With Mojave, Apple removed or migrated several services that were in the Server App. Anything related to this is game in this thread, as we can definitely learn from each other.
I am most interested in two things:
a) What have you done for DNS? Apple has a tech note listing BIND, Unbound, and KnotDNS as possible replacements.
b) How reliable and usable you have found permission setting through file sharing?
We discontinued all use of Apple Server three or four years ago now in favor of other products.
For DNS: We either use the firewall itself, or the DNS service on Windows Server, depending on the needs of the environment.
For File Storage: We either use cloud based solutions (OneDriveForBuisness, Google Drive, DropBox) or if an onprem solution is needed we use Synology NAS or the File Service on Windows Server, depending on the needs of the environment.
For Groupware (email/calendaring/contacts/etc) if you happen to be using the services on macOS - Move to Office365 or GSuite
For Authentication (OpenDirectory) - See if you can get away without needing it at all, just run local accounts. If that doesn’t work for you, then you can use the ActiveDirectory service of Windows Server, potentially with NoMAD instead of actively binding them.
For print serving we are either relying on AirPrint directly from the printers themselves if we aren’t managing the devices, with the occasional direct mapping as needed - or we are deploying a solution like Printix or PrinterCloud to manage our printing.
If we were using Profile Manager (Essentially the built in MDM solution thing) - we are moving that to a standalone MDM platform. Mosyle Jamf Meraki System Manager and Microsoft InTune are all common options for this. Which we use depends on what we need to do.
The partial exception to all of this is XSAN - if you have XSAN in your environment, moving to something else may or may not be something immediately in the cards. By and large using a modern high performant NAS with NFS access over 10Gb ethernet is probably the direction you want to go. But that involves a lot of environment overhaul - so if you have XSAN and it’s working, I’d keep using it until you can architect a migration away from it.
I think the most important thing I’ll say is that as you move forward, make decisions which result in a simpler environment, and which help get better tools in your team members hands faster. This mindset will not only drive down the total lifecycle cost of your IT environment, but also facilitates the success of your team.
-Karl P
We moved partially away from Apple Server about 15 months ago and are still transitioning some stuff.
for DNS: as per Karl, use your router you can, but bear in mind that if you want AD, your AD device will insist on being the DNS. Consider using secure DNS services such as OpenDNS or AdGuardDNS in order to reduce risk of malware to internal devices.
for File Storage: Don’t use external Cloud services if your users work on large files (e.g. video or PowerPoint/Keynote with lots of images and graphics), unless you have a VERY fat bandwidth pipe e.g. >250Mbit/s uplink speed. If you are only storing standard Office files, then you can get away with Cloud storage if your uplink speeds are >20Mbit/s for a small number of users. Bandwidth restrictions also cause problems with database applications where the server is off-site (e.g. Access, FileMaker). For a solid on-site file store, Synology is great, otherwise QNAP or similar NAS work well.
Mail: Use your ISPs own IMAP service, unless you have a large number of internal users.
Other Groupware: Synology have these built in as do most of the other linux-derived NAS products.
Authentication: If you need hot-desking, you are going to need help. Macs authenticate nicely (e.g. Bind) with Active Directory (either Microsoft or Synology), but getting home folders working correctly is a real pain (I’m still trying). Basically, Apple deprecated and removed some of the Network Home functionality from the Mac Client, so be prepared for a challenge if you need users to jump from one machine to another and have their home directory files (which includes Mail BTW) move with them.
Printers - we are currently manually configuring these to provide notifications to our ICT email address (OKI devices), but otherwise use the printers own built-in print servers.
Profile Manager: I’m still not sure what to do here and looking at all the options that Karl lists. I run a small charity here with very limited IT budgets, so cost can be a major implication. It would be nice if someone could do a summary/review of the various MDMs as to pros/cons of each.
Again, I agree with Karl – keep things simple. We are now reaching the point where IT is becoming a bottleneck in the work we do. Not necessarily because it is overly complex, but because it needs a lot of work to get data in the right form. If we had started doing it from the start, it would be simpler. I am now trying to capture information that should be easy, but is still held on manual paper or spreadsheet records, but transitioning to a database-centric solution is proving to be very much hard to implement as I am constantly playing catchup.
-Russ