Volume Number: 17 (2001)
Issue Number: 09
Column Tag: Network Management

by John C. Welch

A Network Geek in the Big Apple

Well, the expo is over, and another week of mayhem is in the past. While the general news reports make this out to be a disappointing Expo, my experience was the exact opposite. I found this to be one of the first expos where I could easily find products for my world. Considering my world is network management and administration, and of late, training, MacWorld Expo can be something of a disappointment for me, even when the rest of the Mac community is excited. In fact, I had my first indication that this was going to be a ‘most excellent' IT MacWorld before the show had started.

On July 12th, Dartware released their port of net-snmp 4.2.1 for Mac OS X. This happened with very little fanfare, yet for Mac OS X, and especially Mac OS X server, this is of critical importance. SNMP, which stands for Simple Network Management Protocol is a cross-platform standard for managing networks. It allows for remote status checking, and via the trap mechanism, some ability to perform management actions on remote machines. Virtually every computing platform supports SNMP, and although it has its problems, and detractors, it gets the job done, for the most part. Unfortunately, up until the Dartware release, there was no SNMP support in Mac OS X. This was, in my opinion, and I think I speak for many other managers here, a glaring omission. It meant that even on a Unix network, Mac OS X would require special tools, or be unable to use many of the standard management tools out there, such as CA Unicenter, HP OpenView, etc. This was a major obstruction to Mac OS X being a first class network citizen.

But thanks to the folks at Dartware, we have a first - class SNMP implementation for Mac OS X. Even better, it's an open source implementation. Better still, it's based on the BSD license, and not the GPL. This last difference is important, especially to Apple. For a corporation, such as Apple, the GPL is a minefield. The GPL requires you to post any source code for any product you create that incorporates GPL - licensed source code. So for Apple, if they use GPL code in Aqua, for example, they would be required by law to post all the source code that relates to the parts of Aqua using GPL code. In this sense, the GPL is almost a kind of viral license. Now, the argument could be made that the FSF, (Free Software Foundation), who owns the GPL copyright doesn't really tend to sue people over this. But legally, that isn't the point. The fact is, if the FSF did choose to take this action, then Apple would be forced to comply, or withdraw immediately the affected components until the GPL code could be removed. Considering that the head of the FSF, Richard Stallman, is well known for his intense dislike for Apple as a corporate entity, betting on his good will is not a wise choice.

The BSD license, on the other hand, makes no such requirement. You are allowed to use the code under the license freely, and although you are encouraged to return the code of the results to the community, you don't have to. This is a far more ‘open' open source/free software license than the GPL, and for Apple, a far better one. This means that at some point, if they desired, they could incorporate net-snmp into Mac OS X and Mac OS X Server, and not have to worry about what corporate information they would be required to release. It means that the chances of this happening are far higher than they would otherwise be, and that we, as the community of Mac network managers have a better chance of getting a much needed improvement faster than it would have happened otherwise.

You cannot discuss MacWorld Expo without mentioning the Keynote. Much has been made of this already, and I think that many of the opinions show signs of being made quickly, without any real thought. My take on it was that this was a maintenance keynote, and deliberately so. Some conversations I had seem to prove this out. In all honesty, there wasn't a lot of "wow" this time around. Yes, the new G4s are nice, and the new speaker system in them is nice, and people seem to like the new cases a lot. Faster iMacs are always good, and though I personally liked the Flower Power design, enough folks disagreed with me, so the new cases are conservative in color. We never actually got to see the 700MHz iMacs, so there is some room there for Apple to introduce something radical at the high end. No new iBooks, no big surprise, they aren't that old. No new Titaniums, no CD-RW options for them. Again, no big surprise on that score, I have yet to hear about a CD-RW mechanism that is thin enough to fit in a TiBook. The announcements from the '10 on X' vendors were interesting enough, especially the way Adobe seems to have re-invented Publish and Subscribe. The only sour note was Quark, who, in spite of being ridiculously late with Xpress 5, insists on telling us that the Carbon version of Xpress is right on schedule. Well, in geological terms, I suppose it is. Tip from a customer, if you are late on a product, don't tell me how cool the next version will be. It makes you look silly.

