Ten good things about Snow Leopard for IT admins

John C. Welch
3 September, 2009
View more articles fromthe author
AAA
Help

While Apple didn’t promise much in the way of marquee features with Mac OS X 10.6, there are still plenty of under-the-hood changes and minor additions and enhancements in Snow Leopard to absorb. That’s especially true if you work in IT.

I’ve noticed a number of enhancements in OS X 10.6 that are of immediate use to me as a system admin. Some of these answer some long-standing requests IT types have had; others are just plain cool. Here’s a rundown of 10 Snow Leopard features that should improve the lives of Mac IT pros.

1. A decent Cisco VPN client. Anyone who has had to deal with the Cisco VPN client for Mac OS X is aware of just how bad an experience it is. It is functional, it works, but the interface for the client is simply awful. Even worse, you can’t close the window without shutting down the connection.

With Mac OS X 10.6, there’s a solid Cisco VPN client that you can set up with ease in the Network Preferences and access from the Mac OS X menu bar. So instead of this:

Snow Leopard gives you something that looks like this:

2. Automated creation of iChat Jabber accounts. Prior to Mac OS X 10.6, automating account setups for iChat—even just for Jabber setups—was pretty hacktacular, unless you had your Open Directory servers set up in a very specific way, aka “Workgroup Mode.” The problem with Workgroup Mode was that it didn’t work if you’d been running Open Directory in Mac OS X 10.4, or needed more features than Workgroup Mode provided. Even worse, while you can script a lot in iChat, you can’t script service/account creation. So really, a lot of sysadmins were left out in the cold here.

This changes with Snow Leopard. iChat has better Managed Preferences that let you have almost full control over Jabber accounts in iChat (though not for AIM or MobileMe, alas). So, with some quick setup time in Workgroup Manager, all your new users will have their iChat Jabber accounts set up and waiting for them.

3. Automated account creation for Mail. You could do the basics in Mac OS X 10.5, but Leopard left out a lot, like authentication mechanisms, SSL setup, and so on. In Mac OS X 10.6, you can take care of the critical IMAP and SMTP settings for an account. Unfortunately, you can’t do this for POP or Exchange 2007 accounts, but, it’s still better than it was. (There are some long-standing AppleScript bugs in Mail that made creating accounts via scripts far more interesting than it should have been.) Since this uses the same mechanism as the automated account setup for iChat (Managed Preferences in Workgroup Manager), it’s cake to set up.

4. Far better Portable Home Directory Syncing options. Prior to Mac OS X 10.6, if you used Portable Home Directory Syncing, you had two options: Login/Logout sync or Background Sync. For Mac OS X 10.6, Apple increased the granularity by allowing you to manage login and logout sync separately. This is a bonus for people who are trying to minimise login/logout times, while still retaining the advantages of syncing outside of logins. (If you have files that are held open while you’re working, login/logout are the only practical times to sync them, so background sync is not a great option for those.)

5. The Finder Sidebar finally works with Single sign-on. This one was absolutely maddening for system admins. We’d take all the time to set up Kerberos, and implement Single sign-on so that once you’d logged in, you rarely ever had to re-enter a password for file servers and the like, but the only way to use that with the Finder was to use the Connect to Server command. If you tried using Single sign-on with servers in the Finder Sidebar, you had to manually log in. With Mac OS X 10.6, that bug is gone, and you can now browse file servers as easily as Steve Jobs said we were going to be able to so long ago.

6. Change your password via a Web page. Other platforms have offered this capability for a while, and a bunch of third parties made it available for Mac OS X for years. If someone needs to change their network password, they can do it via a Web site. Simple, and everyone understands web pages.

7. Push e-mail and calendaring. True, you can get most of the way to push e-mail via IMAP’s IDLE command, but for the iPhone, this was a poor substitute. And it didn’t give you anything for calendaring.

With Mac OS X 10.6, the mail server now supports “real” push for both calendaring and e-mail. Again, it’s about time that Apple provided some of the same features for the iPhone in its own server that you got from things like Exchange and Kerio for more than a year now.

8. Mobile Access Server. Yes, I know, VPNs do this. However, VPNs do a lot more if you aren’t careful, like give remote users unrestricted access to the network.

The truth is, the number of people who really need a full VPN connection in any company is usually small. What most people need is access to e-mail services, internal Web servers, and so on. That’s what the Mobile Access Server does. It’s basically an SSL Proxy/SSL VPN for your network, for specific services like e-mail, iCal, and such. Instead of having to make those servers directly accessible from the internet or setting up a DMZ for them, Mobile Access Server gives you the ability to let users access a small number of servers securely, without needing to create multiple VPN configurations, expose multiple servers to the public internet, and the other hassles.

It’s a fairly simple service, but a nice one, especially for smaller networks that can’t justify higher-end firewall and VPN gear. (Obviously, if you have a ton of big Cisco/Juniper/HP network gear, this is not something you need or care about.)

9. Resizable panes in Workgroup Manager. I know this is something that most people will never care about, but for those of use who have to work with Workgroup Manager on a regular basis, the ability to finally adjust the size of the part of Workgroup Manager that actually has the data you are working on? I almost wept with joy over this.

10. AppleScript-Objective C. Apple has, at last, integrated AppleScript into Xcode in an acceptable way. The previous attempt, AppleScript Studio, had some major issues (aside from being one of the most unfortunate acronyms ever). Even allowing for AppleScript’s verbose syntax, getting simple things done in AppleScript Studio was tedious beyond belief—to do what should have been simple things was so mind-numbingly bad, that in the end you were better off learning Objective C.

With AppleScript-Objective C, or ASOC for short, Apple has fixed a huge laundry list of issues with using AppleScript in Xcode. First, Apple did a much better job of synchronising the languages, resulting in less of a need to pound out code. One example I’ve seen reduced the lines of code for the same task by a factor of four or so.

Apple made it so that you don’t have to wait for the company to add a new Cocoa feature to AppleScript to use it. In other words, AppleScript can now work like Ruby, Python, or even Objective C in Xcode in the way you expect it to work. For system admins who use AppleScript, but really, really disliked AppleScript Studio, this is huge; for the people who were struggling with AppleScript Studio, it’s even bigger. If nothing else, it shows that Apple still takes AppleScript seriously.

What’s missing. You may notice that the much ballyhooed addition of Exchange support is missing from my list. Well, I don’t run an Exchange 2007 Server, so that’s a complete non-benefit for me, (just like the VPN improvement is a non-benefit if you don’t use a Cisco VPN). Now, if Kerio adds Web services support to its Exchange connector implementation, then I’ll definitely look at that, as I am a Kerio customer.

My point is, there’s no list out there that will cover every single user. If there’s something you think I’ve left out, share it in the AMW Forums and tell us why it’s important to you.

[John C. Welch is a senior systems administrator for The Zimmerman Agency, and a long-time Mac IT pundit.]

Leave a Comment

Please keep your comments friendly on the topic.

Contact us