AppleTalk to IP Migration

By: Richard Glaser - Revised: 2006-07-03 devin

Introduction

The future of AppleTalk will only include updates and bug fixes, no new features according to Apple.
Soon, the campus network will only carry data formatted according to the Internet standard TCP/IP protocol. This means that eventually, the campus backbone network will no longer carry AppleTalk network communications between the existing campus AppleTalk Zones. I do not know and would not like to make a guess ;) the time-frame for this to happen.

Every Mac Mgr should evaluate how their department and/or group would be impacted if AppleTalk was discontinued. I would like to troubleshoot/test/research upgrading, work-around options, and other issues long before AppleTalk is discontinued.

Over-simplifying, Macs located in one AppleTalk Zone will no longer be able to access file servers, printers, or other AppleTalk services (database, calendaring, backup, etc.) located in other campus AppleTalk Zones--at least not through the AppleTalk network protocol. The list of campus AppleTalk zones now visible in the Chooser would no longer be available; only the Macs, file servers, printers, and other services available in a department's/group's local AppleTalk zone will continue to be visible in the Chooser after AppleTalk routing is discontinued.


Modifications and Upgrades

Most software can be modified to use IP instead of AppleTalk. Software that can't be modified, can either be upgraded or can work with 3rd party software to use IP instead of AppleTalk. For details, see below.

File Sharing

AppleShare
Apple's AppleShare servers version 3 or 4, do not support IP and will be be effected when AppleTalk is discontinued on the campus backbone.

Apple's AppleShare IP (ASIP) software has supported AppleShare over IP since version 5.x. The most recent version of ASIP 6.x includes support for IP networking as well as AppleTalk, native SMB support for Windows file serving, built-in web, FTP, e-mail, and print services. If you are using an older version of AppleShare like version 3.x or 4.x, you can upgrade to the latest version if you server meets the requirements or purchase new hardware.

ASIP 6.x runs on any iMac, Power Macintosh, Macintosh Server or Workgroup Server with PowerPC G4, G3, 604e, 604, or 601 processor. It requires at lease 64 MB of RAM with virtual memory, 80 MB without virtual memory, and 250 MB disk space.

Upgrades - ASIP 6.x, Mac OS X Server, other.
Workarounds - ShareWay IP, FTP, other.

AppleShare IP (ASIP)
Apple's AppleShare IP (ASIP) software has supported AppleShare over IP file services since version 5.x. If you are running versions 5.x or higher, the only issue you might have is that the server and/or clients are using AppleTalk services instead of IP. Modify the settings on the server to use IP, and upgrade AppleShare on the clients to version that supports AFP over IP.

Upgrades - n/a
Workarounds - n/a

Mac OS X Server
Apple's Mac OS X Server software has supported AppleShare over IP file services since the initial release. The only issue you might have is that the server and/or clients are using AppleTalk services instead of IP. Modify the settings on the server to use IP, and upgrade AppleShare on the clients to version that supports AFP over IP.

For more details on Mac OS X Server, click here.

Upgrades - n/a
Workarounds - n/a

Novell NetWare 5
Novell NetWare 5 provides file sharing services via IP. Currently, there is no option for Mac clients to natively access files or print to the NetWare servers over IP. At present, however, Prosoft Engineering's NetWare Client for Mac only supports Macintosh access via Novell's IPX protocol.

Novell announced on November 8 that Native File Services for Macintosh will ship in the first quarter of 2001 as a downloadable add-on for Novell Directory Service (NDS) 5.x, and later as a native part of NDS 6.0. It promises native support for Mac OS clients on the server side, with no client software needed on the Macs. It will integrate Novell Modular Authentication Services with Apple's own authentication systems, and provide not only access to network storage, but user management and directory access services as well.

Migrate - ASIP 6.x, Mac OS X Server, Windows 2000 Server, other.
Upgrades - Nothing currently available, maybe first quarter of 2001.
Workarounds - ShareWay IP, FTP , other.

Windows NT
Windows NT Server has support for Macintosh clients via Apple File Protocol (AFP) over AppleTalk through a feature called Services for Macintosh and would be effected by discontinuation of AppleTalk on the campus backbone or network.

You can upgrade to Windows 2000 Server which has support for the AFP over TCP/IP, AppleTalk is still supported as well. Or you can install a third-party replacement for for NT Services for Macintosh that provides AFP file service over TCP/IP. This includes MacServerIP , ExtremeZ-IP, etc.

Upgrades - Windows 2000 Server, Third-Party NT Services, others.
Workarounds - ShareWay IP, FTP, others.

File Sharing

Personal File Sharing
Macintosh file sharing is a powerful feature of the Mac OS that lets you share your folders (and their files) with other people on a network. File sharing operates on any Macintosh that can run System 7 or above and is connected to an AppleTalk or TCP/IP network.

