Lion Server Quickstart Guide
...
The environment 4
...
Commonly used acronyms in this document 5
...
Why certificates matter in Lion Server 6
...
About self-signed certificates 6
...
About CA-signed certificates 7
...
About code-signed certificates (optional) 7
...
Preparing a USB install drive 8
...
Preparing your target computer for Lion Server 8
...
Installing Lion Server 10
...
Navigating the setup assistant 11
...
Adjustments to the Finder 17
...
Run Software Update 17
...
Verifying DNS setup 18
...
Generating your trusted SSL certificate 19
...
Using your SSL Certificate for Lion Server 21
...
Enable Apple Push Notifications 23
...
Configuring Profile Manager 24
...
Enrolling a device into Profile Manager 25
...
Managing restrictions on iOS with Profile Manager 27
... Appendix A - Preparing a USB drive to handle the install 29
...
Appendix B - Enabling Apple push notifications 32
...
Appendix C - Active Directory integration 32
...
Lion Server has changed significantly when compared to previous versions of OS X Server. With a new focus on supporting iOS devices, Lion Server can even be considered an appliance for specific services that are not offered on other platforms, ranging from iOS device management to Apple software update services. It’s a worthy upgrade with some very welcome new features. Not only does the reliance on domain name services (DNS) still exist, but there’s now a real dependency on another technology that you may not have dealt with in the past; certificates. Typically known as secure socket layer (SSL) certificates, they are a critical component of your Lion Server setup since iOS devices and Mac OS X client now utilize them for management. Open Directory (OD) still plays a role in Lion Server.
The environment
This setup consists of one server that provides DNS, Open Directory, iOS/Mac OS X
management, software update service (SUS), WebDAV and Apple file services via Apple File Protocol (AFP). There is only one client computer in the setup environment, which is a 10.7.2 client computer. There is a router on the network, based on a 10.0.1.1/24 scope. You can simply have the server and the client connected to the same switch, as long as a router can be reached on the network. If you’re testing Lion Server and setting it up in a non-production environment (and on an isolated switch or VLAN), proper DHCP setup guidelines can be found in Apple’s online server documentation. Specifically, the network services section.
https://help.apple.com/advancedserveradmin/mac/10.7/
If you have an existing DNS server that is reachable from the Lion Server, it would be best to continue having that server provide DNS resolution for your environment. Be sure to create a forward (A) record as well as a reverse (PTR) record in the proper zones. If you do not have any knowledge/experience of DNS setup or modification, then you can still follow the steps below and allow Lion Server to create it’s own DNS infrastructure.
In regards to SSL certificates, this document will focus on using a trusted certificate from a third party service. While Profile Manager (used to manage iOS devices and computers running Lion client) can leverage self-signed certificates, trusted certificates will be used. Hopefully, by the end of this document, the pros and cons of each will be clear.
Commonly used acronyms in this document
In order to keep track of all of the acronyms used in this document, all of them are listed below.
SLA
Software Licensing Agreement
USB
Universal Serial Bus
OS
Operating System (client/server)
DNS
Domain Name Service
SSL
Secure Sockets Layer
CA
Certificate Authority
APNS
Apple Push Notification Service
OD
Open Directory
ODM
Open Directory Master
AD
Active Directory
SUS
Software Update Service/Server
AFP
Apple File Protocol
DHCP
Dynamic Host Configuration Protocol
LDAP
Lightweight Directory Access Protocol
IPv4
Internet Protocol version 4
IPv6
Internet Protocol version 6
SSH
Secure Shell
Installation considerations
There are two ways to perform the installation of Lion Server. The first is to install Lion Server right on top of Lion client. This process “promotes” the computer to a server, so to speak. The second option is to perform a custom install of Lion Server onto a blank hard drive or volume, bypassing the promotion process altogether. How should you decide which is better than the other? The quick answer is that one isn’t necessarily better than the other. However, performing a custom installation of Lion Server, on a freshly-formatted drive or volume, provides a more consistent setup experience. Not only that, it involves a process that will feel much more familiar to you if you’ve installed previous versions of Mac OS X Server since the initial boot will go right into the Server Setup Assistant.
