Here is my experience in adding a Mac mini Server to my home network. It's not for the weak hearted. "It Just Works" is not the mantra for servers, even Apple's! The server was added in the Spring of 2010. It's now November 2014 -- see the end of this page for what has changed. (Hint -- I'm bringing up a new mini server to replace this nearly 5 year old one.)
First the background. I've got the following systems at home, all on gigabit Ethernet unless noted:
My current network uses Verizon provide Actiontec router as the gateway, providing NAT, DNS, DHCP. Mail hosting is off-site. I've got an Airport Extreme which is only operating as a wireless access point and Bonjour proxy to remotely wake tom8 on the LAN. All systems use sleep mode except Tom5 and the new server. Tom5 also updates the dynamic-DNS address.
My goal here is actually to simplify my life. I want the Mac Mini Server to replace Tom5 by:
I bought a refurbished Mac mini with Snow Leopard Server because I've had good luck with refurbs and can save money at the same time. Delivery was fast.
In preparation, I unified all the login names and user id's on all the systems. This wasn't necessary but seemed like a good idea as a general policy.
When the mini arrived, I set it up with a keyboard, mouse, and display. I did a basic configuration, assigning it a static IP and using WiFi since I was at the family room table temporarily. I let the software upgrade to the latest. The Mini has two 500GB internal hard drives, one intended for system and the other for data. I cloned the system drive to an external 1TB drive, booted from the external, reformatted the internal drives as RAID 0 (striped) to make it into a single 1TB drive with twice the throughput. Then I cloned the system back to the internals and booted from the internals.
After a week of playing around with it I'm approaching my goals. The Mac Mini is surprisingly fast as a server, much faster than the old Dell, that's for sure. It's also quiet, small, and consumes about 1/10th the power as the Dell.
At this point I put away the keyboard, mouse, and display, and carried the Mini to it's new home, on top of tom5 until I can retire it. All administration can be done remotely.
Next step was to add Open Directory users and groups. These are separate from the local login administrator accounts. I had read to never have the same login names for open directory and local accounts. Then I enabled file sharing.
By default, the server sets up three share points. Groups contains a folder for each group defined. There is a default group, Workgroup, for which every user is a member by default. I created two new groups, Financial for my wife and myself, and Archivist, intended only for myself to allow me to add files to the public share point.
The second default share point is Public. It's readable by everyone, but for some reason I couldn't get it to work without fussing with the permissions. If you get a Mac server be prepared to give permissions a lot of thought and fussing. All the media files go in Public.
The third default share point is User for individual user accounts. Currently I'm not using this share point.
The default configuration generates two administrator accounts plus "root" all with the same password. For security reasons it is important to especially change the root password to something extremely difficult to crack.
I've enabled the DNS service, and it is working fine, giving better times and operation than I was getting using the Actiontec. The problem is you can't change the Actiontec's DNS uplink and it goes to Verizon. If the name isn't found, Verizon feeds their own search page rather than giving an error. By doing my own DNS, and adding DHCP so local systems can be resolved, I should have a properly operating DNS. I haven't handled the DHCP yet.
I do have the file serving and automated backups working. I've also got Parallels + Windows + MS Money installed but haven't made that switch yet.
I added a new local account for running Parallels/windows/MSMoney. I enabled Fast User Switching so, if logged into the Adminstrator the system could also be logged into the financial account. However, it turns out that the user switching causes the screen sharing to utterly fail.
This means I can't use SuperDuper! for automated backups because it requires the administrator be logged in (and also in the foreground). I'll have to change to Carbon Copy Cloner. I'm not sure I can do it successfully with rsync and an at script. (Note, I later find out that SuperDUper! works when logged in but not in foreground, so I'm safe by using fast user switching and keeping the administrator account logged in.)
Another problem is that the program that keeps dynamic DNS active needs to be run from a logged in account. Question -- what sort of server is this that it can't run services when not logged in? I'm not happy. I'll probably run this program on my iMac since it is logged in every day. (Note, DYN_DNS has since come out with a new release that works as a service.)
Other than that, the financial account works fine. Logging in to the account, Parallels auto-starts, which autostarts Windows, which autostarts MSMoney. Now if I can get my wife to reverse the process when done, since it is manual.
