The Adaptive Quirks Profile, at a high level, is our answer to complex legacy web application environments, many of which were started during the IE6 days and built upon for years after. Parts of old web applications are often updated or rewritten over time even as other parts of the application remained unchanged. The updated pages may simply have been written out by newer tools that knew about newer standards and browsers like Firefox or IE7 and as a result those pages were stamped with more modern web standard declarative statements. The results is that many legacy web applications tend to be a mish-mash of IE6- and IE7-era web pages, all being served up by the same root web application.

The way that any browser decides which layout engine to use or which standards bodies to adhere to when it renders your site can be complex, and IE8 and IE9 are no exception. Even IE10, currently in development, is not immune: Last year Microsoft blogged about a new legacy quirks mode that IE10 will be supporting.

When we were developing Ion last year, we found that this problem (a single legacy web application that serves up a mish-mash of IE6- and IE7-era pages) to be more common than expected. This made configuring Ion potentially painful: customers evaluating Ion had to consider writing multiple rules for a single web application because it switched in and out of legacy and modern standards modes so frequently.

Our answer to this is our Adaptive Quirks Profile. Think of it as a smart profile: before it actually renders a web page, it sniffs the page to see if it was written as an IE6 (or older) page or whether it may understand what IE7 is, and then loads the correct layout engine for that page dynamically. This means that a single rule and profile within Ion can handle these complicated web applications with relative ease.

For the technically curious, here’s the decision tree that details which legacy IE engine Ion will load, depending on how a site is written. If you’re not familiar with DOCTYPE declarations for web pages, Wikipedia‘s DOCTYPE article is a great place to start reading.

Decision point #1: Does the page have a DOCTYPE declaration? If not, it’s considered to be a legacy page and Ion will load the page using the Quirks settings. If the page does have a DOCTYPE, we go on to decision point #2…

Decision point #2: Is the DOCTYPE in the correct location in the page? (the DOCTYPE must be first) If not, it’s considered to be a legacy page and Ion will load the page using the Quirks settings. If the page does have a DOCTYPE in the correct position, we go on to decision point #3…

Decision point #3: Does the DOCTYPE (which is in the correct place) declare itself as QUIRKS? If so, Ion will load the page using the Quirks setting. If not, Ion loads the page using IE7 settings (specifically IE7 Standards Mode).

For those of you who learn visually, here’s a flowchart detailing the decision tree:

As a result, Ion can achieve the maximum compatibility with legacy web applications even if individual pages within the application switch in and out of legacy standards modes. I have to admit that this kind of thing is more than anyone really wants to know about when they’re dealing with web application compatibility, and that’s why we wrote Ion: so you really don’t have to.

One final point of emphasis: I want to remind our readers that we did not write a new layout engine in Ion. Our Adaptive Quirks Profile is not some Browsium-authored technology. What Ion is doing is intelligently directing IE8 or IE9 to render content using layout modes that they already support. We just do it in a way that’s a lot smarter and easier to manage than you might otherwise have available to you.

-Christopher

I have found that many of the companies that are interested in Browsium Ion are also using Microsoft App-V as part of a migration to Windows 7.  So the question I get is, “can I use App-V to virtualize and deploy Browsium Ion”?  While I have blogged about using App-V 4.6 SP1 to virtualize the older UniBrows product, I had not looked at doing so with Ion yet, but have now done so. The short answer is yes, but I’ll discuss this in this post.

Let’s start with the client portion.   While much has changed under the covers about how Browsium provides a virtual browsing environment, ultimately the new version is simpler to deal with in App-V.  The client portion is basically a specialized Internet Explorer plug-in (browser helper objects) with a proprietary license mechanism.