The scandal over the pitched camera was silly. First of all, how much thought does it take to ensure the thing is plugged in and working before the keynote. Secondly, Steve didn't wing, fling, or pitch the thing at anyone. He tossed it to someone about fifty feet away. Physics tells us that to get the camera to fly fifty feet, it needs a certain amount of force. The person on the receiving end bobbled the camera and the batteries got dropped. That's it, no attempt by Steve to take someone's head off with it.

The Mac OS X 10.1 demo was a good idea, it was necessary to see that we will be getting the OS that OS X is supposed to be. Like many, I would have liked a CD to have been taped to my seat, but I can wait until September. The iDVD 2 demo went on way too long, as did the commercials. Then again, the seats in the keynote room weren't exactly comfortable for long periods of sitting.

From my point of view, the most telling moment was Steve thanking the families of Apple employees. As soon as I saw that, the keynote really made sense. This was Steve essentially apologizing to the partners and families of the people under him for the insane work hours they have been putting in. Think about that, and think about the 2001 time line that we saw at the keynote. With the exception of the iMac, Apple has, in the last year, come out with a new hardware lineup. Even the G4 tower has a new motherboard design, along with the new case. Mac OS X has been released, and had four updates. iMovie, AppleWorks, FileMaker Pro, FileMaker Pro Server, and iTunes are all native. Apple has participated in, or put on, three trade shows, a developer conference, and sent people to MacHack. Apple has been killing itself, and these people need a break. A chance to go back to twelve hour days instead of twenty hour days. A chance to send people home on the weekends. A chance to get eight hours of sleep instead of two. I know some of the Apple folks, and they look exhausted. Remember, Apple isn't a startup. Even under the best of economic times, this company is not going to have a 200% increase in stock value. These people have salaries, they can leave Apple, and work elsewhere. They can also get so burnt out that they leave the business entirely. That would be a shame, as these are also some of the smartest, most creative, and at least for the folks I know, some of the nicest people I have ever met.

So, at least to me, that was what the keynote was about. Some new stuff, a reminder of exactly how furiously Apple has been working since January, and a chance to give Apple employees a day off or two, maybe even a vacation.

The show floor and seminars were packed with people, even if the vendor numbers were down this time. From an IT point of view, Mac OS X has had a huge impact on the show, as compared to San Francisco's show. The amount of products available for the new operating system is simply huge, and even allowing for most of it being pre-release or other forms of beta, I was more than impressed.

On the traditional networking front, Netopia had not only their Timbuktu pre-release out for demonstration, but an early alpha of netOctopus, their network administration framework as well. Timbuktu for Mac OS X allows you to control not only other Mac OS X machines, but Wintel machines, and Mac OS 9 or earlier Macs too. The implementation for Mac OS X is as full - featured as the other versions, including the AppleScript dictionary. Other features include live dock displays of remote sessions, and a floating tile that replaces the Mac OS 9 menu extension. The tile is patterned the same as the Mac OS X menu bar, so if you drag it to a clear spot on the menu bar, it looks like a menu extension. Hopefully, with version 10.1 of Mac OS X, this can actually live in the menu bar, although I would like to see the menu tile become an optional convenience. The netOctopus alpha I saw was looking really good, and has some new features that users of this excellent product have wanted for a while, including the ability to get the machine hardware number of the Mac via the Apple System Profiler. Color information is now included, which, thanks to Apple identifying machines via color, is a needed informational item. The SNMP module was there, and hopefully, this new version will add support for SNMP traps, bringing netOctopus up to the level of higher end network management applications. For an application which is still the only cross-platform management program that can run on a Mac as both server and client, it is good to see that Netopia's commitment to the product is unwavering.

Another company with a similar unique position in the Mac market is Dantz, and to show their continued drive to make Retrospect the best backup program on the planet, much less the Mac market, they announced the first OS X - native version of Retrospect Server, version 5.0. This is a Carbonized version of Retrospect Backup Server, and is more or less a port of the 4.3 Mac server. As such, other than some speed improvements, and the ability to handle Mac OS X clients properly, there are not many architectural improvements to the server. However, Dantz is working on bringing Retrospect into the Cocoa world, and working on bringing over the improvements they made when they created the new server architecture for their Windows products.