The administration tools run surprisingly slow. It takes about a minute for them to launch and changes also take several seconds. This is a surprise considering how fast everything else is running.
I think my next step will be DHCP and moving the DYNDNS program off of tom5, but it will be a day or two before I can get around to it.
I decided to enable DHCP. The default settings were not correct because I initially set the system up through WIFI. Word of warning -- use the same network interface you intend to use in production when you first bring it up!
Using Server Admin, I went to settings--services and checked the DHCP box. This added the service to the list of configurable services. They you have to go to DHCP subnets. There is a default configuration that is not enabled. It needs to be changed! As I already mentioned, it was set to use the WiFi interface. And the router was wrong. And strangely so. I put in 192.168.1.1. I also had to add my server as the DNS server, search domain of local, and as the LDAP server. I then checked the enable box, hit "save", and started the DHCP service. This took a couple of minutes, during which time everything hangs. I just had to sit and wait it out.
Of course I needed to disable the Actiontec DHCP first. Can't have them fighting it out. I had to confirm shutting it off three times before it finally went down. I didn't like the Actiontec DHCP because it sets the DNS server to be Verizon's. Now I use Google's.
With the change in DHCP, all systems now place themselves in domain Local, which they hadn't done consistantly before. The Actiontec would supply the domain "home" while Macs like "local" so finding local systems required putting ".local" at the end of the name. It's not needed anymore.
My wife noted that everything on the network seems snappier now.
This morning I set the Network Account Server on my iMac to be the new server. No problem there. I also enabled the server to host TimeMachine backups and configured the Kitchen computer to use TimeMachine. I'll soon move that to an external drive on the server that will handle TimeMachine backups for the MacBooks and my wife's iMac as well.
I am having problems trying to keep the music library on the server and share it. It also wants to keep apps on the server, and I don't see how to separate my iPod Touch apps from my wife's. iTunes seems incredibly inflexible. I can't start iTunes on the server and let it be an iTunes streaming server because you are limited to five computers per account and the computers all have to be on the same account. It doesn't matter that the music is all unprotected MP3s.
End of day. I bought a 1.5TB drive at Costco for use as a TimeMachine drive. The two MacBooks are done, but the G5 iMac looks like it will take a day for the initial transfer.
Snow Leopard Server has two GUI administration programs, Server Preferences and Server Admin. The former is easier to use and is supposed to handle simple setups. I've used it for adding users and groups, which it handles just fine, but also to enable the file sharing and Time Machine (which isn't quite the same) and it failed with both, yielding share points that couldn't be accessed by users and by TimeMachine respectively. I had to use Server Admin to get things set up properly. Server Admin was also needed to get DNS and DHCP properly configured. Server Preferences can't do that, although the initial installation allows setting those services up. I just didn't want to do it at that time.
The initial installation also creates a "Mac OS X Server Next Steps" customized to the system configuration. This is a neat idea as it points the way to future configuration. I just wish there was an audit program that could regenerate the file for whatever the current state is.
So as I finish up the weekend, my score is:
There are serious performance problems with starting screen sharing and the server utilities that need to be addressed. I'll let it ride this week, and next weekend I'll finish the work and de-commision the old tom5 server.
The internal 1TB total RAID 0 array backs up automatically to an external OWC Mercury Elite-AL Pro 1TB. I've got a pair of those I switch (and keep offsite) every week. These are bootable backups so I can restore the server from them if necessary.
There is the 1.5GB external which will do TimeMachine backups of the two MacBooks, the kitchen iMac and my wife's iMac. Connected via USB 2.0.
When the internal fills, I'll move the external OWC to USB and add an external OWC FW800 drive (plus a pair for backups) for the extra media.
My iMac has it's own FW800 external for Time Machine and extra drive capacity for video processing.
Image backups (kept offsite) are performed of the systems that have important data (the iMacs and the newest MacBook) on a weekly to monthly basis. I don't back up the TimeMachine drives.
I found out that SuperDuper! (or Carbon Copy Cloner) will make a bootable clone, but not a functional one because you can't clone (at least) the Open Directory database and probably also the server settings. This means that either (1)all services have to be turned off during a backup, (2)the databases need to be backed up via a script, or (3)the databases need to be backed up from within the Server Admin program manually, but only when they are changed.
Now the problem of poor Apple documentation comes in. I could find nothing in the docs or in a Google search on how to turn off and on the services via the command line, or even enumerate what services have to be turned off. Note that with Linux this process is straightforward and well documented. For choice 2, the makers of Carbon Copy Cloner have a script to do the backup, but don't have one to do the restore!. That leaves choice 3. I'll have to try running from the clone to verify that this works. It's a serious and seldom mentioned flaw that they don't provide a backup tool for their servers and commonly available ones don't work.
Note that I was eventually told about the Mac's ServerBackup program that apparently TimeMachine runs to back up the server. Only problem is that I can't get it to successfully run from a script.
On the positive back-up front, I'm now doing TimeMachine backups on all four intended systems to the server.
I still don't have a happy solution to sharing iTunes music, and my wife has rebelled against Plex.
I decided this morning to quickly turn on VPN and see if I could access my home network from work. However VPN wouldn't turn on unless I went to the Security (Firewall) screen. Note that my Actiontec router is my firewall to the outside world. I configured it to pass the various VPN ports to my server. I shouldn't need the server firewall. But I, without thinking, turned it on. Byebye server! No DHCP, no DNS, no access at all! Tonight I'll have to connect a monitor, keyboard, and mouse and shut the firewall off. In the mean time I had to reenable DHCP in the actiontec, and for the boxes that explicitly specified the server for DNS, I had to remove that specification. Ugh.
Well "they" talk about messing up the configuration and having to do reinstalls of the server OS. Luckily I haven't had to do that yet!
While I've got the monitor connected, maybe I can figure out why fast user switching doesn't work with the remote display.
So yesterday I connected up a monitor, keyboard, and mouse, removed the firewall, and now VPN seems to work, as well as SSH, but it will now be Monday before I can give it the "acid test" from work and school.
Fast user switching doesn't seem to work because it's taking 2 minutes or more for Screen Sharing to connect. It connects within a second to the other Mac Mini I've got. I've left a question about this on the Apple.com forum. Hey, I might even try AppleCare on this one -- they do give server support in the package, making it the AppleCare bargain, assuming I can get someone knowledgeable.
I also tried Printer Sharing. I don't really need it since my iMac is in the same room and shares printers just fine. turns out I can't get it to print! Very strange!
With classes starting Monday I don't expect to get anything done with the server this weekend. So tune in later!
VPN works, although I can't get DNS through it so I don't see my home systems by name. However that is apparently a bug in OS X 10.6.2 that gets fixed in 10.6.3, that I am installing today. Hopefully I'll be able to get Screen Sharing over VPN, too.
The Address Book and iCal servers seem to be working just fine, syncing up when reconnect to the network. There goes my only reason I'd ever consider MobileMe.
The slow operation of screen sharing is apparently a DNS configuration problem (DNS was configured automatically on install, and as I've mentioned, most of the default configurations have been very wrong.) I've got a link to a website that covers how to set it up correctly. So I'll have more to report, tonight.
I'm now hoping to be fully operational this coming weekend. And then I will condense all of this and put my setup on my website, with pictures, so that anyone else who wants to attempt it will have a place to see the "solution".
Adding-- after removing the default DNS configuration, rebooting, and entering a new DNS configuration, DNS now works properly and screen sharing starts very quickly. I did make the mistake of naming my domain "almy.us" which killed my mail and website accessing, since they are done by a hosting provider. So I made up a phoney top level domain and now I can reach my mail and website as well as the internal website.
One sad thing is that Bonjour doesn't work over VPN, so it doesn't act you are on your LAN since systems don't show up in the finder. You have to use "Connect to Server". Also only Bonjour knows systems with dynamic IPs by name. You need to assign static IPs (or use the static assignment feature in the DHCP server) to connect to systems by name over VPN.
I had some open directory issues, seemingly caused by the change to domain names, so I rebuilt my Open Directory. Luckily, with so few users and groups it only took about 15 minutes to be up and running again. Now everything appears really solid. I'll let it run another week to be sure before I do the crossover.
