Here is my experience in adding a Mac mini Server to my home network. It's not for the weak hearted. "It Just Works" is not the mantra for servers, even Apple's! The first server was added in the Spring of 2010. It is now September 2023-- see the end of this page for what has changed. (Hint -- I've now got a mini with Apple Silicon, upgraded March 2023)
Gone is my recommendation to set up a Mac mini as a server. Apple has officially left the server software business. See Prepare for changes to macOS Server. The handwriting has been on the wall, actually since I set up my first Mac mini server.
Apple used to sell real server computers, ending with the 2009 Xserve, they also dropped the XServe replacements Mac Pro Server (last model in 2012) and the Mac mini Server (also last model in 2012). On the software side their last true server OS was Snow Leopard Server in 2009. Starting with OS X Lion in 2011 it became an add-on software package to the client OS. Over they years features were removed. The latest High Sierra (2017) which integrated the file sharing, update caching, and TimeMachine server services with the High Sierra OS, albeit in a somewhat less flexible form, and removed the insecure ftp and rlogin services.
Apple has announced a change in focus to management of computers, devices and storage so all of the classic server functions of Server are being deprecated this Spring and probably will be gone by the next macOS version. While it appears that none of the base macOS features will go, if you need more -- Calendar, Contacts, Mail, Messages, Web, Wiki, DHCP, DNS, VPN, NetInstall, you will now have to do 3rd party installs. Frankly if you need any of these you are best off either running a Linux VM in an existing Mac or if you are considering new hardware just buy a Linux system.
I now continue to run a mini server with fewer services (file server, Plex+HomeRunHD server, backups, Resilio server, Unifi Controller). I've purchased a UniFi Security Gateway (router) which has taken over the DNS, DHCP, DDNS update, and VPN services that used to be done on the mini. See the the end of this page.
First the background. I've got the following systems at home, all on gigabit Ethernet unless noted:
My current network uses Verizon provide Actiontec router as the gateway, providing NAT, DNS, DHCP. Mail hosting is off-site. I've got an Airport Extreme which is only operating as a wireless access point and Bonjour proxy to remotely wake tom8 on the LAN. All systems use sleep mode except Tom5 and the new server. Tom5 also updates the dynamic-DNS address.
My goal here is actually to simplify my life. I want the Mac Mini Server to replace Tom5 by:
I bought a refurbished Mac mini with Snow Leopard Server because I've had good luck with refurbs and can save money at the same time. Delivery was fast.
In preparation, I unified all the login names and user id's on all the systems. This wasn't necessary but seemed like a good idea as a general policy.
When the mini arrived, I set it up with a keyboard, mouse, and display. I did a basic configuration, assigning it a static IP and using WiFi since I was at the family room table temporarily. I let the software upgrade to the latest. The Mini has two 500GB internal hard drives, one intended for system and the other for data. I cloned the system drive to an external 1TB drive, booted from the external, reformatted the internal drives as RAID 0 (striped) to make it into a single 1TB drive with twice the throughput. Then I cloned the system back to the internals and booted from the internals.
After a week of playing around with it I'm approaching my goals. The Mac Mini is surprisingly fast as a server, much faster than the old Dell, that's for sure. It's also quiet, small, and consumes about 1/10th the power as the Dell.
At this point I put away the keyboard, mouse, and display, and carried the Mini to it's new home, on top of tom5 until I can retire it. All administration can be done remotely.
Next step was to add Open Directory users and groups. These are separate from the local login administrator accounts. I had read to never have the same login names for open directory and local accounts. Then I enabled file sharing.
By default, the server sets up three share points. Groups contains a folder for each group defined. There is a default group, Workgroup, for which every user is a member by default. I created two new groups, Financial for my wife and myself, and Archivist, intended only for myself to allow me to add files to the public share point.
The second default share point is Public. It's readable by everyone, but for some reason I couldn't get it to work without fussing with the permissions. If you get a Mac server be prepared to give permissions a lot of thought and fussing. All the media files go in Public.
The third default share point is User for individual user accounts. Currently I'm not using this share point.
The default configuration generates two administrator accounts plus "root" all with the same password. For security reasons it is important to especially change the root password to something extremely difficult to crack.
I've enabled the DNS service, and it is working fine, giving better times and operation than I was getting using the Actiontec. The problem is you can't change the Actiontec's DNS uplink and it goes to Verizon. If the name isn't found, Verizon feeds their own search page rather than giving an error. By doing my own DNS, and adding DHCP so local systems can be resolved, I should have a properly operating DNS. I haven't handled the DHCP yet.
