0 Replies
      Latest reply on Jun 5, 2019 8:29 PM by rtrouton
      rtrouton Level 1 Level 1 (0 points)

        Protecting system software on macOS

        APFS volume replication

        External files for iOS and iPadOS

         

         

        APFS Refresher

         

         

        Default filesystem on iOS since 10.3 and on macOS since High Sierra

         

         

         

         

        Protecting system software on macOS

         

         

        Read-only System volume on macOS Catalina

         

         

        On macOS Mojave:

         

         

        One main APFS volume - used to store user data and system software

         

         

        Upgrading to Catalina:

         

         

        Change role of main volume to data volume

        Create a new empty volume which will be used to store system software

        Once system software is installed, new volume is marked as read-only

        Data volume is then used to store user data and third-party software

        UI shows both system volume and data volume as one unified volume

         

         

        Firmlink - Bi-directional wormhole in path traversal

        New filesystem object, similar to Unix symlink

        - Consistent forward and backward traversal of the filename space

         

         

        Firmlinks are used on the system volume to point to the user data on the data volume. So there will be a /Users firmlink on the system volume and so on.

         

         

        The volumes are split during the update, no opt-out

        System volume is read/write in the WWDC beta

        It will not be in future betas

        Read-only state of the system volume can be disabled via disabling SIP, but this change is not persistent and will revert to read-only after a reboot.

         

         

        Big change - Test your applications for breakage as a result of this change.

         

         

        ASR, volume replication and snapshots

         

         

        Volume replication

         

         

        - Copying one volume to another with high fidelity

        - All data, all metadata, all attributes, all everything.

         

         

        Who wants this?

         

         

        Enterprise/Education IT, setting up labs

        Backup utilities

         

         

        APFS presents challenges for replication

         

         

        Before APFS:

         

         

        Replication of partitions and volumes are 1 to 1 - block copy of the entire partition works on HFS+

         

         

        With APFS:

         

         

        Volume management and space sharing means that partitions and volumes do not have a 1 to 1 relationship.

        Encryption is done at the filesystem level

         

         

        Block copies are not possible with APFS volumes

         

         

        APFS Volume Replication with ASR

         

         

        Encryption / decryption is part of the generation / restore of the replication

        If the destination is itself encrypted, the data is stored as encrypted on the destination.

        Volume is also defragmented as part of the replication stream.

         

         

        Restore options:

         

         

        Restoring to an existing target volume (erasing prior content)

        Restoring to a newly created target volume

         

         

        Snapshots

         

         

        Point in time capture of volume state

         

         

        Restoring with snapshots

         

         

        Restore from snapshot to new volume

        Restore snapshot deltas - Replication to new volume which has an earlier snapshot restored to it, subsequent snapshot restore only replicates over the deltas between earlier and later snapshot.

         

         

        New features in APFS need new replication methods

        APFS volume replication is best done with ASR

        ASR can restore snapshots and snapshot deltas