP as well as exchange connectivity and of course they do they do the same and they also have calendaring lotus notes the law note sweet I mean there's a whole bunch of product from IBM and also Lotus is also very committed to the mac and they've got they've got a great product that is pretty much on par totally on par Mac versus PC and the novell just announced groupwise 65 x and we don't see as much novella me in the enterprise but it's pretty big in in education and so I just wanted to just wanted to mention that as well desktop management solutions you know so again I mean when we talk to IT people you know for them the most important thing is making their job easy right I mean every IT person you know they want to they don't want to spend time you know extra time managing computers they want to spend as much as less time as possible to manage the desktops and so you've been to the sessions this week hopefully you were able to get into the session with apple remote desktop to you all have CDs that that you know with your WC kid that came with ard 20 and we've made a lot of improvements we've listened to customers and we endured some great features around software distribution you know remote assistant easy setup you know asset management all that kind of stuff we've made some great strides in that area but also you know I wanted to mention some of the some of the third-party tools that are available hopefully my clicker does work there we go we also have some other desktop management solutions that are compatible with mac OS 10 like landesk netopia marimba all tourists fall wave those are all great third-party solutions that are available that are cross-platform and basically allow you to also manage your your heterogeneous environments so I wanted to make sure that that we mentioned those as well Active Directory support this has been key this is something that we shipped in Panther and we've improved it a tremendously since we ship 10 dot 3 and 10 33 we added full support for network home directories that has to be done this is not a UI that has to be done from the command line you need to edit the Active Directory the plist file but basically allows you to truly have an SMB Network home directory and not just have it mounted on the desktop like when what happened when we ship in 10 3 we just hadn't finish that feature yet but we have that also very interesting we even have why Ellis support when using Active Directory so once you you're bound or you're set up with your wireless account you can actually reboot your machine login and we actually have wireless support through ad which is which is a feature that some third-party products don't one feature we are missing that is interesting is a DSS support and love to get feedback on that right now you have to use the surgery product for that and we understand that love to get feedback is that is that is important to you you'll have my email address at the end so well but that's you to receive those that feedback mobile accounts is also very important laptops a lot of people use laptops today you want to make sure that your credentials are cached on the laptop so you can login logout reboot your machine when you're not on the network you can you can log-in so we've got all that that those features in the ad plug in some of the other directories where we are compatible with because have open directory and if you went to the open directory session this morning you have a better understanding of how our directory system or directories infrastructure is in the OS I mean we're very open right and we're all based on standards and a lot of those other directories use ldap and so it's really simple to plug in a mac desktop into a son I planet back in or into a novell back end or an IBM you know directory server put it back in so we fit in very very well even with some of the other directories that are out there even this for those of you still using this it might be time to upgrade but you we still have we still have that that support in the operating system I wanted to quickly touch on a few applications and web browsers so of course Safari is Apple's browser of choice and again we've improved Safari tremendously and Eric will show some of the some of the cool Safari demos in just a second a lot of applications are web-based and you saw some of the announcements this week with like PeopleSoft and salesforce.com who are also very committed and full and that are basically fully supporting Safari as the browser of choice a lot of banking we've been talked to all the major banks as well to make sure they fully support Safari as the browser of choice on the Macintosh we also added in Safari 12 we added live connect support which is huge for a lot of customers and in the end just mentioned some of you the few tools are really useful when you're a Mac user and you need to connect to a pc you know a virtual pc but our DC is a great tool as well remote desktop connection it's free many people don't know that and we'll demo that today as well just so you can get a feeling of what what you can do with with the Microsoft RDC I say it's free but it also requires a Calliphora and n seven shipping this summer or later this fall and then PeopleSoft 8's AP java GUI people who are using SI p also there's a client on them on the pc a 30 win32 client but there's also a great java client that is available and that is compatible with mac OS 10 so we also have a CP availability and Oracle 11 I and Salesforce of course and then 2004 office 2004 if you read a you know Stephen Stephen Wolfram quote and from Businessweek a few few weeks ago he basically said you know that Matthew does not have an office suite equal to windows which is really good and we have we actually have you know even more features than the latest version available on the under windows the windows side hopefully my clicker keeps on working there we go quickly touch on Java and X 11 so again we've got some great tools available on the mac and we're seeing more and more developers actually use mac OS 10 as their development platform great tools jbuilder sun java creator studio that was announced this week at the java once at conference IBM eclipse there was a session on eclipse a few days ago and eclipse is really really important because we're i'm seeing a lot of developers move to eclipse to write their own applications and because we have it clips on the macintosh it's going to help us even get even more applications on the platform because it truly is a cross-platform development environment and and it really helps IBM and others to bring even more applications to to the Macintosh and then jboss macromedia and of course the x11 client this is great i mean if you've been to downstairs with some of the vendors went to the vendor fair a lot of them the first step like in the backup area they have they bring up the x11 server and the x11 client for the Macintosh and then it takes in a few months and then they come up with a really nice native cocoa you know gooey but at least we have X 11 and people can actually run their applications through x11 on the on the Macintosh as well VPN clients just wanted to quickly touch on that so we have a native l2tp and pptp over ipsec client built into the OS so for small and medium businesses also on the server side we have a built in VPN server that is compatible with mac and windows so make sure you take advantage of that of that I mean if you have if you buy next serve you know it's really it very simple to set up as a VPN server and again it will work with both your mac clients and PCs and I still know quite a few accounts are that are dialing in you know using dial-up and the beauty of this is if you set up an extra with VPN you can go to pretty much you're on the road you can go to any hotel they all have they pretty much all have you know dsl or cable modems and you can get pure on your network without using any dial-up which is kind of you know pretty much outdated cisco as well oh by the way we also in 10 34 we also improved tremendously our nortel compatibility so there was a bug on the North health side and their VPN box which we basically address by adding some new functionality on the client to work around the bug basically and now you should really look at having your admin turn on l2tp on your no tell box and you should pretty much it should pretty much just work so you can actually use the built-in mac client to connect your nortel back end there's some other ones net lock has declined for nortel a canucks a VPN tracker v1 and Gracie on software so that's kind of a you know a quick summary on the enterprise side and again on the on the client side and again I didn't touch on everything but I also wanted to focus a lot on the back end and on server solutions and how we fit in into your network on the server side especially with panther and then with tiger it'll even it'll don't just get better so what you're going to learn first is basically this is stuff that we've we've really done a lot of work with on the integration side on the professional services side is really using a mac server a Mac os10 server as a windows file server and the reason for that is you know people security is a big thing nowadays I'm sure you all realize that and unfortunately there is a lot of there are a lot of viruses and worms you have to deal with on a daily basis on the window side not saying that we're not affected we definitely are on some of the security patches but we haven't been hit with a virus for the past three years so you know we're much more secure on the on the virus side and on the warm side and so it's really neat not only do you save on client access licenses but you can really put a you know put a eunuch machine you keep your Active Directory back end I mean again we understand you spent a lot of money deploying ad if you go the ad route the Active Directory route you're not going back right we all we all know that and so it's really nice you can keep your ad back end but basically deploy deploy an xserve also what's interesting is you can also use your ex serves as Network home directories so what I mean by that is basically what's called roving profiles right so I can log into one machine get to my files next day log into another machine get to my files and all my cells are stored on the network and we fully support that on the on the server side for both Macs and PCs policy management so I call this policy management because a lot of Windows IT people understand that and that's what we call work group management right so we're group management is basically policy management and and we'll talk about that as well and then another interesting thing is as you saw in some of the sessions in the osm server we basically talked about high availability and how we're going to improve our high availability active passive solution and tiger well we have a pretty neat solution today that we're we're basically offering to our customers from the consulting side and I'd like to demo that to you and then we'll talk about backup solutions so first thing I want to talk about is using the server as a home basically as your network home directory and what you can see here the beauty of it is so you have a mac client you've got an SMB he's got a Windows client and you've got a Linux client right or UNIX client what's really interesting is because the server supports you know all three protocols support AFP SMB sip and NFS basically and in the max desktop support all three you could basically connect over SMB asafp or NFS to your to your home and let's say your home is stored on an X or an extra raid right on the pc pc only supports SMB so you're doing SMB and of course on the UNIX side you're doing NSS but we basically support all three on the Macintosh and ever and of course all three protocols on the server side so you've got a really interesting bundle here for lesson you know thirteen thousand dollars you've got a fully you know you've got three and a half terabytes of storage and you've got your ex serve and you can use that as Network home directories to store your network home directories another thing that we've been doing a lot or you know pretty much since Panther ship its policy management right now that we have a truly enterprise-level operating system people want to lock down and manage their policies on the desktop right and there's a couple ways to do that and that's what this sly about so the first way that usually we go with and probably eighty percent of our customers when we go and talk to the windows admin right they manage their schemas right and usually we start talking to say well the first thing they ask is you know are you going to modify my schema it's like wow you know don't touch my schema right that's usually the way the IT people behave and that's fine we've got no problem with that and I mean we'll work both ways we can put xserve in there and basically use the xserve as kind of a dual authentication you're still acenta cating the user to active directory but you're being managed through the xserve okay so that means that you don't have to do any schema extension and an eric will show you that in the demo in a few minutes so so that's the that's the first way is you put an xserve and you're basically you're still acenta cating to 80 but you're being managed through the xserve using workgroup manager the other way we can do it is we can actually extend extend the schema on your Windows Server and that stuff that