A few weeks ago I posted on reddit asking how Mac admins are currently deploying/redeploying older Macs with APFS partitions now that imaging with DeployStudio is near its death. While DEP works great for newer machines, if your organization has existing Macs that are not enrolled in DEP, it is not an option for you. One of the suggestions that came up was to use APFS snapshots to create a “snapshot” of the prepared drive, and then revert to the snapshot and install any necessary updates with Munki when a machine comes back in for redeployment.
In my tests, this reverts a machine back to the snapshot state in about 5-10 minutes. This will give you a fully prepared machine much faster than using the startosinstall option with the High Sierra Installer to do an “install in place” wipe of the machine, which took about 45 minutes in my tests.
The Problem With Local Time Machine Snapshots:
The problem with the APFS snapshot method is that if you use the tmutil command to create AFPS Local Time Machine Snapshots as noted by James Otander, the system will automatically remove your Local Time Machine Snapshot after a 24 hour period. Apple itself notes that Local Time Machine Snapshots will be automatically pruned after 24 hours. Unfortunately, it does not appear that Apple has a built-in way to permanently store snapshots or stop Local Time Machine Snapshots from being pruned. Apple also requires a specific developer entitlement for any third-party application that would create APFS Snapshots, and only after strict review. Source
Enter Carbon Copy Cloner from Bombich:
For those of you who are not familiar with Carbon Copy Cloner, it is a low-cost backup app for Macs that can easily create bootable backup copies of your Startup Disks and manage Recovery Partitions. Version 5 also happens to be an APFS Snapshot management tool for MacOS, allowing you to create, view, delete, and restore from APFS snapshots under High Sierra.
As detailed on Bombitch’s Blog, when you select an APFS volume as a source to a CCC backup task, CCC will automatically enable snapshot support on that volume and set a default Snapshot Retention Policy for that volume. When your backup tasks run, CCC will automatically create a snapshot and use that snapshot as the source for the backup task.
What you need:
- Mac with High Sierra or Mojave Preinstalled (tested with version 10.13.4 – 10.14.4)
- Carbon Copy Cloner from Bombich version 5 (CCC)
- Munki
- Bootable USB Flash drive or another Mac that can boot with Target Disk Mode with Carbon Copy Installed
- OPTIONAL MDM Solution such as Profile Manger or Jamf
NOTE: Using APFS Snapshots to prep Macs for redeployment requires that High Sierra or Mojave have been installed using the installer from the App Store at least once, to ensure that the necessary APFS supporting firmware is installed, and that your SSD/Flash drive is properly converted from HFS+ to APFS. Once a machine has had High Sierra or Mojave installed, you can also use Carbon Copy Cloner to restore a new machine using the snapshot of an existing machine via Target Disk Mode. In theory, this method should also support standard hard drives alongside SSDs with Mac OS Mojave, as Mojave has migrated all hard drives to APFS, but I have not personally tested this.
Prepping the Mac:
- Ensure Mac has had High Sierra or Mojave previously installed and that the main hard drive is formatted APFS.
- Install and configure Munki. Getting started instructions can be found here.
- Build out your machine as you would have built out your “image”. i.e. install any and all necessary software packages to the machine as if you were going to hand that machine out in its current state.
- Install Carbon Copy Cloner on your Mac
Creating the APFS Snapshot:
- Create two empty folders somewhere on the prepped Mac’s startup volume, named “source” and “destination”.
- Open CCC and click the New Task button in the toolbar.
- Drag the source folder onto CCC’s Source selector.
- Drag the destination folder onto CCC’s Destination selector.
- Turn off the SafetyNet feature.
- Schedule the task to run on demand. Do not schedule this task to run automatically, otherwise your Clean Snapshot could be overwritten or pruned.
- Save the task.
- Click “Clone” in the lower right-hand corner.
Verify the APFS Snapshot Exists:
- If the sidebar is not visible in CCC, click the “Show Sidebar” button in the top left of the taskbar.
- Select the APFS boot volume under the “Volumes” section in the sidebar.
- Click “Show Volume Snapshots” in the lower right-hand corner.
- You should see a snapshot with the CCC logo in the list on the right of the window with a timestamp of when you ran the last backup task. You may also see Apple Time Machine Local Snapshots in the list if you have Time Machine enabled on the computer.
- If you wish to, you can delete a snapshot by right-clicking on it and then selecting delete.
Restoring Machine from CCC APFS Snapshot and Redeploying:
Now that your machine has been out in the wild, has been turned in, and is needed by a new individual, you can restore to the APFS snapshot that was originally created by CCC. Due to the way Apple protects system files, you cannot restore a system with a CCC snapshot while you are booted off the startup drive. You will need to either boot off a USB Bootable Drive, a bootable network image, or put the machine in target disk mode and connect it to another Mac. Whatever you choose to boot from needs to have High Sierra or Mojave as its base (so it can read/write APFS) and have a copy of CCC installed. The steps below assume a bootable flash drive with CCC installed.
- Boot your Mac from a Bootable disk with CCC installed.
- Open CCC and in the sidebar, select the main system boot volume.
- Click “Show Volume Snapshots” in the lower right-hand corner.
- In the Snapshot List, select the Clean Snapshot (most likely the oldest on the drive if there is more than one).
- A restore button will appear next to the snapshot name in the list. Click it.
- CCC Creates a new task with the Clean Snapshot as the Source. Set the system boot volume to the Destination. Do not schedule the task.
- Save the task
- Click “Clone” in the lower right-hand corner.
- After about 5-10 minutes, the restore task will complete.
- Restart the computer off the main system volume.
- Upon restart, the system should be restored to the state it was in when you first created the CCC APFS Snapshot.
- Run Munki or other MDM/Package installing software to install any updates or changes to the system.
- OPTIONAL Create a new APFS Snapshot that includes the latest updates and delete the old Clean Snapshot.
- Deploy to new user.
Bonus: Restoring a Different Machine from an APFS Snapshot:
CCC can also use the Clean APFS Snapshot you created to build out a secondary machine over Target Disk Mode. This can be done with the source machine booted normally, even if it is not in a clean state, as long as a Clean APFS Snapshot exists.
- Connect the second Mac with High Sierra or Mojave already installed and its drive formatted as APFS
- Open CCC and in the sidebar, select the main system boot volume.
- Click “Show Volume Snapshots” in the lower right-hand corner.
- In the Snapshot List, select the Clean Snapshot (most likely the oldest on the drive if there is more than one).
- A restore button will appear next to the snapshot name in the list. Click it.
- CCC Creates a new task with the Clean Snapshot as the Source. Set the target Mac’s boot volume to the Destination. Do not schedule the task.
- Save the task
- Click “Clone” in the lower right-hand corner.
- After about 5-10 minutes, the restore task will complete.
- Restart the target computer normally.
- Upon restart, the system should be restored to the clean state of the source Mac’s CCC APFS Snapshot.
I want hourly snapshots, but my destination isn’t available every hour of the day. How can I get hourly snapshots on my source volume?
TimeMachine will keep hourly snapshots if the destination drive isn’t connected, and then transfer those snapshots to the destination drive once it is available. However, for the purpose of redeploying Macs using snapshots, you really want to setup a base snapshot “image” to work from.