Thanks Brent and
Robbie.
A bit of a surprising
response from an AD list.
Brent, maybe you can
shed some light on the cost calculations you offered. To me, I look at the XServe for about $3000 with no storage (80 GB SATA) and then
an array for $6000 (1TB, ATA disks, no SCSI option). For about $5000, I can get
a Dell server with almost as much space and SCSI disks. Aside from software, am
I missing something on the hardware comparison?
On the software side,
-
Does
throwing Exchange into the mix affect your choice of OD?
-
Also, I
have seen that file service performance from Macs to AD servers is poor. And it
sounds like Microsoft's lack of support for higher-level AFP versions will
assure that into the future.
-
Would it
make sense to run AD and just use an XServe for file
service for the Macs? AD will handle authentication. Will it handle permissions
on the XServe shares?
Finally, do you know of
any good resources for information about planning this sort of
change?
Thanks
again.
nme
From: Brent
Westmoreland [mailto:[EMAIL PROTECTED]
Sent: Friday, May 14,
2004 1:51
PM
To:
[EMAIL PROTECTED]
Subject: Re: [ActiveDir] Mixed network PC
and Mac -> AD or XServe
My $0.02
In
the existing situation, with 70 machines at one site, half macs and half PCs.
The choice is actually a dead giveaway... Xserve's all the way. OS X server with
OpenDirectory and Samba 3 can handle the authentication needs of the whole shop.
You don't need Active Directory at all. Active Directory has great scalability,
replication, and enterprise level features but very little native support for clients other than
windows. OSX on the other hand can serve as a windows pdc and apple master
directory using the exact same user records right out of the box, but it has
lousy support for delegated administration and multimaster replication. The only
downside to using all XServes is the lack of group policy support for the
windows pc's, but if you only have 35, then so what.
Another positive to
using os x as an entry level nos is that there are no Client Access Licenses
with OS X's unlimited version. For a company of 70 people this allows them to
double, triple, even quadruple their numbers without having to pay up every
quarter for the new licenses they just bought. Not to mention server hardware
costs, for a pretty well loaded box and a well negotiated apple deal you can
plan to spend 4700 to 6500 dollars per apple server, and that is cheap. You
don't see HP and IBM offering small shops a big discount on hardware, so they
will pay close to retail for any servers that they purchase.
Finally, you
go with an all OS X server solution, and you have effectively limited the
dreaded 10th of the month server regression testing that we all have to do for
MS patches. Yes, OS X has operating system patches too, but I have never had one
apply that had a negative effect on my machine, and I mean NEVER.
If the
client had 200 people and plans to open 5 sites throughout North & South
America this year, I would have to say go with an AD solution. In the meantime,
I would ride the low-cost wave of apple, until AD implements better alternative
client support. Perhaps by then, OS X's solution will scale better and no
migration would be necessary. We'll have a better picture when 10.4 is
revealed.
On May 14, 2004, at 3:09 PM, Robbie Foust
wrote:
I'm currently
involved in migrating a network from Netware to AD/OS X Server. The problem with
running Windows servers in a Mac invironment is that Microsoft has no plans to
support the latest AFP version, which kinda sucks for various reasons. (auto
reconnect, etc)
Best way I can come up with is to use AD as the
authenticator (and for group policy support of Windows clients), and use OS X
Server as the file server. The trick is to be able to apply policies to OS X
users through open directory. There's supposed to be a way to use AD as the
primary LDAP directory and pull additional attributes from another "local"
directory but haven't quite figured it out yet. Samba can be configured to use
Kerberos, but it's not the default.
Macs can't really be managed from AD
like Windows can. Same goes in the other direction too. So ya kinda need both
(AD and OD). In my scenario, I'm shooting for single sign-on using Kerberos. To
make it even more complicated, I would really like to authenticate from a MIT
Kerberos realm, but Samba doesn't have support for that
yet.
Documentation is very limited with it comes down to the fine
details, unfortunately.
Robbie Foust
OIT - Systems and Core
Services
Duke
University
Noah
Eiger wrote:
Hello:
I need
some advice about file service, directory management, and user
authentication
in a mixed Windows/Mac environment. I have a magazine client with approximately
70 users: half Macs, half
Windows. As you might expect, the Macs are the art
department and editorial;
the PCs are business, advertising, etc. All
workstations will either be
running OSX (most recent) or WinXP Pro.
Currently, there is no NOS, and file
service is handled by a mixture of
WinNT, Win2k, and AppleShare 9x.
My initial thought was to just let AD handle
everything and spend the effort
on getting the Macs to play nice with the
Windows servers. Exchange is
likely. However, the in-house IT guy wants to
explore Apple's server
offerings.
So, the questions are: - Is the speed
and quality of the Windows servers sufficient for
Mac clients (many handling
large image or graphics files)?
- Is AD "managing" of Macs and Mac users
sufficient? - If there is a reason to deploy an Apple server, can it be
managed
by AD? That is, can it play like a Windows member server?
-
Finally, is there any reason to entertain running the whole shop
under the
Apple server and Open Directory?
Many
thanks.
----------------------------------------------------------------------------
--
Noah
M. Eiger
EIS Consulting for
PRBO Conservation
Science
510-717-5742
<mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]
List info :
http://www.activedir.org/mail_list.htm
List FAQ :
http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