I do have the file serving and automated backups working. I've also got Parallels + Windows + MS Money installed but haven't made that switch yet.
I added a new local account for running Parallels/windows/MSMoney. I enabled Fast User Switching so, if logged into the Administrator the system could also be logged into the financial account. However, it turns out that the user switching causes the screen sharing to utterly fail.
This means I can't use SuperDuper! for automated backups because it requires the administrator be logged in (and also in the foreground). I'll have to change to Carbon Copy Cloner. I'm not sure I can do it successfully with rsync and an at script. (Note, I later find out that SuperDuper! works when logged in but not in foreground, so I'm safe by using fast user switching and keeping the administrator account logged in.)
Another problem is that the program that keeps dynamic DNS active needs to be run from a logged in account. Question -- what sort of server is this that it can't run services when not logged in? I'm not happy. I'll probably run this program on my iMac since it is logged in every day. (Note, DYN_DNS has since come out with a new release that works as a service.)
Other than that, the financial account works fine. Logging in to the account, Parallels auto-starts, which autostarts Windows, which autostarts MSMoney. Now if I can get my wife to reverse the process when done, since it is manual.
The administration tools run surprisingly slow. It takes about a minute for them to launch and changes also take several seconds. This is a surprise considering how fast everything else is running.
I think my next step will be DHCP and moving the DYNDNS program off of tom5, but it will be a day or two before I can get around to it.
I decided to enable DHCP. The default settings were not correct because I initially set the system up through WIFI. Word of warning -- use the same network interface you intend to use in production when you first bring it up!
Using Server Admin, I went to settings--services and checked the DHCP box. This added the service to the list of configurable services. They you have to go to DHCP subnets. There is a default configuration that is not enabled. It needs to be changed! As I already mentioned, it was set to use the WiFi interface. And the router was wrong. And strangely so. I put in 192.168.1.1. I also had to add my server as the DNS server, search domain of local, and as the LDAP server. I then checked the enable box, hit "save", and started the DHCP service. This took a couple of minutes, during which time everything hangs. I just had to sit and wait it out.
Of course I needed to disable the Actiontec DHCP first. Can't have them fighting it out. I had to confirm shutting it off three times before it finally went down. I didn't like the Actiontec DHCP because it sets the DNS server to be Verizon's. Now I use Google's.
With the change in DHCP, all systems now place themselves in domain Local, which they hadn't done consistently before. The Actiontec would supply the domain "home" while Macs like "local" so finding local systems required putting ".local" at the end of the name. It's not needed anymore.
My wife noted that everything on the network seems snappier now.
This morning I set the Network Account Server on my iMac to be the new server. No problem there. I also enabled the server to host TimeMachine backups and configured the Kitchen computer to use TimeMachine. I'll soon move that to an external drive on the server that will handle TimeMachine backups for the MacBooks and my wife's iMac as well.
I am having problems trying to keep the music library on the server and share it. It also wants to keep apps on the server, and I don't see how to separate my iPod Touch apps from my wife's. iTunes seems incredibly inflexible. I can't start iTunes on the server and let it be an iTunes streaming server because you are limited to five computers per account and the computers all have to be on the same account. It doesn't matter that the music is all unprotected MP3s.
End of day. I bought a 1.5TB drive at Costco for use as a TimeMachine drive. The two MacBooks are done, but the G5 iMac looks like it will take a day for the initial transfer.
Snow Leopard Server has two GUI administration programs, Server Preferences and Server Admin. The former is easier to use and is supposed to handle simple setups. I've used it for adding users and groups, which it handles just fine, but also to enable the file sharing and Time Machine (which isn't quite the same) and it failed with both, yielding share points that couldn't be accessed by users and by TimeMachine respectively. I had to use Server Admin to get things set up properly. Server Admin was also needed to get DNS and DHCP properly configured. Server Preferences can't do that, although the initial installation allows setting those services up. I just didn't want to do it at that time.
The initial installation also creates a "Mac OS X Server Next Steps" customized to the system configuration. This is a neat idea as it points the way to future configuration. I just wish there was an audit program that could regenerate the file for whatever the current state is.
So as I finish up the weekend, my score is:
There are serious performance problems with starting screen sharing and the server utilities that need to be addressed. I'll let it ride this week, and next weekend I'll finish the work and de-commision the old tom5 server.
The internal 1TB total RAID 0 array backs up automatically to an external OWC Mercury Elite-AL Pro 1TB. I've got a pair of those I switch (and keep offsite) every week. These are bootable backups so I can restore the server from them if necessary.