Because of these circumstances, this document will only focus on a clean installation of Lion Server that boots up to the Server Setup Assistant.
SSL certificates
In addition to deciding on an installation method for Lion Server, you also need to decide on what type of SSL certificates you will rely on for your server. With potentially sensitive
information moving between your Lion Server and the computers/devices that it is managing, it is important to leverage a certificate. When customers do online shopping, they like to know that the website they are visiting (and putting their credit card information into) is the actual website that it says it is. Same goes for banking or any other online service that holds and/or transfers your private information. A certificate provides this validation. However, there are pros and cons to the type of certificate you utilize, and those differences will be outlined below.
Why certificates matter in Lion Server
Lion Server leverages a web interface to manage Lion client computers and iOS devices, known as Profile Manager. Those same computers and devices must verify, or trust, that the server managing them can identify itself electronically and communicate securely. This is where certificates come in. Whether you are setting up this server in a test or production
environment, it is best to decide on what type of certificate(s) you will use before you begin. Here is some basic information about the different kinds of certificates.
About self-signed certificates
Leveraging a self-signed certificate is simple to do in Lion Server. You can use an Apple ID to automatically generate them, and the server can use them right away. Once you begin to use self-signed certificates, though, extra steps must be taken in order for computers and iOS devices to trust those certificates when utilizing them for management. They simply will not
accept that the server is telling them that it’s valid. You will have to intervene and require them to trust the certificate and the communication from the server.
About CA-signed certificates
The job of a certificate authority (CA) is to be the trusted third party between the server holding a certificate and the user, computer, or device that needs to trust it. How does the CA know that the certificate is valid? Unlike a self-signed and self-generated certificate, a CA actually generates the certificate and allows the owner to download and use it. Most modern operating systems and web browsers have a list of CAs that they automatically trust when browsing the web or using online services. CA-signed certificates typically cost anywhere from $15/year up to $150/year, depending on the provider.
For a list of available trusted root certificates on iOS devices, please see the following KBase article: http://support.apple.com/kb/HT4415
For a list of available trusted root certificates on Mac OS X, open Keychain Access in / Applications/Utilities.
About code-signed certificates (optional)
A code-signed certificate is more secure than a trusted certificate because it digitally signs executables or scripts that guarantee the code has gone unaltered since it was signed. More verification from the CA is typically needed to generate and distribute a code-signed certificate, which is why they’re usually much more expensive (typically $200/year or higher).
Trusted certificates, as well as code-signed certificates, can be purchased from one of several vendors. Below is a list of providers that sell certificates. This list is not an endorsement of any given provider, and they are listed in alphabetical order.
Comodo www.comodo.com
Digicert www.digicert.com
GoDaddy www.godaddy.com
Network Solutions www.networksolutions.com
Thawte www.thawte.com
Preparing a USB install drive
If you purchased a Mac with Lion Server pre-installed, then you do not need to follow the steps in this section. This section will walk you through the steps of preparing a USB drive for a Lion Server install.
1. Install Lion Client to a USB drive. (If you need assistance with this, please refer to Appendix A - Preparing a USB drive to handle the install
2. Copy the “Install Mac OS X Lion” installerinto the Applications folder of the USB drive.
3. Purchase and/or download the Server app from the Mac App Store. If you do not have it yet, you can purchase it from the Mac App Store.
4. When it is finished downloading, immediately launch and install Server app.
5. Nothing needs to be done with the Server app after this point, so you can quit Server app as soon as it finishes the installation.
6. Shut down the computer that the USB drive is plugged into and unplug the USB drive.
Preparing your target computer for Lion Server
Now that your USB drive is ready, the install of Lion Server can begin.