we also do on the consulting side and that's also there's about 30 what is it Eric 30 37 so there's 37 attributes you need to modify on your ad server so that basically you could actually run workgroup manager against the Active Directory directly so you can you can you can manage users groups computers when you're modifying the scheme on your ad server okay so people usually don't like doing that manually even though we have that it's all detailed in the in arm in the open directory guide but you know you don't want to make any mistakes especially on 2000 because you can't delete a short attributes once you put it in so we basically develop the script it just goes in and does it all pretty much automatically so that's the other way of doing it and so what I want to do now is basically bring up Eric to kind of show you some of some 80 demos and and kind of go through a bunch of them Eric thanks so the first thing I'm going to do is actually bind ad if you've never seen it's actually really really easy so we've got a tool called directory access don't you load located in your utilities folder on your application folder need to unlock here so you notice there's a plug in here called active directory double click on that it'll ask you for a little bit of information pretty easy something I've mins have a hard time right figure out what it is but you know it's very easy information to find out you're looking for your force and your domain information it's ready enter in here but i'm not bound yet so i'll actually bind this client to the ad now you can use a pre created computer account all the kind of stuff you do on a windows side if you got privileges to do it it will let you bind to the directory return now I'm bound that pass had created a computer account and it's down to the active directory there's a couple of things you got to do before you're done you actually want to say I want to use this for authentication I already done it in advance here but you add that to the authentication chain one very important thing people don't realize if you've got exchange you want to add it to the context one as well and I'll show you why you want to do that all you do is push the custom clicked add and add it to the list so that's pretty much how hard it is to bind but if you launch the terminal the quick test to make sure it really work so I know there's an ad you'd rather called win home ok that's the user out of active directory you'll notice partially because he's got you ID for those of the unique IDs is very large because that's dynamically generated from Active Directory you also notice a group based off of the domain information so he's actually part of the engineers group an ad so now I know ed is working great now i'm going to log out i'm going to log in as that user i just check so i went home what's important about this user is my column went home because this home is actually on the windows server no changes it's not running AFP it's running just regular windows file services I should show another user where we're connecting to the xserve and another example of how you can split that up one thing that happens for you is one your home directory on the network gets mounted on your desktop and actually put a shortcut in your dock select create a folder here you know this is a from the Mac this is stuff for home etc those are files that are up in my network called me which I could copy files over settle from the local machine if I wanted to see that networks it's normal SMB share from a windows server but let me go to log out and now login as an OS x user now what's different here is the home is actually on our one of our x serves in the rack now the x server is actually integrated ad as well you know it's the same oh so calm added to my dog and in this case is actually using SMB to an excerpt which is kind of interesting in reality is in your JD mentioned ago if you switch that just to show you real quick there's a command line crop tool called vs config ad if you run that there's a lop shun here called local home and mount style you can switch the mountain style to AFP so if I were to switch today FP would actually use Apple file protocol to connect to the xserve instead of SMB which more reliable for us so that's pretty much it for lashes logging in it's amazing how easy that is but little more details people don't realize is that can actually launch Safari I've got actually got exchange 2003 installed with Outlook Web Access only just click through outlook web access you notice I didn't do anything it signed me in it used my career both credentials that I got when I signed into the computer and just logged writing dialogue box just like you do on your pc i can click on email read email sandy email etc and i can show you the fact that i got credentials it's on a command line with a civil Kerberos command called kate lift this is the the credentials i got when i signed in and this is the credentials to connect to the exchange server all automatic but remember that comment i made a little earlier about the Contacts tab and why that's important most of them realize once you do that if you launch address book you can actually look at active directory and find users you know I want to send an email to somebody i know there's demo user out there actually just three of them i can double click on the user you know this is all confirmation all of this is coming out of Active Directory I can for example I could actually drag that to my personal address book if I want so I don't have to worry about being on active directory and now that users now in my local directory all completely seamless for you so just to prove a couple of things let me go ahead and login here if go back to adrics looking children to thinking the ice equal exchange so the insider address book you can actually go to preferences and you'll notice there's a synchronized with exchange so if you actually got an exchange account and you integrated gmail as well on schmale and set it up to actually sink your address book with mailed and exchange back and forth so all the addresses are always in sync for your personal address list your gal or what people call the gallon the window side is auto ready and address book by default there's nothing to synchronize the great thing is if you launch mail and you type in user names it will find them in a nad automatically the autocomplete that we have in mail it works with ad as well all automatic interobserver number four please move them out there yeah so let me actually show you a quick those users nad I've actually got the ad administrator up here tues I just logged in as you know the cosx home you notice his account just a normal account but his profile was on the xserve under the users