Apple Discontinues macOS Server
Apple (MacRumors, Hacker News):
As of April 21, 2022, Apple has discontinued macOS Server. Existing macOS Server customers can continue to download and use the app with macOS Monterey.
The most popular server features—Caching Server, File Sharing Server, and Time Machine Server are bundled with every installation of macOS High Sierra and later, so that even more customers have access to these essential services at no extra cost.
macOS Server 5.12.2 has shed many of the features once supported by macOS Server. As of 5.12.2, the following two services are supported:
Both services are not currently available outside of macOS Server, so Apple discontinuing macOS Server also means the end of the line for Apple’s Open Directory directory service and Apple’s Profile Manager MDM service.
Back in the day I did a lot of work with the old Mac OS Server releases. When it was a $1000 separate distribution of Mac OS. It was really nice stuff, and really cost effective compared to Windows. They just couldn’t seem to get the stability or reliability down.
At one point my old job was shipping entire Xserve RAIDs to Cupertino for debugging data integrity issues. It was kind of a mess.
Previously:
Update (2022-04-27): Charles Edge:
Before we have this conversation, I want to give you some bad news. Your passwords aren’t going to migrate. The good news is that you only do directory services migrations every decade or two. The better news is that I’m not actually sure you need a directory service in the traditional sense that you’ve built directory services. With Apple’s Enterprise Connect and Nomad, we no longer need to bind in order to get Kerberos functionality. With MCX long-dead(ish) you’re now better off doing policies through configuration profiles.
I get it’s weird to feel anything for a product that in all honesty had ceased to be much of anything over the last few years, but for those not in the “greybeard” section of macOS née Mac OS X Server née Rhapsody, explaining what that product, which mind you, used to not be free, or even cheap, meant to a lot of people is kind of hard. Especially those of us coming from the “dark ages” of AppleShareIP et al. There’s not a lot these days that creates the kind of community OS X Server did. It was a confluence of a lot of things that I don’t think could exist today.
[…]
It wasn’t magical, right? The product itself was always kind of this afterthought, and you could tell what part of it Apple used to sell Macs to people depending on the year. Netboot was huge for a long, long time, then Open Directory, then other things. For orgs that didn’t want to move to Active Directory from NT Domains, or couldn’t, it was a way to delay that move. And it gave Apple at least the ability, along with the Xserve and the Xserve RAID, to say “We have a place in the server room.” Which in the halcyon days before we handed our entire infrastructure to Amazon and/or Microsoft Azure, was important.
There were a lot of people who learned how to be sysadmins because of that product. Which I think created the biggest thing about OSXS: the community.
Back in the day, I managed quite a few OS X Server installations, but the truth is that the market of third-party solutions that Mac shops can enjoy today simply overtook what Apple was doing.
The biggest problem? I don’t think Apple’s heart has been in server space for a long, long time. The Xserve has been dead for over decade, and OS X Server went from a full-blown operating system to an application since the days of Lion.
As someone that cut my teeth with OSX Server on 10.3 (Panther), I’d like to say farewell old friend.
The shift to “cloud computing” was inevitable. Yes, there’s nothing magic about “the cloud” — they’re all just computers. But before cloud computing teams and companies really needed their own servers. Mac OS X Server — and its long-gone hardware counterpart, the Xserve — enabled small teams to do remarkable things for the time, without the expertise of a Unix guru sysadmin on staff.
Mac OS X Server was never a significant factor in Apple’s financials. But it was a huge factor in re-establishing the company’s credibility with creative people — people with taste — who understand and demand technical excellence.
15 Comments RSS · Twitter
No surprises here. macOS is not meant for power users or sys admins any longer.
At this point, I think it's just easier to run even a basic server on Linux than macOS. I wish I didn't just type that last sentence and mean it, because there was a time some number of years ago where macOS was far easier to use, at least for basic server functionality, than even today's versions of Linux. (Though you'd have been crazy to set up any advanced or enterprise level server in macOS / Mac OS X at any point in its life.)
But now pretty much all its good server software is ports of Linux software, and it's all harder to set up and get working in macOS than Linux. Same with Docker -- it just works better in Linux. Apple has gradually whittled away at one of macOS's greatest accomplishments: being a superb power user OS while still being easy to set up and use for everyone.
Gah. Now I have to grieve all over again.
Sure, you can use Linux. You can even use Linux in a VM, on an M1 Mac (can't wait for Asahi to finish up). But as with AirPort, so much potential, just casually set aside. It doesn't matter that it was completely inevitable ...
And what about a solution for a hosted MDM? What does one do for that now it's gone from Apple? Profile Manager was the devil's work, especially if you were behind a single public IP address and had to run the lazy bastard behind a reverse proxy. But it was the only really affordable solution that didn't essentially require you to roll your own MDM and pay hefty enterprise prices for the privilege.
