Few servers come without the option to manage various services that most networks require. Lion Server is no exception to this rule. Most networks need network traffic routed into and out of the local network, services that automatically configure network settings for clients and DNS servers, useful for connecting to names of devices rather than IP addresses. These days, many also need to share usernames and passwords with third-party routers and firewalls and to provide secure connectivity to users when they are not on the local network (e.g., connecting to work from home).
Lion Server can provide all of these services. In this chapter, we’ll look at a basic implementation of each service, how to configure clients (if appropriate), and more importantly when to and when not to use Lion Server’s implementation of services and when to instead use something else.
Each network service is one small part of what a Lion Server can do. Each is also a role that could live on entire clusters of servers in very large environments. If any of these services are mission critical for your environment, then you probably don’t want them to run on a Lion Server. But if you’re trying to establish an inexpensive means of connecting to your home network to keep the WebDAV connection from being published to the world or if you’re trying to hand out more IP addresses than what an AirPort can do, a Mac OS X Server might be able to do the trick.
Overall, I would never recommend that anyone use the NAT service in Lion Server. A consumer-level appliance (which typically costs less than $100) can do a better job of acting as a gateway than an OS X Server. These devices give administrators far more options to manage incoming ports and usually have features that make the gateway far more usable.
Names are important in most networks, with Mac OS X Server being heavily reliant on DNS. Therefore, DNS gets used a lot. But DNS services are best left to internal DNS. Although OS X Servers can act as public DNS, public DNS is often better served from a registrar (e.g., Network Solutions) or a specialized DNS service (e.g., ZoneEdit). Having said this, managing DNS on a local network is something that a Lion Server is perfectly capable of doing.
VPN services for a few users are one place where a Lion Server can excel. Many consumer level devices are capable of passing VPN traffic. OS X Servers can act as a VPN Server and offer many of the same security features as other VPN servers. However, the ability to have a single repository for usernames and passwords is a great feature. Additionally, if you are using an Apple AirPort base station as your gateway appliance, OS X Server can automatically configure the device to open ports and configure the network in such a way that the VPN service just works, a great option for people that don’t have the time or inclination to open ports for VPNs.
DHCP services for smaller subnets (e.g., less than 50 users) can be run on a gateway appliance or an OS X Server with about the same features being provided to client systems. But OS X Server has the ability to provide DHCP options that aren’t available on most consumer routers, meaning that if you have specialized needs for DHCP options, a Mac OS X Server is a good fit for many environments.
Finally, many enterprises rely heavily on network services. For example, if the DHCP server goes down, users will not be able to access services from servers, resulting in many thinking that the “network is down.” Also, when remote workers cannot access the network through a VPN, they cannot work, representing the potential for a lot of people to lose a considerable amount of productivity. The NAT and DNS features for very large environments (usually more than 150 people) in OS X Server are just not appropriate uses of resources.