OSX Server just doesn't work and is not ready for prime time. The straw that broke the camels back was Calendaring. We're at at point at the office where calendars and shared calendars HAVE to work. We moved to Snow Leopard server with the hopes that that update fixed calendar issues... It didn't. Internally, after the upgrade, things were great, we should share and view each others calendars. But the issue was when we tried to get invitations from people outside or send invitations to outsiders we couldn't add the invitations, people couldn't open our invitations etc. When you combine that with other calendar things like not being able to control which email account the invitations go out from it was a total disaster.
On top of the calendar issues we saw mail getting hung up in the queue when spam filtering was enabled so we had to turn that off. Running without a spam filter, even a mediocre one, is really painful. Then there's the whole issue of a lightweight interface to DNS etc.
We thought about just using google calendar for calendaring and keeping mail the same and limping along with spam issues, but then found out that unless your invites etc arrive at the same email address (including domain name) that the calendar is at then google calendar doesn't do well with it -- invitations get confused, not added etc. So both email and calendar have to be at the same address/domain for google apps.
We looked at 2 options: Go to Exchange or try Google Apps again. Exchange is proven in very large businesses and can do it all. But its not cheap (we guessed about $20K for us to deploy) and would take time to deploy and migrate. We could go the hosted approach but still had migration issues plus the loss of control over our data. If we're letting someone else have some of our data then a hosted solution for exchange versus google apps is probably equally risky.
So what we decided to do was go the Google Apps approach. Perhaps this will only buy us a little time or perhaps it will last for quite a while, we'll see. Essentially we changed all mail to flow through the Google Apps domain but then forwarded it on to a sub-domain for the users that don't need the calendar support. By creating all the accounts first at google and forwarding all the mail to the subdomain we essentially changed all the users over without them being involved -- the mail just flowed through google. Then for the users that need calendars we unforwarded the mail and now new mail comes into and stays at google. Here are the exact steps:
- Create Google mail/cal setup @ domain.com (google apps)
- Add mx records for sub.domain.com
- Rename domain.com -> sub.domain.com on your current mail server
- Create all users @ domain.com (google)
- Adjust domain.com mx to point to the new google apps setup
- Forward all mail from domain.com to sub.domain.com (so the move is transparent. Note there's a window between 4 and 6 where a few emails could come in so watch out. Google doesnt let you add users and forward mail until your MX records point at them)
- Move desired people back from sub.domain.com to domain.com by disabling forwarding and giving them their google passwords
Note that step #3 with the OSX mail server was non-disruptive to the users. We essentially changed their email addresses from user@domain.com to user@sub.somain.com without them knowing or changing their clients. Thats because on OSX server you auth with just the username and password not the full email address. That was a nice trick that avoided a lot of noise for the team.
Why not just move all users to google mail (i.e. no forwarding)? Because Google has some oddities in the way they behave as a mail server. Their labels vs. folders is one, the limit on how many clients for the same account can connect at one time is another. The data being offsite/in their hands is another.
The result?
You could literally hear the joy from the people now having working calendars. It just works and was night and day better than Apples iCal server. On top of that Google is eating spam as one of the best spam filtering services on the planet.
While I have my issues with Google Calendar, if you can avoid the issues it does the job well.
So now that we're not using OSX server for calendaring and most of the heavy (and less technical ) mail users are off on google, we're not very dependent or tied to OSX services. We're going to move to a tried and true Linux-based DNS, DHCP and Dovecot mail setup. No fancy UIs to undo our work or hide power and functionality.
If you're thinking about OSX server -- DONT. Its a waste of your time and money. Start with Google Apps and when you grow out of it move to Exchange (hosted or not based on your security/financial constraints)
If you're following this blog to learn about OSX server, stop now. I'm taking it out back and putting it out of our misery.
