Overview of Account Types for Lion Server Notebook Clients
When a notebook user on your Lion Server network takes his notebook to another location, in or out of the office, what happens to the user’s authentication information and data when he disconnects from the network? How can the user continue to log in to his notebook and access his documents and other data away from the network directory and file sharing? The answer is in the mobile account.
Unlike other accounts, a mobile account caches the user’s account credentials on the local hard drive. User data could be stored on the local hard drive or a network volume, but the local hard drive makes the most logical sense in this configuration.
To make it even better, you can configure a mobile account to have a portable home folder. Building on the mobile account, a user’s home folder is synchronized between a server volume and the local drive. Synchronization occurs at login and at predetermined intervals. The directory administrator configures the intervals.
This choice gives a notebook user freedom of movement while maintaining her data on the server and local drive.
Here are also some other options for accounts and home folders that can be used for notebook clients:
External account: Like a mobile account, but the user’s account data can be stored on any volume connected to the client, including an external USB or FireWire hard drive, or a USB flash drive. That volume can be removed and connected to another Mac OS X system. The user can log in with the account credentials stored on the external volume.
External account with portable home folder: The combination of an external account and portable home folder, both stored on an external volume attached to the client.
One of the most flexible choices, this option allows a user to synchronize a home folder to a portable drive and take it to another computer and have full access to his data. It’s also the most unsecured option because the portable drive can be easily lost or stolen.
Other users besides notebook users can benefit from external and mobile accounts and portable home folders. Regular network accounts can be used interchangeably with mobile accounts and portable home folders, with significantly less impact on network activity. Synchronizing users’ home folders provides redundancy in the event of a hardware failure.
Creating portable home folders sets up a two-way mirror of files between the server and the local hard drive. Never combine regular network home folders with portable home folders: Data loss is a likely outcome.
The portable home folder client tracks changes and performs the sync operation by comparing the files between the server and the local drive. If a file has previously changed on the server and the portable home folder process wasn’t aware of the change, the local file will be overwritten back to the server.
Set a master password on each computer in the Security pane of System Preferences. You can also require a master password be set when a mobile account logs in to a managed computer.