On 24 August 2016, Browsium hosted a webinar: Why today’s IT operations management tools are insufficient for the modern end user workspace … and what you can do about it. The webinar was a huge success for the live audience and generated a number of great questions from the audience. We have compiled the complete set with answers to share with all attendees, and anyone else who is interested in learning how you can take command of the browsers within your enterprise. If you missed the live event, you can watch the video archive on YouTube today (or use the embedded video player above).
Read on to see the questions (and our responses) from the webinar.
You keep saying existing tools like SCCM or Alteris don’t work for managing add-ons or Java, but we use it to package, deploy and inventory already…what do you mean?
Existing end user management tools were designed a long time ago around a binary (exe/dll) model where applications were installed and run locally. That design is focused around Windows system file structures and information is read/stored in the registry. Web applications aren’t installed, they are a collection of data (text, script and images) delivered by a web server that get compiled by the browser. In a way, web based apps don’t ‘exist’ such that tools like SCCM or Alteris could see them. They can certainly see the add-ons or Java installations, but with no correlation to browser usage of those components, you’re left with a list of things and no idea who needs them, where they are needed or what applications require them.
How does the Browsium Ion eval kit work?
All modules in the Browsium browser management suite are available for free evaluation from our website. Ion and Catalyst evaluation kits provide the full functionality of those modules for 30 days. The Proton evaluation kit has a 50 client limit in addition to the 30 day limit.
What browsers are supported by Browsium’s products
Browsium Proton and Catalyst support Internet Explorer, Chrome, and Firefox on Windows. Ion supports Internet Explorer only as it takes advantage of management APIs in Internet Explorer that are not available in the other browsers.
What about Microsoft Edge in Windows 10
Today, Edge has limited support for extensions and it’s not capable of enabling the advanced functionality provided by Browsium’s products. When Microsoft enhances Edge to provide parity with Chrome and Firefox extensions, we plan to add support for Edge in our products.
We have proxies and server logs for inventorying web applications and usage, what is this giving us?
There are a few major issues with relying on logs, first of which is you need to know where to look. Second, most companies only use proxies for external access so that doesn’t help find the systems you don’t know about. Even If the system is under IT control, you should be able to get access logs but they just report on client access so you know who accessed a system you know about. You haven’t really learned anything, and certainly don’t know anything about dependencies. Beyond that, you remain ‘blind’ to the systems you don’t know about by using the server and proxy log approach. Let alone having to build a reporting solution for all those log files.
You talked about the company saving money by avoiding the patch, test and bug fixing cycle. Our security team has said we need to keep updated at the latest version for Java, so how does that company remain secure running old software?
Our goal is to deliver a balance to the long standing security vs. compatibility compromise. The premise has always been you can have one or the other – keep it working and be exposed, or lock it down and break it. We believe you can have both and through the Browsium suite we’ve delivered that ability. This customer can keep current with the latest patches so they remain secure, but for web applications that need legacy controls or other insecure settings, our Ion feature set provides a process isolated approach to enable the legacy and current to exist side by side while preventing unauthorized access to the potentially vulnerable software.
New releases will improve security and save money in IT operations management.
Today we released 4.0 versions of Browsium Proton, Ion, and Catalyst. These three product modules comprise the first-ever end-to-end browser management suite designed to improve security and reduce the unnecessary costs of managing browser-based business application environments.
While the modules in our suite have improved individually, the biggest change is the new unified Browsium Client. This new component includes the agent functionality for Proton, Ion, and Catalyst, resulting in a simple installation which delivers all client functionality for the Browsium suite. This eases enterprise deployment and provides a more efficient and performant client experience. As our customers are top priority, we unified our modules into a single Browsium Client to fit the needs of our growing F500 customer base.
Today, the browser is the core platform for end user workloads in the enterprise, where web applications have replaced native applications for nearly every business task. Yet modern IT organizations lack the tools to manage this browser-based end user workspace. Existing management solutions are designed around the old installed, executable application model with everything packaged and bundled for delivery and management. Browser-based applications are very different, with applications compiled at runtime with no clear application boundaries. A new management paradigm is required for browser-based applications.
