Lion Server Quickstart Guide 1.0
The environment... 4 Commonly used acronyms in this document... 5 Why certificates matter in Lion Server... 6 About self-signed certificates... 6 About CA-signed certificates... 7 About code-signed certificates (optional)... 7 Preparing a USB install drive... 8 Preparing your target computer for Lion Server... 8 Installing Lion Server... 10 Navigating the setup assistant... 11 Adjustments to the Finder... 17 Run Software Update... 17 Verifying DNS setup... 18 Generating your trusted SSL certificate... 19 Using your SSL Certificate for Lion Server... 21 Enable Apple Push Notifications... 23 Configuring Profile Manager... 24 Enrolling a device into Profile Manager... 25 Managing restrictions on ios with Profile Manager... 27 Appendix A - Preparing a USB drive to handle the install... 29 Appendix B - Enabling Apple push notifications... 32 Appendix C - Active Directory integration... 32 Summary... 33
Lion Server has changed significantly when compared to previous versions of OS X Server. With a new focus on supporting ios devices, Lion Server can even be considered an appliance for specific services that are not offered on other platforms, ranging from ios device management to Apple software update services. It s a worthy upgrade with some very welcome new features. Not only does the reliance on domain name services (DNS) still exist, but there s now a real dependency on another technology that you may not have dealt with in the past; certificates. Typically known as secure socket layer (SSL) certificates, they are a critical component of your Lion Server setup since ios devices and Mac OS X client now utilize them for management. Open Directory (OD) still plays a role in Lion Server. All of these topics will be covered in this document. Lion Server Quickstart Guide Page 3
The environment This setup consists of one server that provides DNS, Open Directory, ios/mac OS X management, software update service (SUS), WebDAV and Apple file services via Apple File Protocol (AFP). There is only one client computer in the setup environment, which is a 10.7.2 client computer. There is a router on the network, based on a 10.0.1.1/24 scope. You can simply have the server and the client connected to the same switch, as long as a router can be reached on the network. If you re testing Lion Server and setting it up in a non-production environment (and on an isolated switch or VLAN), proper DHCP setup guidelines can be found in Apple s online server documentation. Specifically, the network services section. https://help.apple.com/advancedserveradmin/mac/10.7/ If you have an existing DNS server that is reachable from the Lion Server, it would be best to continue having that server provide DNS resolution for your environment. Be sure to create a forward (A) record as well as a reverse (PTR) record in the proper zones. If you do not have any knowledge/experience of DNS setup or modification, then you can still follow the steps below and allow Lion Server to create it s own DNS infrastructure. In regards to SSL certificates, this document will focus on using a trusted certificate from a third party service. While Profile Manager (used to manage ios devices and computers running Lion client) can leverage self-signed certificates, trusted certificates will be used. Hopefully, by the end of this document, the pros and cons of each will be clear. Page 4 Lion Server Quickstart Guide
Commonly used acronyms in this document In order to keep track of all of the acronyms used in this document, all of them are listed below. SLA USB OS DNS SSL CA APNS OD ODM AD SUS AFP DHCP LDAP Software Licensing Agreement Universal Serial Bus Operating System (client/server) Domain Name Service Secure Sockets Layer Certificate Authority Apple Push Notification Service Open Directory Open Directory Master Active Directory Software Update Service/Server Apple File Protocol Dynamic Host Configuration Protocol Lightweight Directory Access Protocol IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 SSH Secure Shell Lion Server Quickstart Guide Page 5
Installation considerations There are two ways to perform the installation of Lion Server. The first is to install Lion Server right on top of Lion client. This process promotes the computer to a server, so to speak. The second option is to perform a custom install of Lion Server onto a blank hard drive or volume, bypassing the promotion process altogether. How should you decide which is better than the other? The quick answer is that one isn t necessarily better than the other. However, performing a custom installation of Lion Server, on a freshly-formatted drive or volume, provides a more consistent setup experience. Not only that, it involves a process that will feel much more familiar to you if you ve installed previous versions of Mac OS X Server since the initial boot will go right into the Server Setup Assistant. Because of these circumstances, this document will only focus on a clean installation of Lion Server that boots up to the Server Setup Assistant. SSL certificates In addition to deciding on an installation method for Lion Server, you also need to decide on what type of SSL certificates you