This will allow Dantz to give Mac administrators a high end backup server that can handle larger networks, and higher end backup devices better than the current versions. On the client side, Dantz has done an excellent job with the Mac OS X and Mac OS X Server betas of their clients, both Cocoa front ends to background daemons. This split architecture, common in the Unix world has allowed for some pretty significant performance increases. My own experiences have shown a consistent two to three times increase in backup speed between the Mac OS 9 and Mac OS X clients. (On one machine, a G4/450, on a clean switched 100 Mb network, the backup speed went from 60 - 90MB/min. to 120 - 230MB/min, with no other changes than OS and client.) The other performance increase is that other than an increase in disk activity, the user doesn't notice the backup happening, so they can avoid having to set the client performance slider to the low end of the performance scale, avoiding the slowdown in backup speeds that always results. Dantz is also seeking feedback on client support for other Unix operating systems, so if you want to see a specific Unix supported, let them know.

FileMaker announced the server version of their database application, a Cocoa version. Like the Retrospect client, FileMaker Pro Server features a factored interface. This allows the database server application to run independently of the user interface on the server. This allows the server to run without an active login, and without the overhead of the user interface. While new for Mac users, this is how databases such as Oracle and DB2 run, and moving to this split architecture is critical for FileMaker to begin giving FileMaker Pro Server the kind of performance and capability that it needs to keep on growing as a database server. Another advantage to this split implementation is that it makes porting FileMaker Pro Server to other Unix architectures easier, and FileMaker has done exactly that, by also announcing the release of a Red Hat Linux version of FileMaker Pro Server. This now allows FileMaker administrators to run their servers on higher-end hardware, while still maintaining a Unix server environment, avoiding the issues created by introducing Windows servers into such an environment.

Mac server stalwart WebSTAR is also being revamped for Mac OS X, even in the face of the major question of why? After all, if you get Apache free with Mac OS X, why pay money for a third party web server? Well, WebSTAR is more than just a different version of httpd, the web daemon in Mac OS X. First off, WebSTAR has been completely rewritten for Mac OS X. Although 4D started to try and just do a Carbon port of the Mac OS 9 version of WebSTAR, the complexities in the old WebSTAR code created an immense barrier to doing this. In the end, it became a better, idea to rewrite the server from the ground up. This allowed for several advantages. First of all, the WebSTAR server process is actually a BSD Unix application, not really Cocoa or Carbon. This allowed 4D to avoid any overhead for an administrative interface within the server, adding speed and stability. The administrative interface is a Java application, allowing it to be run from not only Mac OS X, but also from Windows, Solaris, or any platform with adequate Java support. 4D was also able to add Altivec optimizations where appropriate, so not only can WebSTAR take advantage of multiple processors, but also takes advantage of the vector units on those processors.

WebSTAR has some other differences from Apache that give it advantages over Apache. One of them is the security model that WebSTAR uses. WebSTAR has its own user database, rather than using the NetInfo database in Mac OS X. While inconvenient in the sense that an admin has to set up users in two places, this means that if someone is able to crack an admin password in WebSTAR, they do not automatically have the keys to the kingdom. They may be able to do evil things to WebSTAR, but they still have to get a different password to root the OS X box WebSTAR is running on. WebSTAR also doesn't run as root, so even if a cracker manages to get WebSTAR to run unauthorized code, they are not doing this as root, limiting the damage they can do easily. WebSTAR does not run as part of inetd, so trying to use WebSTAR as a way to crack this root level service fails as well. WebSTAR also includes support for AppleEvent CGIs, so WebSTAR administrators with a library of AppleScript CGIs don't have to convert them to Perl, or some other language. Finally, 4D is conducting an extensive line - by - line review of WebSTAR's source code, so that any code- level bugs that could allow security breaches can be caught. 4D is very aware of the expectations that WebSTAR's success in repelling crackers has created, and are sparing no effort to live up to those expectations.

