Server Codex

SERVER CODEX

Software, Hardware, Tutorials, News and Reviews

Tenon iTools 7: Powerful Server Configuration Suite

So you have a Mac, and you want to turn it into a web server. Thankfully, Mac OS X comes with Apache, PHP, MySQL, and other useful server tools pre-installed. But for most Mac users, the UNIX underpinnings of OS X are alien, intimidating, and far from user-friendly. While Apple provides a basic graphical user interface (GUI) for starting and stopping Apache and FTP services, more advanced configuration requires a trip to the command line.

Enter iTools. Tenon’s suite provides an integrated GUI for a wide range of services whose configuration was previously only possible via the Terminal. But iTools is more than just a GUI — it installs a pre-configured combination of Apache 2, DNS server, FTP server, and optional PHP and MySQL packages that are designed to work together without having to perform a lot of tedious tweaking. If you’re looking to turn your Mac or Xserve into a professional-class web server as quickly and as painlessly as possible, Tenon’s iTools may be the right tool for you.

Installation

The iTools core installer weighs in at 32 MB and can be downloaded directly from Tenon’s site, as can the optional PHP and MySQL modules (25 MB and 7 MB, respectively). Each of the three disk images contains a single .pkg file, so installation is a breeze. Double-click each package in turn, and Apple’s Installer takes care of the rest. While one could use the lsbom Terminal command to examine each package’s bill-of-materials, it would be nice if an install log file were included so administrators would have a better idea as to what files were installed, moved, and/or modified.

iTools includes very solid component distributions that are pre-configured to work together and are compiled with nearly every feature one might require. OpenSSL, cURL, and other useful functions are available out of the box, obviating the need to manually compile support for these operations.

Tenon wisely decided to install all of its components alongside the versions Apple included as part of Mac OS X, so Apple’s versions are left untouched. A quick trip to /Library/Tenon/ reveals that iTools is completely contained in this one folder. It’s nice to know that everything relating to iTools is in this folder, instead of being scattered all over the place like many UNIX software installations. Also, unlike Apple’s locations for Apache, PHP, and MySQL, all of the iTools files are visible in the Finder, which makes for easier editing and configuration.

Initial Configuration

The iTools Administration Server, the GUI to all the services provided by iTools, is accessible via the web as well as from the included iTools Manager application. While both methods provide the same functionality, the obvious advantage of the web interface is the ability to make changes from any web-connected machine on the planet. In either case, all communication occurs over an encrypted SSL connection on port 85, which allows secure access to the iTools Administration Server even if the primary Apache process is down for some reason.

After logging into iTools for the first time, entering the license key, and changing the authentication information for the primary iTools administrator account, it’s time to begin configuring the relevant service components.

DNS

iTools includes the BIND 9 DNS server, as well as an easy-to-use interface for adding, editing, and deleting DNS entries. Primary, Secondary, and Reverse zones are very easy to manage, thanks to a clean and well laid-out interface. DNS can be an extremely difficult system to comprehend for those unfamiliar with its idiosyncrasies, and the iTools documentation and “tool tips” provide concise and accurate descriptions of the various DNS settings. Even so, those new to the world of DNS configuration are likely to find themselves quickly wondering exactly what to enter into the different fields. Those without prior DNS configuration experience should pick up a book such as O’Reilly’s DNS and BIND before attempting to configure DNS, whether you’re using iTools or not. With a solid understanding of DNS under your belt, the iTools DNS management interface is much easier and faster than hand-editing text files.

FTP

iTools includes ProFTPd, a fast and reliable FTP server that is virtual host aware. This means that multiple FTP users can access separate FTP access (share) points, using a single FTP server for multiple virtual host domains. It also means FTP access can be selectively granted without creating full-fledged Mac OS X user accounts, an incredibly useful feature that Mac OS X’s built-in FTP service doesn’t have. Anonymous FTP can be turned on and off, and limits can be placed on the number of simultaneous authenticated and/or anonymous users.

Mail

Providing GUI-based configuration for both Sendmail and Tenon’s Post.Office mail servers, iTools takes a great deal of the pain out of mail server configuration. Sendmail comes included with Mac OS X, and iTools simply provides an easy interface for configuring basic Sendmail settings such as creating virtual users and mail aliases. Free for small workgroups of less than ten people, Post.Office is a powerful and highly regarded mail server that iTools will link to instead of Sendmail if Post.Office is installed. Post.Office enables far more GUI-based configuration than is possible with the iTools interface to Sendmail, which doesn’t include configuration options for spam filters, mailing lists, and other advanced mail server features.

