Update 10/25/2011: I’ve discovered that Apple provides Lion-ready versions of the older server management tools via a separate download from Apple, called Server Admin Tools 10.7 [link no longer available]. I have amended my post to reflect the capabilities of the Server Admin Tools 10.7 suite. Short version: Server Admin Tools 10.7 looks a lot like Server Admin Tools 10.6, but it has been stripped down, and has reduced functionality compared to Server Admin Tools 10.6 that ships with Snow Leopard. On the bright side, Server Admin Tools 10.7 doesn’t conflict with the new Server.app in Lion.

As I discussed in a previous post, I’ve been hosting this website on a Mac Mini server running Snow Leopard Server. The initial setup was a bit convoluted and not the most pleasant experience. It could have been much worse, but it was nowhere near what I expected from an Apple product.

At work, I recently had the opportunity to set up a Mac Mini running Lion Server. Now that I’ve had a chance to use it a bit, I thought I’d jot down a few comments. If you’ve done any research into Lion Server, you probably won’t be surprised by my comments.

First, the disclaimer: I have used Snow Leopard Server and Lion Server for slightly different tasks, so it’s isn’t a straight-up apples-to-apples comparison.

Web hosting

My Snow Leopard Server is confined strictly to web hosting: Apache, PHP, MySQL, and a dab of FTP. I host multiple sites and use a combination of the Server Preferences app and the Server Admin app to manage everything. Setting up websites in Snow Leopard is really easy via the Server Preferences app, and you have a pretty good assortment of settings to tweak in the Server Admin app if you want to fine-tune things.

Lion Server discarded both the Server Preferences app and the Server Admin app in favor of a new, streamlined “Server” app. It’s even easier to set up a website in Lion than it was in Snow Leopard. BUT… Server doesn’t provide ANY of the fine-tuning options that Server Admin provided in Snow Leopard. If you’re a total server admin n00b who only wants bare-minimum web hosting, this is probably good. But if you’d like any level of real control, you’ll be forced to use the command line. For me — not a n00b anymore but certainly not a command line guru — I’m left in the lurch a bit. I expect to be doing a ton of Google searches in the near future.

One example of how this can affect you: most domains should be set up with an alias to enable the domain to work without the “www” subdomain. For example, https://pipwerks.com is an alias that points visitors to https://pipwerks.com. If the www alias isn’t created, anyone who attempts to visit pipwerks.com by typing https://pipwerks.com will get a browser error. In Snow Leopard, it’s super easy to set up an alias in the Server Admin app. Lion does not provide this option, so you’ll have to do it via Terminal. More Google searches and wasted time.

Score (5 highest, 1 lowest): Lion: 2, Snow Leopard: 4

MySQL

Apple discarded MySQL in favor of PostgreSQL. This will cause problems for many who depend on MySQL, such as WordPress users. The good news is that you can install MySQL using an installer available for free from mysql.com. The bad news is you’re on your own when it comes to security patches and updates… Apple’s system update will no longer handle patches for you. (To be fair, Apple is notoriously slow to release security updates for server components anyway, so you probably shouldn’t rely on them to keep your system secure.) Not a showstopper, but definitely a stumbling block.

Score (5 highest, 1 lowest): Lion 1, Snow Leopard: 4

File Sharing

Snow Leopard’s file sharing GUI was decent, but I frequently had to tweak settings in multiple places. It was a bit disjointed and I was never quite able to get my FTP access set up the way I preferred. In Lion, the file sharing GUI is extremely simple and much easier to use. Maybe it’s because Apple removed the FTP option in the file sharing preferences! In Lion, you must use the Terminal to control your FTP services (or maybe find a 3rd party app). This seriously sucks. On the bright side, AFP is a cinch to set up. Since I’m only using AFP at the moment, I can be generous in my grading. If I depended on FTP, I’d grade much lower.

Score (5 highest, 1 lowest): Lion: 2.5, Snow Leopard: 2.5

User management

Configuring the directory in Snow Leopard Server was the single most painful experience I’ve had with Apple products (well, at least since the emergence of OS X — Mac OS 9 caused quite a bit of pain back in the day!). Configuring the directory seriously sucked and required hours and hours of troubleshooting, including multiple calls to Apple support. One little mistake when you first set up your system and it’s hosed, requiring a clean install.

Lion Server simplifies the process, and was astoundingly easy to set up. In fact, one of the key differences between the two systems is what happens when you first install the Server system: Snow Leopard forces you to configure your directory right away (even if you only intend to have a single user), while Lion doesn’t even mention the directory until you try to configure a service that relies on it. In this event, the configuration screen pops up and the process is so quick you’re done before you realize it. I can’t begin to tell you how happy that made me.

Snow Leopard has an app dedicated to user management (Workgroup Manager). Lion took the most basic elements of Workgroup Manager and turned them into a pane inside Server.app.