folder with this OS X home and the same thing on the win home you'll notice the difference is it's actually on the windows 2003 server not only login on another pc with that same user so that's a home folder stored on a xserve from a windows box if I actually click on the short link here you'll notice that it's actually going to the server and the files are in there you can also go to my computer notes that it's actually mounted on the desktop or on the system as a drive all transparently they don't even know it's an xserve on the back end so that's candidate for that but let me now go through some quality examples can we go back to number two please so I've come other user setup actually number three please oh sorry sorry right so I've got a couple of the user setup to actually show the policy management first of all let me show you a user that has actually been extended directly in ad so this is the we've done the schema changes and I've applied a policy to the user nad using our tools nothing special I login is used just like Dario's would now I didn't do anything special here this actually came from the policy management I said to put his dog on one side actually enable magnification it's all coming from the policy management toys a slight delay logging in here notice the network home isn't listed in the folder so I've kind of control that users experience which is very handy I could lock out applications anything you can do working management you can do the user right then and there and I'll show you what that looks like in our tools so you see how I actually set the settings I'm gonna login it is a different user and this is a group user and this is because I'm going to control his policies from an OS 10 server with a separate directory so I want login first without anything set up so you see it's just a normal user everything exactly the way you would have first time let me signed in but I'm going to make a slight change i'm going to add the OS 10 server to the authentication tab you saw what that's going to do is find any other groups the user might be part of we should a little chillin here so if I launch IDC am not part of any groups for the troubles will smaller there got some only part of staff and no extra groups last director access authenticated the admin now I want to actually add the ldap server from our server into the list well if everything is working right for us here I should log in with the thing user again in this everything will look different demagogues aren't with us the double check to make sure to actually talk to the server manage settings are cached so there was some danger in this the fact that it didn't go the director game because he knew that he didn't have any managed I think that need to be refreshed just just open up a terminal and show them that but I will but you'll see that I'm actually part of another group actually it did take that back now there you go I have a simple finder so that was the big change more simple finder is really simple so at work so next thing we launched the worker management tool thing see what this kind of looks like in the directory couldn't write as daily users pretty restricted there so I click it's over here so i connect that opened arcing master and then connect to the xor that's bound to ad as well so this is the open directory server you notice or some other users edging adding do anything special but you'll notice a group called manage group yes the group user is in in that group you come over here this is the xserve and here's a machine connected to ad I could do the same thing under the menu and you notice there's a view directories ask you the same less because i'm connected ad as well as on a client if i click groups you see the engineers etc the nice thing is if i click on this extended user and go to preferences enough he has some preferences set up now i can authenticate and I can actually change from the floor but you know if I click on one your settings and coming here say always if I didn't make a change and it just saved that directly to active directory so I'm modifying the user directly now if I go to the open directory server i can click on the manage group go to preferences you notice the finder setting that I had set and I said always make it a simple finder so that user got that policy from a completely different directory such a cool thank you so see demo gods are actually with us it's a good thing and there's more coming next thing that I wanted to talk about is mac OS kind of the PDC that was pretty interesting last year we did a similar session not not as in-depth as this one because of course Panther wasn't shipping at the time and customer came at the end and basically told me a you know we've got about 500 max and about a hundred PPS you know should I go to active directory right and I said absolutely not I mean there's no reason to do that because panther now has PDC support built-in so really I mean you just basically set up an open directory master and open directory replica and you have you have the PDC built in so all your PC's can authenticate you know canis indicate directly to the the open directory master box so there's no need for deploying any any active directory server to manage your pcs and login and so forth and so on so basically we've gotten you know native supports active the PDC and as you saw in the session will also add a well as a backup domain controller in in tiger as well which is which is useful when you need to manage the server and then what's also interesting is we we also mentioned that we were going to come up with a migration tool but again you know Panther is shipping today and Tiger will shift you know the first half of 2005 and and we understand that you know the NT support is going away at the end of the year so I wanted to make sure that people there are two tools that are one is available today one is coming very shortly I one is from das technology and the other one is from verso aura and basically they're going to have a tool that will allow you to migrate your NT servers over to a Mac os10 server an open directory PVC so those tools are available or one is available one will be avail shortly by this fall and then we also have some documentation so please look at the windows documentation it's not as easy we don't have that that automatic tool yet but the documentation is pretty explicit on how to help with the with the migration and again what our recommendation is you know if you have about under 400 users our PVC will work great for 2 600 it's a perfect solution for that if you're the lesson 6 you know for 2 600 pcs you'll be fine of course when you go you know in that enterprise level you know that the PDC is you know Active Directory or a Sun