TweetFollow Us on Twitter

A Look At Panther Server

Volume Number: 20 (2004)
Issue Number: 4
Column Tag: Programming

Patch Panel

by John C. Welch

A Look At Panther Server

Digging past the hype into Apple's latest server OS

Mac OS X Server: A Major Reach for Apple

Now that we've all had a few months to weigh in on Mac OS X Server 10.3, I figured it was time to see how it stacks up against the previous version of Mac OS X Server and other server OS's, primarily Windows 2000/2003 Server. This is less a review of Mac OS X Server as a product, and more a look at how it does the job as a server. (Keep in mind print lead times, this article is based on Mac OS X Server 10.3.3

New Features

There is a plethora of new features in Mac OS X Server 10.3, that cover almost every feature of the product at almost every level.

Single Signon/Kerberos

For network administrators, Mac OS X Server 10.3 represents Apple's first serious attempt at one of the holy grails of any network, Single Signon. The idea for single signon is simple: you sign onto the network one time, and after that, you are authenticated for any network resource you may need. So, in a perfect single signon environment, you will log on to your Mac running Mac OS X 10.3.x (You pretty much have to be running Panther for single signon, aka SSO to work). The user id and password you provide gets you all the credentials you need for everything from network file shares to email to printing. Does Apple achieve this? Well, as we shall see, mostly.

Apple is using MIT's Kerberos security system as the basis for SSO in Panther. Kerberos is an open standard for network security, and it is designed to allow for a highly secure environment that is secure without needing a firewall. (Considering that Universities need to be highly open environments, and often use protocols that do not play well with firewalls, the need for security without a firewall is critical.) Kerberos is a network authentication mechanism. Its purpose is to validate that the person trying to get to a resource is a known person. Other services then use this authentication to authorize that person to use that service or services. This is an important distinction. Kerberos does not allow you to get at share "foo" on AFP Server "Bar". All Kerberos does is say "whomever is authenticating as principle (Kerbspeak for user id) TAFKAP has indeed successfully authenticated (or not) as that principle." It is then up to the service to decide if that person is authorized to make use of its services or not. Kerberos is a cross - platform, standardized way to do authentication. (I'm not going to go into an explanation here, because there is an excellent functional and descriptive explanation of Kerberos in Mac OS X written by Joel Rennich at AFP548.com: http://www.afp548.com/Articles/Panther/kerberos1.html)

So, thanks to the way Kerberos works, it is highly compatible with SSO systems, so Apple has implemented a (mostly) stock MIT KDC in Mac OS X Server, and Mac OS X Server is now able to act as a Kerberos Domain Controller, or KDC.

Open Directory

Open Directory, now Open Directory 2 has received major attention from Apple as well. It is now based on OpenLDAP, and uses that, along with the BerkelyDB as a data store to provide fast, scalable, secure directory services for Mac OS X Server networks. NetInfo is still there, but by default, it is used only for local machine records, and is now considered a legacy service. LDAPv3 support is much improved, along with BSD Flat Files and NIS (Not NIS+) support. The big news here however is the addition of an Active Directory plugin, which allows Mac OS X Server to directly and more cleanly access Active Directory networks without the schema change workarounds that Jaguar server required.

Admin Tools

The Server Admin tools have undergone yet another change. Now, actual server administration is done from the aptly named "Server Admin" application. It controls all non - user/non - client management. Along with greatly improved interfaces for the Firewall, NetBoot, Open Directory, etc. is the ability to manage multiple servers from a single window, and apply standard settings to servers via drag and drop from another server. Apple has promised to make the APIs for Server Admin available, so that third parties can write their own management console interfaces. Sybase has already released a plug in for Server Admin that allows you to manage their ASE 12 Database under OS X. Hopefully Apple will encourage the Mac version of the Windows MMC snap-in market.