Managing the browser is more than Group Policy settings and controlling Security Zones. Your organization requires a complete browser management solution that gives you visibility, knowledge, and granular control of this mission-critical application platform. With Browsium Proton, Ion, and Catalyst working together as part of your overall management toolset, your organization can take command of the modern IT workspace to increase security and save money.
The new release of Browsium’s browser management suite includes new versions of each of the suite’s three modules: Proton 4.0, Ion 4.0, and Catalyst 4.0. The modules can still be used independently in your organization, but the entire suite provides optimum browser management capabilities. All three benefit greatly from the new, unified Browsium Client discussed earlier in this post. Here are a few additional key new capabilities of each module. The release notes for each module provide much more depth about all changes in the 4.0 release.
There’s no reason to wait, you can download the 4.0 releases today. If you’re already an Browsium customer, you can download the new version of your module from the download page sent to you with your license key.
If you’re just evaluating our products, or are interested in evaluating them, you have two options:
Today we released an Ion maintenance release which which addresses an important Java management scenario that affected our customers. The details of this change are as follows:
Follow the appropriate link to confirm your email address or fill out an Evaluation Kit Request Form for each of the three modules. Clicking the module names will open the release notes.
|Module (release notes)||Already in our database||New to Browsium|
|Proton 4.0||Confirm your email address||Request Proton eval kit|
|Ion 4.0||Confirm your email address||Request Ion eval kit|
|Catalyst 4.0||Confirm your email address||Request Catalyst eval kit|
Brian Madden, who recently wrote “Browsium’s new ‘Proton’ product is like SCCM for browsers. (And it’s awesome!)“, is hosting his final BriForum in Boston this week.
Don’t miss your opportunity to see Brian Madden live and in person. This is a great opportunity to network with hundreds of experts and peers. You’ll also get independent, real-world vendor-neutral technical content to get ahead in your job and your career.
Browsium is in booth #107. Join us and learn how to relieve your top 3 Java pain points. You can also register to win a Nespresso coffee machine. Hope to see you at the show.
Today we released an Ion maintenance release which adds some key improvements and addresses a number of important issues that affected our customers. The changes in this release include:
You can find more details about all of the improvements in the Ion 3.7.2 Release Notes
If you’re already an Ion customer, you can download the new version from the download page link sent to you with your license key. If you’re just evaluating Ion now, or are interested in evaluating it, you have two options:
Today we delivered a Proton maintenance release which addresses a few customer-reported and internally-discovered issues.
Changes in this release include:
You can find more details about the new features and other product fixes in the Proton 1.2 Release Notes
If you’re already a Proton customer, you can download the new version from your license key download page. If you’re just evaluating Proton now, or are interested in evaluating it, you have two options:
Like a gopher infestation in your lawn, Java updates just keep popping up. Some days keeping up can seem futile but, with your web application compatibility and IT security at risk, you battle on. You’re not alone and there is a solution.
If you’re like our customers, you typically experience three primary Java problems – maintaining application compatibility, staying current with the latest update, and reducing your IT attack surface. Let’s look at these top three pain points:
Based upon these three Java pain points, your Java battles sure would be a lot easier if you could:
Fortunately, there is a solution – browser management. With the paradigm shift to browser-based applications, a new set of management tools are required to manage this highly complex and interdependent environment. Java is a huge part of the enterprise browser landscape and managing it will greatly improve application compatibility and security, while eliminating lots of pain for your IT organization.
Browsium’s browser management suite is that new tool set which enables you to solve your Java pain points. With it you can discover Java inventory and activities, plan your Java environment with analytics and modern solutions, and act to bring increased security and compatibility to your environment.
Java really doesn’t have to be so painful. You can learn more about managing Java and see how the Proton module in our browser management suite queries and reports browser activity, including Java, by taking a Proton Test drive.
There’s been big buzz in the IT world — for what feels like years now, about the demise and deprecation of using and managing Java with enterprise applications. Java has become synonymous with antiquated web technology, security breaches, and limited (if any) support. And if you rely on it, well, you fear the IT world says “shame on you”.
In talking with IT professionals every day at both large and small companies, I find they are consistently surprised about the realities around Java versus the hyped messaging and headlines. I’ve outlined a few of the biggest misconceptions about Java here in an effort to clear the air and lower your blood pressure.
