Mac Mini as OSX Server + GlobalSan iSCSI
- 
 @ntoxicator said: I do not trust LDAP connectors on third party products. Be better to manage it directly from Mac OS Server.app Technically Mac OS would be the third party in an LDAP scenario  
- 
 @ntoxicator said: But then I would have to goto each work station and manually add the network shares. Maybe this is something that I have missed. How does the Mac Mini file server handle this? It gives you a means to push out automounting SMB shares on the network? 
- 
 Anyone have experience with the Drobo? Would be nice if I can slice up the RAID array into different volumes. The Synology NAS lets me do such. Again Like to pull the current dropbox files to a different volume and essentially archive them. Create network share for the users that need access. New folder/file structure would be created and setup as a new share point (SMB) through Mac OSX. I was planning on using the Synology NAS and present an ISCSI LUN to the mac via GlobalSan iSCSI initiator. Once mounted. Create file fodlers and share those folders over the network using SMB sharing option. Still data would flow from 1Gbe switches > To Mac mini server > Write to Drobo or Synology NAS Only way to theoretically achieve higher throughput would be to write directly to the Synology or Drobo.. But then have different set of limitations as far as network & user management. 
- 
 @ntoxicator said: @Dashrender said: u not by using a Setting up user profiles and drive maps upon user login. Similar to that of GPO policies on Windows Server Does having a Mac Mini allow this but other solutions do not? 
- 
 Yes -- Can configure user profiles and configure option so network drive maps at login. 
- 
 @ntoxicator said: Anyone have experience with the Drobo? Would be nice if I can slice up the RAID array into different volumes. It's just a DAS, you can slice it however you want. We have a Drobo B800i SAN in our lab. We've used it for years. 
- 
 @ntoxicator said: Yes -- Can configure user profiles and configure option so network drive maps at login. But you can't using a normal server or just the desktop? What utility configures this? 
- 
 @ntoxicator said: I was planning on using the Synology NAS and present an ISCSI LUN to the mac via GlobalSan iSCSI initiator. Once mounted. Create file fodlers and share those folders over the network using SMB sharing option. Still data would flow from 1Gbe switches > To Mac mini server > Write to Drobo or Synology NAS Only way to theoretically achieve higher throughput would be to write directly to the Synology or Drobo.. But then have different set of limitations as far as network & user management. Faster way that doesn't require switching to NAS is to not have iSCSI or switches. iSCSI is overhead here and switches introduce risk and latency without benefit. The only things you should consider are a Mac Mini + DAS unit or a straight NAS. (Assuming going to traditional file shares.) 
- 
 Gotcha. I understand Well, for the iSCSI connection to mac mini. I was going to directly connect the mac mini to the Synology nas via seperate network cables (thunderbolt to GigE adapters) and LACP on both ends. This would be seperate IP assignment 1GigE NIC in the mac mini would be connected to a switch. Trying to locate down this Linux distro that i was checking into awhile ago.... Does AD integration, openDirectory integration and more... it was nice.. cant put finger on it right now. 
- 
 One thing that hasn't been mentioned and I need to make sure that it gets brought up since I'm in the middle of writing an article about it is that file shares like this are really a thing of the past. Not only are they an old technology and have some limitations in today's world, but that would be minor and we could generally live with that. But more importantly, using shares like this what is the plan for protection against ransomware / cryptoattacks? As a security measure most companies are moving away from SMB shares in a panic today. 
- 
 Great point.. Crytoware is the devil. Although they're HFS+ filesystem and mac ecosystem... Unaware there was a cryptoware variant for Mac/Unix? 
- 
 Do you have any comments about UCS - Univention Corporate Server? What about OpenSUSE Server? 
- 
 @ntoxicator said: Great point.. Crytoware is the devil. Although they're HFS+ filesystem and mac ecosystem... Unaware there was a cryptoware variant for Mac/Unix? HFS+ will not slow a ransomware in any way.... ransomware would not even realize you were on HFS+. They all encrypt files, not filesystems. That there is or isn't a variant for Mac yet is really not a security factor either. Mac is the least secure of the major operating systems and becoming a bigger and bigger target. That ransomware is a significant threat to Mac users is very much the case today. And this system isn't just for today, it's to use tomorrow too. So the risk is huge. 
- 
 @ntoxicator said: What about OpenSUSE Server? Suse / OpenSuse is my top pick for general purpose storage. 
- 
 Gotcha I migrated some older Windows XP desktops at a few of their offices to OpenSuse 13.2 . Locked down.. and made sure everything worked for their MLS needs, and dropbox on a few. No complaints 
- 
 I have not used UCS. But hopefully once our new lab is operational that is something that can be added there. 
- 
 @ntoxicator said: Gotcha I migrated some older Windows XP desktops at a few of their offices to OpenSuse 13.2 . Locked down.. and made sure everything worked for their MLS needs, and dropbox on a few. No complaints I work from a Linux Mint 17.2 laptop for day to day computing. I have a Windows 10 laptop purely for gaming (Asus ROG.) 
- 
 It just comes down to managing the mac computers. in SMB - a windows server setup can be costly and complex. I do not enjoy setting them up all the time and the GPO policies per client needs. pain the F* ass. No distro is perfect, they all suck in my opinion. Would things be easier if they were still Windows machines? Sure. 
 Windows 10 - hell no. I tell my customers to stay Windows 7 or 8.1 (classic shell) and hold out.Could I do a Linux domain controller setup (Zentyal or similar) Yep! This would probably be nearly a silver bullet. But again -- they're on mac computers. iMac's and Mac mini's throughout their office locations. Have been this way for almost a year now. So needing to manage these machines + users throughout. Also the re-image the machines if something goes honky or a user blows out install. etc. mac mini + Server.app - I could setup NetInstall & NetRestore.... or... keep a USB drive with Carbon Clone Copy disk image. For windows machines and installs - I normally keep a CloneZilla disk image of specific machines. 
- 
 I've had support issues with Mac OSX Server. Tried to roll them out for a client and Apple engineering had to admit that they didn't work as advertised and could not be fixed and there was nothing to be done but to return it. Apple doesn't stand behind the server approach even though they push it. I'm sure it works well here and I agree with your reasoning on everything except probably the shares, but my own experience with OSX Server is that Apple treats it as an unsupported hobby project and there is no business class support for it. 
- 
 Yeah.. Its the unfortunate truth and I see it. They killed their nice server product line and all that to shambles. only one can hope with IBM behind them now for customer service & support center + app development. They would consider re-inventing the server need and enterprise market. Laughable that Apple says IBM employee's switch to Apple machines or the work place has considerable amount of mac computers. Which problem area's did you have with Server app? Was this recent or older version of OSX Server? What would be your take on the shares? Simple point of SMB shares and the security risks associated for future use for threats? 


