An excellent example of this can be the very disparate proposal made by both companies regarding the software license. Windows Server is available in around a dozen different versions, each with its own price and feature set geared towards specific environments. In contrast, there is only a single version of Mac OS X Server that offers all the features available to anyone who buys it.
Similarly, Mac OS X Server ships with only two license variations, a 10-client version and a version with unlimited clients. Leopard Server does not add the hassle (or expense) of additional client-based licensing. This is what happens when administrators must purchase additional licenses for each user or device that connects to the server, as well as the license to install and run the server operating system itself. Windows requires this licensing scheme.
Although the 10-client version of Leopard Server will simply not respond to more than 10 concurrent file-sharing clients, other services are not restricted to this 10-client limit, as specified in Apple specifications. Costs aside, this makes Mac OS X Server licensing tremendously simpler and more predictable compared to Windows Server.
Beyond their differences, the systems have a fair amount of underlying similarities. Both Microsoft’s Active Directory and Apple’s Open Directory rely on a custom LDAP (Lightweight Directory Access) database as a repository for directory services, and both use Kerberos for secure authentication. Both Active Directory Group Policies and Apple’s Preferences Manager allow administrators to secure workstations and presets settings for user experience in the operating system and applications.
Both systems also allow the replication of their directory services between multiple servers to increase fault tolerance and performance, particularly in companies that have multiple branch offices connected by slow links or with many users and workstations in separate offices.
Both offer file sharing and printing capabilities with support for multiple protocols, including Windows native SMB / CIFS (Server Message Block / Common Internet File System), Mac native AFP protocol (Apple Filing Protocol), and Unix NFS. (Network File System). Apple support is somewhat easier to implement because support for all three protocols is installed automatically along with the server operating system, rather than components that require additional installation. Both also offer web-based, email, and calendar-based collaboration tools.
Directory Services and Account Management Thanks to their support over LDAP and Kerberos, both systems have unique schemes that can be extended. Although Apple primarily uses LDAP for query authentication, Windows Active Directory clients natively prefer the use of the proprietary ADSI (Active Directory Service Interface) protocol, although Active Directory also supports LDAP. Both systems offer secure authentication, and it is possible to integrate Active Directory with Open Directory as a single network environment. In this integrated scenario, servers and clients on both systems can use a single directory services environment for authentication and management, or they can be part of a more complex environment that combines multiple directory systems.
The Active Directory is, however, more robust in some respects. Although both systems support server directory replication, Active Directory typically incorporates better replication options. For example, each domain controller can accept changes to records and accounts that are propagated to the rest. Open Directory has always operated on a single master server with multiple replicas, similar to the model made up of a Windows NT Primary Domain Controller (PDC) and a Backup Domain Controller (BDC), where changes other than upgrade The password must be made on the master and then copied to each of the replicas.
This situation creates a point of failure; replicas will process authentication and other requests if the master fails, but updates other than password changes cannot be performed until the master is restored or replaced by promoting one of the replicas. Similarly, it also has the potential to reduce performance because all replicas must update their information from a single source: the master.
To some extent, this has changed with Leopard Server, which offers cascading replication. This is what happens when the first level replicas have received updates from the master, and a second level of replicas can be updated from this first level of replicas. This fixes the issue associated with replication performance, but does not resolve the fact that the master continues to be the sole point of modification for most accounts and records. As a result, in enterprise deployments, Active Directory continues to support more complex replication topologies compared to Leopard Server.
Other ways where Active Directory is more flexible include the concept of forests, a method that consists of grouping multiple Active Directory domains, each with its own space name and set of accounts for users, groups and teams; as well as the one that allows the accounts of one domain to access the resources of another domain. The ability to establish relationships between domains allows accounts in one domain to access resources managed by a different domain within the organization’s infrastructure. This offers great flexibility in large business networks.
Leopard Server offers some multi-domain capabilities, particularly through the introduction of cross-domain authorization that allows a single Open Directory domain to be subordinate to another domain under either an Open Directory or an Open Directorory. However, it remains to be seen how flexible Open Directory is by this capability compared to Open Directory.
Beyond the historical advantages of Open Directory, Leopard Server’s Open Directory continues to be very viable for large multi-site infrastructures where Mac OS X Server was previously not the optimal choice. It includes the ability to host a Windows NT-style domain, seamlessly responding to requests from Windows clients with the master server acting as a PDC and the replicas acting as BDC. Leopard Server also provides a high level of support for clients on dual platforms, including the ability to host roaming profiles.
However it is not perfect. Active Directory offers little support for Mac clients. However, Apple’s use of Samba and LDAP means that Mac OS X can authenticate against an Open Directory.