Two points for anyone considering buying a Mac Mini with Snow Leopard Server for home use:
It's been running fine for a week. There are some confusing issues with the Address Book Server (which won't sync with an iPhone/iTouch) and iCal server (which will sync with an iPhone/iTouch wirelessly, but never do it via iTunes). I also got the Printer Sharing working -- it turns out that it must be cycled off and then on again manually before it "takes". Other services do the cycling automatically when you save settings.
The Dell box is now disconnected. The Mac mini server is installed on a bookshelf along with the image backup drive (on the left), the TimeMachine drive (above), and the Actiontec router which has WiFi, DNS, and DHCP disabled.
To recap, the Mac mini replaces the Dell Windows box and provides the following services:
I've enabled but not utilized the Web server, and am not using the mail server.
Four months later and I've added a second 1.5TB external drive for videos (the internal 1TB was not sufficient) and a "toaster" so I can use bare drives for backup. I've also switched to Quicken for Windows in the VM. It's all been running just fine. Six months after that I added a fourth external drive, this time a 2TB.
The latest iOS release for my iPod touch now give me syncing of address book, and it all works over VPN. I also made use of VPN while on vacation, using it to backup all my daily photographs each evening. I run a Plex server to serve video to the Mac minis.
After a frustrating time with the multi-step process of accessing Microsoft Money I realized that I could use Microsoft Remote Desktop software to access the Windows virtual machine (I use the Professional version of Windows, not the Home version which doesn't allow this feature). The virtual machine can be left running all the time so accessing Microsoft Money is very fast.
The server now has 4 OWC drives -- a 3TB (replacing the 1.5) and a 2TB for file serving, a 2TB (replacing the 1.5TB Seagate) for Time Machine, and the 1TB that gets swapped out for server backups. The toaster is still used to back up the multi-TB drives. I'm now additionally running iTunes as a server for an added Apple TV. The Windows PC is decomissioned.
Software change! But first I upgraded from 4 to 8 GB RAM. Then I went from Snow Leopard Server to Mountain Lion plus OS X Server. The upgrade program took several hours to complete and left me with messed up DNS (not suprised there!) and other configuration bugs that dogged me for a day. But now it's all more secure (encrypted drives with "sensitive" data) and I'm better prepared for the future if I need to replace the computer.
I don't encrypt the boot drive, which has no sensitive data. The second internal drive is encrypted and contains all of the Server databases as well as personal files. Now I'm safe against data theft even if the computer is stolen. Backups are also encrypted.
This is especially important to me as I've gone "paperless". All receipts and statements are scanned or received online. I use the Hazel application to rename and sort these documents into a folder hierarchy on the server. Because it is SpotLight indexed I get instant retrieval for any arbitrary document! Sweet!
For an extra level of backup protection, I've signed up to CrashPlan with the family plan. It does continuous cloud backup of our computers and the server.
Mavericks Server has fixed the VPN problems so I took the opportunity to upgrade to Mavericks + Server.app. Upgrade was flawless and the new server software seems to work better --much more responsive. For me this is the best server version yet. I did have to upgrade my DynDNS updater program and the version of Parallels.
Hardware upgrades -- I needed more disk space so upgraded drives in the OWC housings. There is now a 4TB drive for Time Machine, and a 4TB plus the older 3TB for file serving. Adding the two internal drives, thats a total of 12TB. I would never have though I'd have so much disk space back when I started this project! Since everything has two sets of backups, that means I've got 36TB of drives. My first hard disk drive was 20MB (that's Megabytes!).
Mavericks server is supposed to limit the size of the Time Machine backups. It doesn't work. I can't find anyone reporting this issue either.
The second hard drive in the Mac mini started to fail, so I replaced it with an SSD of the same size. Somewhat of a folly, since the performance improvement isn't noticeable but for a few things -- boot time is much faster (it is only booted when a new OS release requires rebooting), starting Quicken in the virtual machine is faster, and the Server.app user interface seems snappier.
I picked up a discontinued 2012 quad-core i7 Mac mini to replace the nearly 5 year old mini discussed on most of this page. Rather than just cloning it's drive from the existing server, I decided to do a fresh install of Yosemite and it's server.app. I'll then move everything over. Any problems? Well I'll put them here as I go.