On 28 January 2015, Browsium hosted a webinar titled: IE11 Migration Made Easy with Browsium Ion. The webinar was a huge success and generated a number of great questions from the audience. We have compiled the complete set with answers to share with all attendees, and anyone else who is interested in IE11 migration. If you missed the webinar, you can watch the video archive on YouTube today.
Read on to see the questions (and our responses) from the IE11 webinar.
As client-side software, does Ion allow for centralized profile configuration so all users obtain the same profile? What about support for 3rd party browsers like Chrome?
While the configuration is loaded on the client side, the configuration file itself is designed to be hosted centrally on a file share or web server. The Browsium Ion client only needs read permission access to the configuration file and then caches the configuration locally in the event the network resource isn’t available or the user system is not network connected. Ion supports Internet Explorer only at this time. As adoption of other browsers increases in the enterprise, and these browser begin to suffer from the legacy issues which have afflicted Internet Explorer, Browsium will evaluate offering Ion support for Chrome or Firefox.
Can Ion be used to redirect websites between IE, Chrome and Firefox? Based on same URL matching techniques?
Browsium Ion is designed to resolve web application compatibility and Java management issues for Internet Explorer. Browsium Catalyst is our multi-browser management tool that enables seamless redirection between Internet Explorer, Chrome, and Firefox. Both Ion and Catalyst rules are triggered using the same engine to match, based on simple (string match), regular expression, or zone-based values.
How are Browsium products licensed? What is the licensing policy/costs in multi-user environments? Can you give list price?
Browsium Ion and Catalyst are licensed via a perpetual license, with a base license fee plus a per-seat license fee, tiered for the number of Windows PCs (or instances of Windows in a VDI environment) that run the Ion software. For multi-user terminal servers, Ion is licensed for the total number of users on the system. Software updates are available to licensees who purchase a yearly support and maintenance contract. Contact Browsium Sales for a custom quote for your organization.
I understand Browsium Ion does not have a central command and control center. Does Browsium provide any sort of reporting for things like agent status, agent failure, sites accessed matching Ion Rules, etc.? Also, for discovering Java you said you have a product in roadmap. Is it going to be a newer version of Ion or a separate product?
The current release of Browsium Ion does not include any reporting options regarding client status or performance/activity data. Customers have requested this type of functionality and we plan to include it in a future release.
Our product roadmap includes a new product focusing on web application discovery, Java/extension reporting, usage analysis, and browser configuration reporting. We plan to have more detailed announcements about features and release timing in the coming months.
How safe is Ion use in the enterprise?
Browsium Ion is built following many of the same engineering principles used within Microsoft, including the SDL process. In addition, the Ion design provides for ‘defense in depth’ security by enhancing the security offered by Internet Explorer (Protected Mode, etc), as well as Java Virtual Machine (Sandboxing, etc.)
Using this approach, Browsium Ion loads process-isolated instances of Internet Explorer and loads the JVM (or other external libraries as needed) in a separate memory space. This design helps ensure any potential malicious action would be limited to the separate process and unable to infect the core system as the modifications will be wiped away when the Ion managed process is shut down.
In addition, the Ion-managed processes are only loaded by pattern match and cannot be ‘forced’ to open unless the specific profiles are loaded by a site contained in the rules list. Arbitrary websites cannot issue commands to the Ion Controller to open a website using an Ion profile.
Does Ion run as a Windows service or as plugins within the browser?
Ion is comprised of two parts on the client side – a browser plugin and standalone controller process (.exe). The browser plugin is responsible for monitoring network requests and URL parameters, while the controller process handles the bulk of technical tasks to ensure browser performance is not impacted.
Is there a roadmap for Ion compatibility with Windows 10 and the new browser Spartan? If yes, can you provide any assurance in terms of when will it be available?
Browsium is committed to supporting new Internet Explorer and other browser releases as they reach general availability. With respect to Spartan and Windows 10, both products are currently in various levels of pre-release availability so we do not yet provide support for them. We are working closely with Microsoft to ensure a smooth and successful customer experience when Spartan and Windows 10 are released to the market later this year.
