These questions are community-driven. I am also not the original questioner, I'm just posting them with permission. Thank you to the anonymous folks who helped gather this information.
DEP / deployment / general related:
- ASR restore on AFPS: it will be a Thing of some sort. The engineer spoken to hinted that they didn't even know internally exactly how it would work yet, but they fully expect to support asr restores in the future, even with APFS.
- System Image Utility: the team that writes it knows it is broken, and wants it to be fixed, and expect to have it resolved with APFS support, but maybe not until seed 3 at the earliest
- APFS on the Mac in general: they know it's still kinda broken. Not a single person I talked to sounded confident about using it for anything _right now_ and that it will likely take multiple seed iterations until it's in the state they feel like it should be. NOTE: This is my interpretation of the subtext of what they were saying. No one flat out stated that.
- NetBoot / NetInstall support (as well as SIU): they fully expect to support that as an option and it's not going away
- (By proxy, the Server.app team also confirmed they have no intentions of anything other than it continuing to work as expected - they hadn't heard anything about it going away and were surprised by the rumors)
- HFS+ will likely continue to be supported throughout all of 10.13's lifetime, but no one actually seemed to know for sure. I'd hazard a guess that 10.14 will be the cutoff point, although Apple has a penchant for surprises mid-upgrade-cycle.
- With today's announcement about DEP support for random devices, there's less internal concern about the rate at which they are offering DEP supported vendors in various countries (26 countries right now).
- I asked about the crazy idea we brought up to our rep about an in-house caching server / CDN / DEP activation endpoint that was, in some way, “owned by Apple” but still allowed devices internally to activate OSes / iOS / DEP without having traffic leaving the internal network.
- They were blown away by this idea and were intrigued by the possibility, and wanted to bring it up to their manager, but there are several obvious caveats:
- how do we guarantee that this “Apple CDN endpoint” never physically moves?
- For security, they can't allow it to activate just anything; there has to be some kind of guarantee
- File a feature request asking for this.
- FILE FEATURE REQUESTS/BUG REPORTS / ENHANCEMENT REQUESTS FOR EVERYTHING. LITERALLY EVERYTHING. DUPLICATING RADARS IS FINE, ESPECIALLY FROM DIFFERENT COMPANIES. IF POSSIBLE WITH YOUR AGREEMENT, FILE BOTH A REGULAR APPLE BUG RADAR, AND FILE AN ENTERPRISE CASE.
- MOST IMPORTANTLY, provide numbers. Provide numbers, impact data, sysdiagnoses, logs. The more you provide up front, the more they listen.
- They do see 'numbers of people requesting' as a metric for importance. Not every team measures it the same way, but more shouting = more attention, in general.
Caching / Server.app related:
- Caching feature is now native in 10.13 (as we saw).
- The behavior of Caching in the Sharing pane of Sys Preferences disappearing when upgrading from Server 5.3 → 5.4 beta is definitely a bug, already fixed in Seed 2.
- The preferences for this are stored in /Library/Preferences/com.apple.AssetCache.plist
- FILE AN ENHANCEMENT REQUEST: this can currently not be managed by profile. It reads the plist directly (sad trombone).
- This file must be owned by “_asset_cache”, user and group.
- Hold down option when clicking “Options” for “Advanced Options”, similar to what was offered in Server.app previously.
- There is now a tiered system where a Caching Server (which is now really just any 10.13 client) can specify a list of “Parent caching servers” that it inherits from.
- It will inherit settings if possible, as well as a list of assets to cache.
- You can specify this list of IP addresses of parents.
- You can specify a policy for how it chooses which parent to use - round robin, etc. This is an array of strings.
- This is stored in the plist mentioned above as an array of strings. I think it's “assetCacheParentList”?
- Documentation for this has been updated, but I honestly can't find it - “Advanced Config Parameters for Caching Server”, or maybe “Asset Cache” instead of “Caching Server” is what I was told
- You can forcefully disable Caching Server on clients with a profile - the key is allowContentCaching.
- FILE AN ENHANCEMENT REQUEST: Native support for the ability to pre-warm / pre-cache specific things (similar to some existing open source projects)
- Caching Server logs should now be in syslog. Log stream —debug should now catch them automatically, but the Caching server team wasn't actually sure if debug logging was enabled by default.
- Previously, you had to manually enable it with a defaults write when it was in Server.app. They aren't sure if that's still true.
- FILE AN ENHANCEMENT REQUEST: The AssetCacheUtil* commands and various incarnations don't have any kind of useful structured data output. File a request asking for a -plist output option.
- I told them about the bug about how 10.12 clients weren't respecting caching servers and going straight to Apple specifically for Software Updates.
- openradar dot appspot dot com / 30311121
- They hadn't heard about this bug before (despite several of us having reported it / filed radars for it), which makes me have some doubts about their ability to read obvious bug reports.
- They wanted links to existing posts, MacEnterprise emails, complaints, etc. There's lots of people who've mentioned this and they somehow missed it.
- FILE A BUG REPORT: They need logs showing clients requesting a server, the server acknowledging, and then it going to Apple anyway.
- log predicate - the sender is 'com.apple.AssetCache', 'AssetCacheManagerServer', 'TetheringServer', 'LocatorServer', etc.
- Sysdiagnoses
- Charles proxy logs
- Anything to show this happening on 10.12
- Not currently tested if this is still happening on 10.13.
See complete list of session and lab notes here:
