OS X Tiger Server: Mobile, Portable Home Directories

Tiger Server introduces "portable" home directories. I've been setting up accounts with this technology a bit more lately. Here are my observations, and a workaround to the ~/Library issue.

Overview

Windows, coupled with a Windows Server, has a technology known as the "roaming profile." This basically takes most of your files from "Documents and Settings" plus appropriate registry settings and stores everything on the server. When you login to a Windows workstation, it grabs your profiles from the server and makes a local copy. When you log off, it copies your current set up back up to the server. All in all, this works relatively well.

OS X Panther Server has a technology called "mobile home directories." Most thought this would rival the Windows setup, but it didn't quite. The Panther based mobile home directory doesn't sync your directory to the copy on the local machine.

Of course, Panther and Tiger have Network Home Directories, where once logged in, you work directly off of the server. This works great, even on a 100BT network, depending on how much data you're pushing around. However, this doesn't help out laptop users.

Enter portable home directories, introduced with Tiger. A managed network account can be set up with a preference to "Synchronize account for offline use." The portable home directory is a little bit of a hybrid between Window's roaming profiles and Panther's mobile home directories.

Figure 1: WGM Mobility Preference

Clicking on a user's mobility preference in Workgroup Manager (Figure 1) in 10.3 gives us this panel:

Figure 2: Panther Server's Mobile Home Directory setup

With a Panther Server, this will allow a network based login access to a Mac, and will create a home directory for that user locally. Tiger Server goes the extra step. WGM now presents you with this panel:

Figure 3: Tiger's new Mobile/Portable Home Directory

The first time a user logs in, they are asked if they would like to create a local home directory, if that setting is enabled in WGM. This also creates a user account on the computer that has cached credentials, allowing the user to login locally even when away from the network. Users with a managed home directory will get a new menu bar icon that allows them to sync on demand:

Figure 4: Tiger home sync menu bar addition (far left).

Through WGM, you can create rules regarding what to sync, and when to sync it for the user:

Figure 5: Sync rules.

How does this work in practice?
Obviously, the portable home directory is the greatest use to laptop users. Prior to Tiger, I was setting people up with rsync scripts that would keep everything in sync. Prior to Tiger, you had to jump through some hoops to get the right versions of rsync on each machine and roll out the scripts. Tiger was supposed to change that with a native version of rsync that understands extended attributes and resource forks.

I've been using rsync on various platforms for a long time - yes, even on Windows. It's a life saver in many, many situations. I'm still using it, but not for syncing home directories as I once did. Why? It's been flaking out on me.

rsync is still just fine with standard (data fork only) data. No problem. However, my home directory, and most that I manage, are just getting huge. rsync won't even make an attempt at these directories, but just throw a bus error. Not good.

Additionally, the Tiger-native rsync throws bogus 'file has vanished' errors when trying to sync files without a resource fork. Not good.

I tried other sync solutions for clients that didn't want a script either in the background or one that they'd have to run on demand. You Synchronize is nice, but I find it extremely slow, and prone to hanging up a machine. Not good. So, I had to give Tiger's portable home directories a try.

With smaller home directories, you can leave most of the default settings and have a perfect solution: it syncs in the background, and at login and logout. Easy, and not too time consuming.

With other users, you may need to figure out how they work, and may even have to alter where they store files. If they're used to storing digital video in their home directory, they had better be syncing over GigE - you don't want to do something like that over Airport. You can potentially ask them to keep these files in a directory that stays local. Same goes for gigantic iTunes libraries, although this is a judgement call on the administrators part.

During a manual sync operation (a background sync is just that: it stays in the background and does just that), there's an always-on-top dialog window that shows status:

Figure 6: Manually started sync in action.

In both the case of a manual or background sync, the menubar item animates during the operation. You can, by the way, disable the menubar widget for sync.

If a user does have a lot of large files that get changes between syncs, perhaps login/logout sync isn't right for them, as this will increase the time login or logout takes. Once again, this is highly situation dependent: perhaps a user is on a desktop and needs that data in sync elsewhere after logout.

How does it compare to rsync?
This is a bit of an unfair comparison. Portable home directories do one thing, and they do it well: sync a user's home directory. That's it. It uses Apple's MirrorAgent to do so, which is also responsible for syncing data to an iDisk if you use one. You can set up rules that sync other directories, however. rsync offers many, many more possibilities about what, where and how to sync. rsync will sync any directory to any other directory locally or on a server. You have to decide which method is appropriate for your situation.

One glaring issue for me is face time - rsync just does what you tell it, whereas MirrorAgent sometimes needs to be told. If two files are completely different - perhaps you've used your home directory to modify a file, then use your laptop and modify that local copy - when a sync occurs, a dialog box pops up asking which file to keep. All well and good, but it stops the whole sync operation.

The Good
Portable home directories solve a problem that network based Mac users have been facing, and trying to find a solution for. It says what it does, and does what it says. It's a perfect fit for PowerBook users that have a Tiger Server available to them, and, it's a built-in.

Also - my favorite - logs! All sync efforts are logged under ~/Library/Logs/MirrorAgent.log

The Not-so-good
I can't label these things 'bad' - they'll mean different things to different people. I just find them "not as good as other solutions."

A Mac-to-Mac only solution - You need Tiger Server on the other end of your workstation to make this work. It would be nice if MirrorAgent could be set up to sync anywhere. At least, to any other HFS volume, local or remote.

Use of AFP for connection - Not terrible, but AFP isn't the worlds fastest protocol. Naturally, this keeps all of your HFS+ data intact, though. Since it's Tiger we're talking about, this is AFP/IP, but it's still AFP. Of course, this means that you'll also need to get AFP/IP to your server if you plan on performing a sync remotely.

Bandwidth use - Certainly not as friendly as rsync. While MirrorAgent does seem (I will be testing this...) to just send file deltas like rsync, it's certainly not as fast or bandwidth friendly.

CPU use - When MirrorAgent kicks in, it just gobbles CPU:

Figure 7: MirrorAgent CPU load

Manual sync needs quiescent file system - OK, you always want to perform your backups and syncs on a non-active filesystem, but sometimes, that's just not possible. rsync fails gracefully under these conditions, whereas I've seen MirrorAgent hang when something changes underneath it. Of course, this happens with the CPU pegged, so your fans really kick in!

No ~/Library by default - This partially ties into the previous note. On the one hand, you want the contents of your Library directory. It has your preferences, your e-mail, your keychain! However, this directory is going to be changing all the time due to this.

The Workarounds
For me, portable home directories have really come in handy. I have most people manually sync after quitting out of applications that are going to change files on disk, even while unattended (like e-mail, or an RSS reader, but not necessarily a web browser or Photoshop). The omission of ~/Library doesn't sit well with me, so, I had to fool it. Here's what I'm doing with (so far) no ill effects:

1. As root, and while the user to change is NOT logged in, rename their Library directory: mv /Users/someuser/Library /Users/someuser/ulib
2. Then, simply link in Library: ln -s /Users/someuser/ulib /Users/someuser/Library

This way, when the system goes to look for ~/Library, it's there. When MirrorAgent does its sync thing, it'll sync up the "new" ~/ulib directory. Seems to be the best of both worlds. In reality, this needs to "just work."

Thoughts
Portable home directories in Tiger bring OS X shops closer to perfection in management. While there are issues that may impact how you'd like to deploy them, you have to plan and test. They're not an all or nothing proposition, so you can roll out the service to one or two users, tweak, roll it out further, and so on, until everyone is covered by this new service.