Workgroup Manager gained some improvements; most notably the ability to directly browse and edit LDAP information in Open Directory without needing what is still one of the most awkward tools on the market, NetInfo Manager. With NetInfo taking a notable step back in Mac OS X Server 10.3, to continue using NetInfo Manager for LDAP administration tasks would have been very silly. Server Monitor is essentially unchanged from Jaguar Server.

The second major change in Mac OS X Server 10.3 is the addition of a plethora of command line tools for running your server. Better directory services tools, user and group management, etc. Pretty much everything you can do with the GUI tools can be done via the shell and vice versa. While the command line may seem to be the antithesis of the Mac experience, any administrator knows that a good set of command line utilities can let you get a lot of tasks done far faster than the same tools as a GUI, especially if you are stuck with dialup access.

(While Apple Remote Desktop, aka ARD has been improved, and the client portion is now a standard install for Panther, since the administrator part is not a shipping part of Mac OS X Server's default configuration, I won't be talking about it here.)

Client Administration

The Managed Client for OS X, (MCX) services have been updated for Panther. The new feature for this is the Mobile Account, which allows for managed laptops to still function as part of an Open Directory system, even if they cannot see the Open Directory network. This is a major plus for schools and other cases where you still want to manage your users, even when they are off the main network.

Services

New in Mac OS X Server 10.3 is the JBoss Java Application server, another sign that Apple is serious about playing in the Java market. The email server has been completely replaced with Postfix and Cyrus. This finally gives Mac OS X Server email capabilities that are as first rate as the rest of the system by incorporating robust, scalable, and secure email subsystems that are well respected regardless of platform. Thanks to the Kerberos features of Cyrus and Panther, if your email client is Kerberized, then it can take advantage of SSO for email services. This is an important upgrade as the previous mail server in Mac OS X Server was simply unsuitable for heavy-duty email services.

Windows services are upgraded with the inclusion of Samba version 3.X in Mac OS X Server. This upgrade allows Mac OS X Server to work as a Windows NT 4 Primary Domain Controller. Other changes help create better integration for users logging in from a Windows machine to Mac OS X Server.

If you haven't gotten the idea by now, there's almost nothing in Mac OS X Server that did not get a major upgrade or at least serious attention in 10.3.x. But a feature list is only half the story. The question is, did Apple do things well or not? Mac OS X Server 10.2 was a pretty mixed bag of issues, and was, in my eyes, about 50% of the way to being what it should be. So now, let's look at how well Mac OS X Server 10.3.X is doing here.

The Good

So the first thing we should look at is what Apple did right. Well, as of 10.3.3, there's a lot to like about Mac OS X Server. At the top of the list is the mail server. The previous server was an albatross around the product's neck. It was unable to keep up with the rest of Mac OS X Server, and was simply unsuited to modern email needs. The inclusion of Postfix and Cyrus finally gives Mac OS X Server an email server that can play with any commercial product out there. Because Cyrus supports Kerberos, if you use a Kerberized email client, email can fit into the SSO realm of services. Log into your machine, start up your email client, you're in. No need to perform a separate login. This is one of the handier features of Windows XP/2000 in an Active Directory domain, and it's good to see that Apple has used it in a more open fashion. The administration UI in Server Admin is sufficient to take you from no email to a pretty solid and secure email server, and you can easily go to the command line if you need more in-depth control.