There is the 1.5GB external which will do TimeMachine backups of the two MacBooks, the kitchen iMac and my wife's iMac. Connected via USB 2.0.
When the internal fills, I'll move the external OWC to USB and add an external OWC FW800 drive (plus a pair for backups) for the extra media.
My iMac has it's own FW800 external for Time Machine and extra drive capacity for video processing.
Image backups (kept offsite) are performed of the systems that have important data (the iMacs and the newest MacBook) on a weekly to monthly basis. I don't back up the TimeMachine drives.
Midweek report
I found out that SuperDuper! (or Carbon Copy Cloner) will make a bootable clone, but not a functional one because you can't clone (at least) the Open Directory database and probably also the server settings. This means that either (1)all services have to be turned off during a backup, (2)the databases need to be backed up via a script, or (3)the databases need to be backed up from within the Server Admin program manually, but only when they are changed.
Now the problem of poor Apple documentation comes in. I could find nothing in the docs or in a Google search on how to turn off and on the services via the command line, or even enumerate what services have to be turned off. Note that with Linux this process is straightforward and well documented. For choice 2, the makers of Carbon Copy Cloner have a script to do the backup, but don't have one to do the restore!. That leaves choice 3. I'll have to try running from the clone to verify that this works. It's a serious and seldom mentioned flaw that they don't provide a backup tool for their servers and commonly available ones don't work.
Note that I was eventually told about the Mac's ServerBackup program that apparently TimeMachine runs to back up the server. Only problem is that I can't get it to successfully run from a script.
On the positive back-up front, I'm now doing TimeMachine backups on all four intended systems to the server.
I still don't have a happy solution to sharing iTunes music, and my wife has rebelled against Plex.
I decided this morning to quickly turn on VPN and see if I could access my home network from work. However VPN wouldn't turn on unless I went to the Security (Firewall) screen. Note that my Actiontec router is my firewall to the outside world. I configured it to pass the various VPN ports to my server. I shouldn't need the server firewall. But I, without thinking, turned it on. Bye-bye server! No DHCP, no DNS, no access at all! Tonight I'll have to connect a monitor, keyboard, and mouse and shut the firewall off. In the mean time I had to reenable DHCP in the Actiontec, and for the boxes that explicitly specified the server for DNS, I had to remove that specification. Ugh.
Well "they" talk about messing up the configuration and having to do reinstalls of the server OS. Luckily I haven't had to do that yet!
While I've got the monitor connected, maybe I can figure out why fast user switching doesn't work with the remote display.
So yesterday I connected up a monitor, keyboard, and mouse, removed the firewall, and now VPN seems to work, as well as SSH, but it will now be Monday before I can give it the "acid test" from work and school.
Fast user switching doesn't seem to work because it's taking 2 minutes or more for Screen Sharing to connect. It connects within a second to the other Mac Mini I've got. I've left a question about this on the Apple.com forum. Hey, I might even try AppleCare on this one -- they do give server support in the package, making it the AppleCare bargain, assuming I can get someone knowledgeable.
I also tried Printer Sharing. I don't really need it since my iMac is in the same room and shares printers just fine. turns out I can't get it to print! Very strange!
With classes starting Monday I don't expect to get anything done with the server this weekend. So tune in later!
VPN works, although I can't get DNS through it so I don't see my home systems by name. However that is apparently a bug in OS X 10.6.2 that gets fixed in 10.6.3, that I am installing today. Hopefully I'll be able to get Screen Sharing over VPN, too.
The Address Book and iCal servers seem to be working just fine, syncing up when reconnect to the network. There goes my only reason I'd ever consider MobileMe.
The slow operation of screen sharing is apparently a DNS configuration problem (DNS was configured automatically on install, and as I've mentioned, most of the default configurations have been very wrong.) I've got a link to a website that covers how to set it up correctly. So I'll have more to report, tonight.
I'm now hoping to be fully operational this coming weekend. And then I will condense all of this and put my setup on my website, with pictures, so that anyone else who wants to attempt it will have a place to see the "solution".
Adding-- after removing the default DNS configuration, rebooting, and entering a new DNS configuration, DNS now works properly and screen sharing starts very quickly. I did make the mistake of naming my domain "almy.us" which killed my mail and website accessing, since they are done by a hosting provider. So I made up a phony top level domain and now I can reach my mail and website as well as the internal website.
