Working in the higher education sector, where your financial years have to be planned out pretty far in advance, the good thing with Apple’s recent policy change around announcing new hardware is that it allows you to budget for it for testing purposes. So, when Apple’s new flagship machine for professionals, the iMac Pro, was released, I was lucky enough to be able to quickly get my hands on the base model to look at what this (pretty revolutionary) new hardware means for the future of Mac management. I’d heard the rumours flying around about the security chip inside, but there’s nothing quite like interacting with a machine yourself to get a feel for it. Here’s what I’ve discovered in my first week with it.
Packaging & Accessories
Almost all of the packaging inside the main box is paper-based. This may seem like a minor point, but Apple are extremely keen to push the recyclability of their hardware and its good to see them extending that to their packaging. There’s no polystyrene to be found – the iMac is kept secure in its box with moulded cardboard, the screen and mouse come enveloped in what seems like a woven paper mesh sleeve, and even the accessories are held in place with cardboard instead of plastic. The only plastic present is the main screen protector, and the handle on top of the box.
Display & Graphics
The main display is the same LG-manufactured retina display as found in the 27″ iMac, which is extremely bright (500 nits) and has a very wide colour gamut (P3), and it’s as gorgeous as ever. Importantly here, though, the display is driven by the incredibly powerful Radeon Pro Vega 56 or 64 GPU. It’s worth remembering though, that the iMac Pro should be compatible with external GPUs running over Thunderbolt 3, so it’s not impossible to upgrade later (although other upgrades such as RAM and CPU are more difficult to do without disassembling the case.)
This is an extremely quiet computer – which is quite a feat considering how much oomph even the base model 8 Core Intel Xeon W processor provides. The new dual fan design inside really makes a difference when compared to the regular 5K iMac. When idling, it’s for all intents and purposes silent, and when I taxed all 8 cores (with
yes > /dev/null & UNIX fans!) it took some minutes for the fan to even become audible. Even under full load the iMac Pro is quieter than your average PC tower when idling.
The SSD is ridiculously fast. Even basic testing with Blackmagic Disk Speed Test showed write speeds of between 2500 and 3000MB/s and reads of 2500MB/s. Inside the iMac Pro there are actually two flash storage chips which are connected to the T2 – the new security-and-more chip inside (on which more later!) It’s not currently clear exactly how these two chips are presented as one drive, and if any striping is going on, but the speed increases on the Thunderbolt 3 MacBook Pro seem quite marked.
T2 Chip & Secure Boot
The new T2 chip inside the iMac Pro is probably the most significant architecture change for Mac admins since the move to Intel. With it’s Secure Enclave, which functions very similarly to similar ones in iOS devices, Apple can ensure that the device will only boot from signed versions of the OS. If you think about what this means on iOS, where Apple stops signing older versions if a newer one is compatible with the hardware, we could get to a stage where a Mac device will only boot from the latest trusted version of macOS. Currently though, using the Startup Security Utility this behaviour can be disabled entirely, or limited to any version of macOS whether it’s currently trusted or not.
Not only that, but the T2 chip also manages whether you can boot from external media (USB/Thunderbolt drives etc.) Like Gatekeeper, there are several options available now, but who knows which ones Apple will remove in the future…
As noted over on Rich Trouton’s blogthe SSD chips are automatically encrypted using hardware keys stored in the Secure Enclave – meaning that it’s permanently encrypted at rest and FileVault just adds another level of security and lets multiple users unlock the drive. This does beg the question of what happens if the SSD breaks – if the keys are burned into hardware will you have to replace the T2 or the whole logic board?
It’s quite simple – the new iMac Pro will not NetBoot, no matter what combination of keys or magical incantations you try. While some people have noticed that it’s still making the DHCP requests to discover boot servers, it won’t respond to replies. So this goes a bit beyond just imaging being “dead”, and means that any form of 10.13 NetInstall workflow you were perhaps preparing won’t work either. So to properly bootstrap a machine and add management you’re going to be looking at DEP or something like Greg Neagle’s bootstrappr to get things going from Recovery.
The iMac Pro is overkill for the average user – and I had trouble taxing it with non-benchmarking software. Bouncing audio in Logic Pro X is definitely faster than on the Thunderbolt 3 MacBook Pro – unsurprising given it’s been updated to take advantage of the iMac Pro’s multicore CPU. True pro users will probably have more real world things to say about its power in the coming months, but as a glimpse into the future of the Mac and macOS, it’s an extremely interesting bit of kit. If you can beg for one or borrow one (try not to steal one), you can start testing your new admin workflows now.
About Ben Goodstein
Ben Goodstein is a speaker at the Mac Admin and Developer Conference 20-21 February at VUE IN Leicester Square. Ben’s first Mac was a Powerbook 145 (the ones with the trackball!). He’s worked professionally with Macs and iOS for over 10 years, and is now Apple Technical Leader at the University of Oxford.
About MacAD.UK 2018
Amsys is hosting the Mac Administrator and Developer Conference (MacAD.UK) in London for its third year running and has secured participation from the world’s biggest technology companies. The conference is attended by over 250 technical professionals administering Apple technology in Enterprise, SME and Education.
MacAD.UK has become a must-attend event for Mac tech professionals since its inception in 2016. With intensive sessions run over two days, delegates attend to network, share, discover, compare, meet, learn, hang out and socialise with the other Apple techs from around the world.