Last week at WWDC, Apple had two big announcements for the Mac platform.
The first one was a new user interface design, much closer to iPadOS and iOS. Apple considers this the “biggest design upgrade since the introduction of Mac OS X.” Because of this, Apple also gives this version of macOS the long-withheld ‘11’ as the major version number.
You can take a look at the new UI on Apple’s Big Sur preview page or you can download the beta from your AppleSeed for IT or Developer account. It shares many elements, styles and icons with iOS or iPadOS.
The other major announcement is that the Mac platform will have a transition from Intel CPUs to ‘Apple Silicon’ chips built by Apple themselves, just like the iPhone and the iPad. The Developer Kit for testing purposes is powered by the A12z chip that powers the iPad Pro, but Apple was insistent that future, production Macs would have chips designed specifically for Macs and not be using iPad or iPhone chips.
These are big announcements, for sure. But what do they mean for the macOS platform? And for MacAdmins in particular?
Apple’s commitment to Mac
There was a time not so long ago, where you got the impression that the Mac platform was merely an afterthought for Apple. I think it started after the release of the ‘trashcan’ Mac Pro. During those years, I think there was legit concern that Apple would lock down macOS as tightly as they did iOS, breaking what makes the Mac special.
Some of the recent additions to macOS, such as the increased privacy controls with their incessant prompts for approval, deprecation of built-in scripting run-times like Python and Ruby and even the deprecation of bash in favor of zsh, have made some ‘Pro’ users nervous and afraid that Apple wants to turn macOS in to iOS.
Now the unification of the user interface can add to those concerns: will macOS turn into iOS and iPadOS in more than just look and feel?
On the other hand, Apple has been more vocal and open about their plans for the Mac. This started when Apple announced they were working on a new Mac Pro in April 2017.
In Mojave (2018), and then Catalina (2019), Apple introduced several technologies unique to macOS:
- System and Network Extensions
- File Providers
- DriverKit
- Notarization
- zsh as new default shell, dash
These technologies exist because Apple wants (or needs) to increase the security of macOS. Kernel extensions, which provide unfettered access to all parts of the system are replaced with System and Network extensions and DriverKit. Notarization allows Apple to check and certify software delivered and installed outside of the Mac App Store. zsh allows Apple and their users to move forward from a 13-year old bash version.
But, if Apple wanted to lock down macOS as completely as iOS and iPadOS, they wouldn’t have to introduce these new technologies to macOS. Instead, they are introducing new technologies to allow certain characteristics of macOS to continue, even with increased security. This is a lot of effort from Apple, which convinces me that Apple sees a purpose for macOS for years to come.
What are these characteristics that Apple thinks are special for the macOS? Apple told us in the Platforms State of the Union session this year. Starting at 15:10 Andreas Wendker says:
“Macs will stay Macs the way you know and love them. They will run the same powerful Pro apps. They will offer the same developer APIs Macs have today. They will let users create multiple volumes on disks with different operating system versions and they will let users boot from external drives. They will support drivers for peripherals and they will be amazing UNIX machines for developers and the scientific community that can run any software they like.”
This short section makes a lot of promises:
- Pro Apps: including third party pro apps, like Affinity Photo, Cinema 4D, Photoshop, shown previously, and Microsoft Office, and Maya which were shown in the Keynote
- Developer APIs: no reduced feature set
- Disk and OS management: multiple volumes, external storage and boot, multiple versions of macOS on one device
- Peripheral ports with custom drivers
- UNIX machines for developer and science tools (this includes Terminal, Craig Federighi confirmed this in John Gruber’s interview)
- ‘any software you like’
- ‘flexibility and configurability’ (earlier in the presentation)
Apple wants to assure us that they understand what the macOS platform is used for. Remember that Apple uses macOS themselves for many of these tasks and it is unlikely they would want to switch to Windows or Linux based PCs for their work.
With all these assurances you can consider the UI changes to go merely ‘skin deep.’ Whether you like the new UI or not, the wonderfully complex innards of macOS should still be there for you to explore and (ab)use.
Mac Transition
When Apple announced the transition to Apple Silicon in the keynote, it felt like a repeat of the 2006 Keynote where Steve Jobs announced the Intel transition. Apple is even re-using the names for the technologies ‘Universal’ and ‘Rosetta,’ albeit with version ‘2’ attached. This is of course entirely intentional. Apple wants to assure that they have done this before and it worked out well.
How well this will really work will depend, not only on Apple alone, but on the third party developers. While Rosetta worked surprisingly well during the Intel transition, there was noticeable lag in some cases, and the soft couldn’t really unlock all of the hardware until there was a re-compiled version. I remember that every developer would proudly announce the availability of a universal binary.
Some solutions never made the jump. Some software solutions got lost when Apple finally turned off Rosetta in Mac OS X 10.7 Lion, the same way some solutions did not make the jump the to 64bit and are ‘lost’ unless you hold on to Mojave.
It is fair to blame the software developer for the lack of maintenance. Not all developers have the time to put in the effort to continually update a product, or they moved on to other companies or projects. Not all software products generate enough revenue to warrant any maintenance effort. From the user perspective, software that they paid for, has an arbitrary expiration date, the software vendor blames Apple, Apple blames the vendor. This is understandably frustrating.