will rely on for your server. With potentially sensitive information moving between your Lion Server and the computers/devices that it is managing, it is important to leverage a certificate. When customers do online shopping, they like to know that the website they are visiting (and putting their credit card information into) is the actual website that it says it is. Same goes for banking or any other online service that holds and/or transfers your private information. A certificate provides this validation. However, there are pros and cons to the type of certificate you utilize, and those differences will be outlined below. Why certificates matter in Lion Server Lion Server leverages a web interface to manage Lion client computers and ios devices, known as Profile Manager. Those same computers and devices must verify, or trust, that the server managing them can identify itself electronically and communicate securely. This is where certificates come in. Whether you are setting up this server in a test or production environment, it is best to decide on what type of certificate(s) you will use before you begin. Here is some basic information about the different kinds of certificates. About self-signed certificates Leveraging a self-signed certificate is simple to do in Lion Server. You can use an Apple ID to automatically generate them, and the server can use them right away. Once you begin to use self-signed certificates, though, extra steps must be taken in order for computers and ios devices to trust those certificates when utilizing them for management. They simply will not Page 6 Lion Server Quickstart Guide
accept that the server is telling them that it s valid. You will have to intervene and require them to trust the certificate and the communication from the server. About CA-signed certificates The job of a certificate authority (CA) is to be the trusted third party between the server holding a certificate and the user, computer, or device that needs to trust it. How does the CA know that the certificate is valid? Unlike a self-signed and self-generated certificate, a CA actually generates the certificate and allows the owner to download and use it. Most modern operating systems and web browsers have a list of CAs that they automatically trust when browsing the web or using online services. CA-signed certificates typically cost anywhere from $15/year up to $150/year, depending on the provider. For a list of available trusted root certificates on ios devices, please see the following KBase article: http://support.apple.com/kb/ht4415 For a list of available trusted root certificates on Mac OS X, open Keychain Access in / Applications/Utilities. About code-signed certificates (optional) A code-signed certificate is more secure than a trusted certificate because it digitally signs executables or scripts that guarantee the code has gone unaltered since it was signed. More verification from the CA is typically needed to generate and distribute a code-signed certificate, which is why they re usually much more expensive (typically $200/year or higher). Trusted certificates, as well as code-signed certificates, can be purchased from one of several vendors. Below is a list of providers that sell certificates. This list is not an endorsement of any given provider, and they are listed in alphabetical order. Comodo Digicert GoDaddy Network Solutions Thawte Verisign www.comodo.com www.digicert.com www.godaddy.com www.networksolutions.com www.thawte.com www.verisign.com Lion Server Quickstart Guide Page 7
Preparing a USB install drive If you purchased a Mac with Lion Server pre-installed, then you do not need to follow the steps in this section. This section will walk you through the steps of preparing a USB drive for a Lion Server install. 1. Install Lion Client to a USB drive. (If you need assistance with this, please refer to Appendix A - Preparing a USB drive to handle the install 2. Copy the Install Mac OS X Lion installer into the Applications folder of the USB drive. 3. Purchase and/or download the Server app from the Mac App Store. If you do not have it yet, you can purchase it from the Mac App Store. 4. When it is finished downloading, immediately launch and install Server app. 5. Nothing needs to be done with the Server app after this point, so you can quit Server app as soon as it finishes the installation. 6. Shut down the computer that the USB drive is plugged into and unplug the USB drive. Preparing your target computer for Lion Server Now that your USB drive is ready, the install of Lion Server can begin. 1. Choose the computer that you will be installing Lion Server onto. The requirements for Lion Server are: Processor: RAM: Hard Drive: Core 2 Duo or higher 2 GB or more 7 GB of available space 2. Plug the USB drive into your target computer that you will install Lion Server onto. 3. Press the power button on the computer and immediately hold down the option key. 4. Choose the USB drive as your startup drive and press Enter. Do not choose the Recovery partition, although it will show as an option. Page 8 Lion Server Quickstart Guide
