Parallels With Big Sur
Like, Share and SubscribeBig Thanks to Mad Dog The Link Below is to Mad Dog's Channelin.
- Parallels and Big Sur. I don’t understand the language of Parallel’s newest announcement. Can I run my non ARM version of Windows 10 on my M1 Mac, or do I.
- The new Parallels® Mac Management for Microsoft System Center Configuration Manager (SCCM) version 8.6 keeps the only solution for managing Apple Mac devices on Microsoft SCCM in step with macOS’s latest major update, macOS version 11—Big Sur.
Guest blog post from Dmitry Geynisman, Product Manager at Parallels
You may have seen these messages from both macOS and Parallels Desktop for Mac:
No worries, in this blog post I will explain the situation in detail. First, I will give you a relatively short answer about why Parallels® Desktop uses system extensions, and then more details will follow.
- Parallels Desktop uses a hypervisor technology to create a high-performance virtual machine, so you can run Windows, Linux, macOS, and other operating systems inside it.
- There are 2 types of hypervisors on macOS that Parallels can use: Apple’s built-in hypervisor or Parallels’ proprietary hypervisor. Parallels proprietary hypervisor is implemented as a system extension.
- System extensions in macOS enable developers to integrate deep into the macOS system to achieve better performance or provide some unique functionality.
- When Parallels Desktop attempts to load the Parallels hypervisor system extensions, macOS prompts a user to ‘allow’ this. System extensions have elevated privileges and if they are coming from a non-trusted source, can be used maliciously. So, it is a security precaution, similar to how your phone apps ask to access your camera.
If you downloaded Parallels Desktop from parallels.com and the system extension is signed by “Parallels International GmbH”, then you are in good hands.
- Parallels recommends you use Apple’s built-in hypervisor. That way macOS won’t bother you with System Extension approval or the need to reboot. However, if you need to use the Nested Virtualization feature or a specific workload where Parallels hypervisor shows higher performance scores, you may keep using Parallels hypervisor.
- To change a hypervisor type, first, you need to shut down or stop your virtual machine. Note that for this you might need to start or resume the virtual machine and approve Parallels hypervisor system extension.
When your VM is stopped, go to VM configuration > Hardware > CPU & Memory > Advanced Settings > click on the “Hypervisor” dropdown > select “Apple” or “Parallels” respectively.
If you have multiple virtual machines, you may need to change the setting for every one of them.
Now, if you’re not bored yet, I’d love to tell you more about this story.
For more than a decade, Parallels developed its proprietary drivers (aka system extensions) for running Windows and other OSes on top of the macOS. These drivers made Parallels Desktop the best virtualization solution, the fastest, and the most technologically advanced.
At the same time, for several years, Apple has been moving towards making macOS the most secure and reliable desktop OS (and I should say, Apple succeeded in many ways). One of the key aspects is not to let developers intrude on the OS kernel by loading those extensions (aka “kexts”), as those who have access to the kernel can do things at the very heart of your Mac, which may prove quite dangerous. In order to do that, Apple must replace 3rd-party kernel extensions with the native system APIs that ultimately enable the same product features, and that is massive engineering work even for such a big enterprise as Apple.
Since 2017, with the macOS High Sierra 10.13 release, Apple started to block 3rd-party kexts automatically, and users have had to enable them manually since. At that time, we published this blog post that can tell you even more about Parallels Desktop using system extensions.
In March 2020, with the release of macOS Catalina 10.15.4, Apple started to warn users that some of their apps (that use deprecated system extension) would “be incompatible with a future version of macOS” (read: with macOS Big Sur).
At WWDC20, Apple was quoted as saying that “System Extensions improve the reliability and security of macOS, and deprecated kernel extensions will not load by default in macOS Big Sur”. Eventually, to make Parallels Desktop fully compatible with the new macOS Big Sur 11.0, Parallels Engineering has gone through years of engineering work of rebuilding Parallels Desktop and its features using the new macOS system APIs. This extensive and time-intensive development resulted in the all-new Parallels Desktop, explicitly designed to work and integrate with new macOS Big Sur technologies, and at the same time, deliver performance and productivity improvements to benefit Parallels Desktop customers.
This scheme below visually describes the difference between the default Parallels Desktop modes on the corresponding macOS version. The old Parallels Desktop design using Parallels system extensions is shown on the left, and the newly-invented Parallels Desktop 16, using macOS Big Sur APIs, is shown on the right.