What browsers do you support apart from Internet Explorer?
Browsium Ion supports Internet Explorer only at this time. As adoption of other browsers increases in the enterprise, and these browser begin to suffer from the legacy issues that have afflicted Internet Explorer, Browsium will evaluate offering Ion support for Chrome or Firefox.
Browsium Catalyst is our multi-browser management tool that enables seamless redirection between Internet Explorer, Chrome, and Firefox.
Join us in late January for the next installment of our 30-minute webinar series featuring Browsium founder Matt Heller. In December, Matt discussed how Browsium Ion can help your enterprise keep current with Java security updates while still ensuring compatibility for all your line of business applications. In January, Matt is turning his attention to IE11 migration – a topic that is top of mind for every enterprise IT manager as Microsoft prepares to end support for IE8, IE9, and IE10 at the beginning of 2016.
When: Wednesday 28 January 2015 at 0900 PST/ 1200 EST / 1700 GMT
Ensuring legacy web applications can run alongside modern applications in IE11 is crucial to a successful migration. Only Browsium Ion provides the granular control to keep your mission-critical applications running and streamline this migration.
On 10 December 2014, Browsium hosted a webinar titled: Manage and Secure Java with Browsium Ion. The webinar was a huge success and generated a number of great questions from the audience. We have compiled the complete set with answers to share with all attendees, and anyone else who is interested in Java management. If you missed the webinar, you can watch the video archive on YouTube today.
Read on to see the questions (and our responses) from the Java webinar.
How do you determine that you are running a different version of Java within a browser instance?
There are a few methods to determine the version of Java that is running within a browser instance. One method is to inspect the DLLs used by that browser instance. The DLLs loaded in any given process within Windows can be inspected with Process Explorer. By investigating the list of DLLs loaded under iexplore.exe, you can usually determine the specific version of Java in use. Another somewhat simpler method is to navigate to the javatester.org website within an Ion profile. This can be done by setting a specific rule for Javatester for that profile or appending the string that triggers another rule that uses that profile to the javatester.org URL (e.g., http://javatester.org/version.html?ruletriggertext).
Does Browsium Ion work with Java Web Start?
Yes, Ion can be used to manage different versions of Java Web Start required by different web applications by leveraging Ion’s Custom Registry settings. As a note, some Java Web Start settings or application functions exist outside the browser and Ion is limited to managing functions within the web browser.
What happens if the target system doesn’t have Java installed in that folder – does it fail or does it use the default version of Java instead?
If Ion attempts to load a previous version of Java and it is unable to locate the required files, the default version of Java will be loaded. Browsium recommends using environment variables and defined locations on systems to reduce misconfiguration situations like this.
What kind of logging capabilities does Browsium provide? Can they be leveraged to discover what applications users are accessing which require Java?
Ion provides standard Windows application logging to the event viewer. In addition, Ion can be configured to collect data about which applications the users are accessing. At this time, Browsium would need to work with your organization to convert those data logs into usable and actionable reporting. In 2015, Browsium will release a new product specifically designed to enable organizations to collect and report on all aspects of user web actions, this will include documenting which sites require Java.
Could you please provide any approximate timeline for when this new version (with better logging and reporting) will be available?
At this time, the new product is planned for delivery in 2015.
Is it required to have all Java versions, for which we have created rules, deployed/available on all the end-points?
All versions of Java required by the end user must be installed on that user’s PC. But that user need not have all versions of Java defined in the Ion configuration. However, many organizations prefer to create a single Windows image with all versions of Java required by the organization and a single Ion configuration for all applications used by the organization. You can choose the deployment strategy that works best for your organization.
Will you need to have Java installed in Static Mode?
Ion does not require Java to be installed in Static Mode, but will support static installations of Java. More information on Static Mode can be found on the Oracle Java documentation website.
How would you install multiple versions of Java on the local machine without using the static switch?
A best practice for installing multiple versions of Java is to install in reverse order, from newest to oldest. This will install each version in a unique directory and allow all versions to be installed side-by-side. Once these versions are installed, only the most current version will attempt to auto-update. The legacy versions will be maintained on the system without prompts for updates.