Network

IP address settings and firewall filters are configured in the iTools Network Settings panel. While the IP address settings are straightforward and easy to use, firewall filters can be complicated and confusing. iTools’ web-based interface to firewall rules is more convenient than using the Terminal, but it is not as robust as it could be. For example, it’s not possible to reorder rules — they must be deleted and re-added one by one. While more powerful than Apple’s built-in firewall configuration preference pane, the iTools firewall interface isn’t as handy for initial configuration or routine maintenance as other methods. The main appeal of the iTools window to OS X’s built-in firewall is the ability to make minor changes from any web browser in the world, which comes in handy if you need to temporarily punch a hole in your firewall from a remote location. As with most of the other sections of the manual, interface functions are well documented, but examples are nowhere to be found.

Web Settings

Apache configuration can be a tedious chore, and this is where iTools’ intuitive Web Settings come in handy. You can create multiple IP- and name-based virtual hosts, create self-signed SSL certificates, restrict access to specific realms, disable unneeded Apache modules, modify MIME mappings, add URL aliases/redirects, and change many other Apache-specific settings. Embedded “tool tips” provide detailed descriptions for the various settings, and the manual is very thorough. This information is particularly useful when configuring the SSL security settings, which can be complicated. If you have custom Apache configuration directives that aren’t covered by the iTools GUI, Tenon was thoughtful enough to provide a way to edit Apache configuration text files from within iTools. The ability to use any browser to enable arcane settings (such as the PHP register_globals value) on a per-virtual-host basis is extremely handy.

There are far too many settings here to cover in detail, but suffice it to say that Tenon has done an excellent job in making Apache configuration a manageable task.

System Status

The System Status panel indicates which Internet services (DNS, FTP, MySQL, mail, web) are currently running and whether they are set to launch on startup. There are buttons for stopping, starting, and restarting each service, as well as supplemental information about each service. If there is a problem when starting a service, however, there is no indication as to what the problem might be — the status light just stays red. It would be helpful if a pop-up window appeared with the console log output when, for example, Apache encounters a configuration error and won’t start up.

iTools includes the excellent AWStats log file analyzer, which makes it easy to learn more about traffic patterns for each virtual host. The Log Reports section also includes a tool for viewing FTP logs, as well as raw log files of various types.

Updates

Keeping on top of updates to the many open source components in iTools would be a laborious chore if Tenon didn’t bundle them together from time to time into a new point release. Unlike other software developers that require users to uninstall previous versions before installing an update, iTools point releases are installed the same way as regular installations — just double-click the .pkg file. In between point releases, small bug fixes and enhancements are delivered via the iTools System Update panel, which lists and installs available updates much like Apple’s Software Update tool. It would be nice if iTools provided a list of files that are going to be affected (or at least a summary of the changes) before proceeding with updates. But overall, Tenon deserves kudos for its intuitive update procedure.

Quibbles

As mentioned elsewhere in this review, the documentation would benefit greatly from concrete examples for the various settings iTools can control. Configuration tutorials and walkthroughs would greatly enhance the iTools value proposition among novice web server administrators. In addition to expanded documentation, it would be nice if it were available in HTML format in addition to the Acrobat PDF file.

We experienced a few minor, isolated problems on a clean installation of Mac OS X Server. After installing iTools, the FTP server decided to usurp upwards of 80% of the CPU cycles, and MySQL wouldn’t run. Although Tenon couldn’t reproduce these problems on their end, they were very helpful and quickly helped resolve these issues. The folks at Tenon provided responsive and knowledgeable technical support.

Bottom Line

iTools is an easy way to install and configure powerful web, mail, database, and FTP servers. But if you aren’t well steeped in the intricacies of DNS, firewall rules, and other esoteric topics, be sure to load up on some relevant reference tomes before getting your hands dirty.

iTools appears to be aimed at those who already know what they’re doing and who prefer a GUI rather than the Terminal for routine maintenance. But people who know what they are doing will want to know more about what iTools is doing behind the scenes, and a great deal of this information isn’t provided in the documentation. Those who are familiar with how Apache, PHP, MySQL, and the other components interoperate when compiled from source may have to take some time to understand how an iTools installation is different.

Tenon’s server suite is an excellent package, and the DNS and Apache configuration is where iTools truly shines. The ability to modify server settings from any web browser on the planet is worth the $349 price of admission all by itself.

Leave a Comment