solution or a novell solution it's probably better for for the high-end enterprise but for the small to medium business it's a great solution so what I'm going to do is have Eric shall I give you a PDP demo yep the first on the Mac here I need to show you the fact that I have a user in open directory this is a ldap server and we close out the ad one over here so you know there's a PDC user but he's got a Windows setup I think Reynie profile so until I don't feel like dealing with creating a login script and profile and such but you will notice I'm going to map his home to the server the mac server she's got a typical path on the map h2r excerpt it's number four please yeah so now I'm out next p and you can see I'm actually bound to the ODP DC I'm going to sign in here put that the right password actually good it's actually a security feature in windows it doesn't let you in if you don't type the right bathroom and you'll notice my H Drive got mapped automatically nothing special ok so it's like number three work please and I don't you go to the start menu have the start button just like and click on the start button here just to show them that actually you can see that the PDC user it's actually the PDC user and again the beauty of it even you can change passwords on the pc it saves that back to the mac and you change in on the admin side I mean all that stuff is totally transparent on the desktop and on the server we're going to be pleased so you start what is looking a worker manager real quick I just want to actually bring up server admin and so you can see that particular setting where those servers as you can see some of the log on to have been a little long and that's because of our little mini dns server we set up at lunch so bear with us the dns might not be completely configured properly here and dns is extremely important for those of you who have set that up before saying that's on our windows there's some settings another finish refreshing there and i'm just configured as its primary domain controller i said on my domain is OD PDC my computer name and it's set up great hide you thank you so i wanted to touch base also another topic which is migrating to open directory and what's also interesting is we've been talking to a lot of people who have Sun Sun I planet servers and again you know they're spending a lot of money with some servers and especially the main and support and the support and so what I wanted to mention is it's actually pretty simple to migrate if you're only using your son for authentication and again you're not we're not talking you know 500,000 user records right i mean again you have to within reason you know our server can support today and Panther over you know we've tested over a hundred thousand user records so if you're in that area you know zero to one hundred thousand you can definitely use our master replicas scenario and definitely very interesting from a from a migration 22 from I planet what's also interesting is again built into directory services you can very quickly authenticate to to I planet but also you can use workgroup manager to help you migrate that so what you could do is you can basically tie in to work group manager on your son a box you see all the list of users and you basically use the export feature and we're group manager you save that file and basically you bond to your open directory server and then you import that file and you've got a great way to basically import and export the basic user settings right SN CN password definitely not usually what we recommend their password migration is not easy for for those of you who know that in the but you know you can use workgroup manager to quickly set up a default password and users can come in and change it at first logon but a lot of you know we've talked at least four or five people in the past few months who want to migrate to open directory from Sun and you can do that because again son use ldap we use ldap therefore we're very compatible next topic I wanted to cover is high availability and so again if you were in the end of session you saw some of the announcements around tiger and tiger server we're basically going to have an active/passive failover mechanism but you know tiger again is shipping next year and a lot of you and in the publishing world or in the enterprise world want you know that the exurbs you know they have one power supply so I hear that all the time right people want to make sure that if the server goes down my users get back online you know immediately right and so what we've put together is basically a scenario this is a simple scenario and the scenario is I've got a master server serving files so I are serving Network home directories again SF AFP SMB and FS you know doesn't really matter and so this master server is actually connected to a fibre channel switch you know it doesn't matter it could be you know Vic sell brocade qlogic those are the three that we support and basically the server is connected to an xserve raid okay it could be one it could be two and the demo today we have one but if you know no big deal and the more ports the merrier and and then you've got to failover server and this failover server is basically in a waiting mode right and and yes the server's not doing much but at least you know you're back up and running if something happens you know that server bowl pretty much instantly take over and that's really what people what people care about and and the of course none of the volumes are mounted on the failover server right now right that's a big thing that people have run into they think they can have both volumes mounted from the raid on both servers not at all right you don't want that because then that's how you call it corruption so all the volumes are not on the main on the master server and when the failure hope and we basically automatically mount all those volumes over to the failover server and and we'll do a demo in just a second what's what's also interesting is usually those kinds of solutions are you know pretty expensive there you know ten to fifteen thousand dollars and you know basically we we have a scenario where you know we sell it for you know probably the four thousand dollars which is really really good using easing scripting and so what I want to do is bring up Eric and eric is going to basically show you this high availability demo of the best way we actually put up remote desktop on our servers we've got two minutes up handing this I've got the master and I get the failover you know if the decimals are similar but all the volumes are set up on a master over here and say these are really live windows so I can create a new window so I'm observing in observe so these are real live windows and I'll