IT

Networking & VPN

Today, more than 110 employees log onto the IT system from their office desktops — about 90 percent of which are Windows machines — with little or no idea that behind it all is Apple. Przemek Wozniak, IT Manager, Tayco

Whether users are working on an internal network or accessing invaluable data and systems remotely, your organization requires a high level of network performance and security. Built on open, industry-standard protocols and the latest networking security standards, Mac OS X Leopard and Mac OS X Leopard Server make it easy to adopt and support the Mac on your organization’s network. Mac OS X clients utilize IP standards such as DNS, DHCP, LDAP, and ZeroConf for network configuration, and you can even host these services with Mac OS X Server. Designed for “headless” operation, Mac OS X Server enables you to install and configure services without even needing to connect a monitor, and offers powerful built-in tools for secure access as well as remote monitoring and management.

Advanced architecture. Secure performance.

When setting up a network, Mac OS X Server can be fully configured in just a few clicks with built-in Server Admin application that allows firewall rules and settings to be configured with simple on/off checkboxes and human-readable names. Once deployed, providing additional network services across your organization is simple with integrated tools like NTP for synchronizing all system clocks on the network, a DNS server (BIND 9) for associating domain and mail server names to IP addresses, and a DHCP server for allowing devices to be added to the network with little or no manual configuration.

Using the time-tested BSD sockets and multithreaded TCP/IP stack, the advanced networking architecture in Mac OS X Server ensures compatibility and integration with IP-based networks. Multilink multihoming enables Mac OS X Server to host multiple IP addresses on the same or multiple network interfaces, ideal for connecting your server simultaneously to multiple networks. IP over FireWire allows you to create an inexpensive point-to-point IP network between two devices. Mac OS X Server on Xserve and Mac Pro systems supports virtual local area networks (VLANs), allowing you to configure computers on different network sections to behave as though they were on the same section. Mac OS X Server also supports jumbo frames, or packets larger than 1518 bytes, as well as link aggregation, also known as IEEE 802.3ad. Link aggregation allows you to configure multiple network interfaces to appear as a single interface, with the same MAC address, the same IP address, and the same server host name—which multiplies the potential I/O performance by the number of interfaces and eliminates a potential single point of failure.

For connecting Mac systems to an existing network, the built-in Bonjour technology of Mac OS X enables computers and devices to automatically broadcast their own services and listen for services being offered for the use of others. Also available for Windows PCs, Bonjour allows users on your organization’s network to find networks, printers, or other client systems for easy file sharing. Bonjour works with the popular standard connection technologies, including Ethernet and AirPort (802.11), and uses the standard, ubiquitous IP networking protocol for its connections. All of the technologies driving Bonjour are open source — part of the standards creation process of the IETF (Internet Engineering Task Force)—so the source code is available to create software for virtually any platform.

Airport

Bullet-proof networking.

Mac OS X Server also makes it easy to secure your organization’s network, delivering strong encryption and authentication services such as 802.1X authentication—minimizing security risks on wired Ethernet networks by providing computer identification, centralized authentication, and encryption. 802.1X supports the Extensible Authentication Protocol (EAP), which enables you to use different authentication methods such as tokens, smart cards, and SSL certificates.

Mac OS X Server also delivers data security architectures, and support for Access Control Lists (ACLs). The integrated NAT (network Address Translation) server prevents malicious activity from outside sources getting through, and the built-in firewall protects the applications running on your organization’s network using reliable, open source IPFW software from FreeBSD. The firewall scans incoming IP packets and rejects or accepts them based on specified filters. This way, your company can restrict access to any IP service running on the server, and customize filters for all incoming clients or for a range of client IP addresses. To prevent IP address spoofing, the Mac OS X Server firewall provides stateful packet inspection (SPI), which determines whether an incoming packet is a legitimate response to an outgoing request or part of an ongoing session.

Anywhere access. Worry-free.

Having a secure in-house environment isn’t always enough. It’s crucial for employees traveling or working from remote locations to access resources on your company network, or collaborate with team members working behind your organization’s firewall. This can create additional security vulnerabilities unless your remote access services are securely configured. Mac OS X Server makes it easy to setup secure remote access using VPN or Remote Login, and the built-in VPN client in Mac OS X makes connecting Mac systems to a corporate network secure and easy.

VPN

VPN services in Mac OS X Server support standards-based L2TP/IPSec and PPTP tunneling protocols to provide encrypted VPN connections for Mac and Windows systems, as well as the iPhone. These VPN services use secure authentication methods, including MS-CHAP and network-layer IPSec. Additionally, the VPN client in Mac OS X offers increased compatibility with the most widely used VPN servers on the Internet. Connecting to corporate networks securely—without additional software—is fast and easy.

Mac OS X Server also offers built-in Remote Access services via remote login, which consists of two components—each using the Secure Shell (SSH) service to establish an encrypted tunnel between client and server. First, Remote Login allows remote users to connect to your organization’s network through SSH, which sets up encrypted tunnels using public and private keys. Second, it enables users on your network to send secure, encrypted commands to a remote computer, using a command-line connection to perform commands as if that remote computer was on your secure internal network.

Instant wireless. Built-in compliance.

Apple products are built to support 802.11 protocols and are WPA and WPA2-compliant and Wi-Fi certified, and all Mac systems come standard with out-of-the-box capabilities for wireless networking, as well as built-in support for security standards.

For example, AirPort Extreme delivers superfast wireless network access that can fit into your enterprise networking infrastructure, including a built-in, automatic firewall to protect your network from unauthorized outside connections, and has built-in encryption, including WPA, WPA2, and 128-bit WEP. If your organization is using an AirPort Extreme Base Station as an Internet router, Mac OS X Server makes services like iChat, Mail, Web, and VPN available on the Internet by automatically configuring AirPort Extreme. And if your company doesn’t already have a router in place, Mac OS X Server can create one for you, using a dual-Ethernet equipped Mac Pro or Xserve as the gateway between your internal network and the outside world.

Ultimately, a successful approach to wireless security will be based on your organization’s specific environment and how you choose to balance protection with ease of use. With the range of standards-based networking security technologies from Apple, your company’s network can be as secure as you need it to be.

IT Resources

White papers, Technical Overviews, Guides, and links to resources for the IT professional. Learn more

Leopard Server Evaluation

Leopard Box

If you think it takes a dedicated IT department to deploy and use a server, think again. Register to receive your free, fully functional evaluation copy of Mac OS X Server. Learn more

Online Seminars

Third-Party Products

Looking for additional products that complement your Apple solution? Here are just a few of the many solutions designed for the Mac from third-party developers.

Resources

iPhone. Works with your work.

Did you know that iPhone can integrate securely into your organization’s environment with built-in access to private corporate networks? iPhone 2.0 software includes support for VPN, such as Cisco IPSec, L2TP over IPSec, and PPTP—ensuring the highest level of IP-based encryption for transmitting confidential information and enabling users to authenticate via password, two-factor token, or digital certificate.

iPhone also supports WPA2 Enterprise with 802.1X authentication. The standard for enterprise wireless security, WPA2 provides safe access to your company's information on iPhone.

Combined, these security features allow your organization to take advantage of the robust capabilities of iPhone—while also maintaining secure access to your organization’s resources. Learn more

Standards-based networking.

Since Apple introduced Mac OS X, the Mac has been based in industry-standard TCP/IP networking protocols. Because it is based on industry standards, the Mac has been interoperates on virtually any network. Cisco-certified engineers and others who are familiar with UNIX and TCP/IP will appreciate the powerful, familiar networking capabilities of Mac OS X.

As members of many IEEE 802.11 standards workgroups, Apple has developed a variety of standards-based solutions to specifically address common security, standards compliance, and ease-of-use concerns. Data encryption standards like WPA and WPA2 help ensure that only authorized users on the network can access your organization’s data.

By using client devices that are also compliant with these standards for connecting to the network—such as the iPhone, which supports WPA2 Enterprise with 802.1X authentication—this security is carried through all aspects of your business communications technology.