5. Once you re booted up, the OS of the USB drive will look exactly like you left it before shutting the computer down from the previous exercise. 6. Open Disk Utility, found in /Applications/Utilities. 7. Locate the internal hard drive of the computer and select it. 8. Choose the partition tab and change the number of partitions to 2. 9. Select the Untitled 1 partition and name it server_hd (or whatever you like). 10. Give the newly named server_hd a size of at least 50GB. 11. Be sure that the format type for this partition is Mac OS Extended (Journaled). 12. Select the Untitled 2 partition and name it data_hd (or whatever you like). 13. Give the newly named data_hd the remainder of available storage on the hard drive. 14. Be sure that the format type for this partition is Mac OS Extended (Journaled). 15. Click the Options button and set the partition scheme to GUID Partition Table. 16. Click the OK button. 17. Confirm that your settings match what appears in the screen shot below. 18. Click the Apply button 19. Quit Disk Utility. Lion Server Quickstart Guide Page 9
Installing Lion Server It s time to install Lion Server. You ve got an external drive prepped and ready to go, and your target computer has been formatted for a clean install of the server OS. For these steps, you should still be booted from the USB drive. 1. Open the Lion installer (labeled in the Finder as Install Mac OS X Lion) from the Applications folder of the USB drive. 2. Click Continue. 3. If you agree to the terms, click the Agree button. Questions about the agreement can be found at this link. 4. Another pane regarding the SLA will slide down. If you agree to the terms, click the Agree button. 5. The next step prompts you to install on the internal drive of the computer, by default. 6. Click the Show All Disks... button. Page 10 Lion Server Quickstart Guide
7. Select the server_hd partition, or the name of your server boot partition, if you named it differently. 8. When you select the server_hd partition, you ll notice that the Customize button is active. Click the Customize button. 9. You now have the choice to add the server software to the install. All the work that you ve done so far has allowed us to get to this point and add the server software, as a part of a custom install, to a blank drive or partition. Check the box for Server Software and click OK. 10. Click the Install button. 11. When prompted, enter an administrator account name and password to authorize the installation. 12. Once the install is complete, the computer will restart to the server_hd partition and you will be able to continue to the next section. Lion Server setup assistant Navigating the setup assistant After performing a custom installation of Lion Server, you ll be guided through the Lion Server setup assistant. 1. Choose a country or region and click Continue. 2. Choose a keyboard layout and click Continue. 3. The next screen asks if you want to transfer data from an existing server. Since this document is focused on setting up a new server from a clean install, choose to set up a new server and click Continue. Lion Server Quickstart Guide Page 11
4. The next step has to do with an Apple ID. It is recommended that you use an institutionbased (non-personal) Apple ID. The account that you use will create Apple Push Notification Service (APNS) certificates under that account name and an email will immediately be sent to the address associated with the Apple ID. While this is an optional step, it is recommended to use an Apple ID instead of leaving the fields blank. NOTE: The certificates created in step 4, above, are self-signed. At least one of these certificates will be replaced by a trusted certificate for use in Profile Manager, later on in the document. Additionally, if you leave the fields blank, you will need to refer to Appendix B - Enabling Apple push notifications. 5. Click Continue. 6. If you agree with the SLA, click Continue, followed by Agree, to move to the next screen. 7. At the registration screen, verify that the information is correct and aligns with your Apple ID. If you left the Apple ID blank in step 4, you can enter your information manually. If you want to leave the fields blank, you can press Command-q and choose to skip this step. 8. At the next screen, enter an administrator name, short name and password. For this document, Server Admin will be used for the name and sadmin will be used for the short name. Be sure to leave the box checked so that you can remotely manage your server, as shown below. Page 12 Lion Server Quickstart Guide
9. The next screen will ask you for your organization name. You can enter whatever you like. It could be Test Server or your official organization name. For this document, the organization name will be Rockies Demo, since the domain used for this document is rockiesdemo.com. Be sure to enter an email address in the second field. That is used for server notifications, ranging from error/warnings to available software updates. 10. Choose your time zone and click Continue. NOTE: Setting the host name of the server requires some consideration, even for a test environment. You have 3 choices, so read them all and choose which is best for your environment and your objectives. For the purposes of this document, the host name for internet option will be utilized. This will allow you to more easily use this server inside your network as well as outside your network. 11. Choose Host name for internet and click Continue. Lion Server Quickstart Guide Page 13