1. Choose the computer that you will be installing Lion Server onto. The requirements for Lion Server are:
Processor: Core 2 Duo or higher
RAM: 2 GB or more
Hard Drive: 7 GB of available space
2. Plug the USB drive into your target computer that you will install Lion Server onto. 3. Press the power button on the computer and immediately hold down the option key. 4. Choose the USB drive as your startup drive and press Enter. Do not choose the Recovery
5. Once you’re booted up, the OS of the USB drive will look exactly like you left it before shutting the computer down from the previous exercise.
6. Open Disk Utility, found in /Applications/Utilities.
7. Locate the internal hard drive of the computer and select it.
8. Choose the partition tab and change the number of partitions to 2.
9. Select the Untitled 1 partition and name it server_hd (or whatever you like). 10. Give the newly named server_hd a size of at least 50GB.
11. Be sure that the format type for this partition is Mac OS Extended (Journaled). 12. Select the Untitled 2 partition and name it data_hd (or whatever you like).
13. Give the newly named data_hd the remainder of available storage on the hard drive. 14. Be sure that the format type for this partition is Mac OS Extended (Journaled). 15. Click the Options button and set the partition scheme to GUID Partition Table. 16. Click the OK button.
17. Confirm that your settings match what appears in the screen shot below.
18. Click the Apply button 19. Quit Disk Utility.
Installing Lion Server
It’s time to install Lion Server. You’ve got an external drive prepped and ready to go, and your target computer has been formatted for a clean install of the server OS. For these steps, you should still be booted from the USB drive.
1. Open the Lion installer (labeled in the Finder as Install Mac OS X Lion) from the
Applications folder of the USB drive.
2. Click Continue.
3. If you agree to the terms, click the Agree button. Questions about the agreement can be found at this link.
4. Another pane regarding the SLA will slide down. If you agree to the terms, click the Agree
button.
5. The next step prompts you to install on the internal drive of the computer, by default. 6. Click the Show All Disks... button.
7. Select the server_hd partition, or the name of your server boot partition, if you named it differently.
8. When you select the server_hd partition, you’ll notice that the Customize button is active. Click the Customize button.
9. You now have the choice to add the server software to the install. All the work that you’ve done so far has allowed us to get to this point and add the server software, as a part of a custom install, to a blank drive or partition. Check the box for Server Software and click OK.
10. Click the Install button.
11. When prompted, enter an administrator account name and password to authorize the installation.
12. Once the install is complete, the computer will restart to the server_hd partition and you will be able to continue to the next section.
Lion Server setup assistant
Navigating the setup assistant
After performing a custom installation of Lion Server, you’ll be guided through the Lion Server setup assistant.
1. Choose a country or region and click Continue. 2. Choose a keyboard layout and click Continue.
3. The next screen asks if you want to transfer data from an existing server. Since this document is focused on setting up a new server from a clean install, choose to set up a new server and click Continue.
4. The next step has to do with an Apple ID. It is recommended that you use an institution-based (non-personal) Apple ID. The account that you use will create Apple Push Notification Service (APNS) certificates under that account name and an email will immediately be sent to the address associated with the Apple ID. While this is an optional step, it is
recommended to use an Apple ID instead of leaving the fields blank.
NOTE: The certificates created in step 4, above, are self-signed. At least one of these
certificates will be replaced by a trusted certificate for use in Profile Manager, later on in the document. Additionally, if you leave the fields blank, you will need to refer to Appendix B - Enabling Apple push notifications.
5. Click Continue.
6. If you agree with the SLA, click Continue, followed by Agree, to move to the next screen. 7. At the registration screen, verify that the information is correct and aligns with your Apple
ID. If you left the Apple ID blank in step 4, you can enter your information manually. If you want to leave the fields blank, you can press Command-q and choose to skip this step. 8. At the next screen, enter an administrator name, short name and password. For this
document, Server Admin will be used for the name and sadmin will be used for the short name. Be sure to leave the box checked so that you can remotely manage your server, as shown below.
9. The next screen will ask you for your organization name. You can enter whatever you like. It could be Test Server or your official organization name. For this document, the organization name will be Rockies Demo, since the domain used for this document is rockiesdemo.com. Be sure to enter an email address in the second field. That is used for server notifications, ranging from error/warnings to available software updates.
