Os X server for small business
Download 293.14 Kb.
|
- Navigate this page:
- Volumes on a partitioned disk
- RAID sets
Formats for server disksWhen you erase a disk before installing OS X Server on it, select one of these formats: Mac OS Extended (Journaled): This format is recommended, and is the most common format for Mac and Mac server startup disks. Mac OS Extended (Case-sensitive, Journaled): This format is worth considering if you’re planning to have your server host a custom website with static web content instead of or in addition to wikis. A case-sensitive disk can host static web content with a more direct mapping between files and URLs. You can erase other disks using one of the formats above, or a non-journaled variant: Mac OS Extended or Mac OS Extended (Case-sensitive). If the server has a disk formatted using the UNIX File System (UFS) format by an earlier version of OS X or OS X Server, do not use the UFS disk for an OS X Server startup disk. Volumes on a partitioned diskPartitioning a hard disk creates a volume for OS X Server and one or more volumes for service data and other software. The volume you install OS X Server on should be at least 10 GB. This volume should be larger if you plan to store shared folders, wikis, and other service data on it. The volumes on a partitioned disk are often simply called “disks.” Each volume appears as a disk in the Finder, and you use each volume as if it were a separate disk. RAID setsIf you’re installing OS X Server on a computer with multiple internal hard disk drives, you can create a RAID (Redundant Array of Independent Disks) set to optimize storage capacity, improve performance, and increase reliability in case of a disk failure. For example, a mirrored RAID set increases reliability by writing your data to two or more disks at once. If one disk fails, your server automatically continues using other disks in the RAID set. You can set up RAID mirroring or another type of RAID set when you begin installing OS X Server. After installing, you can set up RAID mirroring on a disk that isn’t partitioned. To prevent data loss, you should set up RAID mirroring as early as possible. For information about setting up a RAID set, search Disk Utility Help for “Using RAID sets.” If you choose a RAID set, you won’t get a recovery partition or FileVault full disk encryption. A recovery partition allows you to reinstall OS X or recover your entire system from a Time Machine backup. Full disk encryption isn’t recommended for an OS X Server startup disk or any disk that stores service data. If these disks are encrypted, the server can’t restart until you go to the server and enter the password at the server’s keyboard. If you use OS X Server to share an encrypted disk, the disk isn’t available to users until you enter the password at the server’s keyboard.
Port mapping for network and server protection If you have a network router that shares its Internet connection with computers on your intranet, such as an AirPort Extreme Base Station (802.11n) or a Time Capsule, the router isolates your intranet from the Internet. These Internet-sharing routers protect your intranet against malicious attacks from the Internet by blocking communications that originate outside the intranet. Computers on the Internet can’t access your server unless you configure your router to expose specific services on the Internet. For example, you might expose your Wiki and Websites services on the Internet, but not file sharing. You can still control access to wikis by requiring users to log in to view them. The process of exposing individual services to the Internet is called “port mapping” or “port forwarding.” Internet users can access your exposed services by using an Internet host name, such as server.mycompany.com, that you register with a public DNS registrar or a DNS hosting service. Your registered host name points to the public IP address you got from your ISP and configured your router to use. Internet users can also access your exposed services by using your public IP address directly instead of by using an Internet host name. When using your Internet host name or public IP address to access a specific service, such as your Wiki service, users actually reach your router. If you exposed the service, your router forwards the request to your server. If you didn’t expose the service, the router doesn’t forward the request, and the user can’t get that service from your server. If you want to let Internet users with accounts on your server access services that aren’t exposed to the Internet, you can turn on VPN service. It provides a secure remote connection to all services on your intranet.
Register the server’s Internet host name To allow users to access the server by using its host name on the Internet, you must register the server’s host name.
If you don’t already have a domain name, you can purchase one from a public domain name registrar. For information about domain name registrars, search the web.
If your organization has a computer support group, request a host name from them. Otherwise, work with the domain name registrar where you obtained your domain name to assign a host name.
If your organization has a computer support group, ask if they host DNS servers. Otherwise, your DNS registrar might provide DNS hosting service, or you can search the web for a provider. 
DNS records for your server Before you set up your server, have your DNS server administrator add records for your server to a DNS server. After these records are added, users can access your server by using its host name, such as server.mycompany.com. Users can use your server’s host name on your intranet if the DNS server administrator for your intranet adds DNS records for your server. If your intranet doesn’t have a DNS server, users can access your server by using its local hostname, such as server.local. Users can use your server’s host name on the Internet if a DNS hosting service adds the records described below to its DNS servers. These records must point your server’s host name to the public IP address of your Internet router, if you have one. The DNS registrar you obtained a domain name from might provide DNS hosting service, or you can search the web for a provider.
An A record is required. It maps your server’s host name to its IP address. If you have an Internet router, your server has a unique, private IP address on your intranet, but on the Internet it uses the router’s public IP address. PTR (pointer) A PTR record is required. It provides a reverse lookup by mapping the server’s IP address to its host name. If you have an Internet router, your server has a unique, private IP address on your intranet, but on the Internet it uses the router’s public IP address. MX (mail exchange) If your server provides Mail service, the optional MX record specifies that your server is a mail server for your domain. An MX record lets users have an email address such as mchen@example.com. Without an MX record, email addresses must include your server’s full host name (for example, mchen@server.example.com). CNAME (alias) One or more optional CNAME records provide convenient access to services your server provides, such as mail.example.com and www.example.com. SRV for Contacts service If your server provides Contacts service, you can add an optional SRV record for Contacts service’s CardDAV protocol.
_carddavs._tcp 86400 IN SRV 0 1 8443 server.example.com
_carddav._tcp 86400 IN SRV 0 1 8008 server.example.com SRV for Calendar service If your server provides Calendar service, you can add an optional SRV record for Calendar service’s CalDAV protocol.
_caldavs._tcp 86400 IN SRV 0 1 8443 server.example.com
_caldav._tcp 86400 IN SRV 0 1 8008 server.example.com SRV (service locator) for Messages service If your server provides Messages instant messaging service, you can add two optional SRV (service locator) records for Messages server’s XMPP (Jabber) protocol.
_xmpp-server._tcp 86400 IN SRV 0 1 5269 server.example.com
_xmpp-client._tcp 86400 IN SRV 0 1 5222 server.example.com These SRV records let users have a Messages address such as mchen@example.com. Without these SRV records, Messages addresses must include your server’s full host name (for example, mchen@server.example.com).
DHCP server configuration for your server Before you set up your Mac server, configure your DHCP server to supply important network addresses to computers on your intranet. The DHCP server can provide each computer with its own IP address, the IP address of your network router, and the IP addresses of DNS servers for your network. When configuring your DHCP server, be sure to do the following:
If your intranet connects to the Internet through a router supplied by your ISP or purchased from a computer retailer, the router is usually your DHCP server. For information about configuring your router, see its documentation. If your intranet and Internet connections are managed by your organization, ask the DHCP administrator to configure the DHCP servers for your Mac server
Ports used for administration For Apple’s administration applications to function, specific ports must be enabled. In addition, other ports must be enabled for each service you want to run on your server.
Was this page helpful?Send feedback. © 2012 Apple Inc. All rights reserved.
Restart computers To restart a computer now or at a specific time, use the shutdown -r or systemsetup command. For more information, see their man pages. HideRestart the local computer Enter the following command in a Terminal window: $ sudo shutdown -r now HideRestart a remote computer immediately Enter the following command in a Terminal window: $ ssh -l admincomputer shutdown -r now Replace admin with the short name of a user account on the remote computer. Replace computer with the IP address or host name of the remote computer. HideRestart a remote computer at a specific time Enter the following command in a Terminal window: $ ssh -l admincomputer shutdown -r hhmm Replace admin with the short name of a user account on the remote computer. Replace computer with the IP address or host name of the remote computer. Replace hhmm with the hour and minute you want the remote computer to restart. HideRestart automatically after power failure You can also use the systemsetup command to set the computer to start up after a power failure or system freeze, by specifying a number of seconds. Enter the following command in a Terminal window: $ sudo systemsetup -setwaitforstartupafterpowerfailure seconds Replace seconds with the number of seconds before the computer starts after a power failure. This value must be 0 (zero) or a multiple of 30.
Shut down computers To shut down a computer at a specific time, use the shutdown command. For more information, see the shutdown man page. HideShut down a remote computer immediately Enter the following command in a Terminal window: $ ssh -l root computer shutdown -h now Replace computer with the IP address or host name of the remote computer. HideShut down a remote computer at a specific time Enter the following command in a Terminal window: $ sudo shutdown -h +mm Replace mm with the number of minutes until the remote computer shuts down. HideShut down while leaving the computer on and powered To support UPS restart after power failure, the shutdown command provides the -u option. This option halts system shutdown before the shutdown command instructs the power manager to turn off the power supply. The -u option keeps the system halted and waits for 5 minutes before removing power so an external UPS can forcibly remove power. Using the -u option simulates a dirty shutdown, which allows a later automatic power-on. The operating system uses the -u option with supported UPS devices in emergency shutdowns.
Change a remote computer’s startup disk You can change a remote computer’s startup disk using SSH. HideDetermine available startup disks Log in to the remote computer using SSH, and enter: $ systemsetup -liststartupdisks HideChange the startup disk Log in to the remote computer using SSH, and enter: $ systemsetup -setstartupdisks path Replace path with the path to an available startup disk on the remote computer.
Manipulate firmware NVRAM variables To manipulate firmware NVRAM variables, use the nvram tool. If you change a value with nvram, the value is saved only if the computer cleanly restarts or shuts down. For more information, see the nvram man page. HideView NVRAM variables $ nvram -p
Overview of DNS setup If you’re using an external DNS name server and you entered its IP address in the Gateway Setup Assistant, you don’t need to do anything else. If you’re setting up your own DNS server, you must do the following.
Domain name registration is managed by IANA. IANA registration makes sure that domain names are unique across the Internet. (For more information, see http://www.iana.org.) If you don’t register your domain name, your network can’t communicate over the Internet. After you register a domain name, you can create subdomains as long as you set up a DNS server on your network to track the subdomain names and IP addresses. For example, if you register the domain name example.com, you could create subdomains such as host1.example.com, mail.example.com, or www.example.com. A server in a subdomain could be named primary.www.example.com or backup.www.example.com. The DNS server for example.com tracks information for its subdomains, such as host (computer) names, static IP addresses, aliases, and mail exchangers. If your ISP handles your DNS service, you must inform them of changes you make to your domain name, including added subdomains. The range of IP addresses used with a domain must be clearly defined before setup. These addresses are used exclusively for one specific domain, never by another domain or subdomain. Coordinate the range of addresses with your network administrator or ISP. Learn and plan If you’re new to DNS, learn and understand DNS concepts, tools, and features of OS X Server and BIND. See Find more DNS information. When you’re ready, plan your DNS service. Consider the following questions:
There are two ways to configure DNS service on a Mac server:
The zone file name is based on the name of the zone. For example, the zone file example.com is /var/named/example.com.zone. If you edit named.conf to configure BIND, don’t change the inet settings of the controls statement. Otherwise, the Server app can’t retrieve status information for DNS. The inet settings should look like this: controls { inet 127.0.0.1 port 54 allow {any;} keys { "rndc-key"; }; };
Add forwarding server When your DNS server cannot resolve a DNS query locally, it can use a forwarding server to handle the query. The DNS server forwards the request to another DNS server that can respond to the DNS query. This can be used across separate subnets and networks.
You can enter multiple IP addresses.
The number of forwarding servers you specified is shown.
Set lookup behavior Use the Server app to set lookup behavior for clients. Your DNS server can perform lookups for clients on all networks or only specific networks you choose.
CIDR notation is supported. For more information on CIDR notation, see the CIDR Notation article on Wikipedia.
Set lookup behavior Use the Server app to set lookup behavior for clients. Your DNS server can perform lookups for clients on all networks or only specific networks you choose.
CIDR notation is supported. For more information on CIDR notation, see the CIDR Notation article on Wikipedia.
Set lookup behavior Use the Server app to set lookup behavior for clients. Your DNS server can perform lookups for clients on all networks or only specific networks you choose.
CIDR notation is supported. For more information on CIDR notation, see the CIDR Notation article on Wikipedia.
Use the Server app to add host names and aliases to your DNS server.
If your computer has more than one IP address, you can enter multiple IP addresses to the list. You can also add multiple addresses to help with load balancing.
You can add as many aliases as you want.
The optional MX record specifies that your server is a mail server for your domain. An MX record lets users have an email address such as mchen@example.com. Without an MX record, email addresses must include your server’s full host name (for example, mchen@server.example.com).
Start DNS You can stop or start DNS in the DNS pane of the Server app.
Click Don’t Allow if you don’t want the service to be accessible to computers on the Internet, or if you’re not sure. You can change Internet access to services later by selecting your AirPort device in the Server sidebar. For more information, see Manage AirPort port mapping and Wi-Fi login. The dialog appears only if your AirPort device is listed in the Server sidebar and you turned on a service that the Server app can manage on your AirPort device.These services include Calendar, Contacts, Mail, Messages, and Websites. If you have an Internet router that isn’t listed in the Server sidebar, you can configure it to allow Internet access to services. This process is called port forwarding or port mapping. For information, see Router port mapping.
Edit host names and aliases Use the Server app to change host names and aliases on your DNS server.
Remove host names and aliases Use the Server app to remove host names and aliases from your DNS server.
Use zone transfers to defend against server mining Server mining is the practice of getting a copy of a complete primary zone by requesting a zone transfer. In this case, a hacker pretends to be a secondary zone to another primary zone and requests a copy of the primary zone’s records. With a copy of your primary zone, the hacker can see what kinds of services a domain offers and the IP addresses of the servers that offer them. He or she can then try specific attacks based on those services. This is reconnaissance before another attack. To defend against this attack, specify which IP addresses have permission to request zone transfers (your secondary zone servers) and deny all others. Zone transfers are accomplished over TCP on port 53. To limit zone transfers, block zone transfer requests from anyone but your secondary DNS servers.
Set up a VLAN To set up and manage VLANs, you use the VLAN area of the Network pane of System Preferences. Be sure that ports used by non-VLAN devices (non-802.1q-compliant) are configured to transmit untagged frames. If a noncompliant Ethernet device receives a tagged frame, it cannot understand the VLAN tag and drops the frame. Directory: 2012 2012 -> The Case Against the nypd’s Quota-Driven ‘Broken Windows’ Policing What Is It? 2012 -> Annual InStructional unit plan 2012 -> University of Hawai‘i Maui College dental assisting program review october 21, 2013 2012 -> Committee on the rights of the child the rights of all children in the context of international migration 2012 -> Background on the Haitian Earthquake 2012 -> The Collected Wisdom of Science Olympiad Coaches 2012 -> Federal Communications Commission fcc 12-81 Before the Federal Communications Commission 2012 -> Aa and na members Dying from Tobacco 2012 -> [Baby Crying] 01: 04 [Ching Download 293.14 Kb. Share with your friends:
|