Mac Virtualization: Why Recent Changes Are Good for Apple IT
At a high level, virtualization allows you to run multiple operating systems on a single computer; those multiple instances are called virtual machines, or “VMs” for short. Apple silicon and macOS make virtualization possible on Mac using a combination of hardware and software technologies:
- At the hardware level, Apple silicon allows for the sharing of CPU and memory resources.
- At the kernel level, macOS has technologies built-in that can leverage these specialized hardware capabilities. That means there’s no need to use additional specialized kernel extensions (or “KEXTs”) to do virtualization.
- At the software level, developers of virtualization software can leverage the Hypervisor framework, a low-level API that allows for virtualizing the CPU and memory resources needed to run a VM. But to run a full operating system, you need more than a low-level API. That’s where the Virtualization framework comes in. The Virtualization framework is a high-level API that enables the creation of full VMs of macOS and Linux distributions. In macOS it also supports the Virtual I/O Device (VIRTIO) specification, an industry standard used by other virtualization solutions, for greater compatibility.
Testing in VMs: The Caveats
One of the most important use-cases for virtualizing macOS is to test pre-release versions of the operating system; a macOS VM can also help validate device deployment workflows.
Historically, Kandji has argued against using a macOS VM as your only test platform, due to some inherent limitations. Those restrictions included a lack of full hardware access; for example, VMs weren’t able to take advantage of GPU acceleration in macOS Monterey. That specific limitation can severely limit the capabilities of how the OS behaves and how processes and apps run. (For example, the Kandji Agent makes use of Metal, Apple’s hardware-accelerated graphics solution, for the sake of energy efficiency and speed.) In addition, as this article was being written, the Software License Agreement for macOS Monterey allows for just two VM instances of the operating system per user—which could be a limiting factor in testing.
One other big caveat about using VMs for deployment testing concerns Automated Device Enrollment (ADE). This enrollment method requires communication with Apple Business Manager or Apple School Manager and validation of the device’s serial number along with some other unique identification properties of the device. While earlier virtualization solutions on the Intel architecture in older generations of Mac computers allowed for “spoofing” a device’s serial number, today, with Apple silicon, that’s no longer possible.
What’s New in Virtualization
In the forthcoming release of macOS Ventura, Apple will improve the Virtualization framework in a few ways that make it better for Mac admins.
For one, Apple has announced that virtual machines will have full access to Metal, meaning that virtual machines under Apple silicon will be able to take full advantage of the GPU. Also, Apple is adding trackpad support, so gestures such as rotation and pinch to zoom can be used in VMs.
While not specifically related to deployment testing, another great change announced at WWDC 2022 for macOS Ventura is that Linux VMs will be able to run x86-64 binaries using Rosetta inside the VM. This is excellent news for system administrators who need to run Linux-based services, apps, or other Linux-based solutions directly in macOS. While it was previously possible to run arm64 distributions of Linux in macOS Monterey, the apps and binaries inside of them also needed to be compiled for arm64 binaries, which severely limited the utility of Linux VMs.
This new feature will change the ways system administrators can integrate Linux-based apps into their workflows, by allowing the guest linux VMs to use Rosetta to translate x86-64 binaries to work on Apple silicon. To learn more about these new technologies, see Apple’s Developer Documentation.
Options for Virtualizing
When it comes to virtualization solutions, Apple admins have a few alternatives.
Two commercial products, VMWare Fusion and Parallels Desktop, have been around for years. Both have been updated to work with the latest virtualization technologies that were available at the time of this article. For example, Parallels Desktop can now make use of an available Virtualization API to automatically download the IPSW for macOS Monterey on an Apple silicon Mac, so it can install the OS automatically without requiring the prior download of the macOS installer.
Beyond these two popular commercial solutions, there are also Mac virtualization projects available on GitHub, such as VirtualBuddy and Microverse. Some are in the form of pre-compiled macOS apps or Xcode projects that you can download and practice with. These are good ways to get started with virtualization. There are also apps available in the App Store that utilize the Virtualization framework, such as UTM Virtual Machines.
You could also consider leveraging the Virtualization framework yourself. This requires installing Xcode and having some foundational knowledge of the Swift language. But Apple has provided instructions in their developer documentation: Running macOS in a Virtual Machine on Apple Silicon Macs. The company has also provided a sample project that you can download to create your own VM. You can learn more about this sample project in Apple’s WWDC 2022 video.
Testing in VMs: The Benefits
This all takes us back to the question of testing pre-release OSes and deployment workflows in VMs.
With Apple’s expansion of the Virtualization framework, some of the previous limitations of testing with VMs—namely, the lack of Metal support—will be resolved. While there are still some limitations—such as not being able to test ADE or hardware-exclusive capabilities like Touch ID, as well as licensing limitations on the number of VMs per user—there are in fact several benefits to testing pre-release macOS versions natively on Apple silicon.
As an IT admin, one of your primary responsibilities during beta testing cycles is to verify that software and configurations continue to work. With a VM, an upgrade from a current version of macOS and a fresh install of the pre-release OS can both be tested on the same computer, potentially multiple times. While testing on a physical computer or even on a separate partition or volume is always the best option—because it’s real Mac hardware, just as your users will be using—a VM can make it easy to re-run tests in just a few clicks (often using “snapshots” of the system state), without needing numerous pieces of physical hardware.
The option to Erase All Content and Settings on modern Mac computers in macOS Monterey certainly makes testing workflows easier on physical hardware, but it also fully resets the OS each time. With VMs, it’s much easier to revert just from specific changes. As you test software you use in your organization, or configuration changes that may only be available in the new OS, VMs make it easier to roll those changes back and try again, if needed.
In sum: Mac admins should be excited about the future of virtualization and Apple silicon Mac computers. Improvements in macOS, especially around support for Metal and running x86-64 binaries under Rosetta in Linux VMs, are great steps forward in making the Mac a great virtualization platform that can help you test, troubleshoot, and plan your deployments. Apple’s sample project and overview video from WWDC 2022 showcases how anyone can get started testing with VMs, even without the need for specialized, often expensive, software. While VMs are not true replacements for physical Mac computers, they can provide fast and easy access to test your MDM and Mac device management workflows.
About Kandji
By testing betas and leveraging an MDM solution, you can ensure your organization’s transition to the new operating systems is smooth. Kandji supports deploying beta profiles, so you can remotely install those prerelease OSes on devices in a testing group. With powerful features like zero-touch deployment, one-click compliance, and offline remediation, Kandji has everything you need to enroll, configure, and secure your devices.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.
See Kandji in Action
Experience Apple device management and security that actually gives you back your time.