In-Depth

Married to Mac Clients

Macs generally fare well on Windows, with compatible document formats and file-sharing technologies. The latest Mac OS works especially well in the Microsoft universe.

Microsoft and Apple have each made great strides toward interoperability between their operating systems. Microsoft’s approach has been to make Windows look like Apple systems; Apple’s approach has been to build Windows-specific capabilities into the Mac OS. Although they’re starting at different ends of the interoperability problem, the result is a meeting in the middle with a good set of solutions.

In the next few sections, I focus on the capabilities provided by the most recent Mac operating system—OS X. OS X is light-years ahead of previous versions when it comes to Windows interoperability (hence Apple’s recent high-profile “switch” advertising campaign). If you’re integrating Macs into a Windows environment, I recommend an upgrade to OS X.

More on Client-Side Interoperability

Client-Side Interoperability

Embracing Unix and Linux Desktops

Hailing Handhelds

Back to Married to Mac Clients

Authentication
Macs don’t buy into the idea of authentication in the same way Unix and Windows systems do. Macs are capable of querying for a username and password when a server demands it, but Macs don’t have the concept of centralized domain authentication, which provides unified access to multiple resources. Instead, Macs use a keychain to store usernames and passwords and to associate them with resources. The keychain, with your permission, can automatically present your credentials when you access resources, so that you’re not constantly having to retype passwords. If you’re familiar with Windows 9x’s password list feature, then you know exactly how the keychain works.

Apple also provides a User Authentication Module (UAM) specifically designed to pass credentials to Windows servers. Apple’s UAM isn’t the sharpest tool in the shed, though, and it doesn’t take advantage of the high level of encryption that Windows supports. Microsoft provides a better UAM free from its Mactopia Web site, www.microsoft.com/mac. The Micro-soft UAM is available for OS X and earlier versions. Microsoft has made the UAM easy to install and operate: Simply download it from the Web site and install it on your Macs. The UAM will automatically pop up when the Mac starts, allowing the user to type a domain username, password and the name of the domain. The UAM takes care of everything else behind the scenes.

File Sharing
Mac OS X includes a built-in SMB client, which allows it to connect to Windows-based file shares. OS X v. 10.2 and higher even provide a rough equivalent of the Windows Network Neighborhood, as shown in Figure 1.

Alt text here
Figure 1. The Mac equivalent of the Windows Network Neighborhood. (Click image to view larger version.)

Windows file shares are mounted as network drives on the Mac desktop, providing easy access to resources. Sadly, there’s no way to create persistent connections to Windows file shares, but that’s a minor quibble.

If your Macs are running the older OS 9, you won’t be able to take advantage of robust built-in Windows file-sharing capabilities. That’s where Microsoft comes to the rescue with Windows Services for Macintosh. Services for Macintosh basically makes a Windows server look like an AppleTalk server, allowing OS 9 clients to access files and printers across the network. Even if you have OS X clients, Services for Macintosh can allow them to access Windows-hosted printers—a feature conspicuously missing from OS X.

Messaging and Collaboration
Thanks to Microsoft’s Mac Business Unit (MacBU), Macs can work and play better in the Microsoft world than Unix clients. Microsoft offers Office X specifically for the Mac; Office X includes Entourage, which is a Mac version of Outlook. Unfortunately, Entourage lacks a critical Outlook feature: Exchange access. Microsoft does produce Outlook 2001 for the Mac, but it won’t run on the newer Mac OS X; it only runs on the older OS 9. Fortunately for OS X users, in February the MacBU announced a forthcoming update to Entourage that will support Exchange. You can read all about it at www.microsoft.com/presspass/press/2003/ Feb03/02-11ExchangeSolutionPR.asp.

That pretty much means you’re left with less-than-perfect choices. Older OS 9 clients can run Outlook 2001 to get to Exchange; they’ll have full access to contacts, tasks, public folders, and so on. You can force your Mac OS X users to run Outlook 2001 in OS X’s “Classic” mode, which is a window running OS 9, but that’s a pretty inelegant solution that won’t make your users happy. Or, you can let your OS X users run Entourage or even OS X’s native Mail application, both of which can access Exchange as POP3 or IMAP4 clients without accessing contacts, the Exchange Global Address Book, tasks and so on. The big missing link is a full Exchange client for OS X, and it’s a mystery why Microsoft hasn’t stepped up to the plate on that one. For other options, see the sidebar, “Emulators: Windows on Something Else.”

Like your Unix users, Mac users can always use Outlook Web Access (if you’ve set it up); fortunately, Macs come with a version of Internet Explorer that does pretty well with OWA. Keep in mind, too, that Lotus Notes/Domino offers a native Mac client, giving Notes additional points over Exchange for cross-platform client support.

Mac OS X=Unix

Interoperability came a long way when Apple introduced Mac OS X (pronounced “oh-ess ten”), which is based on FreeBSD Unix. That’s right: Windows is, in many respects, the last major OS not based on Unix. Apple essentially took the FreeBSD kernel and integrated its own slick user interface on top of it.

While Mac users love the rock-solid stability of OS X’s roots, administrators dealing with interoperability issues benefit from the wide variety of Unix-based interoperability solutions, many of which can be recompiled and run flawlessly on OS X. Samba clients, for example, are widely available and provide a great supplement to OS X’s native Windows interoperability features. Before Microsoft’s official Remote Desktop Protocol client was released for OS X, Mac users took advantage of an open-source RDP client originally written for Unix and available from macosx.forked.net, which provides a number of other OS X recompilations of popular Unix applications and utilities.