The Server Administration tools have all been updated for this new version, but the most notable change is the Server Admin tool, and the scriptability of that tool as of Mac OS X Server 10.3.3. The Server administration tools outside of Workgroup Manager were a muddled collection of half - baked attempts at putting a UI on things. Server Admin, new with 10.3.X fixes many of these shortcomings. As mentioned earlier, you can now manage multiple servers far easier than before, and the UI is far more capable. The DNS section has been completely revamped, and is now at least usable, (although, in the end, if you are going to muck with DNS, you still want a copy of the O'Reilly book handy, and well - read. DNS is absolutely critical in Mac OS X Server, and a poorly set up DNS will cause you pain that has to be felt to be believed. If you are not extremely comfortable with DNS, throw money at someone who is, it will be well worth the cost). The Firewall setup is finally worth the effort, although it still needs a bit of work to be on a par with third party tools, like Brickhouse. You can set up PPTP VPNs with ease, and LT2P/IPsec VPNs almost as easily. If you want to do a "pure" IPSec VPN, you're still going to be living in the command line, an oversight that needs to be remedied at some point. The Web server/Apache setup is about the same as in Jaguar, that is, tedious and obtuse. But, the ability to drag and drop settings between servers is a major plus, as is the fact that Server Admin is now scriptable. It's not a complete dictionary by any means, but the introduction of AppleScript into this realm is most definitely counted as "a good thing". One continual annoyance is the inability for Server Admin to deal gracefully with servers in the list that it cannot see. Modal dialogs and application lockups are the result of having an unreachable server. Server Admin really needs to emulate the behavior of Server Monitor here, and just fail quietly. If I never attempt to manage a server that I can't see, why do I need to wait for timeouts and dialogs? Just red - light the silly thing and leave me alone. But shortcomings of the implementations of the services aside, the new Server Admin tool is a huge improvement over Jaguar's version. One final improvement is that Apple has structured Server Admin so that third parties can extend it. While the APIs haven't been widely distributed yet, Sybase has created a Server Admin module for its ASE product.

Workgroup Manager has received some notable updates, primarily based on new capabilities of Panther, and the new Open Directory access is a good start on a decent LDAP manipulation tool. You can now directly manipulate information in the directory structure outside of what Workgroup Manager lets you see. You can add pre-built settings, change existing settings, or add custom settings of your own. Dealing with the Open Directory structure this way is nicer than trying to manipulate data via the command line, but Workgroup Manager still needs a proper LDAP browser, ala the Java - based LDAPBrowser tool. You can activate Server Admin from within Workgroup Manager or vice - versa. At some point, these tools really need to be integrated into one tool, mostly so that Workgroup Manager can benefit from the improvements to Server Admin.

However, even with these notable improvements, client and machine management in an OS X network is still far harder than it has to be. To really manage client machines, you almost have to buy Apple Remote Desktop, because Workgroup Manager is only capable of the most limited machine management. So in essence, you have the "ARD Tax". There's no way to tell how computer lists fit into Open Directory. Are they a container? An OU? Short of using a tool like LDAPBrowser, or the command line directory tools, there's no way to tell. Want to change the IP address on a large group of computers? Hope you have some time for ARD or SneakerNet, that's the only way you're doing it. Apple really needs to look hard at Microsoft and Novell's directory management tools, and learn from them. Workgroup Manager is not up to the task of managing a large network.

As a first start, the Kerberos integration is outstanding in many ways. The basic setup is simple, and as of 10.3.3, most of the outstanding bugs with AFP and Kerberos have been fixed. You can make most of your services use Kerberos, (aka having them be "Kerberized"), and once that happens, you get the benefits of SSO, excellent security, and convenience. However, if you are going to need to do more with it than a very basic setup, you had better get very familiar with the MIT Kerberos administration documentation, http://web.mit.edu/kerberos/www/krb5-1.3/#documentation, because Apple has almost nothing beyond "read the man page". But, they at least give you a complete MIT Kerberos setup, so you can get more complex things done; it's just harder than it should be. If your needs align with what Apple anticipated them to be, then the setup is dead simple. If not, you're going to be spending a lot of time below the UI.

Finally, the command line utilities. Apple has finally given server administrators a complete set of command line applications for running Mac OS X Server. Pretty much anything you can do through the UI, you can do through the command line, and there are a few things, such as setting mount style for Active Directory homes that you can't do via the command line. While some may shudder in horror at the idea of a command line, the fact is, server administrators need one. It allows you to integrate Mac OS X Server tools into other systems. By providing a full-featured command line interface to Mac OS X Server, Apple makes integrating Mac OS X Server into management tools on other platforms far easier. That is, by the way, a good thing.