Are there triggers other than the URL? Can you trigger from internal calls from an application without having a visible embedded URL?
Ion is able to review any http or https call made by any Windows application, so links can be visible/interactive for the user or hidden/silent programmed actions and Ion will trigger based on defined Rules.
How do you install multiple versions of Java when one version uninstallls the previous one?
Installing a new version of Java will typically upgrade and remove a prior installation from the same version family (e.g., Java 7 update 71 will upgrade and remove Java 7 update 67). But the same installation will not affect an installation from a prior version family (Java 7 update 71 will not affect Java 6 update 45). A best practice for installing multiple versions of Java is to install in reverse order, from newest to oldest. This will install each version in a unique directory and allow all to be installed side-by-side.
Can Ion manage Java in Internet Explorer only, or does it also work with Chrome/Firefox?
Today Ion provides Java management for Internet Explorer only. However, this functionality can be used in conjunction with Browsium Catalyst to provide additional Java security. For example, an organization could configure Ion to enable multiple versions of Java in Internet Explorer for intranet applications and then use Catalyst to direct all Internet traffic to Chrome with Java disabled for maximum security. More information about using Ion and Catalyst for Java security can be found on the Browsium Blog.
Can Ion help to disable the “Java out of date” warning messages?
Yes, Ion can be used to set custom registry settings for a specific application. This includes setting the registry key to disable Microsoft legacy ActiveX blocker as documented in the Ion Knowledge Base. In addition, Ion’s Custom Files Manager can be used to configure a substitute version of Java’s deployment.properties file to suppress various Java version warnings.
Will I need to modify my Ion configuration when Oracle releases a new Java update?
As new major versions of Java are released, changes are expected with the file installation paths. Browsium recommends using a standard naming convention for each major Java version (e.g. Java 7, Java 8, etc.) so file paths are easy to manage and updates will not impact Ion configurations.
What keeps malicious web pages from invoking old versions of Java if they’re installed on all my PCs?
Ion uses an opt-in model to determine when legacy versions of Java are to be loaded. Unlike other solutions that rely on the coding of a webpage, the Ion approach reacts only based on the specific web location. This design prevents a malicious website from being able to gain access to the legacy Java files, as Ion would not surface them to an undefined or unapproved website.
Does Ion work with Java 8?
Yes, Ion can be used to invoke an old version of Java when Java 8 is the default. So, for example, you could have Java 8 update 25 as the default version and invoke Java 6 update 45 for a specific application. Oracle has made changes to Java in the most recent Java 7 and Java 8 releases that require a few simple additional remediation steps. These have been detailed in the Ion Knowledge Base.
Today we released a maintenance release of Browsium Ion to address a number of issues and feature enhancements requested by our customers. Changes in this release include:
There are more details to help you install and use Ion 3.4 in the Release Notes. We highly recommend reading them before installing.
If you’re already an Ion customer, you can download the new version from the download page sent to you with your license key. If you’re just evaluating Ion now, or are interested in evaluating it, you have two options:
With the release of IE11, Microsoft introduced its newest tool for web application compatibility, Enterprise Mode for Internet Explorer (EMIE). Since its inception, there has been a lot of excitement and also confusion about what EMIE can do and what it can’t do. Many of our customers have been asking, “When is EMIE sufficient and when should I choose Browsium Ion?” This blog post compares the two, highlighting the key differences that matter to your browser migration projects. In the end you’ll find it’s clear that EMIE is useful and important, but Ion is essential for mission-critical web applications in complex enterprise IT environments.
Microsoft designed EMIE to address web applications that were developed for IE8, but do not work properly in IE11. Developing this tool was critical for Microsoft and its customers, as IE8 is now the single most popular version of any web browser, particularly in enterprise where it’s dominant. With Microsoft ending support for IE8 (and IE9 and IE10) in January 2016, every enterprise now must evaluate the tools that can assist in their IE11 migration strategy.