Apple and macOS are certainly in a different place in the market than they were in 2007, but we will have to see how well the third-party developers and vendors take to the transition this time.
macOS 11 for MacAdmins
Enterprises, schools, universities, and organizations and their users are also in a different place these days. The addition of mobile devices (phones and tablets) as essential tools for the employees has forced many organizations to change their management and access strategies to be more flexible. The massive requirement to work remotely from the Coronavirus pandemic has accelerated this shift.
But once you have reworked your deployment and management strategies to work with one different platform, then adding a third or fourth platform to the mix will be less of a barrier. It will still be a significant effort, but it will not be as daunting and impossible as that first change. The changing infrastructure requirements have worked in favor of Apple platforms for the past years, lead by iOS, but pulling macOS behind them. But Apple has not yet had enough time to lock-in to these kind of deployments.
In education, ChromeBooks are gaining ground, mainly because of the price point, but also because of a powerful management framework. Dual booting your Mac to Windows with Bootcamp will not be possible on Apple Silicon. Additional problems stemming from the transition might just be enough to push users and organizations ‘over the edge’ to switch platforms.
Apple must have considered all this and believes the benefits from building their own chips for the Mac platform outweigh the downsides. Less heat and better battery life are obvious, quick wins. Apple’s A-series chips have a dedicated Neural engine for machine learning processes, which was already demonstrated.
Apple has brought some of the security benefits from iOS to the Mac platform with the T1 and T2 chips. These provide Touch ID and a secure enclave for certificates and encrypted internal storage. By removing the Intel chipset, Apple can tighten the security even more. The new Apple Silicon based system will have new startup options and more flexible secure boot settings. External boot will not only still be possible, but not be disabled by default which will simplify many workflows for techs and admins. When you have multiple macOS systems on a drive, you will be able to disable security feature per system, so you can have a ‘less secure system’ for experimentation or development, while keeping all security features enabled for the system with your personal data.
Device Management
There weren’t many news about MDM at WWDC itself. The changes that were shown are refinements to existing workflows rather than big changes. With all the other changes, stability in MDM and management will be helpful.
We have finally been promised a true zero-touch deployment for Macs with “Auto Advance for Mac,” but are still lacking details about the exact implementation.
But there are still some huge gaps in the MDM strategy. Application deployment (VPP) is still unreliable. There is no way for organizations to purchase and manage in-App purchases and subscriptions in quantity. Many essential settings and features of macOS still cannot be set or controlled with configuration profiles or MDM commands. MDM still has no solution for installing and managing software from outside the App Store. PPPC settings are still changing and complicated to manage for admins.
Apple considers the ability to run iOS and iPadOS on macOS a huge bonus. How useful this will be in reality, outside of games, remains to be seen. But it will certainly make managing apps from the Mac App Store more essential than it is now.
The acquisition of Fleetsmith, on the other hand, will have a big impact on the Apple MDM market and users. I have described how the changes to the service have affected the users and admins in my newsletter last week. While this has cast an unnecessary shadow on the acquisition, we still don’t know what Apple’s plans regarding Fleetsmith and MDM are going to be.
Strange New World
The changes MacAdmins got for device management are useful and necessary, but evolutionary in nature. (There is nothing wrong with that.) The Fleetsmith deal shows the possibility of more and larger changes to Apple’s device management strategy in the future. It might take years before we will see the implications of this.
Versioning is always influenced by marketing. The switch from version 10 to version 11 is more than just the end of an odd versioning convention. The time where Mac OS X stands apart from the other Apple platforms is over. Apple is promising a family of devices where the user interface, hardware, and software will be unified, while preserving the special characteristics of each platform.
Apple is has explained why and how they want to distinguish macOS from the other Apple platforms. They will have to live up to these promises over the next few years. There is a balance to be kept between implementing beneficial features from the other Apple platforms and maintaining the ‘flexibility and configurability’ of macOS. There is also the possibility that some of these Mac characteristics will make their way to other Apple platforms. (multi-boot, virtualization, or custom device drivers on iPadOS?)
Not everyone follows the WWDC announcements closely. As MacAdmins we will get many questions about the news from last week that does surface. We have to inform our organizations and our fellow employees what these changes means for them and their workflows and help them make an informed decision on which platform (Apple or other systems) matches their requirements.
There are bound to be issues with Apple’s plans. We will need to watch Apple’s strategy, give feedback on missteps and requirements. It is certainly a frustrating process, but Apple has changed features because of feedback from the MacAdmin community in the past.
If you haven’t enrolled in AppleSeed for IT yet, now is the time! Download the beta, start testing and providing feedback!s
Some good news, even though they said last year they would remove scripting languages from future macOS versions, python 3.8.2 is included in the first Big Sur beta. Also still includes python 2.7 with a message saying it’s for legacy purposes.
Not entirely correct.
python3
is part of the Xcode or Command Line Developer Tools installation. If you don’t have either installed yet, runningpython3
will prompt to install the developer tools.This is great for when you want to run your individual scripts, but when you want to run python scripts and tools to manage a fleet of Macs this is entirely unsuitable. Also the Developer Tools python3 does not include PyObjC. I wrote about this in detail: Wrangling Pythons
I stand corrected. I use Big Sur beta on a DTK which has Xcode preinstalled so it never occurred to me python3 was part of the developer tools.