Written by: Kyle Hoare (Senior Mac Integration Engineer)
During WWDC 2020 Apple gave us a glimpse of the first ever system on a chip for the macOS range which has now become known as the M1 chip announced on the 10th of November 2020 for Macbook Air, Pro and Mac Mini range.
Since being announced, these devices have been advertised with dramatic increases in both performance and battery life.
And as more businesses look to attract and retain talent by providing employees with a choice of workplace technology, the new MacBook Air, in particular, looks like an attractive option against similarly priced alternatives from competing vendors.
However, the architectural shift away from Intel to Apple Silicon poses a series of new challenges for administrators who manage the macOS experience within their environment.
This isn’t the first time Apple has managed a shift like this.
As highlighted in WWDC 2020, Apple’s move from PowerPC to Intel provided them with the experience, insight and correct tools to assist in ensuring a smooth transition was achieved.
Though on the other hand, never has a shift like this has never taken place due to the size of the macOS footprint in the enterprise environment and with MDM solutions backing the macOS experience in many organisations.
Here at Mac Centre, we’ve been testing the new release with a MacBook Air for some time, and have found some concepts that we believe are required to be considered before deploying an Apple Silicon device within your environment.
Here’s why it is important to prepare your environment for the Apple Silicon, and how:
1. Install Rosetta above all else.
At WWDC 2020 when Apple announced the transition to Apple Silicon, they also revealed the second iteration of Rosetta.
Rosetta is a dynamic binary translator for macOS, an application compatibility layer between different instruction set architectures.
When Rosetta is in use, it allows the end-user to run applications that contain x86_64 instructions on Apple Silicon.
This will allow developers some time in developing applications to run natively on Apple Silicon rather than scrambling to get native applications deployed.
This in turn will allow for a smoother transition as end-users are still able to run applications built for intel based macOS devices.
At the time of writing this, macOS Big Sur does not ship with Rosetta pre-installed, which is different from what was observed during the betas.
At the minimum, Rosetta should be the first item deployed via provisioning workflows or a post-install script in a package deployed via Pre-Stage Enrolment.
Apple has made installing Rosetta available via the software update command, which makes it easily scriptable
For example, the below script can be used as part of the upgrade:
usr/sbin/softwareupdate --install-rosetta --agree-to-license
By executing the command above, this ensures all your devices have the platform to run Silicon and Intel native applications straight out of the box; removing the worry about vendors having to update their applications to support Silicon architecture on their own accord.
2. Identify the different architecture types within your technology environment.
Not everything can be translated via Rosetta and it is important to be aware that your workflows may also not be compatible with the Silicon architecture straight away.
Due to this, it is crucial that within your environment and management tools, you can identify the different architectures that exist to ensure you are deploying the correct payloads and workflows.
Recently, Apple Silicon has been identified as arm64 and can be found on the system by running the following command:
This finding means it becomes easier to script into workflows if required and that some MDM platforms, such as Jamf Pro can collect the information for you to allow you to create native smart groups that distinguish the architecture types.
3. So long Kernel Extensions, hello system extensions.
During WWDC 2019, Apple announced their move away from developers having the ability to load extensions within the Kernel.
With the architectural shift, Kernel Extensions can no longer be loaded in the Kernel and Rosetta cannot translate them to run in the System Extension.
It has also become common practice to deploy configuration profiles with a bundle of system approvals for the following items into the one payload.
- Kernel Extensions
- System Extensions
- Privacy Preference Policies
- Content Filters
Though, some vendors have been supplying admins with bundled configuration profiles like the above mentioned.
When deployed to a Silicon device, the above example fails as the Kernel Extension domain on the device no longer exists and cannot be deployed to the rest of the configuration profile.
From now on, it is important now to separate your configuration profiles when dealing with Kernel Extensions and System Extensions to ensure that you are deploying them to the correct identified architecture type.
This also makes deprecating Kernel Extensions configuration profiles easier for future deployments, when your fleet or software vendors no longer require Kernel Extensions.
This is because System Extensions can now run on Intel-based devices from 10.15.4.
4. Reach out to your Software Vendors.
Not all software vendors are created equal, some, have had access to Apple Silicon development kits and have been hard at work creating applications to run natively on Apple Silicon devices for some time.
While others are still working hard to develop support for their applications.
That’s why reaching out and asking for the timeline of Apple Silicon support will help you understand your position in deploying Apple Silicon within your environment.
Some application developers are offering universal applications installers, which are packages containing the optimised code for both Apple Silicon and Intel-based devices.
Microsoft Office 2019 v 16.44 is an example of this, whereas Slack, is offering two installers for the macOS platform – one for Intel-based architecture and one for the Silicon architecture.
Your software vendor contact, support articles or download pages should be able to inform you of the type of installers there are suitable and ready for your environment.
With the information from your software vendors and a review of your deployment workflows, and identifying device architecture type admins, should allow you to distribute the correct install medium across your fleet of devices.
Preparing for Apple Silicon is no easy feat and by no means is this the definitive set-up list for all businesses.
Why? Because just like the rest of the world, here at Mac Centre we’re also still learning.
But if there is one thing we know for certain, it’s that all the learning and testing will be worth it because the vision Apple has for businesses like yours and ours is beyond our thinking.
Apple’s mission is “to bring the best computing products and support to consumers around the world”, so we need to have trust and faith that building supporting new technology at hand will make all our working (and home) lives easier, smoother and less complicated.
So, if Apple can live up to their word (which they have done so many times in the past) and deliver a smooth transition to their Apple Silicon software, the next two years for Mac could be the best yet.
More more information,
Written by: Kyle Hoare (Senior Mac Integration Engineer)