actually connect to try connecting the master it's no problem now they're actually they're gonna notice that Eric is connecting notice the IP address right he's connecting to 162 and its connecting to you know to the volumes and we basically we have you can see we have 10 volumes but we've only shared we've only shared for in this case right so he's connected everything is going is going fine what I'm gonna do now is I'm going to do I'm going to simulate a power failure or a power supply blow up so you can see there's no no trick here in this demo I'm going to turn off the server server is now off and you can look at the failover server and in a matter of a few seconds it takes usually you know around 10 seconds you'll see that not only all the volumes mount but also what we do is we start asp as well on the services side and you can see all the volumes I am I connected exactly eric adobe connect you to the same IP address write a piece parts to launching forgiving them hopefully we might not have thought a fee can you make sure if he started or just just run it from the from ard try catch our quick that he's not running a scene I might not be running there you go just matter of time for things to come up so again we've have it a little bit of dns issues here but usually it's pretty instantaneous we're basically the user the user will get disconnected okay and that's that's there's nothing we can do about that but the point of it is that anything could happen right your switch could be going bad right or is it might be a power failure or something and in a matter of 10 seconds your user will say oh I got disconnected let me just reconnect to the server the same server was connected to and it's very transparent for the users I'll be connecting to the failover but again the raid will move underneath the failover server and then we also have failed back and again that's for you to decide if you hump if you want automatic fail back or not our scripts are able to do automatic fail back and so when I fight start the server again all the volumes will move back over to the to the master server thank you so moving forward what's also very interesting is evolved heard and maybe a lot of you have been to the X and sessions and what's interesting is is if you deploy this high availability failover solution that we talked about you can deploy that today right but when X and ships later this fall what's interesting is you could actually install X and on a very similar scenario now grana I didn't put the you know the metadata you know switch in there or I didn't not it's not all fully wired up but it would be a very similar scenario where you would load xn on the master and on the failover and what's interesting there is because of X and now your raid volume could actually be mounted on both machines right and so you could actually run other services on that failover server right so you wouldn't be run AFP but you could run some of the other services that are out there you could use that to do you know netboot net restore you know cutie SS I mean you name it right anything but AFP and then when the you know or SMB and when that machine fails basically you start those services on the failover on the failover server so great you know great migration path you start with the high availability can't really use that second server for now or when X 10 ships you can basically buy two copies of xn and loaded on the master on the failover and basically come up with a really nice little xn environment what's also very interesting moving forward with with with Apple xn and xn is you know really the whole the whole sand environment and we talked about that in the XM session again what's interesting here is you can have a mixed platform sand solution using X / aids and and that's really interesting because that gives you true enterprise data management and using some of the wonderful tools from from a DIC you could actually you know have a mixed environment of X serves of Windows servers and Linux servers because of our of our compatibility because we're one hundred percent compatible with EA DIC sell at file system you could actually host exurbs windows servers Linux servers and your back-end could be all apple xserve raids what we see in the enterprise a lot is people have emc storage or hitachi storage and what you can do now is you can basically you can still use that storage right I mean that stores it's really expensive right and usually you don't want you know hundreds of terabytes of that storage because it'll cost you you know couple million dollars right quite a few Porsche GT that's my car I mean I'd love to have one but anyway so what's really interesting is you can use the X and in that middle storage range right so using using ad ICS a total life management system basically when the files haven't been touched for a few days or a few weeks that's for you to set up the policies those files will get migrated automatically to an xserve raid and then if they haven't been touching another month then they can be moved to tape right and that's all done totally automatically using a DIC software and we can integrate with that very very nicely so again just food for thought for thought on the enterprise side using using xn I also wanted to quickly touch base on backup solutions and again we had a great backup solution or backup session yesterday but again I think it's important to mention that you know last year you know we didn't have a lot of backup solutions available for Mac OS 10 and you can see that the list has grown pretty dramatically from IBM to veritas EMC legato see a backbone tolis dance a tempo a veil solution actually a lot of the vendors were downstairs if you saw them for the past three days and the in the vendor fair so a lot of great backup solutions available for for Mac os10 both on the client and as well as on the client server side and that's really exciting and again the reason why we have all those is because of you know Mac OS ins unix foundation is that it's much easier now for developers to come on the mac platform and right tools because they support linux they support windows and for now it's really easy for them to support mac OS 10 another big thing is near line back up and that's a solution that i wanted to talk about because this is actually a true deployment that we did in in washington DC and basically the customer decided to completely get completely get rid of tape no tape libraries they wanted basically true disk to disk backup and basically they bought an xserve and they bought for xserve raids and about 20 miles away our 10 miles away they have another set 1x or 4x of raids and basically the way they're doing in is they're doing their backups their daily backs up backups