Manuals / Apple / Computer Equipment / Server

Apple 10.6 manual Ports Used for Administration, Ports Open By Default

Models: 10.6

1 197

Download 197 pages 50.37 Kb

Page 127

You can use Workgroup Manager on a v10.6 server to manage Mac OS X clients running the latest Mac OS X v10.5. However, after you edit a user record using Workgroup Manager on v10.6, you can only access it using Workgroup Manager on v10.6.

Ports Used for Administration

For Apple’s administration applications to function, the following ports must be enabled.

Port number and type	Tool used
22 TCP	SSH command-line shell

311 TCP	Server Admin (with SSL)

625 TCP	Workgroup Manager

389, 686 TCP	Directory

80 TCP	QuickTime Streaming Management

4111 TCP	Xgrid Admin

In addition, other ports must be enabled for each service you want to run on your server. For a port reference guide, see the online help and Mac OS X Server Resources website at www.apple.com/server/macosx/resources/.

Ports Open By Default

After setup, the firewall is off by default in Advanced Server mode, and therefore all ports are open. When the firewall is on, all ports are blocked except the following for all originating IP addresses:

Port number and type	Service
22 TCP	SSH command-line shell

311 TCP	Server Admin (with SSL)

626 UDP	Serial number support

625 TCP	Remote Directory Access

ICMP incoming and outgoing	standard ping

53 UDP	DNS name resolution

Chapter 7    Ongoing System Management

127

Image 127

Apple 10.6 manual Ports Used for Administration, Ports Open By Default

Contents

Mac OS X Server 019-1410/2009-08-15 Contents Enhancing Security Administration ToolsInstallation and Deployment Initial Server Setup Ongoing System Management Monitoring Your System Index Push Notification ServerContents What’s in This Guide About This GuideTo see the most recent server help topics Using Onscreen HelpGetting Started Document Road MapPreface About This Guide Getting Additional Information Getting Documentation UpdatesStandards System Requirements for Installing Mac OS X ServerÂÂ iCal Server What’s New in Mac OS X ServerUnderstanding Server Configuration Methods What’s New in Server AdminSnmp NFS Radius Supported StandardsSystem Overview and Supported Standards System Overview and Supported Standards Mac OS X Server’s Unix Heritage Determining Your Server Needs Planning Server UsageSetting Up a Planning Team Determining Whether to Upgrade or MigrateDetermining Services to Host on Each Server Identifying Servers to Set UpPlanning Server Usage Migrating from Windows Defining a Migration StrategyDefining an Integration Strategy Defining Physical Infrastructure Requirements Defining Server Setup Infrastructure RequirementsSetting up basic server infrastructure Defining Backup and Restore Policies Minimizing the Need to Relocate Servers After SetupMaking Sure Required Server Hardware Is Available Understanding Backup and Restore Policies Understanding Backup Types Understanding Restores Understanding Backup SchedulingDefining a Backup Verification Mechanism Other Backup Policy ConsiderationsUnderstanding Time Machine as a Server Backup Tool Command-Line Backup and Restoration ToolsÂÂ Wiki ÂÂ Xgrid ÂÂ Remote Access Settings ÂÂ Software UpdateOpening and Authenticating in Server Admin Server AdminM N Server Admin InterfaceCustomizing the Server Admin Environment Server Assistant is used for Server AssistantWorkgroup Manager Server PreferencesWorkgroup Manager Interface Customizing the Workgroup Manager Environment Server MonitorFor additional information, see Server Monitor Help ICal Service Utility Interface ICal Service UtilityMedia Streaming Management System Image ManagementRAID Admin Command-Line ToolsServer Status Widget Podcast Capture, Composer, and Producer Xgrid AdminApple Remote Desktop About Physical Security Enhancing SecurityFirewalls and Packet Filters About Network SecurityNetwork DMZ MAC Filtering VLANsPayload Encryption Transport EncryptionFile and Folder Permissions About File SecurityAbout File Encryption Secure Delete About Authentication and AuthorizationÂÂ Secure Shell SSH You have several options for authenticating usersSingle Sign-On Public and Private Keys About Certificates, SSL, and Public Key InfrastructureAbout Certificate Authorities CAs CertificatesAbout Self-Signed Certificates About IdentitiesAbout Intermediate Trust To configure clients to trust a certificate Certificate Manager in Server AdminFrom the command line Enhancing Security Readying Certificates To request a signed certificate Creating a Self-Signed CertificateRequesting a Certificate from a Certificate Authority To