EMIE offers more features than Microsoft’s previous tool, Compatibility View, which was optimized for IE7 compatibility. It’s great to see Microsoft adopt approaches and provide tools to help with web application compatibility as they continue to evolve Internet Explorer.
Customers who have limited complexity in their IE8-dependent web applications will be pleased with EMIE. It is designed to address user agent string and CSS expression issues. It also has a Site List Manager to enforce which sites will use Enterprise Mode through Group Policy and end users can select Enterprise Mode for public websites as well. In our experience, customers with these basic needs will benefit from this improved and easy to use tool for simple IE8-based web applications.
However, many of our customers have discovered that, while EMIE addresses some of their basic compatibility issues, it falls short in addressing defects with their more complex business critical web applications. Many of their IE8-dependent applications will not work properly with IE11 and EMIE. In addition, EMIE does not provide a solution for migrations to IE11 from IE9 or IE10. For all of these applications, a more comprehensive solution is required.
Web based applications with compatibility challenges often hold companies back from a required browser or OS migration. These troublesome and frequently mission critical applications are typically very complex and highly customized. They exist at a foundational level of the business process or provide parts of the core IT engine that drives the overall business. These applications aren’t broken simply because of a user agent string or a CSS expression button, which EMIE is designed to address. They are made up of many little applications and reporting tools, and each may be broken by a range of issues that require a different set of changes to fix them. This is where we see the majority of defects in these complex applications. And this is where Ion goes above and beyond what EMIE can provide.
Browsium Ion delivers a complete solution for remediating both basic and complex legacy applications running in modern versions of Internet Explorer and also delivers granular management of browser environments for true side-by-side compatibility and enhanced security. (Screen shots of Ion and EMIE found at the end of this post clarify how different these two products are in the granularity of their settings.) Ion uses the same Internet Explorer and Windows APIs as EMIE, but is much more powerful to effectively remediate complex enterprise web applications.
Another major area of concern for our customers is safely managing the multiple versions of Java required by various applications. EMIE does not to address Java management. Browsium Ion enables you to maintain a defense-in-depth Java strategy by allowing specific applications to run only the Java version it requires, when needed, independent of your overall Java security strategy. Ion provides granular control of Java so you can run multiple versions side-by-side, maximize your security stance, and accommodate legacy applications that require older versions of Java.
The following table will give you an idea of how Ion can work in your environment when compared with EMIE.
|Target web apps for remediation by domain or URL||✔||✔|
|Provides IE8 rendering mode to fix basic layout issues||✔||✔|
|Provides IE8 user agent string to server||✔||✔|
|Provides option of using any IE rendering mode, from Quirks through IE11||✔|
|Manage multiple versions of Java and run them side-by-side in IE||✔|
|Provides legacy web app compatibility for users running IE8, IE9, and IE10||✔|
|Enables phased rollout to heterogeneous IE environments, across XP, Win7 and Win8||✔|
|Custom Registry Settings per web application to control specific IE features and security settings||✔|
|Override ActiveX controls for each web application, with zero-footprint installs||✔|
|Deploy configurations via Group Policy||✔||✔|
|Deploy configurations via any enterprise mgmt tool||✔|
Clearly, EMIE is rarely enough for most large enterprise environments. Complex enterprise organizations with many legacy and in-house developed applications need much more — they need Browsium Ion for web applications compatibility and the added browser management capabilities today’s most dynamic IT environments demand. Try Ion in your organization by downloading the free evaluation kit.
The following screen shots provide a very clear picture of the power and comprehensiveness of Browsium Ion when compared with EMIE. Ion has many rich features and granular control for web application remediation and browser management, while EMIE takes a more simplistic approach with only a single site list in its management tool.
By now you’ve read the news about Microsoft’s changes to the Internet Explorer support policy. Supporting only the most recent version of Internet Explorer on each Windows release is a bold and necessary step for Microsoft. Internet Explorer fragmentation has made life miserable for web developers and created an unsustainable support matrix for Microsoft. The increasing pace of change in operating systems and browsers has made an already nasty problem even worse.