One sad thing is that Bonjour doesn't work over VPN, so it doesn't act you are on your LAN since systems don't show up in the finder. You have to use "Connect to Server". Also only Bonjour knows systems with dynamic IPs by name. You need to assign static IPs (or use the static assignment feature in the DHCP server) to connect to systems by name over VPN.
I had some open directory issues, seemingly caused by the change to domain names, so I rebuilt my Open Directory. Luckily, with so few users and groups it only took about 15 minutes to be up and running again. Now everything appears really solid. I'll let it run another week to be sure before I do the crossover.
Two points for anyone considering buying a Mac Mini with Snow Leopard Server for home use:
It's been running fine for a week. There are some confusing issues with the Address Book Server (which won't sync with an iPhone/iTouch) and iCal server (which will sync with an iPhone/iTouch wirelessly, but never do it via iTunes). I also got the Printer Sharing working -- it turns out that it must be cycled off and then on again manually before it "takes". Other services do the cycling automatically when you save settings.
The Dell box is now disconnected. The Mac mini server is installed on a bookshelf along with the image backup drive (on the left), the TimeMachine drive (above), and the Actiontec router which has WiFi, DNS, and DHCP disabled.
To recap, the Mac mini replaces the Dell Windows box and provides the following services:
I've enabled but not utilized the Web server, and am not using the mail server.
Four months later and I've added a second 1.5TB external drive for videos (the internal 1TB was not sufficient) and a "toaster" so I can use bare drives for backup. I've also switched to Quicken for Windows in the VM. It's all been running just fine. Six months after that I added a fourth external drive, this time a 2TB.
The latest iOS release for my iPod touch now give me syncing of address book, and it all works over VPN. I also made use of VPN while on vacation, using it to backup all my daily photographs each evening. I run a Plex server to serve video to the Mac minis.
After a frustrating time with the multi-step process of accessing Microsoft Money I realized that I could use Microsoft Remote Desktop software to access the Windows virtual machine (I use the Professional version of Windows, not the Home version which doesn't allow this feature). The virtual machine can be left running all the time so accessing Microsoft Money is very fast.
The server now has 4 OWC drives -- a 3TB (replacing the 1.5) and a 2TB for file serving, a 2TB (replacing the 1.5TB Seagate) for Time Machine, and the 1TB that gets swapped out for server backups. The toaster is still used to back up the multi-TB drives. I'm now additionally running iTunes as a server for an added Apple TV. The Windows PC is decomissioned.
Software change! But first I upgraded from 4 to 8 GB RAM. Then I went from Snow Leopard Server to Mountain Lion plus OS X Server. The upgrade program took several hours to complete and left me with messed up DNS (not suprised there!) and other configuration bugs that dogged me for a day. But now it's all more secure (encrypted drives with "sensitive" data) and I'm better prepared for the future if I need to replace the computer.
I don't encrypt the boot drive, which has no sensitive data. The second internal drive is encrypted and contains all of the Server databases as well as personal files. Now I'm safe against data theft even if the computer is stolen. Backups are also encrypted.
This is especially important to me as I've gone "paperless". All receipts and statements are scanned or received online. I use the Hazel application to rename and sort these documents into a folder hierarchy on the server. Because it is SpotLight indexed I get instant retrieval for any arbitrary document! Sweet!
For an extra level of backup protection, I've signed up to CrashPlan with the family plan. It does continuous cloud backup of our computers and the server.
Mavericks Server has fixed the VPN problems so I took the opportunity to upgrade to Mavericks + Server.app. Upgrade was flawless and the new server software seems to work better --much more responsive. For me this is the best server version yet. I did have to upgrade my DynDNS updater program and the version of Parallels.
Hardware upgrades -- I needed more disk space so upgraded drives in the OWC housings. There is now a 4TB drive for Time Machine, and a 4TB plus the older 3TB for file serving. Adding the two internal drives, thats a total of 12TB. I would never have though I'd have so much disk space back when I started this project! Since everything has two sets of backups, that means I've got 36TB of drives. My first hard disk drive was 20MB (that's Megabytes!).
Mavericks server limits the size off Time Machine backups, which is useful for managing space on my Time Machine drive.
The second hard drive in the Mac mini started to fail, so I replaced it with an SSD of the same size. Somewhat of a folly, since the performance improvement isn't noticeable but for a few things -- boot time is much faster (it is only booted when a new OS release requires rebooting), starting Quicken in the virtual machine is faster, and the Server.app user interface seems snappier.
I picked up a discontinued 2012 quad-core i7 Mac mini to replace the nearly 5 year old mini discussed on most of this page. Rather than just cloning its drive from the existing server, I decided to do a fresh install of Yosemite and it's server.app. I'll then move everything over. Any problems? Well I'll put them here as I go.
