This call focused on the Enterprise Wishlist. What are some common problems that need resolving and what features can we vote "up" as a Community?
Topics covered:
- Addon Management
- Do enterprises wish to control updates to addons or the application itself?
The general sentiment seems to be "yes". At one extreme an enterprise may wish to allow the user's browser to pull updates directly from Mozilla. At the other extreme, an enterprise may wish to provide an intermediary point so that all internal browsers pull updates from this point. The intermediary infrastructure then has to have a way of pulling latest updates from Mozilla, either manually or automatically.
So, first, we need to understand how to configure for each scenario. Second we need to understand how to set up our internal infrastructure to facilitate the second scenario.
- Distribution
- MSI packaging -This seems to be something everyone wants.
- Ability to easily repackage the browser so we can add in our own "default" addons.
- Distributors that create packages for others to deploy cannot use the Firefox brand as part of their package. However, enterprises that deploy for internal audience only can use the Firefox brand. Can we work through these issues to make distribution channels more accessible?
- Settings Management
- Group Policy - a non-trivial problem to solve. Need to work on proper GPO integration!
- GPO vs Mission Control - pros and cons - will schedule a separate meeting to discuss these issues.
- Security Zones
- By design, Firefox does not allow cross-domain scripting. For an intranet, this can effectively break Web2.0 where developers want web technologies to federate. With IE, subdomains on a common domain are placed in a Trusted Security Zone. The relaxed security settings allow full-blow AJAX federation and interoperability. Similar capabilities exist in Firefox but they are no where near on par with IE.
Firefox has a notion of a "security setting". There are even policy.* settings that make it possible to simulate Security Zones. This is great! However, Firefox treats policy.* and other security settings differently from rest of the settings. In fact - according to Mike Kaply - it is a completely different API. Mission Control cannot manage these settings which means we can't enable them across the Firm. This is a real challenge. How can we allow Mission Control or GPOs to enable these settings in a managed manner?
My team compiles our own version of Firefox from the latest "stable" source. We make no changes to the code base. Why do we do this?
- Set our own version and timestamp info for the executable and the dlls. This helps us differentiate between "supported" Firefox and a "renegade" Firefox within the Firm. We actively discourage users from installing vanilla or "renegade" versions of anything. This is simply a security precaution for a Fortune 500. All software deployment goes through this pipeline. An unpatched Firefox within our environment that admits an exploit vector could be disastrous for business.
- We enable and compile in the "Autoconfig" mode that allows us to run Mission Control for settings management.
- We introduce some custom extensions and themes that we want to include in our package.
- We drop in config files for Mission Control
My point, we really do need an Enterprise Firefox package that's separate from the Consumer package. But what is it? What's the common denominator? One enterprise will want to manage settings with GPOs. Another one will want Mission Control. A third will want both. Is it possible to instrument a flexible package that can be configured? Maybe asking enterprises to compile their own version is not such a big deal when instructions on doing so are bullet proof. Much to think about...
No comments:
Post a Comment