What’s New in MDS 2
MDS 2 is an open source project for setting up, deploying and managing modern Macs. MDS 2 builds on the features of MDS 1 and adds in more features to make MDS 2 a complete solution for deploying modern Macs. It can be used standalone or can be used in tandem with other management systems, such as an MDM.
New Major Features
- MDM with Deployment Enrollment (using MicroMDM as the engine)
- Download macOS installers right in MDS
- ASR Restores
- Support for macOS Catalina (10.15)
- Other Features
MDS 2 includes MDM with Deployment Enrollment. It still works great with existing MDM systems, but administrators who do not currently have an MDM solution can use MDS 2 to use the features of macOS that are not available unless a Mac is deployed with MDM or Deployment Enrollment. Specifically, it addresses two features that are not available unless MDM is used:
- Apple Remote Desktop Screen Sharing
- Whitelisting Kernel Extension
In the past, when a Mac was deployed using MDS, Apple Remote Desktop was observe-only until someone opted into screen sharing on each machine. A similar requirement exists for whitelisting kernel extensions. Enabling these features were not possible with MDS unless you have a 3rd party MDM. With MDS 2, all of this can be accomplished with MDS 2.
MDM was also added for two additional reasons: Future compatibility and light management. It is clear that Apple’s direction for managing Macs is with MDM and management features will continue to be focused on MDM. If you manage Macs and your needs do not require all the features of a commercial MDM, MDS 2 may provide all the MDM features needed for your current deployment. If your requirements grow over time and a cloud-based full-featured MDM is required, you can switch over to a different MDM while still using the great deployment features of MDS 2.
The final reason that MDM was added was philosophical: In order to use all the management features of new Macs you just purchased requires a paid MDM. This typically means signing up for a cloud-based solution where you are charged a per-client fee. I don’t think that this should be a requirement to manage Macs. There should be an open source alternative. We do sell support for MDS, but that is not based on the number of Macs that are managed, but instead by how much support you need. MDS also runs locally on a Mac you own (an MDM Push certificate is included with all support packages if you don’t have an Apple Enterprise developer account). This removes an outside dependency on a cloud-based MDM.
MDM with Deployment Enrollment
With the new MDM service built into MDS 2, Macs can enroll in the MDM service in 3 ways:
- Web Page: Click the Open Enrollment button and open the URL on the Macs that you want to enroll. Click on the link to download the enrollment profile.
- Enrollment Profile: Download the enrollment profile from the enrollment page and include that profile in an MDS workflow. When the new Mac is set up with the workflow, it will be enrolled in MDS MDM.
- Deployment Enrollment: If you are signed up for Apple Business Manager or Apple School Manager, your Macs will enroll in MDS MDM during the setup assistant. The setup assistant can be customized using the Configure DEP MDM Profile button.
You can also send some MDM commands to enrolled Macs, including Reboot, Shutdown, Install Profile, and more.
MDS workflows can use the macOS installer, and MDS 2 makes it easy to download the macOS installer. Instead of downloading from the macOS App Store, download the macOS installers by selecting one or more installers and click Download. If the download is interrupted, it can be resumed.
MDS 2 adds in the ability to restore macOS very quickly using Apple Software Restore (ASR). Using the macOS installer takes about 20 minutes to install. Restoring an image with ASR can take as little as 3 minutes. ASR Restores are generally used when restoring the same version of macOS to a Mac since firmware updates are not installed as part of the ASR process. MDS 2 supports both macOS installs and ASR restores so either method works equally well and all other parts of the workflows (packages, scripts, profiles) work well with both macOS and ASR images.
To create an image to restore, it is recommended to use AutoDMG to create a disk image of macOS. It works by creating a writeable disk image and then using the macOS installer to install macOS to the disk image. The disk image is then optimized for restoring.
This ASR image can then be selected in a workflow.
Support for macOS Catalina (10.15)
MDS 2 has full support for macOS Catalina (10.15). Catalina introduced a new read-only system volume. When MDS 2 installs macOS, both the read-only system volume and the data volume are removed and a new APFS volume is created. The installer (or ASR) will create the correct System and Data volumes as needed (Catalina) or use a single volume for 10.14 or earlier.
MDS 2 includes various bug fixes and improvements.
- User Account Photos: User accounts can now contain photos.
- Efficient workflows: Resources that are the same are not copied multiple times when saved. A single copy is created and workflows that use that resource just reference it with a symlink.
- Pre-install scripts with ASR: When restoring an ASR image, pre-install scripts are run after the volume is restored, but before rebooting into the restored volume.
- Added checkbox to partially enable SIP with support for setting the startup disk programmatically.
- Updated graphics for both light and dark mode.
- Self-signed certificate is now shared between services and has a better tool for creation.
- Added multiple options for having MDS Automaton restart Mac to different Internet Recovery modes.
- Added support for skipping ScreenTime Setup Assistant in Catalina.