The Not-So-Good

Under this heading we start with the Windows support. The big news is that in Panther, you have near one-click Windows NT 4 PDC setup. (I say near, because it's rarely that simple). However, if you want to make your Mac OS X Server a part of a Windows domain, then you can't use NTLMv2 or Kerberos for your login authentication. In fact, SMB under Mac OS X Server isn't Kerberized at all, so you can't have anyone needing Windows sharing participating in SSO. This puts a real crimp in SSO for Mac OS X. Along with that, the Active Directory plugin for Directory Services, while a good start, is not anything close to what it needs to be for heavy use. If you have a home directory in Active Directory, it doesn't mount as your home directory under OS X, but rather as an additional mount on your desktop. If you're trying to get an Open Directory Master to talk to Active Directory, that is far harder than it needs to be.

The LDAP access in WGM is too disjointed to be useful. It's very hard for new administrators to use the directory inspector to get an idea of how all of the directory information is laid out. In Active Directory by contrast, seeing how containers and OUs are laid out is quite easy, and it makes moving resources between directory structures much easier than in Workgroup Manager.

Sharing is still not as flexible as it needs to be. For example, if you, as an administrator, want to see volumes, instead of shares, Apple has a kbase article that will tell you how to do this. (http://docs.info.apple.com/article.html?artnum=107823). The problem is, if you follow this procedure, and you're an administrator with a network home directory, you may end up killing your ability to log in with that account, because now you can't get access to the share points. It's a binary setting, either volumes or share points, but not both. This is rather silly that an administrator can't choose how they want to get to information on the server. There's a clear need for both, and forcing you to choose like that is silly. Since this is a system-wide change, and not a user specific change, you can't just apply it for one administrator.

The documentation, while 10.3 from 10.2 still needs a lot of work. Apple needs to include far more examples for new administrators, especially considering the lack of third party references available. For example, in the firewall docs, while they talk about setting up rules for TCP and UDP ports, they don't have an example of what a rule to allow a service into a specific machine should look like. This is one of the most common tasks an administrator does on a firewall, and it would make a lot of sense for Apple to include more screen shots of this from both the UI setup and the IPFW setup. While it's good to talk about generic hows and whys, and wherefores, for someone who hasn't been setting up Unix networks for twenty years, nothing beats a well - annotated picture. There are also far too many instances of "read the man page." Well, the man page is only designed to tell you how a command needs to be structured. That's a syntax guide, not a howto. Since Apple isn't shipping this stuff in paper anymore, they need to spend that savings on putting more information into the docs. I really doubt they'll get a ton of emails complaining that the "documentation was just too darn informative and useful."

The Bad

Now we come to my least favorite part of any analysis. The stuff that I think is just bad. Heading this list, indeed, leading it by a huge margin is the Mac OS X Server print server. First of all, it virtually ignores all the features of CUPS other than the lowest - level drivers. Adding a printer via the server only allows you to connect via AppleTalk or LPR. Um, hello, IPP? The only way to get any kind of authenticated printing is via SMB. So not only do you lose any integration with SSO, but if you want authenticated printing, none of your OS 9 clients can connect. Wait it gets better. If you have a bunch of different printers, say HP LaserJets, and you use Server Admin to connect to all of them. They all have different host names, different IPs, but the same queue name, say the default. In that case, in Server Admin, all the printers would have the same name, because queue name, not IP, or DNS name is what is used to identify the printers. Even better, if you want to set the default queue, you'll only see one entry. If you want to advertise the printer via Open Directory, you can't set that up in Server Admin. You have to do that manually in Workgroup Manager, by creating a manual LDAP entry. As it turns out, you can use Printer Setup Utility to add an IPP printer, but the Print Server almost totally ignores it, including to the point of not logging any of the printer activity in its logs, (which are utterly separate from CUPS. On Mac OS X Server, if you use the print server, then as far as the CUPS logs are concerned, all print jobs are created by root. Even better, CUPS does allow for authenticated, and even SSL printing, but the Mac OS X Server Print Server completely ignores this, as does the documentation. As of 10.3, the Print Server is simply not worth the trouble, and you're far better off with a third party product, or just getting CUPS to do it all for you.