create a self-signed certificateTo create a CA Creating a Certificate AuthorityEnhancing Security To import an existing OpenSSL style certificate Using a CA to Create a Certificate for Someone ElseImporting a Certificate Identity To create a certificate for someone elseEditing a Certificate Managing CertificatesTo delete a certificate Distributing a CA Public Certificate to ClientsDeleting a Certificate To distribute your certificate to your clientsTo renew an expiring certificate Using CertificatesRenewing an Expiring Certificate Replacing an Existing CertificateGenerating a Key Pair for SSH Key-Based SSH LoginTo do this, run the following commands in Terminal SSH and SSH KeysKey-Based SSH with Scripting Sample Setting Administration Level Privileges Administration Level SecuritySetting Sacl Permissions Service Level SecurityTo set Sacl permissions for a service Security Best Practices Password Guidelines Creating Complex Passwords Confirm you meet the requirements Installation Overview Gather your information Prepare the target disk Set up the environment Start up the computer from an installation disk Start the installerGathering the Information You Need Set Up ServicesSSH During Installation Setting Up Network ServicesAbout the Server Install Disc Connecting to the Directory During InstallationMac OS X Server Install Disc Preparing an Administrator ComputerAdministration Tools CD To install Mac OS X Server v10.6 administration tools About Starting Up for InstallationBefore Starting Up To start up the computer with the installation disc Starting Up from the Install DVDStarting Up from an Alternate Partition Prepare the disks and partitions on the target computer Create a restorable image of the Install DVD Restore the image to the alternate partition To create an image of the Install DVDTo restore the image to a free volume To access the computer with Server Assistant Remotely Accessing the Install DVDTo access the computer using Screen Sharing To access the computer with VNCTo access the computer with SSH Identify the target server Identifying Remote Servers When Installing Mac OS X ServerStarting Up from a NetBoot Environment To create a NetInstall image from the Install DVD Preparing Disks for Installing Mac OS X Server Create a NetInstall image from the Install DVD Start up the computer from the NetBoot serverÂÂ Mac OS Extended Journaled, Case-Sensitive aka Hfsx Choosing a File SystemAbout Hard Disk Partitioning Partitioning a Disk To partition a disk using Disk UtilityAbout Creating a RAID Set So the command isYou cannot create a RAID set from the startup disk To create a RAID set using Disk UtilityDiskutil createRAID mirror setName format device device For example Installing Server Software InteractivelyTo install server software locally Installing Locally from the Installation DiscTo install on a remote server by using Server Assistant Installing Remotely with Server AssistantInstalling Remotely with Screen Sharing and VNC To change a remote computer’s startup disk Changing a Remote Computer’s Startup DiskTo use installer to install server software 105 Most Efficient Methods of Installation Installing Multiple ServersMore Interactive Methods of Installation Upgrading a Computer from Mac OS X to Mac OS X Server How to Keep CurrentTo postpone setting up Mac OS X Server Postponing Server Setup Following InstallationInformation You Need Configuring Servers with Multiple Ethernet Ports Connecting to the Network During Initial Server SetupAbout Settings Established During Initial Server Setup ÂÂ Create Users and Groups Specifying Initial Open Directory UsageÂÂ Configure Manually Not Changing Directory Usage When UpgradingÂÂ Import Users and Groups Binding a Server to Multiple Directory Servers Setting Up a Server as a Standalone ServerTo interactively connect to an additional directory server Setting up Servers InteractivelySelect the target servers from the configuration list To set up servers interactivelyUsing Automatic Server Setup Creating and Saving Setup Data To create a setup data file How a Server Searches for Saved Setup Data Files Using Encryption with Setup Data FilesSetting Up Servers Automatically Using Data Saved in a File To set the server serial number To use setup data from a file remotelyCreate the saved setup folder on the remote server Restart the remote serverHandling Setup Errors From the command-line Setting Up ServicesAdding Services to the Server View To change services to administerTo set up a user account Setting Up Open DirectorySetting Up User Management Setting Up All Other ServicesSetting Up an Administrator