Married to Mac Clients
Macs generally fare well on Windows, with compatible document formats and file-sharing technologies. The latest Mac OS works especially well in the Microsoft universe.
Microsoft and Apple have each made great strides toward interoperability between their operating systems. Microsoft’s approach has been to make Windows look like Apple systems; Apple’s approach has been to build Windows-specific capabilities into the Mac OS. Although they’re starting at different ends of the interoperability problem, the result is a meeting in the middle with a good set of solutions.
In the next few sections, I focus on the capabilities provided by the most recent Mac operating system—OS X. OS X is light-years ahead of previous versions when it comes to Windows interoperability (hence Apple’s recent high-profile “switch” advertising campaign). If you’re integrating Macs into a Windows environment, I recommend an upgrade to OS X.
Macs don’t buy into the idea of authentication in the same way Unix and
Windows systems do. Macs are capable of querying for a username and password
when a server demands it, but Macs don’t have the concept of centralized
domain authentication, which provides unified access to multiple resources.
Instead, Macs use a keychain to store usernames and passwords and to associate
them with resources. The keychain, with your permission, can automatically
present your credentials when you access resources, so that you’re not
constantly having to retype passwords. If you’re familiar with Windows
9x’s password list feature, then you know exactly how the keychain works.
Apple also provides a User Authentication Module (UAM) specifically designed
to pass credentials to Windows servers. Apple’s UAM isn’t the sharpest
tool in the shed, though, and it doesn’t take advantage of the high level
of encryption that Windows supports. Microsoft provides a better UAM free
from its Mactopia Web site, www.microsoft.com/mac.
The Micro-soft UAM is available for OS X and earlier versions. Microsoft
has made the UAM easy to install and operate: Simply download it from
the Web site and install it on your Macs. The UAM will automatically pop
up when the Mac starts, allowing the user to type a domain username, password
and the name of the domain. The UAM takes care of everything else behind
Mac OS X includes a built-in SMB client, which allows it to connect to
Windows-based file shares. OS X v. 10.2 and higher even provide a rough
equivalent of the Windows Network Neighborhood, as shown in Figure 1.
|Figure 1. The Mac equivalent of the Windows Network
Neighborhood. (Click image to view larger version.)
Windows file shares are mounted as network drives on the Mac desktop,
providing easy access to resources. Sadly, there’s no way to create persistent
connections to Windows file shares, but that’s a minor quibble.
If your Macs are running the older OS 9, you won’t be able to take advantage
of robust built-in Windows file-sharing capabilities. That’s where Microsoft
comes to the rescue with Windows Services for Macintosh. Services for
Macintosh basically makes a Windows server look like an AppleTalk server,
allowing OS 9 clients to access files and printers across the network.
Even if you have OS X clients, Services for Macintosh can allow them to
access Windows-hosted printers—a feature conspicuously missing from OS
Messaging and Collaboration
Thanks to Microsoft’s Mac Business Unit (MacBU), Macs can work and play
better in the Microsoft world than Unix clients. Microsoft offers Office
X specifically for the Mac; Office X includes Entourage, which is a Mac
version of Outlook. Unfortunately, Entourage lacks a critical Outlook
feature: Exchange access. Microsoft does produce Outlook 2001 for the
Mac, but it won’t run on the newer Mac OS X; it only runs on the older
OS 9. Fortunately for OS X users, in February the MacBU announced a forthcoming
update to Entourage that will support Exchange. You can read all about
it at www.microsoft.com/presspass/press/2003/
That pretty much means you’re left with less-than-perfect choices. Older OS 9 clients can run Outlook 2001 to get to Exchange; they’ll have full access to contacts, tasks, public folders, and so on. You can force your Mac OS X users to run Outlook 2001 in OS X’s “Classic” mode, which is a window running OS 9, but that’s a pretty inelegant solution that won’t make your users happy. Or, you can let your OS X users run Entourage or even OS X’s native Mail application, both of which can access Exchange as POP3 or IMAP4 clients without accessing contacts, the Exchange Global Address Book, tasks and so on. The big missing link is a full Exchange client for OS X, and it’s a mystery why Microsoft hasn’t stepped up to the plate on that one. For other options, see the sidebar, “Emulators: Windows on Something Else.”
Like your Unix users, Mac users can always use Outlook Web Access (if
you’ve set it up); fortunately, Macs come with a version of Internet Explorer
that does pretty well with OWA. Keep in mind, too, that Lotus Notes/Domino
offers a native Mac client, giving Notes additional points over Exchange
for cross-platform client support.
Interoperability came a long way when
Apple introduced Mac OS X (pronounced “oh-ess ten”),
which is based on FreeBSD Unix. That’s right: Windows
is, in many respects, the last major OS not based on
Unix. Apple essentially took the FreeBSD kernel and
integrated its own slick user interface on top of it.
