[Tiauguinho]

Guys,

I'm about to buy an Xserve for my company, which will serve as a Webserver for our Webpage and Webstore, as a webmail server for us, print server and it will hold our local network.
We will have around 4 to 5 computers connected to it.
What I would like to know is your personal reviews about the Xserve and Mac OSX Server.

Can i configure it safely to hold our local network and our internet webpages? sorry for this stupid question, but i'm very new to server administration and I dont want to make any mistake.

[Camelot]

In general, Mac OS X Server/XServe is no less secure than any other Unix system (which is to say it's an order of magnitude better than any Windows-based system)

Where you gain is in server administration. The Mac OS X Server tools make setting up basic server applications a breeze.

Since you'll be running both internal (print server, local network services) as well as external (web server, mail server, etc.) you should use a firewall. At the very least setup the two NICs separately - that is, one NIC for the external services and one for the internal services. This will help secure your system.

[Tiauguinho]

One more question... I've been checking the cost of having a dedicated internet line for the internet services, but they are way too expensive here in Portugal! Is a DSL line of 1024/256 good enough to serve a Webpage with an Online store? The traffic that I might have is not too big, probably 30 to 40 persons per day. Is it a viable solution? I ask this because I would like to serve the webpage on my own and not renting space on the ISP servers. What do you guys think of it?

Camelot, can you please explain what a NIC is and how to set it up?

[Tiauguinho]

One more question regarding the Xserve... Is it easy to manage the Server remotely? Can I do it from home?

[Cipher13]

NIC = ethernet card.

DLS... 1024/256 isn't great. 256 / 8 = 32KB/sec. Not wonderful at all.

Yes, you can remote admin. OSX Server comes with a remote admin package, but it wont be all you want... Timbuktu (OSX version?) or Remote Desktop (piece of **** program) will give you GUI access to the XServe, and ssh access is possible, of course, albeit a security risk.

[utidjian]

Originally posted by Cipher13:
(snippage)...... and ssh access is possible, of course, albeit a security risk. [/B]

How, exactly, is ssh a security risk?

[Camelot]

Originally posted by utidjian:


How, exactly, is ssh a security risk?

Any time you open your machine to connections from the outside world, there's a risk. Even Apache (the web server shipped with Mac OS X) has been the target of hackers using bugs in the program to compromise the servers they run on.

SSH versions up to 1.5 included a notorious problem that made it easy for a hacker to slip in on the back of a legitimate connection. Luckily for us, Mac OS X ships with SSH2 which doesn't suffer from this problem (as far as we know )

So generally, any server providing connections to the outside world is a potential gateway for hackers to get into your system.

[PCTek]

Originally posted by Camelot:


So generally, any server providing connections to the outside world is a potential gateway for hackers to get into your system.

That's like saying "Any car with glass windows can be broken into, because, umm, glass can be broken!".

Any real threats to the security of the machine will be announced and patched by Apple. If you use any other services not provided by Apple, keep up to date on that software's website and check if security fixes are out.

If you're using basic HTTP/SMTP/POP3/IMAP/FTP/SSH/blahblah, then don't worry about the services being insecure, just make sure the users secure their accounts properly (proper passwords, etc)

[Cipher13]

Originally posted by PCTek:


That's like saying "Any car with glass windows can be broken into, because, umm, glass can be broken!".

Any real threats to the security of the machine will be announced and patched by Apple. If you use any other services not provided by Apple, keep up to date on that software's website and check if security fixes are out.

If you're using basic HTTP/SMTP/POP3/IMAP/FTP/SSH/blahblah, then don't worry about the services being insecure, just make sure the users secure their accounts properly (proper passwords, etc)

Err, exactly. Any car with glass windows can be broken into.

As long as you have open ports, you're at risk.

The only most secure is one that's turned off and locked in a safe. Even then, don't be 100% confident.

Apple can only announce and patch problems when they find them. That means nothing. Too little, too late, in some cases. Don't give the impression that http, smtp, pop3, imap, ftp, ssh, blah blah servers are foolproof - as you have. That is totally incorrect and extremely arrogant.

[006]

If you are worried that your server is possibly listening on ports that you don't want it to; run "netstat" (either locally or via SSH).. It'll tell you all the listening ports - very useful for paranoid people like myself.

If you want a LIVE version (normally netstat only shows a snapshot of your NIC state), use my program Net Tool Box ..