and they basically kind of segmented the backups you know day one day two day three day four day five up to date and then at the same time every day they're mirroring the data over to the to the off side to the disaster recovery site about 20 miles away and I don't know if you guys can you guys actually see that the performance of the throughput number right here ok this is this is 2720 megabytes per minute ok that's the throughput they're getting when they're doing this to disk backup ok and that's actually using retrospect on Mac OS 10 retrospect 6 with 10 3 4 pretty amazing now how many people know how much you get when you back up the paper yeah yeah it's a big difference and and we're not saying that you shouldn't back up the tape we're just saying that basically the disk to disk to tape is a great scenario and that's what people are moving moving to simply because there's not enough time in the day to back up all your machines right and in this scenario they're backing about 250 to 300 desktops and they're doing that in less than two hours okay so that's the kind of you can't do that i mean people leave at night they've got about eight to ten hours to back up their systems and use as a backup online in the morning and if the backup is going on what happens user calls the IT guy and says hey my machine is really really slow well yes well because I'm still having to do the backup right I haven't picked up your machine yet and so that's the beauty of this two-disc you backup to disk and then you can take whatever time you want to back up that disk over the tape right and then take that tape off site but this two-disc is a great is a great scenario and again with the xserve raid for those who don't know this an extra raid is three dollars per gigabyte okay that's our cost three dollars per gigabyte it's unbeatable and the performance is absolutely stunning I mean you're looking at 350 to 400 megabytes per second on the throughput on the extra raid sustain and and so we've got it we've got a really great solution from your line back up quickly talk on talk about Apple imaging technology and that's because again a lot of you are migrating from nine to ten or from 10-2 to 10 3 or from 10 3 x 2 10 3 4 and basically you use tweet your image your Mac os10 image and you want to basically reload it on your on your desktop and we did that actually at a customer probably bout six months ago and they had about 600 max and in less than five hours we basically loaded a three gigabyte image on each desktop less than six hours all those machines were upgraded from 10 to 10 3 and that's using some of the great imaging tools we have in there using network image utility we use a little bit of net restore as well we use the disk utility so your use disk utility to make your image and then we use ard as well to basically set up the machines to netboot and the machine would net boot in this net install mode and would basically load and in less than 10 minutes would load the image on the on the desktop and that's how we're able to achieve you know that migration and so for those of you who are in the room just wanted to give you a little heads up so as you know network image utility today does not support block coffee and so it usually takes 20 to 30 minutes to load an image and again this is a confidential session right so you don't repeat that of course but in a very near future software update network rimage utility will now supports law copy I knew I would get applauses for that and I ask the product manager can I say that I said I really wanted to pause it on around that so he said yeah you can do it just have fun so quickly talk about third parties and and this is this is a very interesting few products here we have a couple of really big ISPs who are now using Xers to basically make sure that they're not being attacked or not being hacked into their network and the xserve is a phenomenal box for for doing that this customer which I can't name basically did a lot of testing they tested you know Dells with red ha they tested Sun boxes be tested computer associates hundred-thousand-dollar systems that basically do you know check their network and make sure you're not being you know hacked into and they when they did all their testing we also ship them an xserve and what they did is they used snort which is an open source tool and they installed snore and the the excerpt was the only machine and you're talking you know isp so you're talking a lot of packets going on and the extra was the only machine that did not drop a single packet and any solution under a hundred thousand dollars couldn't even come close to the xserve so they were really blown away and and that was last year in the past six months there's been two you know enterprise-level solutions that are now available at symbiote which is a company based in austin and not only they defend your network but they'll go and attack the the attack back at the hackers so that's kind of cool and then arcsight is another solution available as well on mac OS 10 so two great solutions to put Xers in your in your environment and basically secure your network you know another really fun one I talked to this developer on Monday night and he told me that basically he's the you know he's working on some solution that runs on the Mac that will basically go in and find the worms that are living on the PCs and it was funny because a few a few years ago another big account they were using power books all their windows servers were down because they were all head by the code red worm and so they were using power books to go in and shut down all the servers and find the servers that were infected that was pretty pretty funny another solution that was announced this week from Bruce aura is called progression web and that is a basically a migration tool and it sells for under three hundred dollars which will basically migrate from I is from Microsoft is over to Apache and as you know Apache is pretty you know well used on the web browse on the web serving side you know over sixty percent market share and this is an automated tool to migrate from is to to Apache and then one that I thought was really interesting that was announced this week and they'll be shipping by the end of the month it's cari o and Carrie 06 cure has been around for about four years now and they've shipped quite a few version of their other email solution but what's really missing right i mean you all know that what's really missing on the mac is calendar right there is no email there is no solution today that has really good that it's kind of medium sized business right that has good calendaring and and good and good email and that it's cross-platform and so what curio the curio saw that and