File sharing would be effected by discontinuation of AppleTalk on the campus backbone or network. If you are using Mac OS 9.x, you can use Mac OS 9.x's support for file sharing via IP.

If you are running Mac OS 7.x to Mac OS 8.x, you can:
  1. Upgrade to Mac OS 9.x,
  2. Install third party software like ShareWay IP 3.0,
  3. Or use other work around to provide access to files/folder on Mac's.
Upgrades - Mac OS 9.x ,others.
Workarounds - ShareWay IP, Web Sharing, FTP, others.

Printing

Access to printers & print servers would be effected by the discontinuation of AppleTalk on the campus backbone or network. To support IP printing you have the following options:
  1. Upgrade/Purchase printer that supports IP Printing
  2. Install IP Print Server
  3. Upgrade Print Server to version that supports IP printing.
Most laser printers have the capability to be accessed on an IP network.

If you have an AppleTalk printer that will not support TCP/IP you could upgrade your printer to a model that supports IP. This will enable printing from multiple TCP/IP subnets.

For AppleTalk printers that cannot be upgraded, an option is to set up an IP print server. Instead of printing directly to the networked printer, Mac users print via TCP/IP to the print queue. This IP print queue is handled by a print server that runs on an Mac, a Windows NT server, or a Unix/Linux computer. The print server can accept print requests via TCP/IP and route them to an AppleTalk-only laser printer.

AppleShare 3 and 4 server software do not support IP printing. ASIP 5.x began support for IP print serving. You can use ASIP 5.x or 6.x to enable IP printing for networked printers that only support AppleTalk.

In order for client Macs to print using IP, they will need to be running system software System 7.x or higher and LaserWriter 8.5.1 or higher.

Upgrades - Printer Hardware, ASIP 6.x, Mac OS X Server, Windows NT/2000 Server, others.
Workarounds - Client (Dave 2.5), server (see above), Print66, others.

Systems Management

Most server and client "System Management" software has upgrades/workarounds that support IP. One software package used to maintain Mac hard disks is RevRdist. Until, recently RevRdist did not support IP, but with version 1.6.18 you now can directly use the software on a IP network. Also,you can use AppleScript to mount server via IP and then run RevRdist, which was previous workaround for AppleTalk-only issue, and gives you more control over the setup.

The following software packages currently support IP:
Upgrades - See above
Workarounds -

Backup

Retrospect
If you user Retrospect version 3 or 4 backup software you should not be affected if AppleTalk is discontinued on the backbone or network. Retrospect 3 and 4 have the capability for backing up Mac's using the TCP/IP protocol. The only issue you might run into with these versions of Retrospect is that you are using AppleTalk on the client and/or server instead of IP.

If you are using older versions of Retrospect, you might be effected if AppleTalk is discontinued on the backbone, if you backup outside your local AppleTalk network. You might need to either upgrade Retrospect or migrate to another backup solution that supports IP for your Mac's clients/servers.

Upgrades - Retrospect, others
Workarounds -

Database

FileMaker Pro
FileMaker Pro database software has offered IP access to databases since version 3. If you're currently using an older version of FileMaker Pro, you might be effected if AppleTalk is discontinued on the backbone and you should consider upgrading to the latest version. If you are using FileMaker Pro 3 or higher, you should make sure that users can access the databases via IP and are not using AppleTalk.

Upgrades - Filemaker Pro 5.x, others
Workarounds -

Calendaring/Scheduling

Now-up-to-Date
Now Up-To-Date (NUTD) is a popular Mac calendaring & scheduling application. Since version 3.6, NUTD supports access via IP. You might be effected if AppleTalk is discontinued on the backbone if you currently share calendars/schedules in different AppleTalk zones. Also, if you are using version NUTD 3.6 or higher and have clients/server using AppleTalk instead of IP, you might run into problems.

Upgrades - Now-up-to-Date, others
Workarounds -

Client

AppleShare Client
To connect to an AppleShare file server via TCP/IP the Mac's need to be running the AppleShare Client 3.7.x or higher.

The version of the AppleShare client software you use depends on the version of the system software you have installed on your computer:
Upgrades - AppleShare Client 3.7.4, 3.8.3, or 3.8.6.
Workarounds - FTP, Personal Web Sharing, others.

Personal File Sharing
To support IP Personal File Sharing on Mac, the clients will need to be running system software Mac OS 9.x or higher, or use other options.

For more details, see File Sharing section.

Printing      
To support IP printing the Macs, the clients will need to be running system software System 7.x or higher and LaserWriter 8.5.1 or higher.

For more details, see Printing section.

Security
When moving to an IP based Personal File Sharing, try to use "secure" user accounts and try not to use generic or unsecured "guest" accounts.