Next on the list here is Apple's support for Mac OS X Server. It's glaringly inconsistent. Sometimes, a problem can go on for months, until you happen to talk to the right person who has the secret knowledge. It's almost like as far as Apple Support is concerned, databases are things that other people use. If you have any questions on the Active Directory plugin, or customizing install packages, that thousand - dollar support package you bought? Useless. They won't even talk to you. That is what is considered "advanced integration" and requires another support package, which starts at $6000 and goes up from there, although if you have a tight budget, per - incident calls are only $700. Apple's support organization is still far too weak and bush-league for the type of markets they are starting to hit. Making people keep a list of "the smart ones" is just silly. The only way I've found to get bugs into the hands of the people who will actually do anything about them is to get a free, online developer membership and report bugs that way.

Documentation is still far from where it needs to be. Telling someone to "read the man page" is only useful if the man page is complete. Kerberos documentation is a large gaping hole in Apple's docs. If you look at the "Command-Line Administration" documentation, the entire section on the command line utilities for kdcsetup, sso_util, and kerberosautoconfig takes up less than a quarter of page 160, and is basically a nice table telling you to read the man page. If that's all you're going to put in, why waste the space? Parts of the documentation are far from being as clear as they need to be, (tip: If you're setting up advertising a printer in Open Directory, you have to have a queue name. The docs make it sound optional). Accurate and complete documentation is critical to a server product, and Apple is dropping the ball here. The online knowledgebase is not filling the holes here at all. Searching for "Kerberos" in the Mac OS X Server section of Apple's support site results in two hits, both of which are readmes for updates.

Conclusion

Even with the missteps and holes in the product, Mac OS X Server 10.3.3 is a major leap forward for the product. If Apple uses the next major version to patch and fix the problems noted here, and in other forums, they will truly have a server product that is the equal of any on the market from any company.


John Welch <jwelch@provar.com> is an IT Staff Member for Kansas City Life Insurance, a Technical Strategist for Provar, (http://www.provar.com/) and the Chief Know-It-All for TackyShirt, (http://www.tackyshirt.com/). He has over fifteen years of experience at making Macs work with other computer systems. John specializes in figuring out ways in which to make the Mac do what nobody thinks it can, showing that the Mac is a superior administrative platform, and teaching others how to use it in interesting, if sometimes frightening ways. He also does things that don't involve computertry on occasion, or at least that's the rumor.

 
AAPL
$517.96
Apple Inc.
-3.72
MSFT
$39.75
Microsoft Corpora
+0.57
GOOG
$536.44
Google Inc.
+3.92

MacTech Search:
Community Search:

