Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

This chapter is from the book

This chapter is from the book

Managing Apple Devices: Deploying and Maintaining iOS 8 and OS X Yosemite Devices, 2nd EditionManaging Apple Devices: Deploying and Maintaining iOS 8 and OS X Yosemite Devices, 2nd Edition

Learn More Buy

This chapter is from the book

This chapter is from the book

Managing Apple Devices: Deploying and Maintaining iOS 8 and OS X Yosemite Devices, 2nd EditionManaging Apple Devices: Deploying and Maintaining iOS 8 and OS X Yosemite Devices, 2nd Edition

Learn More Buy

Exercise 4.3 Configure OS X Server for Yosemite

Prerequisites

  • Exercise 4.2, “Install OS X Server for Yosemite”
  • You need the text files from the student materials, which you obtained as part of Exercise 2.1.

Challenge

Configure Apple Push Notification Service certificates. Configure and start services you will use for the rest of the course:

  • Open Directory, including importing or creating users and groups
  • Mail
  • Calendar
  • Contacts
  • Wiki

Considerations

In the Server app’s list of services, Open Directory is hidden by default in a section of advanced services. The downloadable student materials contain user import files with eight users and a group import file with two groups.

Solution

Enable Push Notifications

  1. If necessary, open the Server app, authenticate to your server, select your server in the Server app sidebar, and then click the Settings tab.
  2. If the “Enable Apple push notifications” checkbox is not already selected, select it now.

  3. Enter your administrator Apple ID credentials.

    e04-09.jpg

    Click to view larger image

  4. Click Get Certificate.

  5. After the Server app successfully creates and processes the Apple Push Notification Service certificates and displays their shared expiration date, click Done.

    e04-10.jpg

    Click to view larger image

Configure Your Server as an Open Directory Master

In a production environment you would definitely confirm or verify DNS records before configuring your server as an Open Directory master. However, because this environment uses Bonjour names, you can skip the usual DNS verification step.

  1. If the Server app does not display the list of advanced services, hover the pointer above “Advanced” in the sidebar, and then click Show.
  2. Click Open Directory.
  3. Click On to turn on the Open Directory service.
  4. Select “Create a new Open Directory domain,” and click Next.

  5. Configure a password; you can leave the “Remember this password in my keychain” option selected.

    If your server is not accessible from the Internet, in the Directory Administrator pane, enter diradminpw in the Password and Verify fields, and click Next.

    Of course, in a production environment, you should use a secure password.

  6. In the Organization Information pane, enter appropriate information.

    If the following fields do not already contain the information shown, enter it, and click Next:

    • Organization Name: MDM Project n (where n is your student number)
    • Admin Email Address: ladmin@server n .local (where n is your student number)

  7. View the Confirm Settings pane, and click Set Up.

    The Server app displays its progress in the lower-left corner of the Confirm Settings pane.

    When the configuration is complete, the Server app displays the Servers section of the Open Directory pane, with your server listed as the master. It also displays any additional IPv4 addresses your Mac has in addition to your server’s primary IPv4 address (such as Wi-Fi).

Inspect the SSL Configuration

One of the benefits of configuring your server to be an Open Directory master is that it automatically creates a code signing certificate for Profile Manager to use. Use the following steps to inspect your server’s Secure Sockets Layer configuration:

  1. In the Server app sidebar, select Certificates.

    Note that all the services are set to use the same certificate: servern.local certificate (where n is your student number), which is signed by your server’s OD intermediate CA.

    e04-15.jpg

    Click to view larger image

By default, the Server app does not display all certificates. Use the Action pop-up menu to display all certificates, and then inspect the two certificates.

  1. Click the Action (gear icon) pop-up menu, and choose Show All Certificates.
  2. Double-click the servern.local certificate (where n is your student number).
  3. Inspect the details of the certificate.

  4. Scroll to the end of the certificate information, and note that Purpose is Server Authentication.

    Note the Renew button for the certificate. When the renewal date approaches, the Server app automatically generates an expiration alert for the certificate, and the alert offers a Renew button. You don’t have to wait for the alert; you can use this button to renew the certificate at any time.

  5. Click OK to return to the list of certificates.
  6. Double-click the Code Signing certificate.
  7. Scroll to the end of the certificate information, and note that Purpose is Code Signing.
  8. Click OK to return to the list of certificates.
  9. Click the Action (gear icon) pop-up menu, and choose Show All Certificates to deselect that item.

Import Users into Your Server’s Shared Directory Node

To expedite the exercise, in the StudentMaterials folder is a text file with user accounts. This import file defines these users with a “net” password. Of course, in a production environment, each user should have a unique password or passphrase that is secret and secure.

Import the accounts into your server’s shared directory node.

  1. In the Server app, choose Manage > Import Accounts from File.
  2. In the sidebar, click Documents. Open StudentMaterials, and then open the Lesson4 folder.
  3. Select the users.txt file.
  4. Click the Type pop-up menu, and choose Local Network Accounts.