You can use firewall software/hardware to provide IP filtering and other features.

For more details, see Security section.

Accessing/Navigating Services

The Mac's native networking system, AppleTalk, was designed with the Mac's principal focus which was the end user. Specifically, Apple built a dynamic naming and service location system into AppleTalk. Through the Name Binding Protocol (NBP), services could dynamically register on the network. And through the Mac Chooser and equivalent third-party functionality, such services could be browsed for and accessed through Macintosh-standard point-and-click technology.

When migrating from AppleTalk to IP , you loose the use the Chooser at least outside your local AppleTalk network. So, you will not see the list of AppleTalk zones and services available in those different zones.

The Service Location Protocol (SLP) is Apple's direction for resource discovery on IP networks. Currently there are a number of limitations exist with SLP in its current state.

Client Access
For clients to access SLP services they need to be running Mac OS 9 or using third-party software (ShareWay IP)and running at least Mac OS 8.5. Also, the version of SLP implemented with Mac OS 9 (SLP v2) is not compatible with the SLP implemented with OS 8.6 and 8.5 (SLP v1), although the SLP plug-in from OS 9 can be installed on Mac OS 8.6.

Personal File Sharing
For clients to to advertise SLP services they need to be running Mac OS 9 or usingor using third-party software (ShareWay IP)and running at least Mac OS 8.5. Also, the version of SLP implemented with Mac OS 9 (SLP v2) is not compatible with the SLP implemented with OS 8.6 and 8.5 (SLP v1), although the SLP plug-in from OS 9 can be installed on Mac OS 8.6.

File Services
AppleShare IP 6.3.2 will advertise it file services via SLP, previous version will not unless you use a 3rd party product like ShareWay IP. Other file servers like Windows NT Server/2000 do not directly support SLP, but 3rd party NT services (ExtremeZ-IP) or product like ShareWay IP. Novell NetWare 5 uses the SLP protocol for locating devices on and IP network, but does not support native Mac IP services. (see File Services for details)

Advertising Services
To have SLP services advertise across subnets you will need IP Multicast enabled on switches/routers that service these subnets. In the future, DA's will minimize the need to use IP multicast, and will enhance the protocol's hierarchical scope concept, and provide other services. Unfortunately, at the current time, no commercially supported DA is available, so IP multicast must be used if you want to advertise SLP across subnets.

Organizing Services
Just as AppleTalk defined the concept of a "zone", in which services could be searched for in a hierarchical manner, SLP defines the very similar concept of a "scope." Unfortunately Apple's implementation of scopes in NSL (called "neighborhoods") is somewhat limiting. In Mac OS 9, for example, the scope in which a particular service is registered is usually set to the search domain (from the TCP/IP control panel) for that service's machine. All services without search domains appear in the same, non-hierarchical list.

Rendezvous - Routing Across Subnets
One solution is using a software called mTunnel to route rendezvous across subnets. Here is a tutorial from AFP548, called "MultiCast Tunnel Creation, or Rendezvous across the Internet" that covers setup of mTunnel under Mac OS X.

Upgrades - ASIP 6.3.x, other.
Workarounds - 3rd Party NT Services (ExtremeZ-IP), ShareWay IP, others.

Security

When migrating from AppleTalk to IP, security becomes a bigger issue due to the fact that IP access is global and not just available on campus, which is usually the case for AppleTalk. Currently, AppleTalk groups/departments have setup AppleTalk filtering as the primary means of securing access to their AppleTalk-based file servers, printers, and databases.

TCP/IP filtering is similar to AppleTalk filtering. With TCP/IP filtering, you can limit access to local Macintosh-based file servers, databases, or printers by TCP/IP address. A set of TCP/IP addresses can be specified as authorized for access. Computers whose TCP/IP address falls outside of that set are prevented from access to the server, printer, or database.

An easy first step in security is "secure" accounts for your local file, web, or database servers for the users that need access to these services. Some groups/departments might be using an unsecure "guest" account along with AppleTalk filtering to prevent unauthorized access. While this was a somewhat effective security method in an AppleTalk-only environment, it will be unacceptable if you need to migrate your network services to a TCP/IP environment.

ASIP 6.x has TCP/IP filter features. TCP/IP filters allow the administrator to restrict access to TCP services running on the ASIP server by port number, by IP address of the client, or a combination of both. Note - There as been reliability issues with ASIP 6.x's implementation of TCP/IP filters and I would currently recommend using third-party software to provide TCP/IP filters for ASIP and other servers.

Upgrades - Use secure accounts (i.e. no guest), ASIP 6.x TCP/IP Filtering, others.
Workarounds - Third-party TCP/IP Filtering (i.e. DoorStop, NetBarrier, etc.)