[Macpartners] Fwd: Important Updates Regarding macOS High Sierra, iOS 11 and tvOS 11
Patrick McNeal
mcneal at mit.edu
Tue Sep 5 05:23:02 EDT 2017
Some useful info from Apple on changes to macOS High Sierra, iOS 11 and
tvOS 11.
---------- Forwarded message ----------
Date: Tue, Aug 29, 2017 at 4:43 PM
Subject: Important Updates Regarding macOS High Sierra, iOS 11 and tvOS 11
Prior to this fall's release of macOS High Sierra, iOS 11 and tvOS 11,
Apple has some very important updates regarding deployment, management and
security. Perhaps the largest impact to your organization will be that
Apple doesn't recommend or support monolithic system imaging when upgrading
or updating macOS. Apple has also made changes to user interaction for
kernel extension loading.
Other important updates include...
*Upgrade to macOS High Sierra*
Model specific firmware updates are required (via the internet) for each
system. Monolithic system imaging is therefore only supported to re-install
macOS High Sierra on machines that already had it. Please see this article
for upgrade methods and supported APFS creation tools:
https://support.apple.com/en-us/HT208020
*Secure Kernel Extension Loading (SKEL)* - Administrator or standard user
approval is required before loading new third-party kernel extensions. A
future version of macOS High Sierra will be able to use MDM to enable or
disable SKEL: https://support.apple.com/en-us/HT208019
*Apple File System (APFS)*
Upgrading to macOS High Sierra converts flash storage-based systems from
HFS+ to APFS automatically. Systems with hard disk drives (HDD) and Fusion
drives won't be converted to APFS, but will support macOS High Sierra on
HFS+ file systems. Apple File Protocol (AFP) is no longer supported from
APFS volumes. SMB or NFS are supported file sharing solutions:
https://support.apple.com/en-us/HT208018
*Additional Notes*
- FileVault - volumes are automatically converted from HFS+ to APFS.
- APFS - HFS+ volumes greater than macOS 10.12.6 can read and write to
APFS volumes.
- Boot Camp - is supported when upgrading to macOS High Sierra, unless
the Boot Camp volume is greater than 3 TB and resides on a Fusion Drive.
- Directory Services - only Windows Server Active Directory functional
level domains 2008 or newer are supported by macOS High Sierra.
- System Integrity Protection (SIP) - macOS High Sierra protects the
/var/db/ConfigurationProfiles directory. The profiles (1) command can be
used to modify this directory
- Security - macOS High Sierra, iOS 11 and tvOS 11 remove support for
TLS connections using SHA-1 certificates (use SHA-2 instead), RSA key sizes
smaller than 2048 bits (across TLS) and uses TLS 1.2 as the default for
EAP-TLS negotiation.
- Content Caching - virtual machines are disallowed for content caching.
*Important Links*
macOS High Sierra Preview:
https://www.apple.com/macos/high-sierra-preview/
What’s New in macOS High Sierra:
https://developer.apple.com/macos/
iOS 11 Preview:
https://www.apple.com/ios/ios-11-preview/
What’s New in iOS 11:
https://developer.apple.com/ios/
What’s New in tvOS (11):
https://developer.apple.com/videos/play/wwdc2017/209/
Prepare your institution for iOS 11, macOS High Sierra, or macOS Server 5.4
https://support.apple.com/en-us/HT207828
Upgrade macOS on a Mac at your institution:
https://support.apple.com/en-us/HT208020
Prepare for changes to kernel extensions in macOS High Sierra:
https://support.apple.com/en-us/HT208019
Prepare for APFS in macOS High Sierra:
https://support.apple.com/en-us/HT208018
Create a bootable installer for macOS:
https://support.apple.com/en-us/HT201372
Move to SHA-256 signed certificates to avoid connection failures:
https://support.apple.com/en-us/HT207459
Prepare for changes to Content Caching in macOS High Sierra:
https://support.apple.com/en-us/HT208025
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/macpartners/attachments/20170905/f9792b76/attachment.html
More information about the Macpartners
mailing list