Software Updates via MacUpdate

Starcraft II: Wings of Liberty 1.1.1.180...
Download the patch by launching the Starcraft II game and downloading it through the Battle.net connection within the app. Starcraft II: Wings of Liberty is a strategy game played in real-time. You... Read more
Sibelius 7.5.0 - Music notation solution...
Sibelius is the world's best-selling music notation software for Mac. It is as intuitive to use as a pen, yet so powerful that it does most things in less than the blink of an eye. The demo includes... Read more
Typinator 5.9 - Speedy and reliable text...
Typinator turbo-charges your typing productivity. Type a little. Typinator does the rest. We've all faced projects that require repetitive typing tasks. With Typinator, you can store commonly used... Read more
MYStuff Pro 2.0.16 - Create inventories...
MYStuff Pro is the most flexible way to create detail-rich inventories for your home or small business. Add items to MYStuff by dragging and dropping existing information, uploading new images, or... Read more
TurboTax 2013.r17.002 - Manage your 2013...
TurboTax guides you through your tax return step by step, does all the calculations, and checks your return for errors and overlooked deductions. It lets you file your return electronically to get... Read more
TrailRunner 3.8.769 - Route planning for...
Note: While the software is classified as freeware, it is actually donationware. Please consider making a donation to help support development. TrailRunner is the perfect companion for runners,... Read more
Flavours 1.1.10 - Create and apply theme...
Flavours is a Mac application that allow users to create, apply and share beautifully designed themes. Classy Give your Mac a gorgeous new look by applying delicious themes! Easy Unleash your... Read more
Spotify 0.9.8.296. - Stream music, creat...
Spotify is a streaming music service that gives you on-demand access to millions of songs. Whether you like driving rock, silky R&B, or grandiose classical music, Spotify's massive catalogue... Read more
SlingPlayer Plugin 3.3.20.475 - Browser...
SlingPlayer is the screen interface software that works hand-in-hand with the hardware inside the Slingbox to make your TV viewing experience just like that at home. It features an array of... Read more
S.M.A.R.T. for USB and FireWire Drives 0...
S.M.A.R.T. for USB and FireWire Drives is a kernel driver for OS X external usb or firewire drives. It extends the standard driver behaviour by providing access to drive smart data. The interface to... Read more

Latest Forum Discussions

See All

148Apps Live on Twitch: Pivvot’s Looper...
On our latest Twitch stream, we’ll be playing a pair of minimalist arcade games, one that just got a big content update in Pivvot, and another that was inspired by it in 15 Coins. Whitaker Trebella, creator of Pivvot, will discuss the new modes... | Read more »
Word Cubes Review
Word Cubes Review By Jordan Minor on April 15th, 2014 Our Rating: :: SQUARESVILLEUniversal App - Designed for iPhone and iPad Word Cubes is fine, but it is barely any different from any other word game.   | Read more »
PAX East 2014 – Desert Fox: The Battle o...
PAX East 2014 – Desert Fox: The Battle of El Alamein is Coming to iOS Soon Posted by Rob Rich on April 15th, 2014 [ permalink ] Shenandoah Studio has become one of the go-to developers for war games on iOS, with | Read more »
Tank of Tanks Review
Tank of Tanks Review By Carter Dotson on April 15th, 2014 Our Rating: :: TANKS A LOT!iPad Only App - Designed for the iPad This multiplayer game played on a single iPad is simple, chaotic fun.   | Read more »
PAX East 2014 – Dungeon of the Endless J...
PAX East 2014 – Dungeon of the Endless Just Might Have a Shot at an iPad Release Posted by Rob Rich on April 15th, 2014 [ permalink ] I think it’s fair to say that | Read more »
SideSwype Review
SideSwype Review By Carter Dotson on April 15th, 2014 Our Rating: :: ON YOUR SIDEUniversal App - Designed for iPhone and iPad SideSwype is a puzzler that takes inspiration from Threes, but becomes its own incredibly fun game.   | Read more »
PAX East 2014 – Bigfoot Hunter Invites P...
PAX East 2014 – Bigfoot Hunter Invites Players on a Wild and Wooly Photo Safari Posted by Rob Rich on April 15th, 2014 [ permalink ] Yeti. Sasquatch. Wendigo. | Read more »
Dungeon Quest Review
Dungeon Quest Review By Cata Modorcea on April 15th, 2014 Our Rating: :: NO STORY, BUT GOOD FUNUniversal App - Designed for iPhone and iPad Dungeon Quest does a lot of things right, but ultimately forgets about one of the core... | Read more »
Tempo AI and Speek Join Forces to “Kill...
Tempo AI and Speek Join Forces to “Kill the Conference Call PIN” Posted by Rob Rich on April 15th, 2014 [ permalink ] Today Tempo AI, makers of Tempo Smart Calendar, and | Read more »
Fighting Fantasy: Starship Traveller Rev...
Fighting Fantasy: Starship Traveller Review By Jennifer Allen on April 15th, 2014 Our Rating: :: A SIGNIFICANT VOYAGEUniversal App - Designed for iPhone and iPad Continuing the release of Fighting Fantasy titles, Starship Traveller... | Read more »

