Apple Training Series: Mac OS X System Administration Reference
Posted: 14-Sep-2006

Mac Guild Grade

Publisher: Peachpit Press


Reviewer: Rick Davis $53.99

Apple Training Series: Mac OS X System Administration Reference
By Schoun P. Regan
ISBN: 0-321-36984-X
848 pages, $53.99

What the Book is About
This book is a technical guide providing information on OS X and OS X Server's technical architecture. It teaches the reader how to install, configure and administer Macintosh OS X clients and Macintosh OS X Servers. It also guides you through joining an Active Directory network. Along with sections on Security Administration and Networking and File Services. This book is designed to compliment Apple's Directory Services Integration, Administration for Client and Server, and Security and Best Practices training courses, and is part of the Apple Training Series. The book takes you through 29 lessons with a review of what you have learned at the end of each lesson. As well as a short quiz. The accumulated answers will give you an idea of what it takes to pass the Apple Certification Exam for Help Desk Specialist, Technical Coordinator and System Administrator.

Target Audience
The level of this book is intermediate to advanced. This is not light bed-time reading or even a weekend novel. Most people will never read it from front to back. It will be used more as a guide to troubleshooting or a reference for particular configuration assistance. Most readers will already have a basic understanding of the topics covered and will be looking for clarification or more in-depth knowledge.

What to Expect
The book begins with a section on Directory Services Administration covered in eleven lessons.

Lesson 1 is Understanding Directory Services; this lesson explains the benefits and features of directory services in Mac OS X version 10.4. You will learn the how directory services provide common data to multiple services. Basically directory services allows user information to be stored in one database and accessed by multiple computers bound to that directory. Apples implementation of directory services is called Open Directory.

Lesson 2 is Accessing Local Directory Services; this lesson explains how Mac OS X accesses directory data stored on the computer, how to configure Mac OS X for local data access, and how to manipulate local directory data. Local directory service info is stored in a NetInfo database (NetInfo was also used on OS X Server prior to Panther).

Lesson 3 is Accessing Mac OS X Server Directory Services; this lesson shows you how to access an LDAP database. Panther Server introduced a directory service called LDAP to Mac OS X networks, LDAP is an industry standard way of accessing data from within a directory used by Unix and Windows clients using Active Directory.

Lesson 4 is Integrating Mac OS X with Third-Party Directory Services; this lesson will explain how to configure Mac OS X to retrieve data from networks using an already established infrastructure using Network Information Service, Active Directory and NetInfo using third-party LDAP plug-ins.

Lesson 5 is Integrating Mac OS X with Active Directory; this lesson goes more in-depth into configuring Mac OS X to access the same directory records as the Windows computers on an Active Directory network.

Lesson 6 is Kerberos Fundamentals; this lesson show how Kerberos works and how to integrate Mac OS X computers with Kerberos. Kerberos provides authentication and secure, single sign-on service for network services.

Lesson 7 is Hosting OpenLDAP; this lesson will show you how to configure Mac OS X Server to provide the directory service LDAP, how to import and manage the directory data and how to fine tune the server for performance and security.

Lesson 8 is Providing Single Sign-on Authentication; this lesson is on how to use Apple's tools to simplify the configuration of Kerberos and Password Server to provide single sign-on authentication.

Lesson 9 is Integrating with Kerberos; this lesson covers how to integrate Mac OS X and Mac OS X Server with an already established Kerberos infrastructure.

Lesson 10 is Replication; this lesson is how to configure a Mac OS X Server to act as an Open Directory Replica. An Open Directory Replica provides a backup of the Open Directory Master through replication of the LDAP, Password Server and Kerberos data using synchronization.

Lesson 11 is Planning and Deploying Directory Services; this lesson shows you how to evaluate your needs and determine how many, if any, replica servers are need. How to plan for deploying networked user accounts for a mix of Mac OS X and Windows computers. And gives you an understanding of the security precautions you should take when setting up a directory service.

The second section is all about Security Administration and covered in ten lessons.

Lesson 12 is a Mac OS X Security Overview; this lesson will help you understand the purpose of the components of the Mac OS X security architecture.