10. Choose your time zone and click Continue.
NOTE: Setting the host name of the server requires some consideration, even for a test environment. You have 3 choices, so read them all and choose which is best for your environment and your objectives. For the purposes of this document, the host name for internet option will be utilized. This will allow you to more easily use this server inside your network as well as outside your network.
12. Choose a computer name and a host name. Since this document is showing SSL certificate setup, and those certificates are tied to a domain that has already been purchased
(rockiesdemo.com), this server will be named lion.rockiesdemo.com. Enter a computer name and a host name.
STOP: DO NOT click Continue.
13. Look at the IP address that has been assigned to your server. In the screen shot below, this example shows that the server has been assigned the 10.0.1.100 IP address.
14. Decide on which IP address you would like to assign to your server and click the Change Network button.
15. Before setting the IP address for your ethernet connection, you can highlight any interfaces that you don’t want to use and choose to Make Service Inactive from the action menu.
16. Assign an IP address to the ethernet interface. You can choose the option to manually assign all address fields, or you can leverage the network information from your DHCP server. For the purposes of this document, my router has the address of 10.0.1.1 and I want to assign this server the 10.0.1.3 IP address. The DNS server field will be left blank, which will force the server to set up DNS for me.
17. Click Apply. The network interface will be configured.
18. You should now see your newly assigned IP address on the refreshed setup screen. Click
Continue.
19. The next screen will ask if you want to manage any nearby AirPort Extreme or Time Capsule units. Uncheck the box to allow this server to manage them. Click Continue.
NOTE: If you don’t see this screen, that simply means that the server cannot locate any Apple wireless access points on the network. You can proceed to the next step.
20. The assistant will now show you a final setup window. Click Set Up.
21. Once the progress bar completes, you’ll be ready to administer your server. Click Start Using Lion. Your initial setup is complete.
Server Administration
Adjustments to the Finder
Before going any further, it is helpful to see the volumes that you’ll be dealing with when it comes to installing downloaded packages and determining where certain folders and files are. 1. In the Finder, go to the Finder menu and select Preferences.
2. Check all 4 checkboxes so that any external or internal device/volume is visible on the desktop.
3. Close the Finder Preferences window.
Downloading the Server Admin tools
Before going any further, it is necessary to download and install the server admin tools. After an installation of Lion Server, the Server app is the only tool on the local hard drive. Click on the link below to download the Server Admin tools for Lion and install them onto your server.
http://support.apple.com/kb/DL1419
Once complete, you’ll see both the Server app as well as a Server folder in /Applications.
Run Software Update
On your server, go to the Apple menu and select Software Update. When the list shows you the available updates, go ahead and install any relevant updates such as Remote Desktop Client, Mac OS X Server, security updates, etc.
Verifying DNS setup
It is always a good idea to verify that the DNS server is working properly before diving into any additional configuration. If you didn’t specify an existing DNS server while using the server setup assistant, it will place the localhost address (127.0.0.1) in the DNS field for you if it cannot resolve the hostname that you’ve given it.
1. Go to the Apple menu and select System Preferences. 2. Select the Network preference pane.
3. Verify that the DNS entry reflects what you specified with the setup assist. If you specified the IP address of an existing DNS server, that IP should be there. If you left it blank, you should see the 127.0.0.1 address in that field.
4. Launch Terminal (from /Applications/Utilities) and type the following commands (with your IP and DNS information, of course).
host 10.0.1.3 <return>
host lion.rockiesdemo.com <return> sudo changeip -checkhostname <return>
NOTE: When prompted for a password after any given sudo command, it is asking for the root password. That password, by default, matches the password that you used when you created your server administrator account in the server setup assistant.
You should get feedback that looks similar to the results below, respectively.
3.1.0.10.in-addr.arpa domain name pointer lion.rockiesdemo.com
---lion.example.com has address 10.0.1.3
---Primary address! =! 10.0.1.3
Current HostName! =! lion.rockiesdemo.com DNS HostName! ! =! lion.rockiesdemo.com The names match. There is nothing to change.