OS X’s Unix underpinnings mean you have a wider range of interoperability solutions at your disposal. In addition to the Mac-specific solutions available for OS X and earlier versions of the Mac OS, you can also take advantage of the wide range of solutions available to Unix clients. FreeBSD is one of the most popular open-source variants of Unix, making Mac OS X an easy target for interoperability applications.

—Don Jones

Document Formats
Mac users win when it comes to document format support, because Microsoft sells Office 2001 for Mac OS 9 and Office X for OS X. Both include Word, PowerPoint, Excel and either Outlook or the similar Entourage; both can read and write all the Microsoft Office file formats.

Printing
I’ve already mentioned that Services for Macintosh can provide Mac clients with access to Windows-based printers. It does so by publishing the printers using the AppleTalk protocol, which isn’t the most efficient network protocol known to mankind, unfortunately. If your Mac clients are running OS 9, though, you’ll have to learn to live with it because there aren’t any great alternatives.

Setting it up, as with all AppleTalk printers, is easy: Open the Mac’s Print Center, add a printer and select the printer’s name from the list. Even installing Services for Macintosh on a Windows 2000 Server is easy: Just install it. The software automatically picks up any shared printers or files on the server and makes them available to Mac clients via AppleTalk.

OS X clients, however, can print natively to LPD printers, providing some of the same options as for Unix clients. On the downside, OS X only supports LPD printing for printers that have PostScript Printer Definition (PPD) files, which means, as the name implies, it only works with PostScript printers. PostScript printers aren’t always common on PC networks, but Macs and PostScript were quite literally made for one another, so the best Mac printing support is available in conjunction with PostScript printers.

Emulators: Windows on Something Else

In the end, you may not be able to provide the perfect interoperability solution for your users. For example, if you have many Unix users and use Exchange for messaging, your Unix users simply aren’t going to be able to use Exchange for anything but e-mail, unless they’re willing to put up with Outlook Web Access. It may seem like your only alternative is to buy a Windows-based PC and force your non-Windows users to use two machines at work.

A somewhat less expensive option might be to use emulator software. VMware Workstation, www.vmware.com, is available for Unix, and Virtual PC, www.Connectix.com, recently acquired by Microsoft, is available for Macs. These products allow you to create virtual machines, essentially a window that represents the monitor of a separate computer. Within that window, you can install XP Pro or any other Intel-based operating system. Users of the host machine can run their other applications alongside the virtual machine and use it to access Windows-specific stuff like Outlook or line-of-business applications. Running a “computer in a window” can be pretty effective, as shown in the figure.

Alt text here
How Windows XP looks on a Mac, using VMware. (Click image to view larger version.)

VMware and Virtual PC retail for $200 to $500, and you can even purchase editions that include preconfigured virtual machines preinstalled with your favorite Windows OS. These solutions are cheaper than buying a second computer, and they take up less desk space. Your users won’t like them if they try to use them to run heavy-duty applications, but if all they need to run inside the virtual machine is Outlook and another app or two, it may be the perfect workaround to a lack of interoperability.

—Don Jones

Terminal Services
Mac OS X users have been using Remote Desktop Protocol (RDP) for a while, thanks to the Unix Rdesktop client (see the online sidebar, “Mac OS X=Unix”). Recently, however, Microsoft released an official RDP client for OS X, which you can obtain from www.microsoft. com/mac. According to some accounts, the Mac RDP client even provides better performance than the Windows RDP client. The Mac client provides full RDP 5.1 support, including the ability to map the client’s hard drives to the server for easier file sharing with the terminal server. Figure 2 shows the RDP window running on a Mac, providing access to a Win2K Server.

Setting up an RDP connection on a Mac works just like it does on a PC: Run the Remote Desktop Connection software, type the name or IP address of the remote server, and click “Connect.” You can also click “Options” to modify your connection properties, as shown in Figure 2, but—by and large—the software will automatically set itself up for the best possible experience.

Alt text here
Figure 2. Macs support Remote Desktop Protocol 5.1, as shown in this server connection. (Click image to view larger version.)

Of course, cross-platform champ Citrix provides native Mac ICA clients for its MetaFrame XP product. In the freeware arena, VNC servers and clients are available for most Mac OS versions, including OS X at www.uk.research.att.com/vnc and other sites. As I mentioned in the Unix article, though, VNC isn’t a substitute for Terminal Services in Application Server mode; even as an administrative tool, VNC introduces security concerns that you need to consider.

comments powered by Disqus

Reader Comments:

Fri, May 23, 2003 Zac Mutrux San Francisco

Apple claims that you can set up Mac OS X boxes to authenticate against AD, but I haven't yet heard of anyone who has done it. Earlier information seemed to indicate that you needed a Mac OS X server to pass through the authentication, but I think I heard somewhere that Mac OS X v. 10.2 was capable of direct authentication. I also seem to remember that all this required changes to the schema in AD, however. I'll have to check out the Thursby utility.

Fri, May 9, 2003 Michael San Diego

Great articl. I might mention though that Thrusby Software just came out with a software product that will actually allow a Mac OSX machine to join a Win2k domain and have all the single sign on luxuries.

Tue, Apr 29, 2003 Anonymous Anonymous

excellent information

Mon, Apr 28, 2003 Anonymous Anonymous

The author did not mention the problems with linked Excel files not converting to and from the Mac. Also, the necessity to re-map drives is a pain!

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.