Update: Workgroup Manager is still available as part of the Server Admin Tools 10.7 [link no longer available] package, available as a separate download from Apple.

Since neither of my servers are used by clients (I only have a handful of accounts), I’m much happier with the slimmer approach used by Lion. Of course if you have many clients, you may prefer Snow Leopard’s far-reaching Workgroup Manager app.

Score (5 highest, 1 lowest): Lion 4, Snow Leopard: 1

Firewall

Snow Leopard Server includes a Firewall pane in Server Admin app, which makes it very easy to configure your firewall settings. This is gone in Lion.

Update: The new version of the Server Admin app (part of the Server Admin Tools 10.7 [link no longer available] package) provides a GUI for Firewall configuration. It’s a no-frills management panel, but it’s there if you need it.

Score (5 highest, 1 lowest): Lion 1 3, Snow Leopard: 4

Managed Clients

A “Managed Client” is a Mac that is associated with your server, allowing you to perform remote updates, enforce security options, etc. This is basically the feature that allows you to be an IT department and lock down computers registered on your system.

I never used the Managed Client feature in Snow Leopard, so I can’t make any comments. In Lion, the Managed Client feature (accessed via Profile Manager) is so easy to use, it makes me giggle. Granted, I’m not a “real” IT professional when it comes to managed clients, so take my comments with a grain of salt. All I know is, I needed to manage about a dozen Macs at work (think: computer lab-style shared workstations), and Profile Manager has been very easy for me to use, without having any real technical experience in the area.

One downside: all the Mac clients must have the Lion OS if they’re to be managed by Lion Server.

Update: From what I’ve researched, Snow Leopard clients can be managed from a Lion Server, but there are certain incompatibilities to watch out for. Clearly Apple would prefer everyone to use Lion.

Score (5 highest, 1 lowest): Lion 4.5, Snow Leopard: n/a

Summary

Lion Server really trimmed the fat, and Apple appears to have gotten so carried away they trimmed some of the good meat as well. If you’re looking for a GUI with lots of options, go with Snow Leopard Server. If you want the most streamlined experience you can get and only need to do basic web hosting, go with Lion. If you’re comfortable with Terminal and the command line, I’d suggest going with Lion because the GUI won’t get in your way as much and you probably already know what you’re doing.

I will be experimenting with Lion server for a while before I try and upgrade from Snow Leopard Server (if I upgrade). And if I decide to upgrade from Snow Leopard to Lion, I will definitely do a clean install… so many things have changed, I can foresee a lot of configuration problems arising from upgrades.


Comments

Stephen Battey wrote on October 15, 2011 at 9:07 pm:

Excellent entry comparing the two, you did a good job mentioning that MySQL isn't included anymore and that aliases aren't super easy anymore.

I am in the process of working through the documentation at http://diymacserver.com/Lion/ but I ran into some snags with the MySQL set up. I resolved these by changing the owner of the MySQL data directory and running the commands to start and administer the server as a super user (something that should have been obvious to me…but apparently I'm not to quick sometimes)

You might also try this out.

I tested the Lion server app and I found it to be deplorable, at best. The worst part? After starting the web server on lion, it never really turns off. After a restart it continues to run and you can't kill the httpd process as it will just start back up. (Probably something related to a launch daemon.,..but honestly I shouldn't have to deal with this) Moral of the story? Don't use lion server unless you are positive you want to use lion server because lion servers apache install won't let you use a custom install. I suppose one could find the offending plist file but I honestly shouldn't have to hunt it down.

MAMP Pro is also a good solution, the pro version allows you to secure it a lot more than the default but I found that I can set up a more reliable system by compiling and installing everything myself.

P.S. I like your anti spam method….I might consider implementing something like this on my blog in the future… I'm sure it is a lot lighter than akismet and me getting emails every time a real comment manages to escape the net.

philip wrote on October 15, 2011 at 10:42 pm:

@stephen Thanks for the feedback. Somehow I missed that diymacserver link, that's a good one to know. Regarding MySQL on Lion, I was able to set it up pretty quickly with the .DMG from mysql.com, it just required an extra tweak or two via the Terminal.

I must admit I'm tempted to go the MAMP Pro route; I use MAMP for local testing, and it's pretty much everything I need. It's easy to use, self-contained, and well supported. It's also easy to find configuration files if you ever need to change something — Mac Server routinely changes the default directories traditionally used by Linux systems, which makes it harder to find good documentation (the Linux docs will frequently mention directories that don't exist on Mac, and Mac Server documentation is sparse at best).