12. Choose a computer name and a host name. Since this document is showing SSL certificate setup, and those certificates are tied to a domain that has already been purchased (rockiesdemo.com), this server will be named lion.rockiesdemo.com. Enter a computer name and a host name. STOP: DO NOT click Continue. 13. Look at the IP address that has been assigned to your server. In the screen shot below, this example shows that the server has been assigned the 10.0.1.100 IP address. 14. Decide on which IP address you would like to assign to your server and click the Change Network button. Page 14 Lion Server Quickstart Guide
15. Before setting the IP address for your ethernet connection, you can highlight any interfaces that you don t want to use and choose to Make Service Inactive from the action menu. 16. Assign an IP address to the ethernet interface. You can choose the option to manually assign all address fields, or you can leverage the network information from your DHCP server. For the purposes of this document, my router has the address of 10.0.1.1 and I want to assign this server the 10.0.1.3 IP address. The DNS server field will be left blank, which will force the server to set up DNS for me. 17. Click Apply. The network interface will be configured. 18. You should now see your newly assigned IP address on the refreshed setup screen. Click Continue. 19. The next screen will ask if you want to manage any nearby AirPort Extreme or Time Capsule units. Uncheck the box to allow this server to manage them. Click Continue. Lion Server Quickstart Guide Page 15
NOTE: If you don t see this screen, that simply means that the server cannot locate any Apple wireless access points on the network. You can proceed to the next step. 20. The assistant will now show you a final setup window. Click Set Up. 21. Once the progress bar completes, you ll be ready to administer your server. Click Start Using Lion. Your initial setup is complete. Page 16 Lion Server Quickstart Guide
Server Administration Adjustments to the Finder Before going any further, it is helpful to see the volumes that you ll be dealing with when it comes to installing downloaded packages and determining where certain folders and files are. 1. In the Finder, go to the Finder menu and select Preferences. 2. Check all 4 checkboxes so that any external or internal device/volume is visible on the desktop. 3. Close the Finder Preferences window. Downloading the Server Admin tools Before going any further, it is necessary to download and install the server admin tools. After an installation of Lion Server, the Server app is the only tool on the local hard drive. Click on the link below to download the Server Admin tools for Lion and install them onto your server. http://support.apple.com/kb/dl1419 Once complete, you ll see both the Server app as well as a Server folder in /Applications. Run Software Update On your server, go to the Apple menu and select Software Update. When the list shows you the available updates, go ahead and install any relevant updates such as Remote Desktop Client, Mac OS X Server, security updates, etc. Lion Server Quickstart Guide Page 17
Verifying DNS setup It is always a good idea to verify that the DNS server is working properly before diving into any additional configuration. If you didn t specify an existing DNS server while using the server setup assistant, it will place the localhost address (127.0.0.1) in the DNS field for you if it cannot resolve the hostname that you ve given it. 1. Go to the Apple menu and select System Preferences. 2. Select the Network preference pane. 3. Verify that the DNS entry reflects what you specified with the setup assist. If you specified the IP address of an existing DNS server, that IP should be there. If you left it blank, you should see the 127.0.0.1 address in that field. 4. Launch Terminal (from /Applications/Utilities) and type the following commands (with your IP and DNS information, of course). host 10.0.1.3 <return> host lion.rockiesdemo.com <return> sudo changeip -checkhostname <return> NOTE: When prompted for a password after any given sudo command, it is asking for the root password. That password, by default, matches the password that you used when you created your server administrator account in the server setup assistant. You should get feedback that looks similar to the results below, respectively. 3.1.0.10.in-addr.arpa domain name pointer lion.rockiesdemo.com --- lion.example.com has address 10.0.1.3 --- Primary address! =! 10.0.1.3 Current HostName! =! lion.rockiesdemo.com DNS HostName!! =! lion.rockiesdemo.com The names match. There is nothing to change. Page 18 Lion Server Quickstart Guide
