Get rid of Open Directory!

I'm stuck here on 2009 Xserve's that need to go, but really no options these days. I wish Apple would have kept OSX and OS X Server seperate and then made OS X Server allowed to be installed on PC hardware under VMWare. All of our servers have been on VMWare now for years and now they are trying to push our clients to that as well with zero clients. Little dangerous for me as they are trying to get rid of the Macs in the process, but it woud be nice to be able to use OS X Server on non mac hardware or bring out server grade hardware again. I always wanted a 3U or so Xserve with atleast 8 Drives in it.

Who says Microsoft will license Active Directory to others?

But it would be great if Apple allowed OS X Server to run in VMware on non-Apple hardware.

You can't be more wrong!

"At the same time that Apple adopted this older system, Microsoft, with Windows 2000, moved away from it and began using their much more robust Active Directory system"

I've been working with Active Directory and Open Directory for more than 10 years now, and I would like to express my opinions:

• Microsoft's Active Directory and Open Directory are both based on LDAP and Kerberos. In no way Open Directory is older technology as Windows NT.
• Apple has been supporting Active Directory for years. You could even modify ADs schema to host Apple objects for native client management.
• You could buy a Mac mini, install OS X Server, bind to AD and use AD to authenticate access to Profile Manager.
• There's no way an Active Directory server would run on top of OS X, as AD si an integral part of Windows Server and integrates and depends on other services.
• I don't think Apple is interested in server hardware anymore. They are focusing in building client devices and embracing the cloud with iCloud, VPP and DEP programs. I'm even betting my 5 cents in that Apple will, in the short term, move Profile Manager to a SaaS model hosted by Apple.
• ADs main function is to provide authentication services and client management to name a few. As everyone is moving client management to MDM based solutions, I see no point in going further than service authentication compatibility with AD.

I agree in that it would be nice to see OS X Server running as a guest inside VMware or Citrix, but OS X Server is not powerful enough for an enterprise to invest. Corporate customers with hundreds of devices ranging from Android to iOS, is better to invest in MobileIron or Airwatch to provide managent to their devices (Android, iOS, Windows, OS X) than to invest in Profile Manager to manage only iOS and OS X devices.

Over the years I've sold and deployed hundreds of Xserves and Mac OS X Servers from file servers to Xsan to Wikis to Oracle DBs to clustering solutions, and I don't see a place for OS X Server in the corporate market anymore, aside from department servers.

OS X is nice because its easy to setup and run and cheap! Never had any issues with it here. I'm still running 10.6.8 on my servers for everything and still running strong so far! I just worry about a drive or other hardware giving out at this point.

Anything MS to me is a nightmare. They make things more difficult to setup than nessassary and the technet articles give a whole story and give examples how it should be setup but don't really tell you how to do it. Then half the time its wrong in my experiances. Our MS fanboi is trying to setup the latest version of System Center and is having fun with that and getting it to work and hasn't been too happy. I skimmed over the documentation and noticed it even supports OS X, but Munki can do most of what it can so I have no use for it. Along with with Endpoint Antivirus, but again its lacking in any management on the OS X side so dissappointed.

With Netboot, Caching, basic file serving, and profile manager I still think OS X server is liable. If Apple would have kept Server separate like it used to be and left it be able to be on a VM on PC hardware all of my issues would be pretty much solved.

We use Airwatch for our phones and its lots of fun! Feels like its a MS product or 10 different teams develop it and don't talk to each other. You go to one area for one setting and have to go to another area for another setting for the same option and we haven't been too happy with it. And its expensive! Not sure I would want it running on my computer clients and I'm still not sure on Profile Manager either as to why I am on MCX still.

Perhaps I could have said this more clearly: The way that Apple set up Open Directory within OS X Server is very much like the Windows NT domain services. OS X Server can be set up as an Open Directory master, or as a replica. Active Directory domain controllers use multi-master replicatiom, so there can be multiple "primaries" on the network, each having a read/write copy of the directory database.

You are right that the cloud is becoming an integral part of networking, however, there is still a place for locally-hosted servers, so corporate datacenters will still be used by some people.

IN much the same way that Apple has moved from its AFP-based file sharing protocols to Microsoft's SMB protocol, OS X Server should move away from Open Directory, and move toward Active Directory. The SAMBA project has built AD comain controller functionality into version 4 of their suite, so if this is possible with open-source software, then Apple may be in a position to do the same thing with their server software. It would be great for OS X Server to be able to host Windows networks, the way it was able to before 10.7 was released. However, now it would be with AD instead of OD, allowing it to host modern Windows clients.

I am thimking a little bit outside the box here, but I want to encourage devs and the Apple engineering staff to embrace enterprise networking, and to develop software and hardware that can be used in large environmets. This is not the 1980s and 1990s anymore. There is a place for Apple in oragnizations large and small.