Lesson 13 is Securing the Local System; the lesson introduces the four layers of Mac OS X local security. Physical security; if a person has physical access to the computer they can eventually bypass any firmware or OS-based protection. Open Firmware security controls the boot process unless this is secured with and Open Firmware password a person can use alternate boot methods (CD/DVD, Target mode, etc) to bypass normal access controls. Password-based user authentication; if a person can steal or guess passwords the can gain access by impersonation. User account-based access controls; Access controls are file permissions and administrative access regulations. If these are not set properly a user can access files they should be locked out of and they also may be able to reset user passwords or modify Open Firmware security settings.

Lesson 14 is Optimizing Data Confidentially; in this lesson you work with several security techniques to ensure that only intended recipients see the data you want to share.

Lesson 15 is Mobility Security Concerns; this lesson discusses security risks associated with mobile technology and how to implement Mac OS X security features for these technologies.

Lesson 16 is Secure Network Connections; in this lesson you learn how to prevent attackers from breaching your network.

Lesson 17 is Secure Authentication; this lesson explains the authentication process. Authentication is the process of proving your identity.

Lesson 18 is Secure Network Configuration; this lesson teaches you methods for implementing a secure network design, including NAT, VONs and Firewalls.

Lesson 19 is Mail Security; this lesson discusses how to secure your email and how to reduce spam and virus email.

Lesson 20 is Web Security; this lesson covers ways to configure Safari's security features, how to setup a secure website using SSL and how to setup a proxy server to block selected sites.

Lesson 21 is Maintenance, Intrusion Detection and Auditing; this lesson will show you what files to watch for modification, how to detect malicious software, and how to use virus protection software.

The third section is Networking and File Services covered in eight lessons.

Lesson 22 is Unmanaged Networking; this lesson shows you how AppleTalk and now Bonjour allows you to create a network without performing any configuration.

Lesson 23 is IP Network Services; in this lesson, you'll learn how to configure a Mac OS X computer to connect to a managed network and how DHCP and IP services work in Mac OS X.

Lesson 24 is mac OS X Network Architecture; this lesson takes you into the nitty gritty aspects of Mac OS X to better understand how networking works.

Lesson 25 is Resolving Network System Issues; in this lesson you learn the Mac OS X utilities and command-line tools to monitor network activity, which will help you troubleshoot network connections, printing and directory services issues.

Lesson 26 is Maintaining Local Volumes and Files; this lesson describes the advantages and disadvantages of HFS+ and UFS formatted volumes and how to use various tools to determine and monitor disk space usage.

Lesson 27 is File Permissions and Flags; in this lesson you learn how to use the command-line to set additional file permissions and locks. Also how to find and clear locked files. Also how to use Disk Utility to repair permissions.

Lesson 28 is Network File Services; this last two lessons focus on file sharing in Mac OS X. In this lesson you learn how to turn on and off the three file-sharing services provided in Mac OS X, Apple File Protocol, Server Message Block and File Transfer Protocol.

Lesson 29 is Mounting Remote File Systems; this lesson discusses the mechanics behind each of the three file-sharing services. You will also learn how to automount shared volumes on startup or login. And how to use the command-line interface to mount an unmount volumes and troubleshoot mounts.

The final section is a "vi" Reference and a Basic Command-Line Reference ("vi" is a command-line editor commonly used to edit flat text files). The Basic Command-Line reference covers the most commonly used commands out of the hundreds of commands that can be used by administrators in the command-line interface.

In my position I am often called upon to troubleshoot issues involving configurations that were setup long before I got involved. This book gave me a starting point to help resolve these issues. Prior to reading this book I had a working knowledge of some areas and almost no knowledge of some networking features and functions administered by others. With the help of this book, I felt confident enough to take the first exam required to become an Apple Certified System Administrator. I passed the Mac OS X Support Essentials v10.4 Exam last week and hope the knowledge I am gaining reading the more advanced topics will result in success when taking the Mac OS X Server Essentials v10.4 Exam next month.

Since my plan was to take at least two of the Apple Certification exams this summer, I was pleased at the way this book is organized into 29 lessons with review and quizzes. This layout also makes it easy to look for specific answers without having to read through hundreds of pages of information. Any one of the three sections in this book is worth having in your library. To have all three of them in one book is a bonus.

Mac Guild Grade
A+ (Awesome)

Final Words
Author Schoun Regan has a clear and precise way of writing without losing the reader in mindless geek babble. While some of the topics are clearly more advanced than the average user will ever need, Schoun approaches them in a way that gives you a basic understanding at a glance and an in-depth look with further reading. I think this book is a must have for anyone serious about administering or troubleshooting Mac OS X in a network environment.