Certificate Management Generating your trusted SSL certificate Your server is still using the self-generated certificates that were created during the setup assistant (using an AppleID). If you choose, you can follow these steps to utilize a trusted certificate purchased from a third party certificate authority. 1. Launch Server App. 2. When prompted, choose your server from the list and click Continue. You will be prompted for the administrator name and password that you created when using the server setup assistant. 3. Notice the dark gray area along the bottom of the Server app. It is there to outline possible next steps for your server setup. Click the Configure Network button. You can see that this simply summarizes your current status. 4. Go to System Preferences and select Network. 5. Select the Ethernet interface. You might see that your DNS server setting is pointing to 127.0.0.1, which is the loopback address to your own server. If that is the case, it is because it could not resolve the hostname that you gave your computer in the setup assistant. If it can t resolve the hostname, the server set up it s own DNS. It also puts in the proper forwarders so that you can resolve domains outside of your own. A quick way to verify this is to launch a browser and try to visit apple.com or any other website outside of your domain. If it resolves, DNS is setup, and the proper forwarder addresses are in place. 6. Quit System Preferences. 7. In the Server App, select your server. You can find it under the hardware section in the left pane. 8. Click on the Settings header tab. Lion Server Quickstart Guide Page 19
9. Directly in line with the SSL Certificate setting, click on the Edit button. You will then see the current certificates being used for the different services on your server. Note that this doesn t indicate that those services are currently running. 10. Click Action Menu and select Manage Certificates. 11. In the window that follows, click on the Action Menu again and select Generate CSR. If the menu options are grayed out, be sure to first select the self-signed certificate above. CSR stands for certificate signing request. It is the message that gets sent (or copied/pasted, in this case) to a certificate authority, which then uses that message to generate a certificate for you. Page 20 Lion Server Quickstart Guide
12. Click Save and choose to save it to the Desktop. 13. Open the new file on the Desktop. It should open in TextEdit. 14. Select all of the text and choose Copy from the Edit menu. This is the CSR that you ll be submitting to the Certificate Authority. This is where this document is going to cut you loose while you get your certificate from your CA. Since the steps are different based on the CA that you use, any specific steps for one provider would be misleading for the rest. Most all providers have live phone support so that you can get help with the process, if need be. Upon generating and downloading your new certificates, you can continue with the steps below. Using your SSL Certificate for Lion Server If you re not working directly on your server (either sitting in front of it or via a remote desktop connection), then you should be doing so for these steps. 1. After downloading your newly generated certificates, they should be in a folder and named in a similar manner to the sample certificates shown below. You get a bundle certificate, as well as a certificate named after your domain, as shown above. 2. In the Server App, select your server. You can find it under the hardware section in the left pane. 3. Click on the Settings header tab. 4. Directly in line with the SSL Certificate setting, click on the Edit button. Lion Server Quickstart Guide Page 21
5. Click the Action Menu and select Manage Certificates. 6. In the window that follows, click on the Action Menu and select Replace Certificate With Signed Or Renewed Certificate. If the menu options are grayed out, be sure to first select the self-signed certificate above. 7. In the window that follows, drag your new certificate (the one that is named after your domain) from the Finder into the window. Once you drag your certificate onto the area that it asks you to (see below), you ll see that it replaces the grayed out text with your new certificate information. 8. Click Replace Certificate. Watch the spinning gear in the lower right-hand corner of the Server App window. Once it stops spinning, you can proceed to the next step. 9. Return to the Finder and locate the bundle certificate that you downloaded from your CA. Double-click on it to open it. It will open in Keychain Access. 10. When prompted with the dialog box about opening this file that was downloaded from the internet, click Open. Page 22 Lion Server Quickstart Guide
11. When the certificate gets opened in Keychain Access, you will be prompted for where to add the certificate. Choose the System Keychain and click Add, as shown below. 12. Since you re modifying the System Keychain, you ll be asked to provide an administrative username and password. You can use the sadmin account. 13. Return to the Server App and select your server under the hardware section of the left pane. 14. Click on the Settings header tab. 15. Directly in line with the SSL Certificate setting, click on the Edit button. 16. The pulldown menu should now show your new, trusted SSL certificate as an option. Choose that certificate and click OK. 17. Watch the spinning gear in the lower-right hand corner of the Server App window. Allow it to finish setting the SSL certificate before moving on. Enable Apple Push Notifications Since an AppleID was used to acquire Apple Push Notification Certificates during the setup assistant, these steps are here to simply confirm your settings. If you did not use an AppleID when setting up your server, refer to Appendix B at the end of this document. 1. Return to the Server App and select your server under the hardware section of the left pane. 2. Click on the Settings header tab. Lion Server Quickstart Guide Page 23