Microsoft’s new approach is clearly good for the web and for consumers (and it’s great for Microsoft). But what does this mean to enterprises – organizations like yours that just struggled through a Windows XP to Windows 7 migration and have now standardized on IE8 (or IE9 or IE10)? Now you must all migrate to IE11 by January 2016 or lose support. How will you upgrade all of your line-of-business applications by then … and how will you keep pace moving forward?
Inquiries arrive daily at Browsium from organizations asking these very questions. Our answer is the same answer we’ve been giving for more than four years – your application upgrade schedules don’t need to be dictated by browser vendors. There is a better option.
Browsium’s browser management platform gives you control over the timing of application upgrades. It does this by allowing legacy IE-dependent applications to run in modern versions of Internet Explorer, side by side with your most current applications. This enables you to easily migrate to the most current release of Internet Explorer on each Windows platform with confidence, knowing your critical business applications will continue to run. You’ll save time with our easy-to-use tools, and you’ll save money by avoiding unnecessary application rewrites and upgrades.
To be fair, there are other options. Microsoft offers guidance on best practices to re-write or replace existing applications. However, we continue to hear from enterprises that application rewrites or replacements are not in the budget (and certainly not within the time-frame available), so they must look into compatibility tools. Microsoft has an option for compatibility – Enterprise Mode (aka, EMIE). IT organizations have told us that it’s an improvement over the older Compatibility View. They find it useful for some business applications and public websites, but it’s often not sufficient for large scale, complex enterprise applications. A specialized tool with much more granular control is needed to handle these applications.
Browsium’s powerful browser management platform has been designed with the world largest and most complex enterprise IT environments in mind. It delivers granular control of your browser environment, resulting in optimized compatibility and security.
As a CIO, CTO or business unit owner, you should be making application upgrade decisions based upon your business needs. For years we’ve been helping customers do just this with our worry-free browser migration approach. We’ll help you put in place a robust browser management platform to support your business-critical applications well into the future. And as we’ve all seen, rapid technology change is the new normal in the IT industry. Browser management will help you keep pace.
You can manage the complexities of your enterprise browser environment, take the worry out of browser migrations, and extend the ROI of your existing business applications. Learn how Browsium’s browser management platform can make this happen.
Start by downloading the evaluation version of Browsium Ion. Next, contact our team of experts, or one of our partners, to help you plan, implement, and deploy our browser management solution across your enterprise. The next time you’re faced with an Internet Explorer upgrade, you’ll be so prepared, you’ll have the confidence to say “Bring it on!”
Many in IT want to be seen as innovators – a very worthy aspiration. But it’s also comforting to know that the technology platform upon which you’re going to bet your business is a proven solution already in use by many other organizations just like yours. It’s exciting to be first … but who wants excitement in IT when mission-critical web applications are at stake?
When choosing a browser management platform, you can rest easy. You’re not first. In fact, far from it. Browsium solutions have now been successfully deployed by a broad range of organizations across a variety of industry verticals. We’ve put together a sampling of real-world stories of Browsium products at work solving real enterprises browser management challenges.
This compilation of success stories spans the finance, pharmaceutical, retail and transportation industries. While each story has a unique browser management challenge, in all cases the need to ensure the preservation of business critical applications was paramount. These enterprises have:
These achievements have all taken place thanks to Browsium’s browser management platform.
Take a look and see how much your organization has in common with these highly successful and technically complex enterprises. Read Browsium Industry Success Stories.
Web browsers are a critical component of modern IT infrastructure. Many existing business applications run in a browser, with more moving to the cloud every day, yet the tools to manage browsers have not kept pace. Today’s rapidly changing operating system and browser environments bring with them complex and costly application compatibility and security issues – issues that must be addressed to keep those business-critical applications running. This leaves IT organizations, like yours, with the challenge of cost-effectively managing web browsers throughout the enterprise. Some of the obstacles you’ll encounter include:
Read the Browsium Executive Overview to learn how our browser management platform delivers essential browser compatibility, security, and control to enterprises like yours. This easy-to-read 2-page PDF provides a brief overview of our solutions. It’s designed to help you make the case to use Browsium Ion and Catalyst in your organization, so please share it with your IT management and your CIO.