Prepare your institution for iOS 11, macOS High Sierra, or macOS Server 5.4

If you're a system administrator, you should review this list and prepare for changes before updating to iOS 11, macOS High Sierra, or macOS Server 5.4.

This article has been archived and is no longer updated by Apple.

Changes introduced in iOS 11

Security iOS 11, tvOS 11, and macOS High Sierra include the following changes to TLS connections:
  • Removes support for TLS connections using SHA-1 certificates. Administrators of TLS services should update their services to use SHA-2 certificates.
  • Removes trust from certificates that use RSA key sizes smaller than 2048 bits across all TLS connections.
  • Uses TLS 1.2 as the default for EAP-TLS negotiation. You can change this default setting with a configuration profile. Older clients might still need 1.0.

Changes introduced in macOS High Sierra

Security

macOS High Sierra, tvOS 11, and iOS 11 include the following changes to TLS connections:

  • Removes support for TLS connections using SHA-1 certificates. Administrators of TLS services should update their services to use SHA-2 certificates.
  • Removes trust from certificates that use RSA key sizes smaller than 2048 bits across all TLS connections.
  • Uses TLS 1.2 as the default for EAP-TLS negotiation. You can change this default setting with a configuration profile. Older clients might still need 1.0. 
Sharing on APFS drives AFP can’t share files on Apple File System (APFS). Apple File System (APFS) is the default file system in macOS High Sierra for Mac computers with all-flash storage. You can't opt out of the transition to APFS when you upgrade a Mac with all-flash storage to macOS High Sierra. Learn more about APFS in macOS High Sierra.

If you need to share files, switch to SMB. If you have network home directories shared via AFP on an APFS volume, update the mount records and user records to use SMB.
Kernel extensions macOS High Sierra introduces a feature that requires user approval before loading new third-party kernel extensions. This feature requires changes to some apps and installers in order to preserve the desired user experience.

Learn more about changes to kernel extensions in macOS High Sierra.
Directory Services macOS High Sierra supports binding to Active Directory domains running with a domain functional level of 2008 or later. Windows Server 2003 isn’t supported.
macOS High Sierra removes support for NIS.
Software Deployment Learn how to upgrade the operating system on your Mac.
Content Caching You won't be able to run Content Caching on a virtual machine. This action has never been supported in previous versions of macOS, but is explicitly disallowed in macOS High Sierra.
Configuration Profiles In macOS High Sierra, /var/db/ConfigurationProfiles is now protected by SIP. Admins should now use the profiles(1) command to install startup configuration profiles. See the profiles(1) manual page for more information.

Changes introduced in macOS Server 5.4

File sharing with iOS devices You won’t be able to set up file sharing with iOS devices in macOS Server 5.4. Use collaboration for Pages, Numbers, and Keynote or WebDAV sharing as an alternative for file sharing with iOS devices.
If you want to configure WebDAV sharing on a Mac with macOS Server 5.4, see the wfsctl(8) manual page. 
FTP  macOS Server 5.4 removes the FTP service when you upgrade. If you need to use File Sharing, go to System Preferences > Sharing. 
File Sharing

All File Sharing functionality has moved to macOS High Sierra. AFP will be deprecated in macOS Server 5.4 and you won’t be able to share files on an APFS volume. Use SMB to share files on an APFS volume, or use AFP to share files on an attachedHFS+ volume.

If you upgrade a Mac that is sharing network home directories via AFP to macOS High Sierra, the AFP service will be disabled. You must update your network user share point URL to use SMB instead of AFP.

Learn more about changes to APFS in macOS High Sierra.

Open Directory Open Directory service is hidden in new installations of macOS Server 5.4. Open Directory isn’t required to use new instances of Profile Manager.
Caching

In macOS High Sierra and macOS Server 5.4, the Caching service moves out of macOS Server and into System Preferences > Sharing > Content Caching. The new Content Caching service supports tethered clients and a tiered architecture. Option-click the Options button in System Preferences > Sharing > Content Caching to see the advanced configurations. 

Learn more about changes to Content Caching in macOS High Sierra. 

Xcode Server

Xcode Server moves out of macOS Server and into Xcode 9. 

 

Time Machine You can configure a shared folder to be a Time Machine backup destination for Macs over the network in System Preferences > File Sharing by Control Clicking the folder.
Published Date: