Integrating Macs in a business environment has gone from being an anomaly to a standard. Thanks to Snow Leopard’s phenomenal integration capabilities, the speed and reliability of Apple hardware and the ability to run multiple platforms all on one piece of hardware, using Macs in business can cut down on IT costs and increase productivity.
Plus, with Apple’s renewed commitment to the environment, their hardware continues to be more energy efficient and uses less hazardous materials. However, even with the many benefits of integrating Macs in the business environment, there are often concerns about how well they would work with existing Windows Servers and how difficult the initial setup may be. Let’s lay some of those concerns to rest.
Last week, I had the privilege of attending a hands-on seminar on integrating Microsoft Active Directory and Exchange Servers with Mac OS 10.6 servers and clients. This is something that I’ve been doing more and more in the field, but it was very cool to experience it in a lab setting and get to play with both the Mac and PC environments.
One of the first things I was told is that the average setup time to integrate a new Mac into a Windows business environment is eight minutes. Eight minutes! That includes going through the Mac OS Setup Assistant, binding to an Active Directory server and configuring exchange accounts for mail, contacts and calendars. We tried it out and, sure enough, working at an average-pace it was an eight-minute-or-less experience.
In the seminar I attended, we actually went through the process of configuring a Microsoft 2008 Enterprise server, setting up Active Directory and Exchange, binding a Mac client to it and then also binding the Mac to a 10.6 Server for Open Directory. The really amazing thing is that both servers ran on one piece of hardware. We started with a Mac running 10.6 Server. While we used Macbook Pros, in a real-life setting I’d recommend using at least a beefed up Mac Mini Server (for small offices) or an Xserve (for most businesses). Using Parallels, we were able to install a copy of Windows 2008 Server.
The Windows Server ran Active Directory and Exchange services and the Mac Server was then bound to the Active Directory Server. Looking back at the Mac side, we set the Mac Server as an Open Directory Master. Since the Mac Server was bound to the Active Directory Server, we were able to view and manipulate all of the Active Directory user accounts within Apple’s Workgroup Manager and we could then add additional Mac-specific settings. Client machines could then be bound to both the Mac Open Directory and the Microsoft Active Directory simultaneously to reap the benefits of both platforms. This technique is referred to as the “Golden Triangle.”
Many of you out there may be wondering about the significance of this. To give some brief understanding, Active Directory is what’s commonly used in businesses to create user accounts and groups and configure permissions within those accounts. For example, if you’re used to using an Exchange account for your email, contacts and calendars, Active Directory is what stores your basic account information and allows you to use one password for everything you do. Beyond Exchange capabilities, Active Directory controls who can control and share files on different sharepoints, upload to web servers and basically dial in on any specific server function.
In Mac OS X Server, Open Directory is basically the equivalent of Active Directory. Both primarily use Kerberos (“single sign-on”) for authentication, and both allow one to use a single username and password to access account information and use services. While Mac users bound to an Active Directory Server can sign in using network accounts, access sharepoints and access services, there is a great benefit from an IT perspective to being bound to both Active Directory and Open Directory simultaneously. It all boils down to speed of initial system setup and security.
Those using Active Directory Servers most likely know that one of the benefits is that they can set up specific machine settings for individual users or groups. For example, without touching a user’s local machine, an administrator of an Active Directory Server can specify what applications that user can use and what individual settings that user account has. While Macs can still connect to that same Active Directory Server and log into their network accounts, many of the Mac-specific settings are unavailable in Active Directory.
However, Open Directory has a ton of specific setting allowances for applications, security, and individual settings. Since the Mac Server can bind to the Active Directory Server and they’re able to share account information, it’s possible to use the standards set by the Active Directory Server while reaping the Mac-specific settings of the Open Directory Server. Using this “golden triangle” technique, workstations can be set up quickly and System Administrators gain more control over the end-user’s machine.
Macs work beautifully right out of the box in an Active Directory environment. It’s definitely not necessary to use an Open Directory Server in conjunction with an Active Directory Server, however depending on the needs of your business, it may be a great solution for you. Not to mention, being able to run multiple servers on one piece of energy-efficient hardware can decrease yearly electric bills and help your business meet its environmental commitments. If you’re curious about integrating Macs and Mac-based Servers into your business feel free to contact our Consulting department at consulting@smalldog.com or 1-800-511-MACS, x515.