Cisco Learning Network Store Promotions Page

6.16.2016

Apple File System revealed at WWDC 2016, focused on encryption and SSD support

Apple recently announced the new Apple File System (APFS), replacing the decades-old HFS system.

Image: Josh Miller/CNET
On Monday, Tim Cook and his executive team took to the stage at the 2016 Apple WWDC event to discuss the latest updates to their core operating systems in the keynote address. One of the biggest releases for the enterprise, however, wasn't even announced.
 
As part of the updates with macOS Sierra, a new file system for storage called the Apple File System (APFS) is being released in developer preview. An explanation of the system was first spotted as part of a description for a system frameworks breakout session at WWDC:
 
"The Apple File System (APFS) is the next-generation file system designed to scale from an Apple Watch to a Mac Pro. APFS is optimized for Flash/SSD storage, and engineered with encryption as a primary feature. Learn about APFS benefits versus HFS+ and how to make sure your file system code is compatible."
 
As noted, APFS was created to replace the aging HFS and HFS+ systems, which Apple said were "developed in an era of floppy disks and spinning hard drives, where file sizes were calculated in kilobytes or megabytes." The APFS is built with Flash storage in mind and to handle millions of files that may be larger in size. 
 
Let's take a look at some of the potential improvements that APFS holds over HFS+. For starters, APFS supports 64-bit inode numbers vs. the 32-bit IDs supported by HFS+. APFS also has support sparse files, but HFS+ doesn't.
 
Another big improvement is the timestamp granularity. While HFS+ offers a 1 second timestamp granularity, APFS supports a 1 nanosecond timestamp granularity. This amount of detail would likely be used more for core OS files, and is a massive improvement in terms of file detail. 
 
To protect against crashes, APFS utilizes a copy-on-write metadata scheme to make sure that file systems updates are safe in the event of a crash.
 
With all the recent headlines about Apple's war for encryption, it's not surprising that APFS supports encryption natively. According to the developer documentation:
 
"On OS X, Full Disk Encryption has been available since OS X 10.7 Lion. On iOS, a version of data protection that encrypts each file individually with its own key has been available since iOS 4, as described in iOS Security Guide. APFS combines both of these features into a unified model that encrypts file system metadata."
 
Although hardware-dependent, APFS encryption supports AES-XTS or AES-CBC. The base storage unit for APFS is called a container, and users can choose one of three encryption models for each volume within a container: 
  1. No encryption
  2. Single-key encryption
  3. Multi-key encryption with per-file keys for file data and a separate key for sensitive metadata
APFS also adds support for both clones and snapshots. A clone is a instant, writable, copy of a file or directory that doesn't take up any extra space for the data. Clones will be useful in versioning and revisioning, depending on how you can diff them.
 
Snapshots, on the other hand, are read-only instances of a file system on a volume. Developer documentation states: "The operating system can use snapshots to make backups work more efficiently, and offer a way to revert changes to a given point in time." This means we'll likely see snapshots changing or replacing Time Machine backups.
 
A new copy-on-write design using I/O coalescing could help with both performance and reliability, and a new Space Sharing feature where multiple file systems can share space on a physical volume, but with more flexibility than traditional partitioning. 
 
While there are a ton of updates with APFS, there are still some limitations.
 
If you were holding out for a non-case-sensitive system, you're out of luck. APFS filenames are currently case-sensitive only. This may seem like a step backwards, because HFS+ can be configured as non-case-sensitive. But, it is only a developer preview at this point, so keep that in mind. 
 
Additionally, you cannot use an APFS volume as a startup disk, as a Time Machine volume, or as part of a Fusion Drive. FileVault encryption will not work on it, either. APFS formatted volumes won't work on OS X 10.11 Yosemite and earlier.
 
Interested parties can find the developer documentation for APFS here.
 
~ Conner Forrest

Related Posts

0 comments: