I was trying to add humor, not flame....
I am still advocating a remove post button, Sir Tony.
On May 17, 2004, at 7:09 PM, Brent Westmoreland wrote:
In regard to cost estimates you probably can get Dell hardware to fulfill that role, you can also get some Gateway servers, and probably Acer has some offerings as well. For that matter, you could even build your own clone servers and save a pantload from pricewatch.com. There are always ways to leverage costs with Intel Based hardware. Personally, I wouldn't implement the smallest of server projects with less than IBM or HP hardware, but that is a personal preference. And even with those options, you could probably still find some cost comparable options. I didn't get quotes from 3 vendors before posting to the list.
In regard to exchange, If you want it then don't even consider going apple. Exchange needs Active Directory, so a duplication of directories in this instance would be fruitless.
In regard to file service performance, it depends on who you ask... pc vendors will tell you that theirs is faster, Apple puts this up:
http://www.apple.com/xserve/performance.html
In the end file services are file services, its pretty much like taking an airplane from washington to newark or taking a train from washington to newark, either way your trip will take about the same. Now as a stickler you can benchmark the f*_k out of it and say either a x86 is faster by 3 microseconds or a mac is faster by 4, but we're talking about 70 users!?!?!
Now, lets talk about AFP. Dump it... Get rid of it... it is as 80's as Ferris Bueller and while it may work in movies, technology needs upgrades. (chicka chicka... chicka chicka... omp omp OOOOOHHHH Yeaaaaahhh! Sorry little bit of 'yellow fever') No wonder Microsoft is getting rid of it, Apple should too. Macs do great with smb:// cifs:// ftp://, etc. , I haven't noticed any difference in file services to smb shares between a pc and a mac connected to the same share over the same network.
Yes, you can setup AD to authorize mac and pc machines to file services, it requires a little tweaking and if you end up needing assistance with it I'll answer any questions you might have.
For planning resources on the OS X side, hit
www.macwindows.com
www.macosxlabs.org
and you will definitely need the os x manuals at
http://docs.info.apple.com/article.html?artnum=107912
for SSO interoperability, you should read the O'Reilly Kerberos book written by Jason Garmon, and for the AD side check out anything by Robbie Allen et al.
Finally, if you are in on the Cats & Dogs discussion check out the yet to be released title Cats and Domain Local Groups by Joe Richards.
I still stick by my original recommendation that AD and now the apparent Exchange plans are bad news for your client, its like shooting a gnat with an RPG and then finding out you could have bought a fly swatter at your local flea market (that was better suited to the original task) for $0.98 and no client access licenses.
And really, really finally if you are still concerned about OS X reliability consider that Yahoo, Hotmail, IBM, the International Space Station, and others use BSD for critical applications.
http://www.apple.com/macosx/features/unix/
'nuff said.
On May 17, 2004, at 2:16 PM, Noah Eiger wrote:
<x-tad-bigger>Thanks Brent and Robbie.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>A bit of a surprising response from an AD list. </x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>Brent, maybe you can shed some light on the cost calculations you offered. To me, I look at the XServe for about $3000 with no storage (80 GB SATA) and then an array for $6000 (1TB, ATA disks, no SCSI option). For about $5000, I can get a Dell server with almost as much space and SCSI disks. Aside from software, am I missing something on the hardware comparison?</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>On the software side,</x-tad-bigger>
<x-tad-bigger> -</x-tad-bigger>
<x-tad-smaller> </x-tad-smaller>
<x-tad-bigger>Does throwing Exchange into the mix affect your choice of OD?</x-tad-bigger>
<x-tad-bigger> -</x-tad-bigger>
<x-tad-smaller> </x-tad-smaller>
<x-tad-bigger>Also, I have seen that file service performance from Macs to AD servers is poor. And it sounds like Microsoft’s lack of support for higher-level AFP versions will assure that into the future.</x-tad-bigger>
<x-tad-bigger> -</x-tad-bigger>
<x-tad-smaller> </x-tad-smaller>
<x-tad-bigger>Would it make sense to run AD and just use an XServe for file service for the Macs? AD will handle authentication. Will it handle permissions on the XServe shares?</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>Finally, do you know of any good resources for information about planning this sort of change?</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>Thanks again.</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>nme</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger> </x-tad-bigger>
<x-tad-bigger>From:</x-tad-bigger><x-tad-bigger> Brent Westmoreland [mailto:[EMAIL PROTECTED]</x-tad-bigger>
<x-tad-bigger> </x-tad-bigger><x-tad-bigger>Sent:</x-tad-bigger><x-tad-bigger> Friday, May 14, 2004 1:51 PM</x-tad-bigger>
<x-tad-bigger>To:</x-tad-bigger><x-tad-bigger> [EMAIL PROTECTED]</x-tad-bigger>
<x-tad-bigger>Subject:</x-tad-bigger><x-tad-bigger> Re: [ActiveDir] Mixed network PC and Mac -> AD or XServe</x-tad-bigger>
My $0.02
In the existing situation, with 70 machines at one site, half macs and half PCs. The choice is actually a dead giveaway... Xserve's all the way. OS X server with OpenDirectory and Samba 3 can handle the authentication needs of the whole shop. You don't need Active Directory at all. Active Directory has great scalability, replication, and enterprise level features but very little native support for clients other than windows. OSX on the other hand can serve as a windows pdc and apple master directory using the exact same user records right out of the box, but it has lousy support for delegated administration and multimaster replication. The only downside to using all XServes is the lack of group policy support for the windows pc's, but if you only have 35, then so what.
Another positive to using os x as an entry level nos is that there are no Client Access Licenses with OS X's unlimited version. For a company of 70 people this allows them to double, triple, even quadruple their numbers without having to pay up every quarter for the new licenses they just bought. Not to mention server hardware costs, for a pretty well loaded box and a well negotiated apple deal you can plan to spend 4700 to 6500 dollars per apple server, and that is cheap. You don't see HP and IBM offering small shops a big discount on hardware, so they will pay close to retail for any servers that they purchase.
Finally, you go with an all OS X server solution, and you have effectively limited the dreaded 10th of the month server regression testing that we all have to do for MS patches. Yes, OS X has operating system patches too, but I have never had one apply that had a negative effect on my machine, and I mean NEVER.
If the client had 200 people and plans to open 5 sites throughout North & South America this year, I would have to say go with an AD solution. In the meantime, I would ride the low-cost wave of apple, until AD implements better alternative client support. Perhaps by then, OS X's solution will scale better and no migration would be necessary. We'll have a better picture when 10.4 is revealed.
On May 14, 2004, at 3:09 PM, Robbie Foust wrote:
I'm currently involved in migrating a network from Netware to AD/OS X Server. The problem with running Windows servers in a Mac invironment is that Microsoft has no plans to support the latest AFP version, which kinda sucks for various reasons. (auto reconnect, etc)
Best way I can come up with is to use AD as the authenticator (and for group policy support of Windows clients), and use OS X Server as the file server. The trick is to be able to apply policies to OS X users through open directory. There's supposed to be a way to use AD as the primary LDAP directory and pull additional attributes from another "local" directory but haven't quite figured it out yet. Samba can be configured to use Kerberos, but it's not the default.
Macs can't really be managed from AD like Windows can. Same goes in the other direction too. So ya kinda need both (AD and OD). In my scenario, I'm shooting for single sign-on using Kerberos. To make it even more complicated, I would really like to authenticate from a MIT Kerberos realm, but Samba doesn't have support for that yet.
Documentation is very limited with it comes down to the fine details, unfortunately.
Robbie Foust
OIT - Systems and Core Services
Duke University
Noah Eiger wrote:
Hello:
I need some advice about file service, directory management, and user
authentication in a mixed Windows/Mac environment. I have a magazine client with approximately 70 users: half Macs, half
Windows. As you might expect, the Macs are the art department and editorial;
the PCs are business, advertising, etc. All workstations will either be
running OSX (most recent) or WinXP Pro. Currently, there is no NOS, and file
service is handled by a mixture of WinNT, Win2k, and AppleShare 9x.
My initial thought was to just let AD handle everything and spend the effort
on getting the Macs to play nice with the Windows servers. Exchange is
likely. However, the in-house IT guy wants to explore Apple's server
offerings.
So, the questions are: - Is the speed and quality of the Windows servers sufficient for
Mac clients (many handling large image or graphics files)?
- Is AD "managing" of Macs and Mac users sufficient? - If there is a reason to deploy an Apple server, can it be managed
by AD? That is, can it play like a Windows member server?
- Finally, is there any reason to entertain running the whole shop
under the Apple server and Open Directory?
Many thanks.
----------------------------------------------------------------------------
--
Noah M. Eiger
EIS Consulting for
PRBO Conservation Science
510-717-5742
<mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
