There's been talk for months about this, but I haven't seen anything anywhere regarding deployment options for Mojave. Maybe it's restricted by hardware and not so much the OS?
Thoughts?
Page 2 / 3
@nkuhl30 I've become an advocate of moving away from imaging and full on to DEP myself now, but you are correct. I recently experimented with the new T2 Mac mini's to clone or image one from the build of another, and Carbon Copy Cloner was able to create an exact duplicate of the configured device onto the new one in TDM in about 15-20 minutes. Granted, these were 2 identically spec'ed systems, so there was no difference in the hardware, firmware or software OOB. I'm sure that makes all the difference. And that being said, I wouldn't exactly call that process "imaging" as we used to think of it. More like "cloning".
And I would probably not try that going from say, a Mac mini to a 15" MBP with Touchbar. Probably not going to end well in that case.
Unless one has a fast, local DP to place "images" on, the time it takes to build and maintain lawd knows how many images it might take (per @mm2270 above) would make it so much less appealing than having users (assuming no local IT to do such things) install a clean macOS (or open the box) and provision using whatever tools/processes you put in place.
What we used to do with images took tons of man-hours to build, test, maintain that I could never see going back to that now.
Being able to add new apps and get users up and running beats the heck outta having to build new images every x weeks/month and when new HDW comes out.
Listen to the folks above. It's different and can be painful to get a new process(es) in place, but I feel well worth doing.
2¢, probably inflated...
scottb, you're absolutely right. My problem is with Apple's lack of interest in creating the tools necessary for businesses to move away from imaging. Yes, there's DEP but it doesn't look like anyone uses Profile Manager around here. And if they're not using Profile Manager, then we need to go to the 3rd-party market. Once you've settled on something, like JAMF, it doesn't seem to be enough. There are several components needed to do the exact same thing that imaging took care of. That's my biggest problem.
Yes change is hard, but it's even harder when the management process starts to look like it was designed by Microsoft.
@nkuhl30 as much as I love Apple, Microsoft actually did a better job - they actually provided a first party solution "SCCM" - What I want to know is where is Apples 1st party solution?
@Hugonaut I agree completely. That's my point. They don't have one, or even care to have one.
http://isimagingdead.com/
The problem is that Apple hasn't replaced the full functionality of an image with anything just as good. Instead of an image, they want you to use DEP, and MDM, and packages, and scripts, and, and, and, and. They took something that used to be so simple and over complicated it with a reliance on 3rd-party software. I could image a machine in 10 minutes. Now, Apple wants you to download and reinstall from scratch, then push out your policies, then reinstall all software. It's not efficient.
I agree 100%. This is the most frustrating thing about the new process. I don't mind so much installing everything from their own packages (including the OS), but the fact that it takes so long to complete (even when you have everything lined up) is ridiculous.
I don't think any of us are advocating a return to monolithic imaging (even though that took the least amount of time), but the new imaging process should take 30 mins. max.
Also the documentation around the new process is incomplete or all over the place. There's no definitive official document showing you how to put it together. One has to log into this forum, attend a webinar, read knowledge base articles and admin guides (that may be outdated) just to piece together how you're going to accomplish this. We're all here because we use JamfPro, so where's the definitive step by step guide?
There are a lot more variables today for sure. LDAP? SSO? AD? DEP vs no DEP? Does your org maintain new(er) hardware? Do you need to keep it all updated regularly? No or few IT staff to help?
How many macOS versions do you need to support?
There is no doubt that the tools we need have to grow to meet the complexity of our clients. But they're not, so we're doing a Lego job of building and hoping we meet their needs...sometimes.
Like most of the rest of you, I've finally come around. The DEP process IS NOT perfect, but I'm finally on board but mostly because Apple has skewered NetInstall. They've done this in the name of security and I'm OK with that. The DEP process will get better over time, but it is frustrating that the process is highly inefficient for large scale, local re-deployments. I know the tools will get better yet we used to "image" 48 laptops at a time, in about 15 min, fully automated including inventory, assignment, and everything. Our DEP deployment averages twice that and requires a user to be interacting with each device during the process, how we've currently configured it. This assumes that we don't want the end user to have to wait for policies to finish after they get their machine. Still, we're going this way and have changed our own internal purchasing policies to (mostly) eliminate the need to re-provision devices. I think it will be a net win in the end, but the transition is taking time and effort. Such is the IT life.
@scottb I think the folks who got hit the hardest were those of us who did need to churn and burn hundreds of local, deployable Apple products at a time. Those of us who did have fast DPs and NetBoot services. DEP is horribly inefficient when it comes to re-provisioning devices or dealing with any device that's not brand new in the box. Managing the policies isn't really any different from where I sit so... meh. Patch management is doing a lot more for me on that side of things.
Anyways, yea, imaging is as close enough to dead to call it.
P.S... there is this https://twocanoes.com/products/mac/mac-deploy-stick/ for those who may need to reprovision and want to roll the latest macOS while still working within Apple's current framework. Mind you, I've not tried it but I will probably look at it for our helpdesk.
Imaging has been dead for some time now, since APFS/10.13; past methods of preparation and provisioning are going to hit a brick wall sooner, rather than later, so it's time for holdouts to start adapting. That impact is not going to be pretty.
