Enterprise:TeamA

From MozillaWiki
Jump to: navigation, search

Team A: Case Study

Team A: Case Study

Environment

  • ~50,000 Desktops world-wide
  • Windows Operating System

Browsers

Primary/Contingency enforced – seeking feature and management parity. Infrastructures are kept as separate as possible to reduce risk of vulnerabilities affecting all browsers

  • Primary: Internet Explorer
  • Secondary: Firefox

IE

Settings management with GPOs. ActiveX controls regulated via a Whitelist. Engineering team owns all engineering work around deploying and maintaining IE.

Firefox

Upgrade Strategy

  • Security teams gauge risk to Firm from Security Notifications
  • We Download latest source that addresses vulnerabilities
    • Compile internally
    • Swamp in some custom extensions
    • Go through regular testing/deployment process

Settings Management: Mission Control

In-house, lightweight WebApp (service) is integrated with LDAP. Firefox encodes user's UID from ENV var and GET-requests settings from WebApp. WebApp looks up user privileges in LDAP and generates the .js settings file for the user's session on-the-fly. Default vs. Lock directives are based based on user's group memberships.

Benefits over GPO:

  • Penetrates to laptops because sync down is over HTTP
  • Is wired into Firefox startup mechanism. Locks are enforced at Firefox startup, every time.
  • UI elements related to locked settings are also disabled.
  • Mature mechanism since Netscape days
  • No infrastructure overlap with IE - enforces "contingency" mentality.

Profile Management

  • Control naming conventions for profiles, i.e. %username%_2.0.0.3ms1 for ease of support and engineering of support tools.
  • Profiles are migrated and conventions enforced with in-house vb scripts that are compiled as custom actions into msi package.
    • Enforce Firm-wide shortcuts and links
    • Sanitize settings that may break MControl mechanism
    • Enforce naming conventions for profiles

Addon Management

Extensions

  • Users not allowed to download and install directly from addons.mozilla.org. All extensions are Wish-listed, reviewed by internal teams and "blessed" for release into internal repository.
  • "Blessed" extensions are customized so that they pull updates from internal server. Process is painful but is largely automated with a comprehensive Shell scrip developed in-house (candidate for sharing! =) )

Plugins

  • More rigorous approval process. Are deployed as part of package. Currently exploring how to deliver Plugins as Extensions (http://developer.mozilla.org/en/docs/Deploying_a_Plugin_as_an_Extension)
  • Approved as extensions, supported ones are packaged internally
  • Prefer to deploy plugins to a directory outside of Program Files/Firefox and to set paths in Windows Registry
  • Application owner also owns the Plugin and is responsible for pushing out upgrades, i.e. Team that owns Windows Media Player also owns the WMP Plugins for Firefox

Deployment

  • All installations and upgrades are pushed to the Desktop, ie SMS
  • Preferred method for centrally managing configurations
    • Mission Control
  • Settings Management focus:
    • Security-related/risky features - lockdown
    • Performance related – lockdown/defaulted
    • Usability - defaulted

minor version upgrade

Time to delivery: 1-2 months

  • Week 1
    • Compilation, configuration, engineering testing
  • Week 2
    • Packaging + Quality Control, Level 2/Service Testing
  • Week 3
    • Production pilot testing
    • Production env management teams sign off
  • Week 4
    • Confidence levels to deploy
    • Documentation, Knowledge transfer to support teams

Major version upgrade

Time to delivery: 3-6 months

  • Compilation, configuration, engineering testing: 2 weeks
  • Security architecture review: 2-3 weeks
  • Developer/Engineering Pilot: 1-2 months
  • Phased Pilot rollout/sign-offs: 1-2 months
  • Documentation, Knowledge transfer to support teams: 2 weeks

Addons

  • Extensions - 1 week turnaround, supported on best-effort basis (internal Mozilla community)
  • Plugins - managed by the core engineering team as mentioned above
  • Searchplugins - are standardized and released as part of package. Users may install additional search engines into their profiles
  • Dictionaries - treated as extensions
  • Themes - treated as "extensions with no business case", which means nobody has had the time to invest into making Themes available

Web Development

  • Currently all Web Application *must* support IE. Firefox is treated as "contingency" browser with a small hand-full of business critical apps that do support it. Working hard to take Firefox support and penetration within the environment to the next level.
  • Working with internal WebDev Governance teams to establish cross-browser best practices
  • Focusing on business-critical applications first to require Firefox support

Main Painpoints

See TeamA Firefox Wishlist

Retrieved from "https://wiki.mozilla.org/index.php?title=Enterprise:TeamA&oldid=62197"