Preparing an IE plug-in to be virtualized in App-V is done using a process called “sequencing”. Sequencing plug-ins is usually easy, once you understand how to do it right.  This is something we spend quite a bit time training people on in our Masters Level App-V Training Classes.  The hard part isn’t the plug-in itself, but in providing way to ensure the user gets all of their plug-ins no matter how they start IE.  That harder part involves creating a base IE package that consists of the shortcuts and file associations needed and using Dynamic Suite Composition (DSC) to load in the plug-ins.  If you deploy the plug-ins this way you can update all of your plug-ins separately (which reduces risk and test time).  But if you just want to provide a specialized shortcut to get IE to run one special application under Ion, you can skip all of that and create a single package with the Browsium Ion Client Add-on as an IE plug-in.  The only difference between those options while sequencing the Browsium Ion Client Add-on is a decision on whether to publish a shortcut in the package.

The client needs a set of policies and rules to determine when to use the different rendering engines that is the Ion magic.  These rules are created by the admin console, and there are at least four different ways of getting them to the client that I have identified.  Which one is right for your company depends more on how you like to do things.  These four ways to deploy the Ion Client Add-on via App-V and handle the rules are:

•  The Ion Client Add-on is packaged without any policies/rules/settings. A central administrator runs the console to create the rules. When created, these are exported to ADM/ADMX & ADML files.  These administrative templates are added to the central store, and a GPO is created (using the Group Policy Management Console) that enables each of the Ion settings captured. This GPO is applied to computers or users as appropriate.  If you plan to deploy the rules this way, there is no need to update the App-V package when the rules change.
• A central administrator runs the console to create the rules and these are applied to the local registry.  When using the Browsium Configuration Manager to save to local, you may select either machine or user, but you must remember to always pick the same answer when rules are updated.  Once saved to the local system registry, Regedit may be used to export from the appropriate (HKLM or HKCU) Software\Browsium key.  Next, the App-V package is created with the exported .reg file imported while in the sequencer monitoring mode.  This places all of the settings directly in the virtual registry of the App-V package.  No GPOs are required.  When you want to update the rules, repeat this process and apply the reg file to an updated App-V package.  Either “Active Upgrade” or “Branching” style of updating the App-V package will work.

• A central administrator runs the console to create the rules and these are saved to file, producing a BPX file.  Next, the App-V package is created and, while in the sequencer monitoring mode, the exported .bpx file copied to the asset folder (the “Q:” folder created by the sequencer), and a single registry setting is added to HKLM\SOFTWARE\Browsium\Ion\Settings key named “LoadFromFileName” which is a REG_SZ containing the Q:\ path and filename..  This places all of the settings directly in a file within the App-V package.  Again, no GPOs are required.  When you want to update the rules, repeat this process and apply the bpx file to an updated App-V package.  Either “Active Upgrade” or “Branching” style of updating the App-V package will work.
• A central administrator runs the console to create the rules and these are saves to file, producing a BPX file.  This bpx file is placed on a network share that all users have read access to.  Next, the App-V package is created and, while in the sequencer monitoring mode, a single registry setting is added to HKLM\SOFTWARE\Browsium\Ion\Settings key named “LoadFromFileName” which is a REG_SZ containing the share path and filename (the exported .bpx file is NOT copied to the asset folder).   Again, no GPOs are required.  When you want to update the rules, repeat this process and update the share with the new box file. There is no need to touch the App-V package!  The disadvantage of this method is that users must always have access to the share file, so this is not appropriate for out-of-office laptop users.  [Note: by using a file inside the package AND an osd script to copy the file from the share overwriting the one in the package you can get central file deployment and not touch the App-V package.]

I should note that it is also possible to add the Ion Configuration Manager to the App-V package if you want to give console access to certain users.  This is not the normal case, but it works great if you need it.

Recipe Instructions to Sequence Ion Client Add-on (version 2.0 Update 2) with App-V 4.6 SP1:

• Create a new package
• Select Plug-in mode
• Point to the Ion client installer
• When asked for the primary program, browse to iexplore.exe in the Program Files\Internet Explorer folder.
• When you install the Ion Client Add-on, you should follow Microsoft best practices and change the install location to the “Q” Asset folder (although this app works OK if you use the default install location).  When prompted for the license file, point to the license file you received.  The Ion licensing is fully compatible with App-V and requires no special treatment.
• Make any additional registry or file changes based on your selected deployment strategy.
• Be sure to select the customize option so that you can edit the application shortcut.
• In the Application editor, you should rename the Internet Explorer application (to something like “Internet Explorer for Ion”, for example).  If you are using App-V’s DSC, you will also want to remove the shortcut.
• Save off the package and deploy as desired.

Since the release of Ion in January of this year, we’ve remained committed to improving Ion’s compatibility with the web applications that our customers are running. Browsium Ion 2.0 Update 2, our second maintenance release, is now available. Update 2 is a full release of both the Ion Configuration Manager and Ion Client Add-on. Installation is seamless and quick, with no need to uninstall the previous version before installing Update 2. In addition, existing Ion project files will continue to work as is.

Ion 2.0 Update 2 (build number: 2.0.4505.40156) includes a variety of improvements, including:

• Improved ability to properly recognize zone assignments for Fully Qualified Domain Names
• Proxy server lookup performance for automatic proxy configurations has been optimized
• Ion is now more compatible with IE8 and its behavior to truncate URLs when they include a ‘#’ character

A complete list of improvements, with more information about installing and using Ion 2.0 Update 2, is available in the release notes.

If you’ve  already purchased or are currently evaluating Ion, you can get Update 2 by re-downloading Ion from the original download link you received via email. New customers interested in evaluating Ion will receive Update 2 automatically upon completion of our online Evaluation Kit request form.

If you would like to schedule a free one-hour configuration assessment or learn more about the Browsium Ion Starter Kit, which includes a paid multi-day onsite or remote jumpstart engagement to ensure up to two of your IE6-dependent applications are running properly in IE8 or IE9 with Ion, please check out our JumpStart Program.

To help in cases where PCs are under severe memory pressure, Ion has a “Limited Profile” option, which makes many of Ion’s features available but without the overhead of additional processes running on the system (and therefore not taking up extra memory).

The tradeoff is that only a subset of Ion’s features are available to the Limited Profile. However, if the limited subset of available features helps customers get their web applications working with Ion, it can be a useful solution to the memory problem.

I’ve posted this KB article at our support site that details which features are and are not available to Limited Profiles, but here are the notable features NOT available to Limited Profiles, with a brief discussion of what each means:

Custom DEP/NX settings. Because Ion is not running in a separate process, Limited Profiles must adhere to the DEP/NX setting used by the host browser (IE8 or IE9).

Custom ActiveX control settings. Web applications running the Limited Profile cannot load custom ActiveX controls (including Java). The default versions of all ActiveX controls loaded by the host browser (IE8 or IE9) will load in a Limited Profile.

Custom Registry settings. Limited Profiles run without the Ion sandbox, so no custom registry settings (including Feature Control Keys) can be set. All Regsitry values will be read normally out of the user’s registry.

Note that there are a few more features not available to Limited Profiles that are detailed in the KB article that are not listed here.

However, there are still quite a few features that are available to Limited Profiles, and they may be enough to get your web-based application running. A short list of features that can still be used by Limited Profiles include (but is not limited to): custom User Agent string settings, string replacement, script injection and content override.

If your PC environment is running with severe memory constraints and the list of features available to you suffices to get your legacy web applications running inside IE8 or IE9, then the Limited Profile may be just what you need.

-Christopher

What do you do when you’re under pressure to upgrade your ageing infrastructure but have hundreds of business-critical web applications that won’t work if you upgrade? If you’re like most organizations, you contemplate spending millions to upgrade the applications or use virtualization to keep them running. If you’re Her Majesty’s Revenue and Customs (aka HMRC), you turn to Browsium Ion to get the job done quickly and easily, at a fraction of the cost of the alternatives.