Price Scanner via MacPrices.net

Save $50 on Mac mini Server
B&H Photo has the 2012 Mac mini Server on sale for $949 including free shipping plus NY sales tax only. Their price is $50 off MSRP. Read more
PhatWare’s “Ultimate Writing App For iOS” Ren...
PhatWare Corp. has announced it has renamed its new WritePro word processing app for iPhone and iPad: WritePad Pro. The decision to change the app’s name to leverages the strong brand awareness and... Read more
Full Resolution Photo Editor Tint Mint 1.0 Re...
California based independent developer, Jeffrey Sun, creator of the iOS app Modern Editor, has released Tint Mint, a new photography app for editing enthusiasts. The app costs a dollar, and it packs... Read more
16GB iPad mini (Apple refurbished) available...
The Apple Store has refurbished 1st generation 16GB iPad minis available for $249 including free shipping. Both black and white models are available. Read more
Save $120 on the 27-inch 3.2GHz Haswell iMac
B&H Photo has the 27″ 3.2GHz iMac on sale for $1679.99 including free shipping plus NY sales tax only. Their price is about $120 off MSRP. Read more
Using a Mac Doesn’t Eliminate The Heartbleed...
Low End Mac’s Dan Knight notes that any time you visit a website with an https: prefix or see that secure lock icon on your browser, some type of security software is busy trying to protect your data... Read more
AirPrint Basics Tutorial Posted
A new Apple Knowledge Base article helps get you started using AirPrint, the Apple protocol that enables instant printing from iPad, iPhone, iPod touch, and Mac without the need to install drivers or... Read more
Speed Tips For Running LibreOffice On The Mac
LibreOffice is my favorite of several free, open-source application suites, and the one I have configured on my Mac as my default app for Word documents that one frequently has to deal with. It also... Read more
Snag a 15-inch Retina MacBook Pro for $115 of...
B&H Photo has 2013 15″ Retina MacBook Pros on sale for up to $115 off MSRP for a limited time. Shipping is free, and B&H charges NY sales tax only: - 15″ 2.3GHz Retina MacBook Pro: $2489.99... Read more
MacBook Airs on sale for $50 to $100 off MSRP
Several resellers are offering $50-$100 discounts on 11″ and 13″ MacBook Airs today, including Amazon, Best Buy, B&H, and others. See the breakdown of deals on our MacBook Air Price Tracker,... Read more

Jobs Board

*Apple* Retail - Market Leader - Cincinnati...
…challenges of developing individuals, building teams, and affecting growth across Apple Stores. You demonstrate successful leadership ability - focusing on excellence Read more
*Apple* Retail - Manager - SoHo - Apple (Uni...
Job SummaryKeeping an Apple Store thriving requires a diverse set of leadership skills, and as a Manager, you're a master of them all. In the store's fast-paced, dynamic Read more
Position Opening at *Apple* - Apple (United...
**Job Summary** Every day, business customers come to the Apple Store to discover what powerful, easy-to-use Apple products can do for them. As a Business Leader, Read more
Position Opening at *Apple* - Apple (United...
…challenges of developing individuals, building teams, and affecting growth across Apple Stores. You demonstrate successful leadership ability - focusing on excellence Read more
Position Opening at *Apple* - Apple (United...
…Summary** As a Specialist, you help create the energy and excitement around Apple products, providing the right solutions and getting products into customers' hands. You Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.