Overcoming Difficulties of Mac minis in a Data Center

  • Author: Karim
  • Date: 30 April 2023
  • Time: 7 Minutes

At first glance, it may not be apparent why deploying Mac minis in a data center environment is such a difficult task. After all, there are readily available rack mounts for Mac minis. Just put the Mac mini in the rack, connect the power and network cables, and you're done, right?

Well, not quite. There are a few things to consider when deploying Mac minis in a data center environment. While the rack mount is a great start for smaller deployments of just a few Macs, or for mobile racks in a production environment, it's not a good fit for a large deployment of Mac minis in a data center.

Challenge 1: Cooling

Usually, servers pull in air from the front and push it out the back. Data centers are designed to accommodate this airflow by separating the rack with a cold aisle and a hot aisle. The cold aisle is where the servers pull in air, and the hot aisle is where the servers push out the hot air.

This works great for usual servers, but the Mac mini isn't quite built like that. The Mac mini pulls in air from the back, and then pushes it out right where it pulled it in. For a consumer grade computer, this is fine. But in combination with a dense rack mount, this can cause a lot of problems. Luckily, the ARM platform that Apple silicon is built on is quite power efficient, so the Mac mini doesn't need a lot of cooling. Still, allowing for better airflow is a good idea. This is why we decided to instead build our own rack mount for the Mac mini, which allows for more airflow and easier maintenance.

Challenge 2: Power Management

Sometimes, you may need to reboot your Mac externally. While macOS is quite the stable operating system, sometimes it may still crash. In that case, you may need to reboot the Mac. But how do you do that without physical access?

Expanding Brain Meme

Open a Ticket

One way would be to open a ticket and as a data center technician to reboot the Mac. But that's not very efficient. Not for you as a customer, who then needs to wait for the technician to come, and not for the technician, who then needs to go to the rack, find the Mac, and then reboot it.

Use a Remote Power Switch

Another way would be to use a remote controlled power switch. The Mac can be configured to automatically reboot once it loses power. Therefore, you can simply send a signal to the power switch to turn off the power, and then turn it back on again. This way, you can reboot the Mac remotely. Some Mac hosting providers use this method, but it has its own limitations. For example, you may find yourself in a situation where the Mac has been powered off, or it has been reconfigured to not boot up after failure. In such cases, you will still be stuck with a Mac that won't turn on and you will need to open a ticket to get it fixed.

Do It the Nerdy Way

We decided we can do better. We wanted to be able to reboot the Mac remotely, without having to physically access it. We also wanted to be able to allow our customers to remotely boot into Recovery Mode, in case they need to reinstall macOS or set specific permissions. So a simple remote power switch wasn't going to cut it. Instead, we opted to develop our own PCB that allows us to remotely control the power and the boot process of the Mac. With this, we can now reboot or power the Mac remotely, and we can also boot into Recovery Mode. And the best part is: Our customers can do it too, right from their customer panel. No ticket needed.

Challenge 3: Remote Access

Now that the remote control issue is solved, we can move on to the next challenge: remote access. How do you access the Mac remotely? Of course, the most obvious answer is to use Screen Sharing or SSH. Both services are built into macOS and can be activated easily. While we recommend using these means of remote access, they are not always the best solution. Especially in edge cases, they can keep you locked out of your Mac. And it may happen faster than you think:

  • A misconfiguration disallows network access or disables the Screen Sharing service.
  • The Mac crashes and for some reason won't recover on reboot.
  • FileVault is enabled and you need to enter the password.
  • You need to boot into Recovery Mode to change SIP.

In all of these cases, Screen Sharing won't work and may leave you locked out of your Mac. Wouldn't it be great to have a remote display, mouse and keyboard connected to your Mac? Well, we thought so too. So we decided to develop our own remote access solution. Building on the remote control PCB, we integrated an external KVM (Keyboard, Video, Mouse) device which allows you to do just that: Using the browser and our Customer Panel, a secure connection can be established to the Mac, and you can then use the Mac as if you were sitting in front of it. Even during boot, recovery and maintenance.

Challenge 4: Security

Now that we have a remote access solution, we can move on to the next challenge: security. While the Mac is of course a very secure computer, it is designed to work behind a firewall, like a home router. It is not designed to be exposed to the internet directly. While macOS offers their own software firewall, we wanted to ensure our customers have a much simpler and straightforward way to manage their firewall rules. So we decided to integrate a hardware firewall into our service, which can be controlled using the Customer Panel. With pre-defined rules, you can quickly set up your firewall to allow or deny access to specific services.

Talking about security leaves one question open: How secure is a remote KVM? After all, it allows you to access the Mac remotely, and it also allows you to use the Mac as if you were sitting in front of it. But don't worry: It is actually quite secure. For one, access will only be enabled for the time you activate it. A secure and unique token will be generated to the active session, and once you disconnect, the token will be invalidated and the connection will be closed. Additionally, the KVM can't do any more than an attacker at Startbucks could do. It can't access your files, it can't access your network, and it can't access your data. It can only control the Mac using mouse and keyboard. Meaning, once your screen is locked, the KVM has no way to access your Mac.

Summary

In this blog post, we have learned that while it may be easy to deploy a Mac mini in a data center environment, it is incredibly hard to do it right. There are a lot of things to consider, and a lot of very specific challenges to overcome. As a company specialized in offering Mac hosting, we have the experience and the knowledge to overcome these challenges and to offer a service that is not only easy to use, but also secure and reliable. If you are interested in checking out our service, we invite you to check out our Mac hosting product.

We are Mac hosting professionals.

Whether you require a cloud-based Mac development environment or a robust cluster of CI/CD Mac servers, our team is prepared to provide unparalleled support and solutions.