<em>EDIT: Thought I should also mention for those who don't know, that MAMP is meant for local production environments and isn't secure. If you want to use it for production, you will not get support from the vendor, and you will have to do a LOT of reconfiguration to secure the system.</em>

RE: the anti-spam code, it has worked really well… I never get spam comments from bots. One time I upgraded my WordPress install and forgot to reapply my anti-spam hack, and I was almost instantly bombarded by comment spam. I still get pingback spam, but it's handled well by Akismet.

Stephen Battey wrote on October 16, 2011 at 12:33 am:

I am not really sure why my MySQL set up needed it's permissions changed after install, not sure if it is normal or not. Other than MySQL, everything can be compiled with the custom settings shown on the DIYMacServer website. The instructions provided put everything in /usr/local so the programs don't get wiped out by an upgrade.

It proved to be an extremely valuable resource and even explains setting up a mail server (though I will be using google apps for that anyway.)

If you decide to upgrade to lion on your web server, good luck!

philip wrote on October 16, 2011 at 2:04 am:

In my case I didn't need to change permissions, I just needed to fix the socket/folder path issue (MySQL installer says one thing, PHP expects another). Was a 2 or 3 line fix via Terminal… I can't recall the specifics, but there are tons of hits if you Google it.

Anthony wrote on October 25, 2011 at 10:13 am:

Does anyone know if you can run snow leopard server and have lion clients?

philip wrote on October 25, 2011 at 10:38 am:

@anthony I don't know for sure. From what I've read online, Lion Server works with Snow Leopard clients, but not all features are supported, and you may have to implement workarounds. For example, file sharing support has changed quite a bit in Lion Server.

Similar Posts

6 Comments

  1. Excellent entry comparing the two, you did a good job mentioning that MySQL isn’t included anymore and that aliases aren’t super easy anymore.

    I am in the process of working through the documentation at http://diymacserver.com/Lion/ but I ran into some snags with the MySQL set up. I resolved these by changing the owner of the MySQL data directory and running the commands to start and administer the server as a super user (something that should have been obvious to me…but apparently I’m not to quick sometimes)

    You might also try this out.

    I tested the Lion server app and I found it to be deplorable, at best. The worst part? After starting the web server on lion, it never really turns off. After a restart it continues to run and you can’t kill the httpd process as it will just start back up. (Probably something related to a launch daemon.,..but honestly I shouldn’t have to deal with this) Moral of the story? Don’t use lion server unless you are positive you want to use lion server because lion servers apache install won’t let you use a custom install. I suppose one could find the offending plist file but I honestly shouldn’t have to hunt it down.

    MAMP Pro is also a good solution, the pro version allows you to secure it a lot more than the default but I found that I can set up a more reliable system by compiling and installing everything myself.

    P.S. I like your anti spam method….I might consider implementing something like this on my blog in the future… I’m sure it is a lot lighter than akismet and me getting emails every time a real comment manages to escape the net.

    1. @stephen Thanks for the feedback. Somehow I missed that diymacserver link, that’s a good one to know. Regarding MySQL on Lion, I was able to set it up pretty quickly with the .DMG from mysql.com, it just required an extra tweak or two via the Terminal.

      I must admit I’m tempted to go the MAMP Pro route; I use MAMP for local testing, and it’s pretty much everything I need. It’s easy to use, self-contained, and well supported. It’s also easy to find configuration files if you ever need to change something — Mac Server routinely changes the default directories traditionally used by Linux systems, which makes it harder to find good documentation (the Linux docs will frequently mention directories that don’t exist on Mac, and Mac Server documentation is sparse at best).

      EDIT: Thought I should also mention for those who don’t know, that MAMP is meant for local production environments and isn’t secure. If you want to use it for production, you will not get support from the vendor, and you will have to do a LOT of reconfiguration to secure the system.

      RE: the anti-spam code, it has worked really well… I never get spam comments from bots. One time I upgraded my WordPress install and forgot to reapply my anti-spam hack, and I was almost instantly bombarded by comment spam. I still get pingback spam, but it’s handled well by Akismet.

  2. I am not really sure why my MySQL set up needed it’s permissions changed after install, not sure if it is normal or not. Other than MySQL, everything can be compiled with the custom settings shown on the DIYMacServer website. The instructions provided put everything in /usr/local so the programs don’t get wiped out by an upgrade.

    It proved to be an extremely valuable resource and even explains setting up a mail server (though I will be using google apps for that anyway.)

    If you decide to upgrade to lion on your web server, good luck!

  3. In my case I didn’t need to change permissions, I just needed to fix the socket/folder path issue (MySQL installer says one thing, PHP expects another). Was a 2 or 3 line fix via Terminal… I can’t recall the specifics, but there are tons of hits if you Google it.

    1. @anthony I don’t know for sure. From what I’ve read online, Lion Server works with Snow Leopard clients, but not all features are supported, and you may have to implement workarounds. For example, file sharing support has changed quite a bit in Lion Server.

Comments are closed.