Certificate Management
Generating your trusted SSL certificate
Your server is still using the self-generated certificates that were created during the setup assistant (using an AppleID). If you choose, you can follow these steps to utilize a trusted certificate purchased from a third party certificate authority.
1. Launch Server App.
2. When prompted, choose your server from the list and click Continue. You will be prompted for the administrator name and password that you created when using the server setup assistant.
3. Notice the dark gray area along the bottom of the Server app. It is there to outline possible next steps for your server setup. Click the Configure Network button.
You can see that this simply summarizes your current status. 4. Go to System Preferences and select Network.
5. Select the Ethernet interface.
You might see that your DNS server setting is pointing to 127.0.0.1, which is the loopback address to your own server. If that is the case, it is because it could not resolve the hostname that you gave your computer in the setup assistant. If it can’t resolve the
hostname, the server set up it’s own DNS. It also puts in the proper forwarders so that you can resolve domains outside of your own. A quick way to verify this is to launch a browser and try to visit apple.com or any other website outside of your domain. If it resolves, DNS is setup, and the proper forwarder addresses are in place.
6. Quit System Preferences.
7. In the Server App, select your server. You can find it under the hardware section in the left pane.
9. Directly in line with the SSL Certificate setting, click on the Edit button. You will then see the current certificates being used for the different services on your server. Note that this doesn’t indicate that those services are currently running.
10. Click ActionMenu and select Manage Certificates.
11. In the window that follows, click on the Action Menu again and select Generate CSR. If the menu options are grayed out, be sure to first select the self-signed certificate above.
CSR stands for certificate signing request. It is the message that gets sent (or copied/pasted, in this case) to a certificate authority, which then uses that message to generate a certificate for you.
12. Click Save and choose to save it to the Desktop.
13. Open the new file on the Desktop. It should open in TextEdit.
14. Select all of the text and choose Copy from the Edit menu. This is the CSR that you’ll be submitting to the Certificate Authority.
This is where this document is going to “cut you loose” while you get your certificate from your CA. Since the steps are different based on the CA that you use, any specific steps for one provider would be misleading for the rest. Most all providers have live phone support so that you can get help with the process, if need be. Upon generating and downloading your new certificates, you can continue with the steps below.
Using your SSL Certificate for Lion Server
If you’re not working directly on your server (either sitting in front of it or via a remote desktop connection), then you should be doing so for these steps.
1. After downloading your newly generated certificates, they should be in a folder and named in a similar manner to the sample certificates shown below.
You get a bundle certificate, as well as a certificate named after your domain, as shown above.
2. In the Server App, select your server. You can find it under the hardware section in the left pane.
3. Click on the Settings header tab.
5. Click the ActionMenu and select Manage Certificates.
6. In the window that follows, click on the Action Menu and select Replace Certificate With Signed Or Renewed Certificate. If the menu options are grayed out, be sure to first select the self-signed certificate above.
7. In the window that follows, drag your new certificate (the one that is named after your domain) from the Finder into the window. Once you drag your certificate onto the area that it asks you to (see below), you’ll see that it replaces the grayed out text with your new certificate information.
8. Click Replace Certificate. Watch the spinning gear in the lower right-hand corner of the Server App window. Once it stops spinning, you can proceed to the next step.
9. Return to the Finder and locate the bundle certificate that you downloaded from your CA.
Double-click on it to open it. It will open in Keychain Access.
11. When the certificate gets opened in Keychain Access, you will be prompted for where to add the certificate. Choose the System Keychain and click Add, as shown below.
12. Since you’re modifying the System Keychain, you’ll be asked to provide an administrative username and password. You can use the sadmin account.
13. Return to the Server App and select your server under the hardware section of the left pane.
14. Click on the Settings header tab.
15. Directly in line with the SSL Certificate setting, click on the Edit button.
16. The pulldown menu should now show your new, trusted SSL certificate as an option. Choose that certificate and click OK.
