Posted 2018 February 23
Here are the slides from my presentation at the MacAD.UK Conference earlier this week:
- Deployment: We Need To Talk [PDF, 4 MB]
Update 2018-03-28: A video of the session is also available.
Thanks to the organisers for the invitation and for the hospitality shown. It was a fine event.
Of course, my presentation didn’t even last 24 hours before needing updating. The biggest need for an update dropped around the time I was flying back home. So, here’s my addendum:
Defining Thin Imaging
In Greg Neagle’s presentation, he provided specific definitions of kinds of imaging, which aligned with what I called “Group 2” definitions in my presentation. So here’s an update to my chart on how people define Thin Imaging (and, by extension, Modular Imaging):
Refer to the slide deck for what 1, 2, and 3 stand for.
Imaging is Not Quite Dead
If you follow the link to the Apple Support article called “Upgrade macOS on a Mac at your institution” that I included in my presentation, you’ll notice that the published date has been changed from 2017 December 04 to either 2018 February 22 or 23. If you were lucky enough to see the February 22 version, it had a lot of changes. I’m going to assume that there was some truth in that article, even though Apple has now reverted the article to its previous wording (the only change being the publication date). Here’s what I saw:
- The title of the support article was changed to “Upgrade or install macOS on a Mac at your institution” (emphasis mine). In addition to the Upgrade macOS section, they added an Install macOS section (for “erase and install” workflows), which was actually quite useful and added clarity. I hope this will be re-published soon, as it is a good guide for Admins wanting to move to installation-based workflows.
- The big callout box that most of us interpreted as the official death of imaging was removed. Along with it, the article cleaned up an inconsistency where the callout box had said that you could not “upgrade or update” via system imaging but the next few lines only said you couldn’t “upgrade” (I spoke about the difference between those two terms in my talk, but the Apple Style Guide defines them if you need a reference). Apple was suggesting that things won’t necessarily break so long as your image has the same major version of macOS — this changes the conclusion I drew in my talk. It does make some sense, as firmware delivered with macOS updates have focussed on security and model functionality fixes, while APFS support was added in firmware delivered with the macOS High Sierra upgrade. I do think this wording might get fixed in the same way in the next update of this article, so I'll change the guidance I gave in my talk based on this: upgrades fail, update may work.
- Apple removed “Use System Image Utility and create a NetInstall image” from the list of supported methods to upgrade macOS. I felt I could read that one of two ways: 1. SIU/NetInstall is no longer a supported method for upgrading or is not long for this world; 2. The previous article had a small error where the header of the section said “upgrade” but the body text said “install,” inferring that it was never an upgrade method, so the cleaning up of the article into Upgrading and Installing sections fixed that. I was betting that #2 was correct, but it could be either or both.
- Apple defined what they mean by monolithic system imaging: using Disk Utility or the
asr(8)command to restore a pre-configured software image. This confirms what I had been told: the size of payload is not relevant, just the fact that you are using an image with an OS on it. So you can think of the word “monolithic” as being a modifier for “system” (i.e. delivering an entire bootable OS) rather than “image” (which we’ve historically used to mean the OS plus all applications and settings).
- Those of you who had heard the rumours (or saw the pulled article) may be thinking I buried the lede leaving this for last: monolithic system imaging is apparently not dead. If you are one of the lucky people who have an iMac Pro, the most explosive bit of news was that monolithic system imaging would be supported as an upgrade method as of macOS 10.13.4, with the caveat that Network access may be required on first boot. The inference here is that the T2 chip may be able to call home and get necessary firmware updates and apply them before booting in to the system delivered via disk image. The ability to do some imaging is in line with what Greg Neagle shared in his talk at MacAD.UK (as well as in a recent blog post) and we know Apple still uses
asrat the factory, so it’s just a matter of which features Apple exposes to the rest of us that still honours all the Secure Boot functionality. The article nicely clarified that if you are reinstalling the existing operating system via a system image, only entire APFS containers can be restored (if you are using APFS, of course). The use of the word “upgrade” was curious, though, for the reason I mentioned in the talk. “Upgrade” equals macOS 10.14 right now, since an iMac Pro can’t run anything earlier than a special build of 10.13.2. We are months away from a beta of 10.14. This doesn’t seem like a relevant detail to include until then, unless they really meant “update.”
It’s impossible to say right now why Apple pulled the article. There were some nice improvements in wording, setting aside the forward-looking references to macOS 10.13.4 (Spring 2018). In an Apple presentation I saw last November, they were stating that Fusion and Hard Disk boot volumes will be converted to APFS in a future macOS High Sierra update. My bet is that these two things are tied together. Maybe the features mentioned are not ready for 10.13.4. Maybe an Apple staffer just pushed a support article update into public view too early. Regardless of the reason, I’m going to treat the content of the pulled article as mostly true; it added a little bit of clarity to the original support article and Apple can change features at any time, so we can’t predict what will be in the final release of 10.13.4 or 10.13.5. It does appear, however, that imaging is not quite dead.