3. Check the box to Enable Apple Push Notifications. 4. Verify that the AppleID is correct. 5. You should ve received an email that confirmed your APNS certificates. Apple will use the email address associated with the AppleID that you used. You can manage your APNS certificates at the Apple Push Certificates Portal. Profile Manager This section will walk you through the steps to use Profile Manager. Part of this process involves promoting your server from a standalone directory to an Open Directory Master (ODM). NOTE: If you wish to tie your Lion Server into an Active Directory environment, refer to Appendix C - Active Directory Integration at the end of this document. Once you complete Appendix C, you can return to the steps below. Configuring Profile Manager 1. In Server App, select the Profile Manager Service from the list of services on the left side of the window. 2. Turn the service to On by toggling the switch in the top right corner of window. 3. Watch the spinning gear in the lower-right hand corner of the Server App window. Allow it to finish enabling Profile Manager before moving on. 4. Across from the Device Management setting, click the Configure button. 5. The Configure Network Users and Groups Assistant will prompt you for information regarding the setup and configure both Profile Manager and Open Directory. Select the Next button. Page 24 Lion Server Quickstart Guide
6. The next step will have you create a Directory Administrator (diradmin) account. Set the name and password for this account. 7. Next you will need to enter your Organization Name and Admin Email Address. This email address can be any existing account that you have. It does not need to be an account on this new Lion Server, nor does Mail Service on this server need to be running. 8. Verify your entries and click Set Up. 9. Upon completion, launch a web browser on a computer (not an ios device) and go to https://<your-domain>/profilemanager 10. Use your Server Admin (sadmin) account to login to the site. Your initial view of Profile Manager should look similar to the screen shot below. 11. Select Devices and leave that view as it is in your web browser. Enrolling a device into Profile Manager It is best to have ios 5 on your device before enrolling it into Profile Manager. The reason for this is because if you enroll an ios 4.x device into Profile Manager, you will have to remove it and then re-enroll it into Profile Manager after updating to ios 5. 1. On an ios 5 device, go to https://<your-domain>/mydevices within Safari. 2. When prompted, enter your Server Admin (sadmin) account credentials to login to the site. 3. Tap the large Enroll button. Doing so will exit the browser and take you to a profile installation window. 4. Tap on the Install button. Lion Server Quickstart Guide Page 25
5. Tap on the Install Now button. 6. If you ve set a passcode for your device, you ll be prompted to enter it at this point. 7. It will then generate the key and install the certificate on the device. When prompted, tap the Install button once more. 8. The final step shows you that the profile has been installed. Tap on the Done button. 9. After tapping the Done button, you ll be taken back to Safari where you ll see your device information. Enrollment is complete. Page 26 Lion Server Quickstart Guide
Managing restrictions on ios with Profile Manager With Profile Manager, you have the ability to enforce restrictions, passcode policies, account settings, etc. You can also restrict access to certain applications. This section will provide a small sample of restriction management in ios 5. 1. Return to Profile Manager on a computer (not your test device). You ll see now that you have one device enrolled. 2. Select your device. 3. In the large pane of Profile Manager, click the Profile tab. 4. Click the Edit button. 5. In the left pane, scroll down to the ios section of the profile options and click Restrictions. 6. Click the Configure button to modify the restrictions. 7. Under the Applications tab, uncheck the checkbox next to Allow use of YouTube. Lion Server Quickstart Guide Page 27
8. Click OK. 9. Click Save, then click Save again to complete the change. 10. On your device, you ll notice that the YouTube app gets removed within a few seconds. 11. Edit the Applications again, and this time check the box to once again Allow use of YouTube. 12. Click OK, then Save, and finally Save once more to see YouTube visible once again on the device. 13. There are other restrictions and settings that you can leverage with Profile Manager, so explore all of the settings that you wish to use. Page 28 Lion Server Quickstart Guide