While Mac users love the rock-solid stability of OS
X’s roots, administrators dealing with interoperability
issues benefit from the wide variety of Unix-based interoperability
solutions, many of which can be recompiled and run flawlessly
on OS X. Samba clients, for example, are widely available
and provide a great supplement to OS X’s native Windows
interoperability features. Before Microsoft’s official
Remote Desktop Protocol client was released for OS X,
Mac users took advantage of an open-source RDP client
originally written for Unix and available from macosx.forked.net,
which provides a number of other OS X recompilations
of popular Unix applications and utilities.
OS X’s Unix underpinnings mean you have a wider range
of interoperability solutions at your disposal. In addition
to the Mac-specific solutions available for OS X and
earlier versions of the Mac OS, you can also take advantage
of the wide range of solutions available to Unix clients.
FreeBSD is one of the most popular open-source variants
of Unix, making Mac OS X an easy target for interoperability
Mac users win when it comes to document format support, because Microsoft
sells Office 2001 for Mac OS 9 and Office X for OS X. Both include Word,
PowerPoint, Excel and either Outlook or the similar Entourage; both can
read and write all the Microsoft Office file formats.
I’ve already mentioned that Services for Macintosh can provide Mac clients
with access to Windows-based printers. It does so by publishing the printers
using the AppleTalk protocol, which isn’t the most efficient network protocol
known to mankind, unfortunately. If your Mac clients are running OS 9,
though, you’ll have to learn to live with it because there aren’t any
Setting it up, as with all AppleTalk printers, is easy: Open the Mac’s Print Center, add a printer and select the printer’s name from the list. Even installing Services for Macintosh on a Windows 2000 Server is easy: Just install it. The software automatically picks up any shared printers or files on the server and makes them available to Mac clients via AppleTalk.
OS X clients, however, can print natively to LPD printers, providing
some of the same options as for Unix clients. On the downside, OS X only
supports LPD printing for printers that have PostScript Printer Definition
(PPD) files, which means, as the name implies, it only works with PostScript
printers. PostScript printers aren’t always common on PC networks, but
Macs and PostScript were quite literally made for one another, so the
best Mac printing support is available in conjunction with PostScript
Windows on Something Else
In the end, you may not be able to provide the perfect interoperability solution for your users. For example, if you have many Unix users and use Exchange for messaging, your Unix users simply aren’t going to be able to use Exchange for anything but e-mail, unless they’re willing to put up with Outlook Web Access. It may seem like your only alternative is to buy a Windows-based PC and force your non-Windows users to use two machines at work.
A somewhat less expensive option might be to use emulator
software. VMware Workstation, www.vmware.com,
is available for Unix, and Virtual PC, www.Connectix.com,
recently acquired by Microsoft, is available for Macs.
These products allow you to create virtual machines,
essentially a window that represents the monitor of
a separate computer. Within that window, you can install
XP Pro or any other Intel-based operating system. Users
of the host machine can run their other applications
alongside the virtual machine and use it to access Windows-specific
stuff like Outlook or line-of-business applications.
Running a “computer in a window” can be pretty effective,
as shown in the figure.
|How Windows XP looks on a Mac,
using VMware. (Click image to view larger version.)
VMware and Virtual PC retail for $200 to $500, and you can even purchase editions that include preconfigured virtual machines preinstalled with your favorite Windows OS. These solutions are cheaper than buying a second computer, and they take up less desk space. Your users won’t like them if they try to use them to run heavy-duty applications, but if all they need to run inside the virtual machine is Outlook and another app or two, it may be the perfect workaround to a lack of interoperability.
Mac OS X users have been using Remote Desktop Protocol (RDP) for a while,
thanks to the Unix Rdesktop client (see the online sidebar, “Mac OS X=Unix”).
Recently, however, Microsoft released an official RDP client for OS X,
which you can obtain from www.microsoft. com/mac. According to some accounts,
the Mac RDP client even provides better performance than the Windows RDP
client. The Mac client provides full RDP 5.1 support, including the ability
to map the client’s hard drives to the server for easier file sharing
with the terminal server. Figure 2 shows the RDP window running on a Mac,
providing access to a Win2K Server.
Setting up an RDP connection on a Mac works just like it does on a PC:
Run the Remote Desktop Connection software, type the name or IP address
of the remote server, and click “Connect.” You can also click “Options”
to modify your connection properties, as shown in Figure 2, but—by and
large—the software will automatically set itself up for the best possible
|Figure 2. Macs support Remote Desktop Protocol
5.1, as shown in this server connection. (Click image to view larger
Of course, cross-platform champ Citrix provides native Mac ICA clients
for its MetaFrame XP product. In the freeware arena, VNC servers and clients
are available for most Mac OS versions, including OS X at www.uk.research.att.com/vnc
and other sites. As I mentioned in the Unix
article, though, VNC isn’t a substitute for Terminal Services in Application
Server mode; even as an administrative tool, VNC introduces security concerns
that you need to consider.