Fortunately it does look as though someone's reverse-engineered the protocol for obtaining APNS client certificates for Mail. So if you do run your own IMAP, at least you can support push with it. Currently for dovecot but could be used by others, conceivably, like Cyrus or Courier.
I've always been ambivalent about Server because ever since Server Preferences and then the inevitable shift to a Mac App Store app it was clearly all about simplification, and without the work to make it a credible and robust product it was criminally buggy and fragile. But, it's sad to see it dealt the final blow, all the same. Apple is in with all the hip new trends now, but especially the ones that make it rich, like cloud services with dependable subscription revenues. Also because feature parity with iOS is, let's face it, the unstated goal of Apple's higher-ups who have long since ceased to appreciate the Mac as a proud platform of power-users, trend-setters and brand loyalists. Oh, well. Pick up a hypervisor, install Debian or Arch, and be on your merry way. Or grab an Intel NUC or NAS product and run any of a number of pre-built options, for an affordable price ...
Mac OS X Server has long been one of my interests. I cut my server admin/devops teeth on that product, and it taught me a lot about the configuration options available for various services - things that I still carry with me today.
Of course, I have moved on to AWS and FreeBSD now. Lightsail makes that very affordable and easy to get going. But in the back of my mind I still miss what was.
MacRumors mod deleted my comment there for "self promotion" but if you too are missing Server Admin, you can download my recreation of it. I have made several attempts over the years, this is the latest. It doesn't have the ability to administer services on any OS yet... I haven't quite figured that bit out. Did some experimentation, but it got messy and didn't scale well.
A sad day although it's clear Apple had lost interest in Server many years ago. We ran our publishing business (about 50 users) entirely on Server and never required a full time IT person. We ran Mail, File Sharing, Web, Software update, DNS, FTP, MySQL, Open Directory and probably others I can't remember. I imagine most of the services can be sourced elsewhere now
Interesting project Ben, I'd love to have an OS X Server like interface to run a small server at home. I'd also love to see a replacement for the Network Utility app - I miss that more than Server. If I could program Xcode I'd help but alas I can't.
Funny you’d mention that. I’ve been writing a Network Utility replacement but have found few people who give me feedback. If you like, read my post over at https://forums.macrumors.com/threads/network-utility-deprecated-in-macos-big-sur.2242483/page-7?post=30774911#post-30774911 and try the beta linked there.
Soren,
MACOS 12.3.1 will not let this open and will not allow an override to open it.
How about its VPN server that don't require degrees in Computer Science plus Network Security, in this epidemic?
I have been settled on the setup of a Mac Mini (2008) at office and a MacBook Proi 2013 at home with single purpose of running the Server app at version 5.6.3, the last version that supports VPN, DNS, and a few others I don't care, on MacOS High Sierra (10.13.6), the last MacOS that allowed to run this version of the Server app .
With the aid of open source app 'dnsmasq' (a single app integrated DHCP + DNS server), a few lines of domain entries in the Server's DNS setup pane, name-ip binding (DNS and mDNS) magically works in a black box I never figure out how all of these services work together.
The VPN speed is quite acceptable (up to my line speed of 300mbp/s), screen sharing is responsive, remote X session is just as snap as in local network.
The best part, the name-ip binding and name lookup works, magically again, across my home and office VPN.
To open a ssh link or a screen sharing session from office to my iMac at home through VPN tunnel, I just give the name: 'iMacLin'.
Connection in reverse direction works the same;
I can ssh and/or screen sharing my work machine (a MacPro), the said MacMini server, any of my sets of Linux PCs for H/W and S/W testing, even more, running remote X11 session with any of them (Linux native X and MacOS's XQuartz), or running X11 mode Emacs through ssh's X redirect (remember, it's secured in VPN tunnel)
I tried OpenVPN before the above setup. Waste of time. There is no server side of it on Mac, setting up MacProt or other open source port is a science, no easier on a dedicated Linux with all its setup GUI or configuration line editing, it's science? no, its voodoo.
@ Chuck Leavens
Are you on an M1 Mac by any chance? Could you do me a favor and reply over at https://github.com/chucker/AltNetworkUtility/issues/41
@ Monte
>How about its VPN server that don't require degrees in Computer Science plus Network Security, in this epidemic?
I think it's a real bummer (and perhaps a strategic mistake, too) that Apple gave up on this slice of the market, but… honestly, just get a NAS. Synology, QNAP, something like that. Their UI isn't quite as slick but they're in the business of doing this.
@Monte
I did a deep dive into what contemporary software titles I'd bundle in a FreeBSD as MacOSX Server mashup. One of the VPN options I found that looked most interesting was one called Algo.
https://github.com/trailofbits/algo
It looks like its platform agnostic, both server side and client side, which made it seem ideal for a VPN service replacement.
I never discovered what the original Mac OS X Server VPN service was based on. I just remember it was using some weird services and keychain entries named "raccoon" (yes seriously).