Appendix A - Preparing a USB drive to handle the install A custom installation of Lion Server is most easily done with an external USB drive. You need at least a 16GB flash drive, or any external USB drive with an equal or larger capacity, to do a custom installation in this manner. STOP: Be sure to copy all of the data (that you would like to keep) off of the drive, as it will be erased. If you are utilizing a USB drive that is new out of the box, or was previously used with a Windows computer, then it will need to be reformatted. Even if the drive has only been used with a Mac, you can still erase the drive in order to have a consistent, clean drive to work from. 1. Plug the drive into the USB port of a Mac that has the Lion installer, as shown below. If you don t have Lion, you can purchase and download it by clicking from the Mac App Store. 2. Once it has been downloaded, immediately quit the installer. This is necessary so that you can keep your copy and you will not have to download it again from Apple. Take note that the installer is in /Applications. When you see this screen, quit the installer! 3. Open Disk Utility, found in /Applications/Utilities. 4. The USB drive can be seen on the left pane of Disk Utility, with a USB logo on an orange disk. Lion Server Quickstart Guide Page 29
5. Select the drive, as shown above, and then select the Partition tab. 6. Choose Mac OS Extended (Journaled) as the format, and name it whatever you like. For this guide, it will be named usb_boot. 7. For the partition layout, choose 1 partition. 8. Click Options... and be sure to choose GUID Partition Table as the partition scheme. 9. Click Apply. 10. When prompted, click the Partition button to erase the drive and prepare it for a Lion install. 11. When it s finished erasing the drive, it is ready for Lion to be installed. The reason for installing Lion on the USB drive is so you can boot from an external drive. That s what allows a clean install of Lion Server. 12. Quit Disk Utility. 13. Open the Lion installer application located in /Applications. 14. At the opening screen, click Continue. Page 30 Lion Server Quickstart Guide
15. Click Agree in order to agree to the terms of the software licensing agreement. Questions about the agreement can be found at this link. 16. Another pane regarding the SLA will slide down. If you agree to the terms, click the Agree button. 17. The next step prompts you to install on the internal drive of the computer, by default. 18. Click the Show All Disks... button. 19. Select the usb_boot drive, followed by Install. 20. You ll be prompted for an administrator account name and password. After entering those credentials, the installation will begin. 21. The initial task of the installer moves some data over to the drive, which only takes a few minutes. Lion Server Quickstart Guide Page 31
22. When prompted by the installer, click the Restart button. This will restart your computer and boot up from the USB drive. The installation will then take place. 23. Once the install is complete, the Finder will launch. At this point, you can run Software Update, install additional software, etc. Appendix B - Enabling Apple push notifications After you have completed the configuration for your SSL Certificate in Server App, you will want to enable Apple push notifications. This step is only necessary if you did not enter an Apple ID during the setup assistant. 1. In Server App under the server device Settings tab check the checkbox next to Enable Apple push notifications. 2. Next, you will be prompted to enter your Apple ID. It is recommended to use an institutionbased (non-personal) Apple ID. The account that you use will create Apple Push Notification Service (APNS) certificates under that account name and an email will immediately be sent to the address associated with the Apple ID. Appendix C - Active Directory integration To integrate your Lion Server into an Active Directory environment, you will need to be running version 10.7.2 or higher. 1. Bind your Lion Server to Active Directory using System Preferences -> Accounts. 2. Once the server is joined to the domain, you can enable Profile Manager and allow the setup assistant to promote the server to an Open Directory Master. For more information, you can reference this KBase article: http://support.apple.com/kb/ht4837 Page 32 Lion Server Quickstart Guide
Summary While this document may shed some light on the topics of initial setup and other administrative tasks, it should still be considered as nothing more than a quickstart guide to get up and running quickly with Lion Server. Apple s server documentation, online Knowledge Base (KBase) articles, the Apple Training Series of reference guides from Peachpit and enterprise support team are still the best resources for understanding and maintaining Lion Server. https://help.apple.com/advancedserveradmin/mac/10.7/ In addition, many other great articles, links and white-papers are hosted by the following sites. http://www.afp548.com http://www.macenterprise.org Special thanks to Jeff, Jakob, Brent and Adam for helping test the processes and steps outlined in this document. Comments and corrections can be sent to carson@me.com. Lion Server Quickstart Guide Page 33