HMRC, the agency of the British government responsible for tax collection with over 85,000 desktop PCs, has chosen Browsium Ion as their solution to keep their legacy IE6-dependent applications running as they modernize their desktops with a migration from Windows XP and IE6 to Windows 7 and IE9. Not only was this critical upgrade unblocked, but HMRC can now modernize their web infrastructure and deploy new business applications and cloud solutions that wouldn’t run on those old platforms.

As reported in ComputerWeekly, based on an interview with HMRC’s CIO Phil Pavitt, choosing Ion saved as much as £50M compared to alternatives offered by other vendors, including virtualization solutions.

US start-up Browsium is able to complete the work for £1.28m, compared to quotes from £35m to £50m or above from large system integrators, CIO Phil Pavitt, revealed last week.

HMRC is just one of many large enterprise organizations that have discovered that remediating legacy web applications does not have to mean a huge cash outlay and years of development, test and integration. With Browsium Ion, legacy applications run side by side with modern applications and the Internet in a single-browser, with no server-side code changes and no complex virtual environments to manage.

Browsium will be attending the Microsoft Management Summit (MMS) in Las Vegas April 16-20 2012. We won’t be exhibiting (so don’t bother hunting for our booth), but we will be spending the week meeting with customers and partners. Email us at sales@browsium.com if you’d like to schedule a meeting to talk about how Browsium Ion can unblock your organization’s Windows 7 migration.

If you’re in the UK and not able to make it to Las Vegas, don’t worry, we’re coming to you. We’ll be in London on May 3rd for the Microsoft and Camwood Windows 7 migration seminar.

Support for Windows XP ends in April 2014 and IE6 dependencies are standing in the way of many Windows 7 migrations.  Legacy – yet still business-critical – web applications are all too often a key migration blocker, so Browsium and Camwood have teamed up with Microsoft to help customers jumpstart their browser migration and accelerate deployment of Windows 7.

Join us on Thursday May 3rd 2012 in London England for a packed agenda discussing the technical challenges faced by IT departments looking to migrate to a later version of IE. We’ll show you how to overcome these challenges with new tools and innovative solutions, including Browsium Ion.

Registration and event details can be found on the Camwood website.

Here we are a year later and we’ve learned a lot (and shipped a lot of software too). After constantly improving our initial solution over the course of the spring and summer of 2011, we moved on to design and build our second generation solution. In January of this year we shipped that solution, called Browsium Ion. Ion contains the cumulative learning that began on a year ago and has continued to this day. One huge learning was that IE6-dependent applications don’t actually need the IE6 engine to work in a modern browser. So Ion doesn’t include that engine, instead using the built-in engines in IE8 and IE9 along with highly granular control over all the features and settings in modern Internet Explorer.

The customer response to Ion has been tremendous. The world’s largest and most demanding enterprise organizations are finding its power, granular control, and compatibility to be exactly what they need to keep critical apps running and migration costs under control as they transition to Windows 7. In fact, these customers are learning too. They’re learning that Browsium Ion does a lot more than simply fix their IE6 dependencies. They’re leaning that Ion is an indispensable tool for browser management of modern applications as well, giving them complete control over the platform and settings for every web application. They’re learning that Ion not only fixes legacy compatibility, but delivers the unprecedented ability of future-proofing their critical apps against the inevitable changes & improvements to browsers and run-time components that seem to appear with increasing frequency.

Today’s positive response would not be possible if we hadn’t begun this journey on March 15, 2011. And it also wouldn’t be possible if it weren’t for our outstanding customers and partners who put every version of every product we release through rigorous testing and then tell us what’s working well and what needs to be improved.

As we look forward to the future, with new features coming to Browsium Ion and the introduction of entirely new enterprise browser management tools that we’re just now cooking up in our labs, we plan to keep one thing the same: A commitment to shipping and learning and shipping and learning in a continuous virtuous cycle.

