Browsium have released Catalyst, a browser management utility designed to make deploying multiple browsers in the enterprise a manageable reality.
The browser is a gateway to the Internet, to applications, to data, to the corporate intranet. Outside of the office, its not uncommon to switch between browser versions between devices: or even have different browsers on the same device. My Google App world is ably accessed from a Chrome experience synchronised between devices, but I have Internet Explorer on-hand, and Firefox still gets a run out all be it increasingly less so.
Indeed, for many corporations such care-free browser relationships are equally common. This might be because different browser versions are required to maintain access to legacy applications; to give users more choice; an effort to reduce the impact of a browser security issue. Alternatively, because control of different browser environments has been complex in the past, it is deemed less cumbersome and risky to mandate a single browser environment.
With the release of Catalyst, can care-free relationships be afforded a level of sensible protection? Can restrictive single-browser choices be relaxed and more business user friendly? Browsium intend Catalyst to reduce helpdesk calls and improve IT security allowing more granular control of all browsers in the enterprise and how does it do that?

No such thing as bad weather, only the wrong type of clothes
Catalyst is “a browser management utility”.  Catalyst makes managing access to URLs using multiple browsers in the enterprise a reality. Catalyst is not intended to patch browsers or to deploy browsers. The focus for Catalyst is on ensuring that an organisation can readily control a user’s use of a browser for a specific URL.

  • Need to access the CRM only using Internet Explorer v6, but all other URLs with Firefox?
  • Need to ensure YouTube is accessed using Chrome?
  • Need to disable all URL access for a given browser due to a security problem, as was advised by Microsoft late in 2012?

This problem could be resolved with application virtualisation: with, say, VMware’s ThinApp or SymantecWorkspace Virtualization? I’ve come across a number of environments offering different browser versions via XenApp published applications. You can deliver  browser choice using  application virtualization: but the granularity of control of browser per URL, or resource is the complex task. Often it is cumbersome for the user and relies on knowledge and action on their behalf.
Browsium’s Catalyst is intended to deal with ensuring that the right browser is used for the right site.
 

Catalyst Version One – Smell that New Car Smell

Catalyst has three goals:
1) Maximize Compatibility: you can use ensures users always use the optimal browser for each web application. Legacy business applications are accessed via the most compatible legacy browser, while modern applications and the Internet are always accessed with a modern browser.

  • Browser Rules ensure there is a method of controlling which browser opens each website.
  • Transparent to end users – the right browser opens automatically, eliminating help-desk calls and lost productivity from the users not RTing the F in M, or just plain forgetting.
  • Browsium Catalyst Client Add-on works with Internet Explorer 6 and above, Firefox (v15 or later), and Chrome (v22 or later) on Microsoft XP SP3 or Windows 7 SP1 (x32 and x64). No Windows 8 support yet. No Safari.. No Opera.. support – while  a deficiency probably not a massive corporate problem just now in v1.0, but you can add in browsers into the configuration tool, so Catalyst is extensible

2) Strengthen Security while not a replacement for AV, on-going patch management or proactive threat mitigation (such as Bromium’s vSentry or McAfee’s Deep Defender), Catalyst allows legacy browser use to be confined to legacy business apps. This ensures that old versions of Internet Explorer can avoid accessing the Internet. It also provides a method of immediate revocation of browsers that have fallen foul of zero-day exploits.
3) Manage With Ease The Catalyst Configuration Manager makes creating Browser Rules simple. Winows installer files allows agent delivery using popular enterprise software deployment services, or even Active Directory making deployment of the settings fast and easy (note that the client install does require admin rights and prompts for a device reboot).

  • Catalyst Configuration Manager makes it easy for IT to build Browser Rules
  • Expressions enable IT to build simple Rules based on URL or complex Rules based on specific criteria
  • Project files can be saved and edited or updated as needs change
  • Browser Rules can be can be deployed to client PCs via Active Directory (Group Policy) or via any enterprise software distribution system.

Whats it like?

<shakes fist at documentation being linked to an on-line pdf>. I realize that’s the best place for the most up-to-date notes, but not hard to include the file in the download. Anyhoo,
You’ll find two components – an administration setup for the configuration utility; and a client setup which is a Windows installer that adds in Chrome, Firefox and Microsoft IE add-ons.
Catalyst is controlled by a hierarchical system of Rules, defined using the Catalyst Configuration Manager. Users of Browsium’s Ion will be familiar with the layout.  The Configuration Manager provides tools to define criteria by which web applications are loaded in a desired browser. This can be by Absolute URI, a domain or a URI Zone.  In addition to simply specifying a website to open in a given browser, Catalyst offers the ability to control the user experience when being redirected (e.g. New Tab, New Session, New Window).

Catalyst Configuration Manager
Catalyst Configuration Manager
While the Configutation Manager tool is where you create the rules, Catalyst supports both local and group policy managed settings to provide a level of flexibility and an enterprise ready testable solution. Once the configuration is saved and loaded, the browser add-ons monitor the navigation process for each browser and communicate with a Controller process to ensure the correct Rule is followed and the appropriate browser is loaded. For those doing more simple testing (like me) you can side step group policy template files and simply use a flat with a couple of registry changes.
As you can see from the Configuration Manager screen shot – tests on my simple configuration for my x64 Windows 7 test machine had a couple of different URIs configured – with each one linking to a different browser. Once I’d given the add-ons the nod to run, whenever I wanted to click on www.virtualizationpractice.com that URI would be presented in Chrome, the Microsoft Partner site always opened IE: regardless of whether I clicked the link from an email, typed it in from the start menu, a desktop shortcut or a link in a browser. Neatly impressive.
I did have a couple of problems in my test setup: the key controller process occasionally got uppity – in which case, no rules fire at all;  my Internet Explorer 9 based rules often took a good while to open. However, my test environment has had a lot of things going on: I could do with testing in different environments, and my experience with calling the support team at Browsium has always been good.
As with any piece of software – especially one that is intended to add additional security – test in your environment, pilot in your environment. There is indeed capability in Catalyst, make sure you validate that capability in your environment; but well worth an investigation to help you manage a multi-browser environment.

Catalyst Available Now

Catalyst is available for a 30-day free evaluation, with prices at the  time of writing opening at $20 per bottom for smaller volumes of seats.