You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Hi, we have an MacStudio that we are using as server where users login with Apple Remote Desktop
Are there any best practices how to set it up regarding security available from Apple?
Regarding for example FileVault on or off and other items.
FileVault, while recommended, won't affect nor help with remote users. FileVault keeps someone who has physical access to the Mac from being able to get access to the data in storage.
As to overall security, some general tips which really apply to any system, server or not:
Note also that Apple Remote Desktop, while still available, gets very little attention from Apple, and often no attention at all. So it may not be the best solution for remote access. But if it works for you and your users, great.
Others here may have additional thoughts.
Regards.
When early MacOS like 10.4 was released, the MacOS Server version with special capabilities was released at the same time, at extra cost. Over time, more and more and more of the features of Server have simply migrated into EVERY version of ordinary MacOS, such that special Server features are not longer needed, and a separate Server version has not been issued in a very long time. (MacOS server as a separate version was discontinued before APFS was introduced.)
Apple Remote Desktop is strongly aimed at Administering Software loaded on a group of local computers, NOT sharing files. Apple Remote Desktop is overkill for what you are talking about. Plain MacOS on the computer designated the Server will do the job perfectly adequately. Plain MacOS on each Users computer is perfectly adequate.
Mac File Sharing is perfectly adequate for accessing Shared files on a local server.
The credential required to access ANYTHING on the Server computer are credentials on the Server computer itself. This means you may need some additional Accounts, such as GROUP accounts, on your Server computer. These accounts will be the OWNER of the Shared Directories in which users store their shared files.
--------
The connection of the Server computer to the rest of your network could conceivably become a modest bottleneck. Depending on its size, consider adding an Ethernet Switch to your local Network. Consider high speed Ethernet connection to the Server computer. (These are concepts you could have in reserve IF any sort of bottlenecks develop over time. They are NOT needed on day 1.)
--------
Sys Admins confess this private rule for granting ADMIN access: No one gets Admin access unless they have the innate ability to FIX any issues they cause by their Admin access.
What Hardware:
The temptation is always to use a VERY powerful computer as the server, because that is the heart of your network. The Server computer itself needs a lot of I/O capability. It needs the ability to connect to large number of Drives. It does NOT need a lot of compute power. It barely needs any graphics. A really large amount if RAM would go unused.
A Mac mini will suffice in most situations. Or a "found" older surplus computer, provided it could run one of the three most recent versions of MacOS, to keep getting security upgrades, and had lots of ports to connect drives.
The compute power and graphics capability and large RAM memory of a Mac Studio would be completely wasted in this role. (You save a few thousand bucks right there.)
If you find, over time, that a Mini is not keeping up in some fashion, you can always GROW into a more advanced Mac.
Best practices for MacStudio as Server