  5. If directory administrator credentials are not automatically provided thanks to the keychain item, provide directory administrator credentials in the Admin Name and Password fields.

    e04-16.jpg

    Click to view larger image

  6. Click Import.
  7. At the “Importing these accounts may take a long time. Are you sure you want to continue?” dialog, click Import.

  8. After the import has completed, select Users in the Server app sidebar, and confirm that there are eight new local network users.

    NOTE

    If any of the users are listed as Not Allowed, after the import has completed, choose View > Refresh.

    You now have added eight local network user accounts.

Import Groups into Your Server’s Shared Directory Node

To expedite the exercise, you have two import files, one that defines some of the imported users as members of the Marketing group and another that defines users as members of the Engineering group.

  1. In the Server app, choose Manage > Import Accounts from File.
  2. Click the Type pop-up menu, and choose Local Network Accounts.
  3. If necessary, provide directory administrator credentials in the Admin Name and Password fields.
  4. Double-click the groups.txt file to start importing the file.
  5. At the “Importing these accounts may take a long time. Are you sure you want to continue?” dialog, click Import.
  6. After the import has completed, select Groups in the Server app sidebar.
  7. Double-click the Engineering group.
  8. Confirm that there are four members of the Engineering group.
  9. Click Cancel to return to the list of groups.
  10. Double-click the Marketing group.
  11. Confirm that there are four members of the Marketing group.
  12. Click Cancel to return to the list of groups.

You now have two new local network groups populated with the local network users you previously imported.

Configure and Start the Mail Service

Once you’ve configured the Mail service, you can use it in other parts of this guide for configuration profile examples and to mail VPP notification invitations. This is not a production server, so to expedite the setup, you will disable virus and junk mail filtering.

  1. In the Server app sidebar, select Mail.
  2. Click Edit Filtering Settings.
  3. Deselect the “Enable virus filtering” checkbox.
  4. Deselect the “Enable junk mail filtering” checkbox.
  5. Click OK to close the Mail Filtering pane.
  6. Under the Domains field, click the Add (+) button.
  7. In the Domain field, enter server n .local (where n is your student number).
  8. Click the Add (+) button.
  9. Press Command-B to display the accounts browser window.
  10. Select an account in the accounts browser, and then press Command-A to select all users and groups.

  11. Drag the accounts to the field that lists the Members and Email columns.

    e04-17.jpg

    Click to view larger image

  12. Press Command-B to hide the accounts browser window.
  13. Click Create.
  14. Click On to start the Mail service.

  15. Wait for the mail service to become available (green status indicator in the Status field).

    e04-19.jpg

    Click to view larger image

Verify the Mail Service

  1. Open Mail on either your server Mac or your client Mac.
  2. In the “Choose a mail account to add” pane, select Add Other Mail Account, and click Continue.

  3. In the Add a Mail Account pane, confirm that the import file includes an email address for your server, for example:

    • Full Name: Barbara Green
    • Email Address: barbara@servern.local (where n is your student number)
    • Password: net
  4. Click Create.
  5. After the pane displays the message “Account must be manually configured,” click Next.

  6. In the Incoming Server Info pane, on the IMAP tab, in the Mail Server field, enter servern.local (where n is your student number).

    The User Name and Password fields should already be populated.

  7. Click Next.
  8. If you see the Verify Certificate window, click Show Certificate, select the “Always trust” checkbox, and click Connect.
  9. If necessary, enter the local administrator credentials, and then click Update Settings.

  10. In the Outgoing Mail Server Info pane, use the following information to fill in any empty fields:

    • Mail Server: servern.local (where n is your student number)
    • User Name: barbara
    • Password: net
  11. Click Create.

Send and Receive a Test Message

  1. Choose File > New Message.
  2. In the To field, enter barbara@servern.local (where n is your student number).
  3. Enter some text in the Subject field.
  4. Enter some text in the main body field.
  5. Click the Send button in the upper-left corner of the message.
  6. Confirm that the message is delivered. If necessary, choose Window > Message Viewer.
  7. Quit Mail.

Turn On the Calendar Service

To have another service available for the Settings for Everyone configuration profile, you can turn on the Calendar service.

  1. In the Server app sidebar, select Calendar.

  2. Click On to start the service.

    You can leave all the settings at their defaults.

Turn On the Contacts Service

Using the Contacts service allows you to quickly look up information, such as email addresses, for the users hosted by your server.

  1. In the Server app sidebar, select Contacts.
  2. Select the checkbox “Allow users to search the directory using the Contacts application.”

  3. Click On to start the service.

    You can leave all the other settings at their defaults.

Turn On the Wiki Service

By default, the Wiki service allows iOS users to edit files on the wiki using iWork.

  1. In the Server app sidebar, select Wiki.

  2. Click On to start the service.

    You can leave all the other settings at their defaults.

In this exercise, you turned on push notifications on your server computer, configured the server as an Open Directory master, imported or created users and groups, and turned on a few key services.

Peachpit Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Peachpit and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Peachpit products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email ask@peachpit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.peachpit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020