14

Firefox adoption in the home/personal user base seems to be growing fine, but adoption in the enterprise is not going anywhere quickly.

My view on this is because SysAdmins are not promoting it within the organisations because Internet Explorer has features which make it more acceptable to an enterprise, such as

  • Managing settings via GPO
  • Integration into the rest of the update stack
  • Support of common business applications

So what would you add to Firefox to get it more promotion by SysAdmins in the enterprise?

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Robert MacLean
  • 2,186
  • 5
  • 28
  • 44
  • 2
    for the record - I work for a very large enterprise and we have firefox deployed -- so technically it is already ready for the enterprise. Users have a choice of IE or firefox. Most use IE for SharePoint stuff and firefox for everything else. – GNUix Jun 11 '09 at 05:41

15 Answers15

30

If it came in MSI format for easy installation to Windows workstations, and could be managed by GPO and Apple Open Directory then it would be perfect. It would also need to work well with things like Sharepoint, but I suspect that's an issue for the people designing sites in Sharepoint rather than Mozilla.

I know there's currently a fork of firefox that is designed to work with GPOs, but I'm talking about having it work with the "standard" product out of the box, and being able to control and lock down and any all preferences.

As neobyte says, patch management is also an issue. Firefox's current method doesn't scale for business imho.

EDIT: Extension management - this needs to be controllable by the enterprise too, there needs to be a way to roll out and "lock" into place a standard set of extensions, regardless of whether or not you want users to be able to add their own, possibly to nominate a trusted location of your own where you publish "approved" extensions, that kind of thing.

NTLM auth - looks like there's a hack to add this to the browser anyway if you look around the web but this needs to be obviously better exposed.

jldugger
  • 14,122
  • 19
  • 73
  • 129
Rob Moir
  • 31,664
  • 6
  • 58
  • 86
  • 4
    Big +1 for settings manageable by group policy. An msi based installer would be heaven as well. I'd sacrifice patch managment in a heartbeat to get those two simply because it would be easy enough to then just undeploy old and redeploy new rather than "patching". – Ryan Bolger Jun 07 '09 at 08:41
  • Everyone knows about http://www.frontmotion.com/Firefox/ right? – Joseph Jun 09 '09 at 22:38
  • 3
    The problem with FrontMotion is that ultimately it's an unsupported fork and will always be behind in version. You're at the mercy of their donated time to get critical fixes. Also, last I checked, the set of settings you could manage via group policy was fairly small. – Ryan Bolger Jun 09 '09 at 22:51
  • These are the big hurdles to deployment and upkeep of a windows based network. – GNUix Jun 11 '09 at 05:43
13

It's annoying that I'm registered by can't comment until I reach a reputation of 50. Why do i need that to comment?

Anyways, to p858snake: Firefox ADM is not real GPO management, it's cheating. It's cheating by:

  1. Inject some reg keys into registry
  2. Use a .vbs as logon script to read these registries, then modify prefs.js file accordingly

As a result,

  1. You are adding one more logon script. Logon scripts are bad and need to be kept to minumum.

  2. There is no enforcing effect on what the vbs does. User can change the settings manually by going to about:config.

About how to help Firefox make it into enterprise:

  • GPO GPO GPO
  • Centralized update infrastructure

That's it!

bulaohu
  • 131
  • 3
10

They need to get a group of developers at Mozilla who care about anything other than folks at home.

Let's think about the deficiencies of Firefox:

  • No good, documented way to mirror the Firefox update repository and have clients pull down updates locally when approved.
  • No good, documented way to mirror the Firefox add-on update repository and have clients pull down updates locally when approved.
  • No standard way of applying extensions.
  • No standard way of installing the application via systems management tools on platforms other than Linux. (And with Linux you're limited to whatever your distro packages)
  • A settings mechanism that's is about as manageable as Windows 95 was back in the bad old days.
  • A downright hostile attitude towards people who want to do something about these issues.