A tip of the hat to all of you who have been teaching us since day one and helped us get to where we are today. Thank you, and keep the feedback coming.

We can isolate custom registry keys to a specific Ion Profile, meaning that you can use Ion to customize the registry environment for your web applications but prevent those settings from affecting other applications or Windows or Internet Explorer in general.

By default, Ion Profiles load all the same settings from the registry as the host IE8/IE9 browser, which is typically what you want but through Ion you can change that behavior when required. Any settings that is controlled through the registry can be managed this way, including proxy settings, security settings and ActiveX behavior. If there’s a registry key for it, we can override it with a new value.

Once again, this means you can maximize the compatibility of your browser environment while retaining a high level of security.

One way this is useful is to override ActiveX killbits. Make no mistake: this is advanced stuff and not recommended for any customer who doesn’t thoroughly understand the implications of reviving a control that’s been killed by Microsoft, but it is possible and can be done (through Ion) in a way that’s more isolated than otherwise.

First, some background: Killbits are a way for Microsoft to mark poorly-behaved and insecure ActiveX controls as persona non grata to the browser. If a control has shown that it has serious security flaws that can not be easily fixed, Microsoft prevents that control from loading by setting a key in the registry. The registry setting that does this is called a “killbit.” Internet Explorer will simply refuse to load any control marked that way. You can begin your reading on Internet Explorer killbits with this article. Microsoft will occasionally kill 3rd party ActiveX controls, but only when the 3rd party vendor is in agreement with the decision.

We do not recommend overriding killbits without fully understanding why the specific control was shut down in the first place. In most cases, Microsoft recommends re-writing your application to use a newer ActiveX control instead (and in those cases, you may want to use our “String Replacement Manager” feature as an alternative). When this is not possible, and the security risk and compatibility impact of the ActiveX control is fully understood, you can use Ion to allow a given ActiveX control to run, but only for the specific Ion Profile in question. Please note that in some cases, the security flaw of an ActiveX control may be so aggregious that even allowing it to run for one specific website may not be an acceptable solution from a security point of view, so consider this option carefully.

To help those of you who’d like to tweak the registry for application compatibility, I’ve posted two new KB articles to our support site. The first, “Setting a custom registry value with Ion” goes into detail about how the feature works in general and what syntax is required in the Ion Configuration Manager to successfully override any registry setting.

The second article, “Overriding an ActiveX killbit using Ion’s Custom Registry Manager” goes into detail about what ActiveX killbits are and how to override them through Ion.

-Christopher

Browsium Ion 2.0 Update 1, a maintenance release to address these deployment blockers, is available today. Update 1 is a full release of both the Ion Configuration Manager and Ion Client Add-on and everyone is encouraged to upgrade their test and production systems. Installation is seamless and quick, with no need to uninstall the previous version before installing Update 1. In addition, all existing Ion project files will continue to work as is.

Improvements in Browsium Ion 2.0 Update 1 include:

• NTLM and Kerberos authentication is now supported for servers that enforce Channel Binding for HTTPS traffic
• Support for automatic proxy configuration settings, including WPAD and PAC configuration scripts
• Ion-managed web pages now honor Internet Explorer’s zoom setting
• Improved support for Internet Explorer hotkeys in Ion-managed web pages
• File uploads now work through Ion-managed web pages
• Administrators now have the ability to disable the Ion startup splash screen via a configuration option

You should have received an email this week directing you to your custom Ion 2.0 Update 1 download link if you’ve ever requested an evaluation kit from Browsium. (Check your inbox and spam filter if you missed it — email us if you still can’t find it.) If you’re new to Browsium software, then fill out our online form to download your Ion 60-Day Evaluation Kit today.

If you would like to schedule a free one-hour configuration assessment or learn more about the Browsium Ion Starter Kit, which includes a paid multi-day onsite or remote jumpstart engagement to ensure up to two of your IE6-dependent applications are running properly in IE8 or IE9 with Ion, please check out our JumpStart Program.