1. Java is dead and no one is developing for it (and you shouldn’t either).
Much like Mark Twain’s famous quip “Reports of my death have been greatly exaggerated” so has the health and future of Java. Most enterprises have already invested heavily with a breadth and depth of applications written in Java and their development teams are steeped in Java. They have a rich, extensive knowledge of the applications and platform design. Those are sunk costs, but these Java-based applications are still very valuable resources. While you could rip out those applications and replace them with more modern architecture, you’d lose valuable intellectual property in the process, spending budget you don’t have – which could be better spent elsewhere. It’s simply not realistic or practical. These Java-based applications can be retired over time, based on business needs to innovate and add functionality.
It may be more accurate to say that many new, modern web applications aren’t developed in Java. But the vast majority of IT teams continue to enhance feature sets with Java-based applications and extend the functionality of these existing applications – many of which are mission critical to the business.
2. Java can’t be secured and therefore is a huge liability.
One of the biggest concerns with Java is that it has many vulnerabilities that can be exploited. It’s got a reputation as the least secure software out there, with people frequently pointing to the sheer number of updates and bulletins from last year alone (was it 70+?). Certainly that doesn’t instill confidence that the current version you’re using is fully secure.
You can auto update your applications with the latest Java version from Oracle, but most enterprises turn that capability off quickly. While updates will address known security vulnerabilities, they will often break other functionality and that could actually end up being much worse. It gets out of control so fast. Many enterprises are running 10-20 different versions of Java; one healthcare organization I met with recently is running over 50 versions because of vendor support or integration requirements. Clearly, organizations resign themselves to run old version on their systems regardless of the vulnerabilities.
“They” say the only way to be absolutely secure is to free yourself of Java entirely. What are your alternatives? Rather than ripping Java out and starting from scratch, there are solutions that “containerize” specific Java versions so they’re only exposed to select applications. You can set Java up to load secure sources and work off in the corner – to be used safely when needed.
3. Running multiple versions of Java in the browser requires virtualization.
Browsers were originally designed to provide feature extensibility as a way to provide support for languages and solutions like Java that weren’t part of the HTML and CSS specifications. This design approach didn’t really consider the need to provide version control mechanisms for loading the 3rd party platform components, limiting the browser to only load the latest components of a given control. This is in stark contrast to the environmental control designs enabled in Windows which have long allowed for multiple runtime environments to be loaded simultaneously side by side.
To overcome this design limitation, many organizations turn to virtualization as a way to deliver packaged browser applications. While Microsoft raises issues on the legal issues surrounding this approach, some organizations are willing to risk legal action or losing product support. For them, the benefits of virtualization – the ability to isolate anything into a discrete image and insulate it from everything else so it works the way you want it – outweighs the compliance risks. But the issues aren’t just contractual; In addition to the legal questions, virtualization often requires the technical equivalent of ‘harvesting the ocean’, including more components, software and 3rd party utilities than absolutely required to ensure any library is available for reference at any time. That includes insecure applications getting access too. Culling down the images to bare bones is possible, but requires extensive time and testing. The clear downside of virtualization is in the costs associated with packaging, support and management issues at scale. A customer once compared virtualization of Java to cracking a walnut with a sledgehammer – it does the job but the waste is great.
What customers really want is the ability to ‘natively’ isolate Java in the browser and find a way to run what they need, where they need, when they need. Trust me – or better yet trust our 100+ customers – that you can isolate Java effectively on a tab by tab basis inside the ‘native’ IE browser, without compromising security and reducing the support burden.
Remember the days of Win32/executable applications that were designed to run on top of the operating system? Heavy client Java apps could rely on environment controls and library load behaviors to ensure a targeted Java version was loaded for a given application. You could install the Java version it needed and it would load it without impacting anything else on the system. Now that apps are running in the browser, that scenario gets a bit more complicated. The entire paradigm is different and it’s not as clearly defined. While you’ve taken away the complexity of managing the desktop, you’ve gained complexity in managing the browser. It’s a trade-off.
Most believe that when you install the latest Java version, it automatically overrides the existing (older version). Not necessarily. When you statically install a new version, it can intentionally leave the older version behind. You may want to do this so the older version can be available to continue to execute specific actions in the application. But now you’ve opened yourself to complications again.
It’s not for the the faint of heart – managing web-based Java resources on your own requires manual configuration, packaging via an SDK and working with certificates. However, there is a browser management solution on the market that makes this entire process dead-easy. (I’m not mentioning any product here, but I think you know who I mean.)
4. Oracle is killing Java, what other sign do you need to see that it’s dead? (see #1)
A few months back Oracle made an announcement about the plans for Java 9. One of their focus areas is around browser based Java applications, and their message was greatly misinterpreted to mean Oracle was dropping the whole platform, not just the browser plug-in. Sort of. Oracle is shifting away from the traditional browser plug in where applets are loaded IN the browser to an approach where Java applets are launched FROM the browser.
Customers will need to make changes to how apps are launched, and in many cases will need to adjust the applets and code itself. From the browser side, Chrome has already begun the process to disable the Java plugin prior to Java 9, and other browser vendors are expected to let support die out when Java 8 is no longer supported.
My read on this change is that Oracle decided the browser plug-in was the source of too many security black eyes and threw in the towel. They thought if they cut off the attack vector, they could stop the attacks. So now it’s gone in Chrome, and I fully expect Microsoft to end IE support before too long. Microsoft has been clear that Edge will never have Java plugin support.
Java as a platform is here to stay for a long, long time – and there are options to gain the security and compatibility you need, without the plug-in.
5. Paying for Oracle support will prevent compatibility issues with upgrades.
I’ve heard about this one a lot in recent months. Enterprises know the road forward is intricate, and no one wants to be the person who didn’t buy support when things break, so many opt to purchase additional support for the patches and updates from Oracle. But instead of getting an actual fix for your problem, you’ll probably only get frustrated (and a hefty invoice).
While you may get someone to pick up the phone, the bar to fix an issue you’ve discovered is astronomically high. You have better chances buying a Powerball ticket. What you’re really buying is a bigger list of download links to self-serve your issue. It’s not personalized support that fixes these issues – especially with older version of Java. You’ll be told to upgrade, but then you already knew that, right?
6. Using proprietary technology like Java will always be more limited than standards.
When HTML5 first came on the market, it was heralded as the best thing ever for developing apps — it was standards based, and way less confining than a proprietary tool like Java. Well, we know how long that lasted. In the short time HTML5 has been a standard, some features have been removed or revamped. So the lesson here is that open standards or proprietary technology, you can still get it wrong.
Feel better? I can tell you confidently – You’re not the only person on the planet still using Java. Not even close. Every organization has technical debt. It’s part of the digital economy and will always be an issue we need to handle. Java’s technical debt may be more expensive than other types given the security and support questions, but it’s normal. It’s part of business. You’re normal. And you’re welcome.
– Matt Heller, Browsium Founder and Chairman
Today we released an update to Browsium Catalyst to add some new features and address a few issues that have been reported by customers recently. Changes in this release include:
A complete feature list, along with information to help you install and use Catalyst 3.2, is available in the Release Notes. We highly recommend reading them before installing.
If you’re already a Catalyst customer, you can download the new version from the download page sent to you with your license key. If you’re just evaluating Catalyst now, or are interested in evaluating it, you have two options:
On 23 March 2016, Browsium hosted a webinar: What’s New in Ion 3.7. The webinar was a huge success for the live audience and generated a number of great questions from the audience. We have compiled the complete set with answers to share with all attendees, and anyone else who is interested in the new features of Ion 3.7. If you missed the live event, you can watch the video archive on YouTube today. You can also grab the slide deck.
Read on to see the questions (and our responses) from the webinar.
Regarding the project history feature, is this just a point of reference for tracking and auditing purposes, or does this feature let users revert back to previous versions of the project?
At this point, the project history feature is just for tracking and auditing. We had some internal discussions during the development of this feature about adding capabilities typically found in higher end software development tools that have revision tracking and reversion capabilities. However, at this point, the Ion Configuring Manager is not that sophisticated and for right now we are just giving a visual history of what happened in the project.
Is there a command we can send to the Controller to force it to restart on demand or should customers continue to kill the control process for it to reload?