17. Watch the spinning gear in the lower-right hand corner of the Server App window. Allow it to finish setting the SSL certificate before moving on.
Enable Apple Push Notifications
Since an AppleID was used to acquire Apple Push Notification Certificates during the setup assistant, these steps are here to simply confirm your settings. If you did not use an AppleID when setting up your server, refer to Appendix B at the end of this document.
1. Return to the Server App and select your server under the hardware section of the left pane.
3. Check the box to Enable Apple Push Notifications. 4. Verify that the AppleID is correct.
5. You should’ve received an email that confirmed your APNS certificates. Apple will use the email address associated with the AppleID that you used. You can manage your APNS certificates at the Apple Push Certificates Portal.
Profile Manager
This section will walk you through the steps to use Profile Manager. Part of this process involves promoting your server from a standalone directory to an Open Directory Master (ODM).
NOTE: If you wish to tie your Lion Server into an Active Directory environment, refer to
Appendix C - Active Directory Integration at the end of this document. Once you complete Appendix C, you can return to the steps below.
Configuring Profile Manager
1. In Server App, select the Profile Manager Service from the list of services on the left side of the window.
2. Turn the service to On by toggling the switch in the top right corner of window.
3. Watch the spinning gear in the lower-right hand corner of the Server App window. Allow it to finish enabling Profile Manager before moving on.
4. Across from the Device Management setting, click the Configure button.
5. The Configure Network Users and Groups Assistant will prompt you for information regarding the setup and configure both Profile Manager and Open Directory. Select the
6. The next step will have you create a Directory Administrator (diradmin) account. Set the name and password for this account.
7. Next you will need to enter your Organization Name and Admin Email Address. This email address can be any existing account that you have. It does not need to be an account on this new Lion Server, nor does Mail Service on this server need to be running.
8. Verify your entries and click Set Up.
9. Upon completion, launch a web browser on a computer (not an iOS device) and go to
https://<your-domain>/profilemanager
10. Use your Server Admin (sadmin) account to login to the site. Your initial view of Profile Manager should look similar to the screen shot below.
11. Select Devices and leave that view as it is in your web browser.
Enrolling a device into Profile Manager
It is best to have iOS 5 on your device before enrolling it into Profile Manager. The reason for this is because if you enroll an iOS 4.x device into Profile Manager, you will have to remove it and then re-enroll it into Profile Manager after updating to iOS 5.
1. On an iOS 5 device, go to https://<your-domain>/mydeviceswithin Safari.
2. When prompted, enter your Server Admin (sadmin) account credentials to login to the site. 3. Tap the large Enroll button. Doing so will exit the browser and take you to a profile
installation window.
5. Tap on the Install Nowbutton.
6. If you’ve set a passcode for your device, you’ll be prompted to enter it at this point.
7. It will then generate the key and install the certificate on the device. When prompted, tap the Install button once more.
8. The final step shows you that the profile has been installed. Tap on the Done button. 9. After tapping the Done button, you’ll be taken back to Safari where you’ll see your device
Managing restrictions on iOS with Profile Manager
With Profile Manager, you have the ability to enforce restrictions, passcode policies, account settings, etc. You can also restrict access to certain applications. This section will provide a small sample of restriction management in iOS 5.
1. Return to Profile Manager on a computer (not your test device). You’ll see now that you have one device enrolled.
2. Select your device.
3. In the large pane of Profile Manager, click the Profile tab.
4. Click the Edit button.
5. In the left pane, scroll down to the iOS section of the profile options and click Restrictions.
6. Click the Configure button to modify the restrictions.
8. Click OK.
9. Click Save, then click Save again to complete the change.
10. On your device, you’ll notice that the YouTube app gets removed within a few seconds. 11. Edit the Applications again, and this time check the box to once again Allow use of
YouTube.
12. Click OK, then Save, and finally Save once more to see YouTube visible once again on the device.
13. There are other restrictions and settings that you can leverage with Profile Manager, so explore all of the settings that you wish to use.
Appendix A - Preparing a USB drive to handle the install
A custom installation of Lion Server is most easily done with an external USB drive. You need at least a 16GB flash drive, or any external USB drive with an equal or larger capacity, to do a custom installation in this manner.
STOP: Be sure to copy all of the data (that you would like to keep) off of the drive, as it will be erased.
If you are utilizing a USB drive that is new out of the box, or was previously used with a Windows computer, then it will need to be reformatted. Even if the drive has only been used with a Mac, you can still erase the drive in order to have a consistent, clean drive to work from. 1. Plug the drive into the USB port of a Mac that has the Lion installer, as shown below. If you
don’t have Lion, you can purchase and download it by clicking from the Mac App Store. 2. Once it has been downloaded, immediately quit the installer. This is necessary so that you
can keep your copy and you will not have to download it again from Apple. Take note that the installer is in /Applications.
When you see this screen, quit the installer!
3. Open Disk Utility, found in /Applications/Utilities.
4. The USB drive can be seen on the left pane of Disk Utility, with a USB logo on an orange disk.
5. Select the drive, as shown above, and then select the Partition tab.
6. Choose Mac OS Extended (Journaled) as the format, and name it whatever you like. For this guide, it will be named usb_boot.
7. For the partition layout, choose 1 partition.
8. Click Options... and be sure to choose GUID Partition Table as the partition scheme. 9. Click Apply.
10. When prompted, click the Partition button to erase the drive and prepare it for a Lion install.
11. When it’s finished erasing the drive, it is ready for Lion to be installed. The reason for
installing Lion on the USB drive is so you can boot from an external drive. That’s what allows a clean install of Lion Server.
12. Quit Disk Utility.
13. Open the Lion installer application located in /Applications.
15. Click Agree in order to agree to the terms of the software licensing agreement. Questions about the agreement can be found at this link.
16. Another pane regarding the SLA will slide down. If you agree to the terms, click the Agree
button.
17. The next step prompts you to install on the internal drive of the computer, by default.
18. Click the Show All Disks... button.
19. Select the usb_boot drive, followed by Install.
20. You’ll be prompted for an administrator account name and password. After entering those credentials, the installation will begin.
21. The initial task of the installer moves some data over to the drive, which only takes a few minutes.
22. When prompted by the installer, click the Restart button. This will restart your computer and boot up from the USB drive. The installation will then take place.
23. Once the install is complete, the Finder will launch. At this point, you can run Software Update, install additional software, etc.
Appendix B - Enabling Apple push notifications
After you have completed the configuration for your SSL Certificate in Server App, you will want to enable Apple push notifications. This step is only necessary if you did not enter an Apple ID during the setup assistant.
1. In Server App under the server device Settings tab check the checkbox next to Enable Apple push notifications.
2. Next, you will be prompted to enter your Apple ID. It is recommended to use an institution-based (non-personal) Apple ID. The account that you use will create Apple Push Notification Service (APNS) certificates under that account name and an email will immediately be sent to the address associated with the Apple ID.
Appendix C - Active Directory integration
To integrate your Lion Server into an Active Directory environment, you will need to be running version 10.7.2 or higher.
1. Bind your Lion Server to Active Directory using System Preferences -> Accounts. 2. Once the server is joined to the domain, you can enable Profile Manager and allow the
setup assistant to promote the server to an Open Directory Master.
Summary
While this document may shed some light on the topics of initial setup and other
administrative tasks, it should still be considered as nothing more than a quickstart guide to get up and running quickly with Lion Server. Apple’s server documentation, online Knowledge Base (KBase) articles, the Apple Training Series of reference guides from Peachpit and enterprise support team are still the best resources for understanding and maintaining Lion Server.
https://help.apple.com/advancedserveradmin/mac/10.7/
In addition, many other great articles, links and white-papers are hosted by the following sites.
http://www.afp548.com http://www.macenterprise.org
Special thanks to Jeff, Jakob, Brent and Adam for helping test the processes and steps outlined in this document. Comments and corrections can be sent to carson@me.com.