Another application that has long been the only one of its type on the Mac is 4-Site Fax server. The only multi-line, LAN - friendly fax server on the Mac, 4-Site has languished through some changes of ownership, and its user base wondered when it would simply be killed off. Well, luckily, some former developers and users of 4-Site have bought it, and were showing off the OS X version. Version 5 of 4-Site is a Mac OS X - native server, with some excellent new capabilities. First off, it now supports TCP/IP, so the former requirements the Mac server had for AppleTalk are gone. Also, the new version features client - independent email integration, so users can send and receive faxes via email, without needing a fax client. This integration has an added benefit in that you can set up a machine to relay emails to the fax server, so that you could allow for multiple users per client, a lightweight way of taking care of the fax needs of those users who don't need a full-featured fax client. When using the email integration, faxes are received as PDF documents, so things like OCR and other post - processing operations are simplified. The client itself is a Java application, and when I asked if this meant that any platform supporting Java, outside of Windows and Mac OS X could use it, the reply was, "I don't see why not. We haven't tested it, but it should work." If the 4-Site client is able to achieve this level of cross-platform support, this would make it one of the leading fax servers on the overall market, not just the Mac market. The new server, a Carbon application, will be able to handle up to 16 in/ outbound lines, giving 4-Site a serious fax handling ability to start with. If 4-Site is able to work with the major telephony hardware developers, then Mac OS X could easily become a major force in that market.

Our final entry is Dartware LLC, and the release of a Mac OS X - native version of its InterMapper application. This is one of the best network monitoring applications available on any platform and Mac OS X gives it the stable base that it needs to run 24x7. InterMapper not only is able to use SNMP to monitor a network, but can use other protocols such as POP3, IMAP, HTTP, HTTPS, FTP, SMTP, FileMaker Pro Server, etc. to make sure that not only is the machine up on the network, but that the services it provides to the network are functioning as well. InterMapper takes a different approach to this than many similar applications. Instead of a client agent - based approach, which checks these services internally on the machine they run on, or via a loopback mechanism, InterMapper uses external queries, of the same type that a client for that service would use. So it sends out POP3, FTP, SMTP queries, and waits for the correct response. This is important for two reasons. First of all, especially on Unix servers, the server itself can still be running, even thought the services it is responsible for have crashed. So simply seeing if the box is running is not enough. Secondly, you can have a case where the server has gone deaf, and isn't processing external requests, even though it shows the services as running. By checking these services as a client would, the status of the service can be more accurately checked. The SNMP capabilities of InterMapper are top notch as well. Trap notifications to InterMapper are supported, and InterMapper can send its own SNMP traps to other applications, handy if InterMapper is monitoring part of a larger network run by things like HP OpenView, or Tivoli. The SNMP monitoring not only checks uptime, run status, packet errors, and other things, but is also used to create live traffic level maps, so you can look at an InterMapper map, and see traffic use in real time. (Hence the importance of Dartware's SNMP client release. This is invaluable for a Network Operations Center, (NOC). The alarms and warnings in InterMapper are configurable to your needs, and in addition to the trap report mechanism, InterMapper can notify you of problems via email, pager, and audible alarms.

Off the show floor, there was the customary excellent array of sessions and workshops available to educate attendees on almost every aspect of the Mac and the Mac OS in almost any implementation. While a conflict of interest prevents me from actually reviewing sessions, (I gave two sessions, and assisted on a third, also giving a pre-show workshop on Mac OS X.) I think that if you are going to take the time to go to an Expo, attending a session or two will greatly increase the value you get from the Expo.

So, in spite of a keynote without some amazing new announcement, the 2001 MacWorld Expo New York was an excellent show for network administrators. I will not begin to claim that I saw everything, much less covered it here, but hopefully, the items I was able to cover will give you a reason or impetus to attend your first expo, or to continue going.

John Welch jwelch@macseminars.com is a Training and Unix Specialist for Complete Mac Seminars, the premiere Mac OS training organization. He has over fifteen years of experience at making computers work. His specialties are figuring out ways to make the Mac do what nobody thinks it can, showing people that the Mac is the superior administrative platform, and teaching them how to use it as just that.