Enterprise Firefox Requirements

I was going through some old documents from the office and found the result of a brainstorming session around Enterprise Firefox requirements. I wanted to capture this list somewhere and figured this was the best place. Note that some of these might be done and some of these might not even be clear – this was just a moment in time. It will be interesting to see what other folks think of the list. It is in no particular order.

  • Security (keycards, etc.)
  • MSI Packaging
  • Active Directory Integration
  • Perfect unattended install
  • Allow entire Firefox directory to be specified
  • Roaming profiles
  • CCK for Thunderbird
  • Store preferences in registry?
  • Allow cache to be local with a remote profile
  • Better ActiveX sandbox for Firefox
  • Scalable deployment/management
    • IEAK
    • Active Directory
    • Registry Editing
  • Centralized Management
  • Better enterprise patch deployment tools (Tivoli)
  • WebDAV?
  • LDAP
  • Kiosk mode
  • Whitelisting

What do people think? What on this list is really important?

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

19 thoughts on “Enterprise Firefox Requirements

  1. Allow rendering certain websites in IE. Some government/regulatory sites are outside of our control and require IE.

    Centralized management of search box, certain bookmark folders. Make them uneditable.

    Lock down preferences that impact security.

  2. Better NTLM auth support is missing from the list. I started to work on making some sort of add-on that would have UI to add items to the network.automatic.-ntlm-auth.trusted-uris list but unfortunatly it is beyond my coding kung-fu at this point.

  3. As a network admin, I really need to be able to do a silent install that doesn’t touch the system defaults easily. Storing preferences in the registry is nice but not necessary. It would also be nice if there was more documentation on per-user settings.

  4. 1) Perfect unattended install

    2) Portability/roamability (with good performance of course, so that “local cache, remote profile” feature should be there as well)

    3) Centralized Management

    /me thinks 🙂

  5. Some of the bullets are already available or am I missing some information? (unattended, roaming, cache)

    – Allow entire Firefox directory to be specified
    Do you mean like PortableFirefox? It would be nice to have an official Mozilla version instead, but not necessary.

    – CCK for Thunderbird
    Well, as a Thunderbird-man, I would love more control, so all the features for Firefox ported to Thunderbird 🙂

    – Centralized Management
    Yeeha! With possibility of un/locked settings, so the admins control how FF/TB works.
    If you centralize the control, then you could skip some of the other options, since they would be redundant or less important.

    + Scripting
    If you don’t run Windows Server, but Samba then you need ways to do stuff, that doesn’t require a MS server. Maybe more ways to script via Batch or shell?

  6. Unattended install and centralized management are a must for a lot of the IT people I’ve met that want to deploy firefox but don’t want the headache.

    Some stuff I’ve heard (very unscientific):
    * Ability to install with a default profile containing specified bookmarks and some first run add-ons
    * Ability to run the silent install over the network
    * Roaming profile – essentially what we’re doing with Weave, but enterprises will want their own control over that, I imagine.

  7. Better support for WebDAV would be nice. What is missing currently from all browsers is a way to launch the native webdav browser. For example, I’d like to provide a webdav:// url on my page that would open Windows Explorer so the user could browse the WebDAV share and do their file operations.

  8. Machine-wide CA database. Currently impossible since the list of CAs is a) compiled into a binary, meaning a recompile of Firefox to add one b) not shared between apps. Maybe the new NSS will fix this, but possibly only to share the user certdb, the NSS roadmap isn’t clear if there will be a system-wide certdb.

  9. Perhaps this is a result of not running IE in a corporate environment, but what are LDAP and Active Directory integration used for in the browser?
    Aren’t these primarily used in global address book situations?
    I’m not they’re not desired, but I’m not seeing their value in the browser.

  10. @Mark S:
    Active Directory can be used for user/policy management and deploying software.

    LDAP also can be used for user management.

    So you open the browser and it hits the corporate server to download policies, etc.

  11. Group Policy support is probably the big one. On a well-run Windows network Group Policy automatically manages the browser settings so from the users PoV it just works. Having to run vendor-specific config. management for one application would be cumbersome and annoying. Windows admins on bigger networks are used to having to build their own MSI packages since many vendors don’t bother to package their own stuff, so that’s actually less of an issue than Group Policy, IMO. Having said that, it’s always a pleasant surprise to see a vendor offering an MSI, so it would be a relatively cheap way to win points.

  12. A bundled version of IE Tab that you can provide a list of intranet URLs requiring MSIE and firefox will automatically use IE Tab when someone browses to one of those URLs. Now Firefox will work with all the intranets, old and new 🙂

  13. Better proxy support. Say you have an a proxy that requires you to type in a username and password. Now if you have a lot of tabs stored from a previous session and you start the browser again, firefox opens an authentication dialog for each tab. Plus one for the extension update check. Lot’s of fun.

  14. I work in a Solaris shop and use Firefox (and Thunderbird) in the enterprise for their ease of central management. Deployments and patches scale very easily. MCD/autoconfig makes it trivial to enforce corporate policy. LDAP support puts user account control in a single place.