• Microsoft's Active Directory and Open Directory are both based on LDAP and Kerberos. In no way Open Directory is older technology as Windows NT.
• Apple has been supporting Active Directory for years. You could even modify ADs schema to host Apple objects for native client management.
• You could buy a Mac mini, install OS X Server, bind to AD and use AD to authenticate access to Profile Manager.
• There's no way an Active Directory server would run on top of OS X, as AD si an integral part of Windows Server and integrates and depends on other services.
• I don't think Apple is interested in server hardware anymore. They are focusing in building client devices and embracing the cloud with iCloud, VPP and DEP programs. I'm even betting my 5 cents in that Apple will, in the short term, move Profile Manager to a SaaS model hosted by Apple.
• ADs main function is to provide authentication services and client management to name a few. As everyone is moving client management to MDM based solutions, I see no point in going further than service authentication compatibility with AD.

Thank you for posting! You are right, both services are based on LDAP, but Microsoft has enhanced Active Directory to be a much more robust system, one of its strongest features is multimaster replication, where there can be multiple equal domain controllers, each having a fully read-write copy of the directory database. If one server goes down, it will not affect the others, or the administrator's ability to manage the network. With Open Directory, if the primary goes down, one of the backups has to be promoted to a master, which is more work. Also, Active Directory integrates software installation features, which Open Directory does not have. Profile Manager is beginning to rectify this, but it needs to be developed further before it is on the same level.

Also, yes, OS X Server can be bound to an AD domain, but then the domain has to be administered from a Windows Server, which is more complicated than it should be. If OS X Server were given the ability to act as an AD domain controller, the whole process could be handled on the OS X Server, without having to first set it up on the Windows Server, and then binding the OS X Server machine to it.

I agree with you, MDM solutions will account for the majority of setups, making traditional directory services less necessary than they used to be. However, there is a place for hybrid setups, which can be cloud connected, as well as more traditional. There are still times when it is preferable to host data locally, and people and organizations should have a solution that can allow them to do this.

I believe that Apple made a terrible mistake by killing off the XServe and dedicated server hardware. Steve Jobs, as brilliant as he was, did not understand the enterprise market, and continually shot himself in the foot in this market. He offened potential enterprise customers, and did not market his solutions properly, leaving enterrprises unaware of how good Apple products are. Tim Cook, having spent 10 years at IBM before joining Apple, is much more of a business-minded person, and has more knowlege of how the enterprise market works. Especially since he began Apple's MobileFirst for iOS partnership wtih IBM, Apple is getting real-world experience in enterprise technology deployments. IBM is now buying large numbers of iOS and Mac devices, and will likely have suggestions for Apple on how to improve these devices, and the OS X and iOS software that they run. They are likely also using OS X Server to manage their Mac and iOS networks, and will again liikely have suggestions for Apple about how to improve their server software (and hardware). I am hoping that Apple will begin to take on the reponsiblity for itself, of making an end-to-end management solution, allowing customers to have a single place to turn when they need support, similar to how Microsoft builds industrial strength Windows server and client software. It is time for Apple to take the gloves off, and take control of its enterprise hardware and software infrastructure!

I believe that even though Active Directory itself is proprietary, others can build directory services that use its structure to take on its features. The SAMBA project, for example, has built full Active Directory domain controller functionality into version 4.0 of its suite.

Unfortunately, you're all living in the past. No real world large server environment even uses Active Directory anymore.

Most, use linux based Novell services which completely abandon AD in favor of far more robust models. Check with your

local and state entities. The majority these days, use virtual machines on Novell (linux) based server infrastructure.

I believe that even though Active Directory itself is proprietary, others can build directory services that use its structure to take on its features. The SAMBA project, for example, has built full Active Directory domain controller functionality into version 4.0 of its suite. Active Directory itself is proprietary, but the specification is pubshed so that others can build directory services that can assume domain controller functionality, and manage Windows domains as a Windows Server machine does.

Apple wil not license their software (aside from iTunes as the most notable example) to run on other operating systems, or other architectures (aside from Mac machines). However, Macs can run Windows in virtual machines, interestingly enough.

As I have said before, I think Apple blundered terribly when they discontinued the XServe, it was a very shortsighted move. Steve Jobs sadi that Apple was not selling enough of them, but he was comparing "enough" to the millions upon millions of Mac and iOS machines that Apple was selling. Of course, there will not be as many servers sold as clients, nor should there be. Selling servers provides for the salesclient machines, and provides for the growth of networks made up of Mac computers, helping them to integrate into businesses and studios of all sizes. The XServe was the right idea, although it was marketed poorly, making it mostly unknown to people.

The MDM phenomenon has turned the old model on its head, though, Apple does not need to go only to IT departments to sell to corporate customers, they have been successful seeling to employees, who have then called their IT departments and demanded support. Now Apple has an entryway into the enterprise, and an entryway into seeling servers. Apple should seriously rethink their place in the enterprise, and should bring back dedicated hardware, as well as create a real first-party MDM management solution, no more MDM-life! Apple has the strength to do this, and they are in a position to be a dominant technology company, not just in the way of the consumer marketplace, but also in the enterprise marketplace.