@Chris_Hafner - I get it - was there too. I was only clued in enough reading here and other places about what others were doing to see what was inevitable. I enjoyed the old ways too in a sense, but it became clear, Apple was moving to a new way(s).
I still feel the pain from the XSAN's and XServe's we put into place, only to be left on Gilligan's Island by Apple's "commitment" to Enterprise.
So I understand, I'm just too old to fight the waves that have become bigger than me. Much bigger...
https://isimagingdead.com/
if you're under the gun and need to send an image, you can create a bootable partition on the the client machines with the JAMF imaging app on it., boot from there and image the main partition.
not sure how long that will be viable though.
to expand on this,
you can have a policy to boot to that partition and if you have it set to auto image, you can retain some automation.
I have to keep sounding the "this has been coming for years, people keep trying kludge solutions; adapt now, because shortly there will be no option" horn. At this point clinging to the old ways of doing things will just make the impact hurt more when the brick wall arrives (which, honestly, it did already.)
I have been able to successfully create and deploy APFS formatted Mojave images (even up to yesterday's 10.14.6 release) without using any 3rd party tools (a custom script for byhost file renaming has to be written). Catalina may change that. It does require some precise specific conditions to be met on the source drive to work. The new T2 chips mean using bootable USB devices instead of NetBoot. Is it the right solution for all cases? No. But it does still fill a specific need in certain situations. I don't advocate for or against using imaging - it is just another tool in the box. All tools are the right tool when they fit the need, and all tools are the wrong tool when there is one that fits better. Never throw a tool away (even if only used rarely) - you never know when you may need it again.
@d.mccullough I couldn't agree more with you.
Over a year ago, we moved to make every Mac we could get our hands to cut over to APFS. With DEP and APFS, the workflow is much cleaner and easier to do. This summer, I was happy to report to my peers, it took me a little over a week to do a full OS recovery (my term for the new imaging ways) on over 750 computers. Then we received nearly 250 computers that refreshed some of our old computers.
All told, in a few weeks, I was able to do what typically took a couple of months back in the imaging days. The new workflow is wonderful, for the most part.
@mconners First how in the hell did "back in the imaging days" take you a couple of months to do 750 computers? I have that many, and it took me a day (by myself). Sometimes two if I had to spread it between other work.
General - The fact is, no, imaging is not "dead". It's only dead because Apple say so. I don't actually get why people put up with Apple just stopping things for no reason to replace it with some poorly thought out "solution" that involves longer processes and interaction. DEP is a solution to a problem that never existed. There are plenty of Apple customers that use Macs in lab environments. Interaction with DEPVPP and waiting for apps to deploy is literally dumb. What used to take 20 minutes for the entire machine can now take half the day, per computer, for apps to deploy.
Even in the case of individual staff machines. Staff don't want to be waiting for loading bars, and apps to download. They just want to login and get to work; especially in teaching environments.
Why exactly do people just let Apple get away with restricting things so much? There's no logical reason for it.
@Hugonaut Would people stop just posting that link. If you don't have any comments, then don't comment. This is a discussion forum, not a link spam. That link is not true anyway. People need to push back against Apple's restrictions that they force on everyone. It's not in anyone's best interest.
@donmontalvo yes, did you have a comment?
Security period.
I'm sure the JAMF forums is where the revolution will occur. Watch out Apple!
Look, I can still fire up my VCR and basically do anything I want, that doesn't mean it's a modern solution. Imaging had it's time in the sun. The sun still shines on your old hardware. Shine on you crazy diamond.
Literally zero reason to necro a 3 month old thread to tell everyone how awesome you are. Nobody cares.
@summoner2100 I was a huge devotee of DeployStudio through Sierra, and by using MacBook Airs in Target Disk Mode as really expensive Thunderbolt SSDs, had a workflow which imaged a MacBook Air in about 15 minutes from booting into DS and the on-first-boot script finishing configuration with an AD bind and Jamf Pro enrollment. I don't miss it at all. With DEP I can run my configuration process anywhere an Internet connection is available, not just an organizational network, and it takes about 20 minutes with decent connectivity. If I need to wipe the drive and re-do the macOS install and configuration process the --eraseinstall option for the startosinstall tool makes that simple enough the end user can do that themselves. And again it can be done anywhere with Internet connectivity.
@larry_barrett There's no such thing as "neco'ing a thread". People comment on old threads all the time. If you don't like it, don't comment? I NEVER said that there was going to be a"revolution". Here or otherwise, just that people shouldn't blindly accept Apple's ruling on something. Especially when DEP is NOT available everywhere, and doesn'tcan't cover machines that were purchased before it became a thing. And for reference, NOWHERE did I say I was "awesome".
@gachowski No, security is not a reason. There are many ways to apply security without restricting imaging.
@sdagley The problem I have with thin imaging and launching the installer is that it takes WAY longer to make a machine. I don't know what you're installing but 20 minutes of waiting and THEN having to wait for apps is not what businesses and the end user wants. They want machines that are setup. So the laptop, or desktop, needs to sit with IT for almost a day depending on what you're installing because it takes much, much, longer for applications to install; Then you've also got lab installs for schools, and others. It used to take that 20 minutes to do 3-4 labs at once. All software done. Ready to login with no interaction.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.