@ Ben: yep. It was a front-end for Racoon, which is an L2TP/IPSec implementation. https://en.wikipedia.org/wiki/KAME_project#Racoon
@Monte VPN service is provided by vpnd(8), which is still bundled in current macOS. You could configure that manually, or rely on a convenient port. DNS is provided by BIND, which can be installed manually if desired, and DHCP by the built-in (and still shipping) bootpd(8). Of course you could use a superior alternative to BIND, like unbound, or as you mentioned, dnsmasq.
But maybe at this point you're thinking, "Screw that." That's fair, IMO. Suggestions:
1. Check your router. It might already have basic functionality you can use to provide DNS and/or VPN service. My RAX200 has this nice OpenVPN server in it. I'd never go for it, but it's nice that it's there.
2. Skip DNS entirely; use layer-2 VPNs like tinc, nebula, or Zerotier. The latter in particular is very easy to use, on any platform, because it has central servers for connection setup and interface. It might surprise you; you'll have all the power of "Back to my Mac" without any of the failure modes, or artificial restrictions. Name resolution is then managed using local discovery protocols like mDNS, just as they would be on your local LAN. You get all the niceties too, like you can browse for services in the Finder. Add "local" to your search domain, and you can keep your pretty command lines.
3. Of course, as @Sören suggests, you could just go out and buy some more hardware--a NAS, a router, whatever. Some high-end-ish "prosumer" type routers will do site-to-site VPN for you. Draytek, Mikrotik, ... and of course NAS products can have "packages" for various VPN protocols.
Good luck on your travels.
@Sebby,
I'll take notes about 'layer-2 VPNs like tinc, nebula, or Zerotier' (never touch them) when I'm not chased by project deadline.
The vend(8) no longer works reliably after MacOs 10.13 or 10.14.
I even paid two licenses for a GUI front end to revive it in MacOs 10.12 if I remembered it correctly and no complaints with it until the vendor issued warning of reliability of connection and data traffics when the said MacOs released.
I also considered prosumer grade routers (most running open source network suite with vendor customization + setup UI/GU, on SOC or AP orient X86) and not really convinced: too complicated, too slow VPN speed for the money, etc.
Consumer lever high end router is actually what I need and willing to pay but all their VPN speed is not enough for my needs, plus the big concern of mDNS collaboration.
Did you benchmark the VPN speed of your RAX200 router?
Now, I'm not the MIS at work (the VPNs is fora two guys firmware team, and I don't want waste time for tinkering comfortable and secured VPN sites; an AirPort and a 2nd gen. MacMini shaped AirPort Extreme are the bases plus two retired Macs to complement.
@Monte Sorry to hear vpnd is no longer working for you. Guess that's what happens when you stop shipping an official frontend for it.
I have not tested the RAX200 VPN server yet, but taking another look I might have an honest go of it. It has OpenVPN profiles for both TUN and TAP to support all clients optimally, so layer 2 for Mac and Windows and therefore local name resolution. Indeed, if it were not for the stupidly limited selection of DDNS providers for automatically provisioning the names in server profiles (only Dyn and NoIP) it might actually be all I need! I'll find the time to test the speeds, but it'll be limited by cellular (5G) as that's all I'm using elsewhere, still at least about 300-400 Mbps. One of my internal machines can keep the DNS names up to date with a script to Cloudflare API.
Of the L2 options, if all you want to do is overlay network sites, Zerotier is probably the simplest one to try. There's no "Server"; just install the clients. It optimises traffic between adjacent nodes where it can. It's cross-platform as well. Very easy to use. Tinc and Nebula do need a bit more effort but are a little bit more flexible and slightly more resistant to connection issues, though honestly not by much.
@ Monte: can't really speak for simple modern GUIs, but I set up an OpenVPN server last year (albeit not on a Mac, but that shouldn't matter) and… it's a bit of fiddling, but after that, it works fine. Reliable, reasonably fast, clients for all kinds of platforms (I use their official client on iOS, and Tunnelblick on macOS).
I think a big part is the chicken-and-egg problem: Apple never had that much love for running macOS as a server, so few people used it, and because few people used it, Apple wasn't very invested in it. Compound that by the growing popularity of NASes, and by moving many things to the cloud instead.
For VPNs, these days, a lot of people seem to prefer Tailscale. (I haven't looked into that at all.)
Ah, Mac OS X Server. I knew you well. Many server-level services were very easy to configure by filling in a few fields and clicking a button/box to turn it on. I got a lot of mileage out of it for web services, file services, and thousands of lecture recordings on Podcast Producer. Many of the services were easy enough to set up on their own, but not "easy button" easy.
I was most disappointed when Apple discontinued Podcast Producer, as there wasn't really a good replacement for it without spending a whole lot more money. I don't think they were interested enough to add all the features that were starting to become table stakes for that kind of product though.