When it comes to desktop virtualization, above all else we're trying to manage desktops better. Part of the desktop administrator's job is Web browser management, and a new tool from Browsium Inc. offers an interesting new way to deploy different browsers.
To deliver browsers to end users, we only use desktop virtualization in situations where it makes the most sense. For instance, you can deploy older versions of Internet Explorer via Remote Desktop Session Host (RDSH) to support in-house Web applications. That allows users to use more modern browsers for their daily use, while still providing access to those legacy applications. Of course, that isn't always the optimal solution, but there are only a few options to deal with this desktop management issue.
There's no virtualization going on -- just good old-fashioned trickery.
Last week, Browsium released a new desktop management tool with some real potential. You may have heard of Browsium for its ION product, which allows organizations to use newer versions of Internet Explorer to access applications that have outdated ActiveX controls or are only supported on older versions of IE.
The company's new browser management product, dubbed Catalyst, allows you to specify the appropriate browser for different situations. For instance, you can allow the user to use Google Chrome as the default browser while forcing, say, intranet users to connect to Internet Explorer. Even if a user types the address into Chrome, it will intercept that and open it in IE (or whatever browser the policy dictates).
Catalyst essentially replaces the default browser on the system. That means that links entered or clicked on first run through Catalyst, which then directs the call for a Web page to the appropriate browser. It's as straightforward as it sounds. There's no virtualization going on -- just good old-fashioned trickery. (We like trickery. We've been making Windows do things it wasn't designed to do for 20 years.)
The simple, policy-based approach has a lot of flexibility. For instance, links clicked in the corporate browser (as opposed to a user's normal browser) can also follow policy, either staying in the corporate browser or popping out to their self-chosen one. That gives users a better experience than the RDSH-based method because every page stays on its local machine and loads in the appropriate browser. No more losing a page or forgetting whether you had it up in your published application or on your local machine!
Catalyst also gives IT more control than regular browser redirection. Installed on all desktops, admins could use this browser management tool to disable user-installed browsers in the event of an exploit.
For example, if Firefox had a zero-day exploit that presented a risk to an organization, admins could use Catalyst to disable Firefox altogether on users' computers until the problem was solved. By changing the policy, admins could simply redirect all URL requests to a different browser, even if the user opens Firefox and types in the URL there. It acts as the default browser for every call to a Web page, so Catalyst will intervene.
You can also use Catalyst to manage which zones IE can be used for. If the zero-day exploit above were to affect IE, admins could simply disable IE's ability to browse the Web outside of the trusted, intranet zone. That allows users to still access their corporate applications while keeping them out of harm's way until the flaw can be fixed.
While it's not a sexy, virtualization-based approach, Catalyst addresses problems that many organizations have in a new way. Simple desktop management tools like this make our lives easier.