Yes, there is a command, the BrowsiumIonController /restart command, that can be sent to the Controller via script. The challenge with that is that Controller commands, especially /start and /restart, need to be issued with user privilege not system privilege. (This issue has been around since day one, and this is well documented in the admin guide, so there are a number of instructions in there on starting, restarting, and stopping the Controller). One of the reasons that we designed Project Update Activation the way we did, was because it was not easy for administrators to centrally script 10,000 Ion clients to restart the Controller, because they would have to do it with user privilege, which is much harder. We have had some customers do it, but the standard tools used for system management don’t do that very well. Project Update Activation, using the scheduler to update the configuration outside of normal work hours, is a much better approach.
What would you say the single biggest change between Ion 3.7 and its predecessor is?
I would definitely say Project Update Activation is the biggest change, because of that limitation I just described. Because of the challenge of restarting the Ion Controller with user privilege, Project Update Activation is very important. Again, be careful with it, used the scheduler and run it in the middle of the night. That’s a very safe way to go, as opposed to the ‘immediate’ option, which could interrupt users in the middle of their work by closing Ion-managed instances automatically.
Generally speaking, how long should a company expect deploying Ion 3.7 to take?
If they are already running Ion 3.6, then it shouldn’t take long at all. It will upgrade the Ion configuration on the fly and just work, so it should be very seamless. The release notes document in detail what has changed and any considerations when moving between versions. Generally, when you are moving between the last few versions and the current one, there are no issues.
If you are talking about a new deployment, where someone has not deployed Ion at all, the deployment part is easy. Pushing the client out and pushing a configuration out is quite easy, because again it works with all the standard system management tools that enterprises have. The hard work is application remediation. There is no single answer for that. Our customers in general, find that for complex apps like ERP or CRM system it can be a week of remediation and testing per application. Many other applications can be done in a day or even a few hours. If it is a Java swap as we saw here in my demo, where I was swapping Java three or four different times just in a few minutes, that’s very easy. What you really need to do is plan based on the complexity of your project. If you’re dealing with a lot of large applications, plan for a few weeks. If its a Java swap, it’s primarily just a matter of testing.
Can you run the 3.7 client with the 3.6 configuration file?
Yes, the Ion 3.7 client can read configuration files as far back as Ion 3.0. However, if you open the legacy configuration file in Ion 3.7 Configuration Manager it will be updated to the new format and will no longer work with older versions of Ion. So be sure you upgrade the clients to 3.7 before upgrading or changing your configurations using the newest configuration manager.
Does Ion support Edge?
What direction do you see Ion going in the future, and how will that complement the other products Browsium offers?
I alluded to this earlier in the webinar. One of the areas that we have been enhancing over time in Ion is Java management. We are doing some work now to enhance Java even further, because there are a lot of changes in the world of Java. Chrome already dropped support for Java, Firefox talks about dropping support for Java in a future release, and Edge doesn’t support it at all. So IE11 is really only the current browser that supports Java today. Oracle has even talked about dropping the Java plug-in completely, when they move to Java 9. That’s pretty frightening for enterprises, because those mission-critical Java-dependent applications aren’t going to go away. We are going to enhance our support of Java, so whatever the browser vendors do and whatever Oracle does to make it harder to run Java in the enterprise, we are going to make it easy for our customers to use Java until they no longer need it. Of course we are going to do this in a secure way. One of the things we are looking at doing is making it easier to block Java from Internet sites, while still using it on intranet applications. That way you can run Java for the applications that need it, but it’s not exposed to the web where you need to lock down security. These are a few of the enhancements we are looking at. Of course we will do other work to make project development and deployment easier for application remediation. But, we believe Java management will continue to be a key focus for Ion.
Today we released an update to Ion which delivers easier project development, improves deployment operations, and includes a variety of other enhancements. Now it is even easier for your enterprise to smoothly migrate to IE11 and secure and manage Java with Ion.
Important new features in Ion 3.7 include:
You can find more details about these product changes in the Ion 3.7 Release Notes
Ion 3.7 is loaded with new features. Watch our 30-minute webinar to learn how Ion 3.7 can benefit your organization.
If you’re already an Ion customer, you can download the new version from the download page sent to you with your license key. If you’re just evaluating Ion now, or are interested in evaluating it, you have two options: