Three Big Things

SKEL and Jamf and VMs, oh my!

So it's been a pretty crazy few days in Apple Admin land. There are three things in particular that have stood out to me, so I thought rounding them up here might be helpful (especially for folks that don't live and breath social media like I do).

First up: Apple's big announcement regarding Secure Kernel Extension Loading (SKEL) on High Sierra

If you've done any testing with macOS 10.13 "High Sierra" you've probably run into something like the above. If an application or service requires a kernel extension (kext) to load on installation or launch the OS asks the device user to approve the kext for future loading. As it turns out, lots of apps use kexts. And lots of enterprises deploy and manage devices that use lots of kexts. So a lot of us kicked and yelled because while it's important for consumer level users to acknowledge when kernel extensions are loading, managed devices by an organization should ideally have some level of control over messages like these. This helps improve the experience for someone using an organizationally managed device, and avoids confusion that valid applications might appear to be doing nefarious things based on that scary warning dialogue. Erik Gomez threw together a nice post on this a few weeks ago.

This week Apple dropped a new support article called "Prepare for changes to kernel extensions in macOS High Sierra." In it was a lovely nugget of information that made Apple Admins across the globe very happy:
In macOS High Sierra, enrolling in Mobile Device Management (MDM) automatically disables SKEL. The behavior for loading kernel extensions will be the same as macOS Sierra.
If your organization utilizes MDM, the presence of MDM will disable SKEL. And in future releases, functionality will be provided to allow organizations using MDM to manage Macs to whitelist kernel extensions to SKEL can be utilized for added protection of the OS.

This is good.

Item Two: Jamf Pro version 10 beta program is now live

Jamf announced this week that their beta program for version 10 is now available. Jamf Pro 10 features a huge UI overhaul and new patch management functionality, as well as other things that are likely covered under the beta program's NDA. If you work at an organization that uses Jamf to manage Apple devices it's a no brainer to join the beta program and start testing the new version. Log into your Jamf Nation account and go to My Assets, and within that page you'll find a link to enroll in the beta program. Join me in the beta discussion forms to talk about the new features and provide feedback to Jamf prior to launch.

Third Big Thing: VMware announces VMware Fusion 10 with High Sierra and touch bar support

After a few weeks of availability of the VMware Fusion Technical Preview, VMware has announced VMware Fusion version 10 this fall. If you've been evaluating the technical preview you'll notice the same updated UI with tab support and touch bar integration. This is the version that will officially support macOS 10.13 "High Sierra" as well. And don't worry, if you use MDM you won't get alerts about VMware Fusion's kernel extensions on launch. Yay! Worth noting here is support for Apple’s Metal Graphics acceleration, which should improve performance, rendering, and battery life.

Why is this a big deal for Apple Admins? Because VMware Fusion is basically essential for testing packages, policies, changes in configuration profiles and settings, DEP, imaging configurations… basically everything ever. It's worth investing in the Pro version for Linked and Full Clones, which makes quickly spinning up machines to test DEP (with a little help from AutoDMG and vfuse) or to quickly image a pre-configured VM to have a user environment for testing without relying on a physical machine or clunky snapshots. (They might not be as clunky in VMware Fusion 10, who knows.)

So there you have it! Go test and have fun and sleep better at night knowing managing kernel extensions will be less painful in High Sierra (or Hi-C as a co-worker calls it) will be.

Write a comment