It's now November 28th and it's up 100% and the old 2009 server is decommissioned. I reconnected the drives, moved over the shared folders that were on the internal drives to the new internal drive (partitioned as two 500GB drives). I did a fresh install of Parallels 10 and moved over the Windows virtual machine. I moved over all the configuration files for Plex Server. I started iPhoto and had it index all the images so they can be viewed with Plex. I started iTunes and pointed it to the iTunes database that got imported.
What didn't work? Well there is no way to move the Contacts and Calendars data over after launching Server on the new system. So I had to export and reimport on a client system for our accounts. Also, no big surprise here, the TimeMachine backups wouldn't reattach, so I had to start backing up from scratch. Overall it was about a day's work, and I suspect that I'll find a thing or two I forget to configure in the next few weeks.
Even with going back to spinning drives (from having an SSD boot drive) performance has been much faster with the new Mac mini. Power consumption is the same or maybe less by a couple of watts. Some problems I was having with permissions seem to have gotten cleaned up after the move.
The new Mac mini, while discontinued, may be the last quad-core as the new 2014 models don't offer a quad core (and end up offering half the performance as a result). This is also a good transitional computer since it still has Firewire, which I use for 3 out of 4 external drives, yet has Thunderbolt and USB 3 that I can use in the future. I expect I will replace the three externals used for storage with a multi-drive Thunderbolt chassis to clean things up a bit in a future project.
Early 2017, since writing the above, things have been going smoothly with little changes. It's now up to El Capitan Server, and I've moved to Quicken for Mac and no longer run the Windows virtual machine. I have added Resilio Sync service. I've also moved the Contacts and Calendar to iCloud for easier syncing away from home without resorting to turning on VPN each time I want to sync. I'm still using the same external drives.
In July 2017 I upgraded the 3TB external data drive to 4TB (the 3TB was running 24/7 for 4 years!), so I now have 2-4TB for data, 1-4TB for Time Machine, and a 1TB that gets swapped for backing up the 1TB in the Mac mini. The data drives were divided into two partitions each so that I could back them up (with SuperDuper!) to 2TB drives, which I've got many. But the latest upgrade I just have a single partition, and back it up to 4TB drives. This is easier to back up and also simplifies use.
In September 2017 I replaced a failing internal 1TB HDD with a 1TB SSD. At the same time I went from El Capitan to Sierra. Luckily (because of Apple dropping Server) my needs seem to be simplifying. Next major push will concern CrashPlan, my cloud backup service, leaving the consumer market. Pricing will be per system with no limit of storage on each system. This would be a real deal breaker with all the computers I've got. I intend to add a fifth external drive to the server and use Chronosync to back up all the other computers to that drive on a scheduled basis. Then CrashPlan will only be running on the server computer.
At the start of 2021 there were a number of additional changes. The server backs up to BackBlaze and the other computers back up to the server using Chronosync. I've removed the ISP provided router which was unbundled and became $10/month, replacing it with an UniFi Security Gateway. This router has taken over the DNS, DDNS update, DHCP, and VPN services from the Mac mini.
My current LAN configuration is:
Note that the ISP provided router is gone and there is no video connection from the ONT as we now stream only.
In March 2023 I replaced the server computer with a new (refurbished) Mac mini with an M1 processor. I purchased it with a 1TB SSD which technically I didn't need but it made moving everything over much easier. The new system meant a mammoth jump to macOS Ventura which meant that all remnants of the Server.app are gone, but so are some incompatibilities I was getting from not being able to use the latest OS. There were no operational changes, but the hardware is all new:
All the data outside the mini is now in a 16TB OWC Gemini. The "toaster" is still there to back things up. Out of sight is a 1TB SSD that backs up the internal SSD every night. The whole thing is quiet and uses half the power. Performance of a server doesn't matter much beyond drive access speed, which is 10x better on the Gemini than the FW800 drives it replaces. For all the talk about the fantastic performance of the Apple Silicon, the internal SSD is only 20% faster and the CPU performance is about 3X faster.
I used to have a SamKnows White Box, but I've removed that and simplified my LAN connections as shown in the earlier figure. There is now a 16-port switch by the server. Additional smaller switches are at the remote end of the MoCA and the run to Joan's office. At some future time I'll probably switch out the Ubiquiti hardware for currently sold gear.
|
Tom Almy webmaster9@almy.us |
Last Modified September 2023 |
| Return to my HOME PAGE | |