For now, our team continues to work on supporting both Parallels and Apple hypervisors and continues collaborating with Apple on implementing the rest of Parallels Hypervisor features to Apple Hypervisor. We recommend using Apple hypervisor, and if you notice any difference between Apple and Parallels hypervisors for your use case, please let us know.
Download a free trial of Parallels Desktop for Mac and try it out yourself.
The new Parallels® Mac Management for Microsoft System Center Configuration Manager (SCCM) version 8.6 keeps the only solution for managing Apple Mac devices on Microsoft SCCM in step with macOS’s latest major update, macOS version 11—Big Sur. In addition to providing support for Mac devices running Big Sur, Parallels Mac Management 8.6 also comes with some changes you might want to be aware of.
Here’s an overview of the key changes that accompany the latest version of Parallels Mac Management.
Support for macOS Big Sur
macOS Big Sur is arguably the biggest update to Apple’s operating system for Mac devices in the past decade, as it reflects the gradual transition of the Mac lineup to Apple’s own in-house-designed processors. Since 2001, macOS versioning has been following the 10.x notation. The last of that breed, macOS Catalina was tagged version 10.15. macOS Big Sur is the first to bear version 11.
As soon as your business decides to migrate your Mac devices to the next generation of macOS starting with Big Sur, rest assured you’ll already have the capability to manage them on Microsoft SCCM when you use Parallels Mac Management 8.6.
Installation of Configuration Profiles
Configuration profiles provide IT administrators an easy way to enforce compliance requirements as well as configure settings, accounts, restrictions and credentials automatically on a large number of Mac devices. A typical configuration profile may contain predefined settings for passcode policies, Exchange account configurations, network settings, credentials, keys and many others.
In 8.6, configuration profiles can only be deployed to Mac devices running macOS Big Sur via mobile device management (MDM). This means those Mac devices should be enrolled in MDM first. You don’t need to change anything regarding configuration profiles for older macOS systems—they will continue working as usual.
Parallels Big Sur Vm
Automatic MDM Enrollment
As with the installation of configuration profiles (see previous section), automatic MDM enrollment has likewise changed for Mac devices running macOS Big Sur. In the past, it was possible to enroll all Mac computers in MDM automatically without user interaction if they were already enrolled in SCCM. Now, in version 8.6, automatic MDM enrollment requires user approval.
This user-approved MDM enrollment process is carried out in the following manner:
- The administrator configures automatic MDM enrollment for Mac devices.
- The Mac user gets notified that the Mac should be enrolled in MDM.
- The user approves the enrollment.
Again, this applies only for Mac devices running Big Sur. Older Mac devices may be enrolled using usual methods of enrollment.
FileVault 2 Encryption for Mac Devices
One more change that affects Mac devices running on Big Sur is the enforcement method of FileVault 2 encryption. In the previous version, as soon as a configuration baseline is deployed to a device collection, Mac computers in the collection are evaluated immediately for compliance. If FileVault 2 is found to be disabled in a Mac, the user will be prompted with a message indicating that the device is about to be encrypted.
The user will then be given the option to proceed with the encryption or to postpone it. If the user chooses Encrypt, the encryption process will commence. On the other hand, if the user selects Postpone, the user will be prompted repeatedly (with gaps of a few minutes) until the user clicks Encrypt instead of Postpone. This can be very distracting if the user is still working on something.
In version 8.6, FileVault 2 encryption enforcement is delayed until the user logs out, thereby minimizing unnecessary distractions. The FileVault 2 encryption enforcement process now involves the following steps:
- The administrator configures FileVault 2 encryption.
- The Mac user gets notified that the Mac device is due for FileVault 2 encryption.
- Encryption starts on the next login or logout.
Parallels Macos Big Sur
Enforcement of TLS Version for PMM Components
The Transport Layer Security (TLS) protocol secures communications among Parallels Mac Management components as well as between Parallels Mac Management components and Mac devices. This ensures establishment of an acceptable level of trust before any two points commence data exchanges and protects all communication from network-based threats through data-in-motion encryption.
Parallels Big Sur Network
However, because lower versions of the TLS protocol have known vulnerabilities, TLS security can only be truly effective if those lower versions are avoided. In Parallels Mac Management version 8.6, it’s possible to manually control the minimum TLS version to be used in communications to ensure optimal security.
All these new features are available in all SCCM versions up to SCCM 2006 as long as they have the Parallels Mac Management version 8.6 plugin. Should you wish to try them out, you may grab your free trial copy of Parallels Mac Management now.