The T2 Macs, the end of NetBoot and deploying from macOS Recovery
In late 2017, Apple released the iMac Pro. Along with the new Secure Enclave protection provided by Apple’s T2 chip, the iMac Pro brought another notable development: It did not support booting from a network volume, otherwise known as NetBoot.
The one exception was Apple’s Internet Recovery, where Apple is providing a NetBoot-like service to provide access to macOS Recovery. The iMac Pro is still able to boot to Internet Recovery, which provides a way to repair the Mac or reinstall the operating system in situations where the Mac’s own Recovery volume is missing or not working properly.
With NetBoot not being available for the iMac Pro but still available for other models, it wasn’t yet clear if NetBoot-based workflows for setting up new Macs or rebuilding existing ones were on the way out. However, Apple’s release of of T2-equipped MacBook Pros in July 2018 which also could not use NetBoot has made Apple’s direction clear. As Apple releases new Mac models equipped with T2 chips and Secure Enclave, it is unlikely that these future Mac releases will be supporting NetBoot.
For Mac admins using NetBoot-based workflows to set up their Macs, what are the alternatives? Apple has been encouraging the use of Apple’s Device Enrollment Program, which leverages a company, school or institutions’ mobile device management (MDM) service. In this case, you would need to arrange with Apple or an Apple reseller to purchase Macs that are enrolled in your organization’s DEP.
When a DEP-enrolled Mac is started for the first time (or started after an OS reinstall), it is automatically configured to use your organizations’ MDM service and the device checks in with the MDM service. The MDM service then configures the Mac as desired with your organization’s software and configuration settings. A good example of what this process may look like can be seen here.
What if you don’t have DEP, or you don’t have MDM? In that case, you may still be able to leverage Recovery-based deployment methods, which would allow you install the desired software and configuration settings onto the Mac’s existing OS, or install a new OS along with software and configuration settings. For more details on these methods, please see below the jump.
Staying notified about Apple developer software releases
Keeping up on Apple developer betas and other developer software releases is a necessary part of many Mac admins’ regular routine. It’s especially important during the period between WWDC in June and the annual OS release in the fall. Fortunately, Apple provides a way to help tracking developer releases easier by publishing a notification to the following address:
https://developer.apple.com/news/releases/
This publicly-accessible notification doesn’t discuss what’s included in the newly-released software and you will still need an Apple Developer Connection account in order to get the details. For many Mac admins though, having an easy and quick way to track if the latest developer beta has been released is valuable information in itself.
To make it even more convenient, Apple also offers a RSS feed for the Developer Releases page:
https://developer.apple.com/news/releases/rss/releases.rss
You can add this feed into your RSS reader and it’ll keep you up to date. If you use Slack, another approach is to use Slack’s ability to post content from an RSS feed to a Slack channel. For more details, please see below the jump:
Session videos now available from Penn State MacAdmins Conference 2018
The good folks at Penn State have begun posting the session videos from the Penn State MacAdmins Conference 2018. The sessions slides and currently-available videos are all accessible from the Penn State MacAdmins’ Resources page at the link below:
http://macadmins.psu.edu/conference/resources/
As all the session videos have been posted to YouTube [https://www.youtube.com/user/psumacconf], I’ve linked my Providing the best Mac experience possible from the Mac CoE team with ❤️ session here:
The Escaping the Tech Whisperer Trap session I co-hosted with Nikki Lewandowski is linked here:
Slides from the “Providing the best Mac experience possible, from the Apple CoE team with ♥” session at Penn State MacAdmins 2018
For those who wanted a copy of my Mac management session at at the Penn State MacAdmins 2018 conference, here are links to the slides in PDF and Keynote format.
PDF – http://tinyurl.com/PSU2018SAPPDF
Keynote – http://tinyurl.com/PSU2018SAPKeynote
Automating AutoPkg and JSSImporter setup
As part of building my autopkg-conductor solution for automating AutoPkg runs, I also wanted to automate the setup of AutoPkg and JSSImporter. My colleague Graham Pugh has written a setup script for his environment, which I was able to adapt and extend for my own needs. For more details, please see below the jump.
Joining Apple’s AppleSeed testing program
In addition to Apple’s Developer Connection program for developers, Apple also has a program called AppleSeed for IT, which is geared towards working with enterprise customers to help them test new Apple software.
During recent conversations about AppleSeed for IT, I was told that it was better for AppleSeed members to submit bug reports and feature requests through AppleSeed’s Feedback Assistant. This would be in place of sending those bug reports and feature requests through Apple’s regular bug reporting at bugreport.apple.com.
Why? Two reasons:
- Bug reports and feature requests sent through AppleSeed’s Feedback Assistant are routed to a dedicated queue for IT.
- There’s a smaller absolute number of items being sent through AppleSeed’s Feedback Assistant, which means that there’s less communication volume for Apple to sort through to get to your issue.
How to join AppleSeed for IT
There’s no cost to join AppleSeed for IT and you will not be asked to pay for anything, but you do need to be invited by Apple. This takes the form of an invitation code that you must provide when registering for AppleSeed.
If your company, school or institution has purchased an AppleCare Preferred, AppleCare Alliance and AppleCare Enterprise support plan, you should be given an opportunity to enroll into AppleSeed. If you haven’t been asked already, contact the Apple rep for your support plan and request an invitation.
What if your shop hasn’t purchased an AppleCare support plan? You are still able to request an invitation. To do so, use the following procedure:
- Log into the MacAdmins Slack. If you’re not familiar with the MacAdmins Slack, please see this post by my colleague Armin Briegel.
- Go to the #appleseed channel.
- Politely ask how you can get an invitation to join AppleSeed.
Note:
One thing that’s important to know is that discussions about AppleSeed-provided software should not take place in the #appleseed channel. The reason is that AppleSeed software is covered by Apple’s NDA for AppleSeed, where participants in the program agree not to publicly discuss the software or their experiences with it.
Slides from the “Escaping the ‘Tech Whisperer’ Trap” session at Penn State MacAdmins 2018
For those who want a copy of the documentation talk given by myself and my colleague Nikki Lewandowski at the Penn State MacAdmins 2018 conference, here is a link to the slides in Keynote format.
Keynote slides: https://goo.gl/nHWg3Z
Recent Comments