what they did is they basically develop their version 6 which basically allows you to have a migration tool which allows you to totally migrate from exchange over to carry oh and it's very seamless on the back end so you just migrate the server over to an xserve also very interesting is that you don't have to touch anything on the client just load this mapping connector on the window side but on the undie on the mac side they are totally compatible with entourage ten and two thousand four right so basically you've got a really nice solution that is cross-platform and they support you know free/busy and they've got all that oh that's all that nice microsoft stuff and so so really for small to medium business they've got a really good solution their pricing is amazing I mean you're talking you know with the antivirus with the mcafee antivirus and the spamming and the backup all that stuff you're talking seven hundred dollars for 425 users and you're talking you know five thousand dollars for an additional 100,000 users so that's five dollars for mailbox right that's pretty cheap if you know how much exchange is you know it's usually a hundred to maybe two hundred dollars per mailbox so it's not not not not cheap but again you know this is not you know I wouldn't go beyond a thousand users on the product yet we're working with them on adding X and support as well for clustering but for small to medium business great great solution all running on Mac OS 10 and great migration tool and they also tie right into ad and open directory so on the back end you can keep your ad infrastructure and you just basically migrate your exchange 55 or 2000 over to carry all and then finally I want to quickly talk about myths vs. facts and you know it's pretty funny because I tucked it again some pretty large companies and and you know there's a lot of people think that asp the apple following protocol is basically appletalk and just again to make sure that you we've gone away from appletalk years ago right so there is no more appletalk running on the network so AFP is like SMB for the pc but it's pure tcp/ip protocol there's no apple talk going on on the network so that's just you know for you if your if your network person you know tells you you know we don't like max because they still want Apple talking we really don't SMB is faster than AFP that is not the case and and you know really we've tuned AFP because our customers work with really large files you're always better using AFP when you can and and even today on the mac OS inside it's always better to use an xserve to serve your mac users simply because the protocol is as evolved throughout the years you still microsoft still uses asp 22 on their servers and that is just not the it's just not a good protocol to use especially when people are running Photoshop InDesign and all those big application a daily basis and then they still have to deal with resource and data fork so really it's better to have the mac connector AFP worse than a SMB AAFES chatty not at all that you know they used to be the case with Apple talk but you know netbios is also very chatty but AFP is not chatty okay again people can choose Apple talk with with AFP and then rendezvous is proprietary or chatty well this week we basically announced rendezvous support for Windows you've got a rendezvous browser for Windows and for Linux which is available if you saw that and it's open standard and open source and since we announced rendezvous I mean you've seen how many printer manufacturers and game manufacturers and devices are now supporting rendezvous and so it is not a proprietary standard whatsoever so what about tiger right so you know should you wait for tiger well you know we don't think so we think that you know Panther is a phenomenal release on the desktop on the server side and and really when you look at the maintenance plan that we have we've got the three-year maintenance plan where you buy for our thousand bucks you're covered for three years on the server side we've got a similar maintenance plan on the desktop and when you see all the stuff that we're basically announcing in tiger server with no more 16 group limitations full ACL support method group support software update server you know high availability I chat server web block server full thinking of my home directories you know it's really important that that you plan ahead and that you get that maintenance because you know you will want to upgrade no doubt to the tiger server when it's available because of all those that functionality so make sure you get the maintence plan you're covered for three years you know tiger ships first half of 2005 get the maintence today and you're covered you get your software when ship it and in and this is the best way to do it so you know today we've got a great solution tomorrow is looking you know a ton better with with acls and no more group limitations so as a wrap up just wanted to kind of review again that you know Apple has made great strides in the enterprise right I mean if you look at all the solutions that are available today from key enterprise developers like IBM Microsoft Oracle I mean you saw those people today or this week we've got phenomenal solutions on the enterprise side and they keep coming right every week every month we get new solutions on the platform and the reason we have that is because the server our server product is so affordable and our storage is so affordable those developers don't have to fight for the hardware they can focus on selling their software solution and the hardware is now you know it's nothing I mean a four thousand dollars server is nothing compared to a 16 way you know HP HP superdome or some some other box like that and then in summary I just wanted to say you know we've done a lot of work and Panther Panther server around the enterprise we keep moving forward with tiger in that direction peak your pick your directory wisely if you haven't gone to ad and you're on still an empty please consider open directory I think it's a great alternative to 80 much less expensive deploy technologies around open standards and if you need help for to set up those environments that's our email address consulting services at apple com and we'll be glad send us an email will be glad to help you with your your integration projects and help you get started so this is my email address JD at apple com and Chris Bledsoe who's the enterprise alliance manager on the developer side and you know more information we've got a lot of documentation you've got all your CDs so all that is available great server documentation which is available for free off our website and of course a lot of information on the Apple raid and xn and ard available as well you