Computer Computers You Can Use to Administer a ServerInsert the Mac OS X Server Admin Tools CD Using a Non-Mac OS X Computer for AdministrationWorking with Pre-v10.6 Computers from v10.6 Servers Using the Administration ToolsPorts Open By Default Ports Used for AdministrationAdding and Removing Servers in Server Admin Server Admin BasicsGrouping Servers Manually Grouping Servers Using Smart GroupsTo create a server group To create a server smart group Working with Settings for a Specific ServerToolbar button Shows 132 ÂÂ NetBoot ÂÂ Directory Service ÂÂ Firewall ÂÂ Mobile AccessUnderstanding Mac OS X Server Names Dhcp Directory Service and KerberosNetBoot Mobile Access Proxy ServicesFirewall Web ÂÂ MySQLMySQL Certificates for Web and Wiki ServicesWiki 138 Mailing List Certificates for Mail ServicesÂÂ Certificates for collaboration services Imap and POPICal Service Address Book ServiceIChat Service Certificates for Collaboration Services To change the DNS name of the Podcast Producer computer To change the IP address of the Podcast Producer computerXgrid Software Update ServerPrint Push NotificationTo change the DNS name Changing the Server’s DNS Name After SetupChanging the IP Address of a Server Changing the Server’s Computer Name and the Local HostnameFrom the command line Administering ServicesTo change computer name and local hostname To export service settings Adding and Removing Services in Server AdminImporting and Exporting Service Settings To add or remove a service in Server AdminTo configure service access SACLs Controlling Access to ServicesManaging Sharing Using SSL for Remote Server AdministrationTiered Administration Permissions Workgroup Manager Basics Defining Administrative PermissionsTo assign permissions Opening and Authenticating in Workgroup Manager Administering AccountsWorking with Users and Groups 152 Defining Managed Preferences To display the inspector Working with Directory DataGeneral Service Configuration AssistantsCritical Configuration and Data Files Assistants are available for the following servicesMail-POP/IMAP Server Dovecot Firewall ServiceMail Service IChat ServerNAT Service MySQL ServiceTomcat App Server OpenDirectory ServiceNotifications QuickTime Streaming ServerWiki and Blog Server Improving Service AvailabilityWeb Service Eliminating Single Points of FailureUsing Xserve for High Availability Following is the Energy Saver panel of System Preferences Setting Up Your Server for Automatic RestartUsing Backup Power Using UPS with XserveAutomatic restart options are To enable automatic restartEnsuring Proper Operational Conditions Providing Open Directory ReplicationLink Aggregation Link Aggregation Scenarios About the Link Aggregation Control Protocol LacpComputer to Switch To create a link aggregate Setting Up Link Aggregation in Mac OS X ServerTo monitor the status of a link aggregate Monitoring Link Aggregation StatusLoad Balancing Viewing Running Daemons Using launchd for Daemon ControlÂÂ mDNSresponder local network service discovery process Daemon Overview170 Planning Monitoring Response Planning a Monitoring PolicyUsing Server Monitor Using with Server Status WidgetTo configure the Server Status widget Using Console for Server Monitoring Using RAID Admin for Server MonitoringUsing Disk Monitoring Tools Using Network Monitoring Tools To see a status overview for one server Using Server Status Notification in Server AdminMonitoring Server Status Overviews Using Server Admin To set a notificationFollowing shows a sample Overview pane for a single server Using Remote Kernel Core Dumps177 Setting up a core dump server Setting Up a Core Dump ServerSetting up a core dump client Setting Up a Core Dump ClientRestart the computer for the settings to take effect About Simple Network Management Protocol Snmp Configuring Common Core Dump OptionsTo enable Snmp Configuring snmpdEnabling Snmp reporting Customize data To enable and configure Snmp Restart snmpd to take changes Additional Information about Snmp About Notification and Event Monitoring DaemonsTools to Use with Snmp There are two main notification daemons syslogd and emond Syslog LoggingTo start debugging at startup Directory Service Debug LoggingSyslog Configuration File Open Directory LoggingTo run slapd in debugging mode To enable client-side loggingAdditional Monitoring Aids AFP LoggingAbout Push Notification Server Push Notification ServerStarting and Stopping Push Notification To enable Push NotificationClick Save, then restart the service Changing a Service’s Push Notification ServerTo change the existing push notification server Index 192 193 194 195 196 197