Imaging has undergone a series of evolutions; what we are left with today is a way to quickly provision new machines in a reliable and scalable fashion.
Introduction
If Mac deployment is a part of what you do, you’ll know that imaging has, up until recently, been the preferred method of delivering a specific set of configurations, apps, and settings to your end users.
Since consistency is all-important when overseeing an enterprise fleet, it’s crucial to ensure that the right software is installed and ready, Wi-Fi connection settings are configured, and passwords are enforced. Having these points addressed generally keeps things nice and simple for the user and helps to reduce Help Desk calls and IT support tickets.
The problem with imaging is that there is a substantial amount of work and maintenance that goes into the process, all simply to ensure you are current with the latest updates. Lately, however, there’s a new sheriff in town—Using a set of tools and systems including Jamf Pro, Apple Device Enrollment Program (DEP), and Volume Purchase Program (VPP), imaging is now on the back burner.
The History of Imaging
Up until recently, imaging has been the only way to deploy macOS devices in an enterprise setting. Apple even included native tools with their earlier versions to assist with the process: Disk Utility, System Image Utility, and a plethora of terminal commands were the go-to tools for creating disk images, which could then be deployed in a variety of ways, either using Firewire or Thunderbolt, or more recently, remotely over the network.
There were even third-party tools you could implement towards establishing a more comprehensive imaging solution (which is, by the way, how Jamf got started in Mac management).
As time went by, imaging was optimized through the implementation of these three techniques:
1. Monolithic imaging
Monolithic imaging involves scrubbing the entire hard drive and overwriting it with a new image that includes the operating system as well as all the required configurations, apps, and settings jam-packed into a single image. Keeping those images current presented a major challenge.
2. Modular imaging
Modular imaging also requires scrubbing the hard drive. However, instead of packaging all of your settings and configs into the image, they are added using device management tools like Jamf Pro. Modular imaging was “a little easier” to manage and maintain, as the only time you needed to update it was when Apple pushed out an updated operating system. Still, “a little easier” does not mean it was ideal … tiny steps.
3. Thin imaging
Thin imaging assumes the shipped OS is just fine, and settings, apps, and configurations are added in on top using a management tool. In the Jamf Pro environment, this is called “User Initiated Enrollment.”
All of these techniques share a common dilemma. These days, software versions become outdated faster than ever before. Consider this: since the inception of OSX some 16 years ago, there have been more than 110 releases and there are no signs of this trend slowing anytime soon. Additionally, when new hardware ships, it generally comes with a new and updated build number, so it won’t play well with existing images. It was a problem. Apple’s solution was to introduce DEP.
Apple’s Device Enrollment Program (DEP)
DEP was launched in mid-2013 along with OS 10.9 Mavericks to enable new device enrollment from a management tool during initial setup. DEP allows IT admins to employ zero-touch deployment (ZTD) and to scrap imaging once and for all.
Using ZTD, environment setup can be customized through a directory authentication process, allowing admins to bypass common setup sequences and have complete control over what type of local user account was being established. In short, this means enrollment could be secured to access only the users in their directory. It was possible to skip the Apple ID creation process and control what kind of user accounts were created during setup. Admins could even skip user account setup entirely if it was a network account.
Using Jamf Pro in tandem with DEP allows us to configure any kind of macOS, iOS, or tvOS device without having to ever see or touch the device. Devices can be deployed on a large scale and shipped directly to the end-user, who can then simply open the box, connect to the network, and—voila. Once the device connects to the network, it checks in with Jamf Pro, which then delivers all of the required configurations automatically.
The Jamf agent enables IT with unmatched control over the entire device fleet using scripts, extension attributes, package installations, and many other comparable technologies.
Apple File System (APFS)
Apple File System (APFS) was first introduced with High Sierra in 2017 as a replacement to HFS+. APFS will be used across all Apple platforms, including macOS, iOS, watchOS and tvOS. It was designed for devices that leverage solid-state storage, and improves the encryption experience.
It’s important to note that monolithic and modular imaging, referred to as “traditional imaging”, are not supported with APFS. This may sound scary, but in reality it’s a net positive. Apple is clearly pushing administrators towards the use of Device Enrollment Program (DEP) workflows, which, if used properly, provide a host of automations that cut down on manual time spent imaging machines.
In conclusion, it’s never a bad idea to start looking at your workflows in preparation for imaging’s demise. DEP is the future, and it’s definitely a good thing.
Questions about DEP or ZTD? Drop us a line, we’d love to tell you more.
