When deploying Macs, imaging has been the traditional method for provisioning macOS with the settings, configurations and applications needed for end users. Consistency is highly desirable for IT admins when managing a large fleet of devices, so it’s important to make sure passwords are enforced, Wi-Fi is properly configured, and software is pre-installed right off the bat. This reduces the burden on users and should reduce help tickets.
However, imaging requires a significant amount of prep time and ongoing maintenance to keep pace with software updates. New technologies from Apple, such as the Device Enrollment Program (DEP) and Volume Purchase Program (VPP) are ushering in a new era of device configuration, while imaging begins to take a back seat.
Imaging and its history
Let’s take a look back and understand what Mac imaging is and why IT admins have traditionally relied on it. Historically, imaging was the only viable way to deploy Mac OS X (now macOS) at scale. In fact, Apple bundled native tools with the early versions of OS X to help facilitate building images. System Image Utility and Disk Utility (plus the myriad of terminal commands) are excellent tools to build and deploy images. Images could be deployed locally via a fast cable — Firewire and even Thunderbolt in newer Macs — or over the network thanks to built-in protocols for remote imaging. Third-party tools were also created to help build a more complete imaging solution. Of course, this is how Jamf got involved very early with Mac management.
Throughout the early years of Mac OS X, imaging was refined by IT admins utilizing three different techniques:
1. Monolithic imaging
This involves erasing the entire hard drive and re-writing it with a new, complete image. That image includes the operating system, all the settings, apps and configurations needed for the Mac. It’s packaged into a single image and deployed. Lots of work is required to keep these images current.
2. Modular imaging
This technique still involves erasing the hard drive, but instead of building all your settings and applications in to the base image, they are applied post-imaging via management tools, such as Jamf. This method is easier to maintain since you only need to build an image whenever Apple updates macOS. However, this can still be difficult to maintain.
3. Thin imaging
This takes the assumption that the shipping version of macOS is good and simply applies settings, configurations and applications on top of the shipping OS. These are also deployed via a management tool. Within Jamf Pro, this is known as “User-Initiated Enrollment.”
Traditional imaging techniques suffer from a common problem — software becomes out of date quickly. Since Mac OS X was released back in 2001, there have been over 110 individual releases and counting. Plus, whenever Apple ships new hardware, they often come with a totally new build number making it incompatible with existing images. Apple has tried to solve this common problem with DEP.
Device Enrollment Program
This program was introduced by Apple in June 2013 with 10.9 Mavericks as a way to automatically enroll new devices into a management tool upon the initial setup. This is enabling IT to set up zero-touch deployment workflows and avoid having to image Macs altogether. IT admins can customize the setup experience by requiring authentication to your directory service, skip various setup screens, and control what kind of local account is created. This means you can secure enrollment to only users in your directory, skip Apple ID creation, and enforce that your users be standard accounts (or skip entirely if you use network accounts).
With Jamf Pro and DEP, you can easily deploy and configure macOS (plus iOS and tvOS devices) at scale without ever physically touching the devices. An end user can take a device out of a box, connect it to the network and the device will automatically check in with Jamf as your mobile device management (MDM) server. It will then perform all of the configurations required automatically, which allows users to get working quickly (i.e., set up mail clients, distribute certificates, install apps, etc.) Beyond MDM for Mac, Jamf Pro can install the Jamf agent, giving IT unparalleled control over devices via scripts, package installations, extension attributes and other technologies.
Apple File System (APFS) and moving forward
You may have heard that a new file system is coming to the Mac this fall with High Sierra, and while there is still a lot that’s unknown about APFS, it’s important to start thinking through what a change to imaging could do to your workflows. Start to leverage DEP whenever possible, especially for new devices. For re-provisioning devices, look at using the built-in internet recovery tool, which lets you download a fresh copy of macOS and erase the hard drive. You can then re-enroll using DEP (if the Mac is registered) or manually enroll via User-Initiated Enrollment.
It’s good to take the steps now to test your workflows and start preparing for a time when imaging could be a distant memory. Watch our recent on-demand webinar, Why DEP is Replacing Imaging (and Why it’s a Good Thing), for a further examination of this topic and see how you can begin transitioning away from imaging.
by Category:
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.