You'll see good alternatives as Safari and Chrome mature. Forget about Firefox.

duffbeer703
  • 20,077
  • 4
  • 30
  • 39
  • 9
    Well its one of the characteristics of open source software - the developers are focused on solving the problems the developers have. They clearly don't have to roll it out to 1000 locked down workstations. – Rob Moir Jun 07 '09 at 17:12
  • 1
    No standard way of stating which extensions & themes can be installed is another you could add. – Robert MacLean Jun 08 '09 at 07:59
  • 1
    agree with Robert. Its open source -- don't blame the developers. If you want a feature then write it.. or at the least file a bug report for it? have you done that yet? I bet not. Second you are not limited to any distribution package.. you can always compile from source and wrap up your own installation routine. – GNUix Jun 11 '09 at 05:39
  • 4
    Contributing to the Firefox project for something as fundamental as packaging or management philosophy isn't a matter of coding something up. Its a thought process change that requires a significant political investment that neither I nor my employer is willing to do -- we just use another product. Several bugs have been open on this issue for years. – duffbeer703 Jun 11 '09 at 16:48
  • @GNUix: Debian and Mozilla got into an argument at one point because Debian shipped a modified Firefox that did centralized extension management. Debian tried to push that feature upstream and it was rejected. So sometimes you can't just code up the feature. – Mr. Shiny and New 安宇 Jun 15 '09 at 16:43
  • @Mr. Shiny and New: This is one reason why we ditched Firefox altogether and most of our Linux desktop plans -- Mozilla doesn't care and doesn't want to care, so why should I when alternatives exist. My users can take the adsense revenue somewhere else! – duffbeer703 Jun 15 '09 at 23:27
10

You'd have to break a feature in FF to get this working but,

  • Pass through authentication of the Windows user credentials.

We have a number of web apps that use authentication and making users logon everytime in FF would just be painful.

Mike
  • 101
  • 2
6

A way to remotely force upgrades. WSUS controls IE upgrades, there's no equivalent for Firefox, you just can't rely on users to keep on top of updates.

Adam Gibbins
  • 7,147
  • 2
  • 28
  • 42
3

We've seen users sneak Firefox onto their machines, even though they are not local admins. As it doesn't "install" you just need the expanded distribution on a network share and just run firefox.exe direct over the network. They found this out themselves when they discovered that IE6 (our SOE browser) is incompatible with a growing number of apps. So it can sneak in the backdoor!

A big reason for not using Firefox is the lack of official ActiveX support. We have a number of these around the business.

PowerApp101
  • 2,604
  • 1
  • 20
  • 28
  • 13
    On the other hand, a lot of people consider that a feature! – Adam Lassek Jun 10 '09 at 17:22
  • I'd upvote your comment a hundred times if I could... – squillman Jun 11 '09 at 14:36
  • 1
    I hate myself for saying this, but I believe there are FF Add-ons to allow ActiveX support: https://addons.mozilla.org/en-US/firefox/addon/1879 https://addons.mozilla.org/en-US/firefox/addon/8265 (I haven't used these myself) (as if I would sully myself like that!) – AJ. Jun 30 '09 at 14:18
3

Managing settings via GPO can already be done by a third party package called Firefox ADM.

p858snake
  • 439
  • 2
  • 6
3

These features are missing:

Manageable by group policy, especially proxy settings.

No ActiveX support, some our applications we use require this.

OWA Premium (Although this should change with next version of OWA).

A way to centrally manage Firefox Add-ons and Updates.

People here complained after upgrading from IE6 to IE7.
It's hard to force everyone to use something else.

Jindrich
  • 4,958
  • 8
  • 29
  • 42
  • 2
    OWA Premium (Although this should change with next version of OWA). -- that's down to Microsoft rather than mozilla though. I mean, Hotmail has worked very well in FF for a long time. I'm fairly sure that Microsoft could have got OWA Premium (or at least a lot closer to it than we are now) working across all browsers a long time ago if they really wanted to. – Rob Moir Jun 11 '09 at 13:39
2

This is only my enviroment and probably does not apply to many other people, but we run in a Terminal Services enviroment. My main reason for not deploying Firefox is because of memory usage. Even in Firefox 3 we still see massive (2GB plus) Firefox browsers running. Where as IE runs in much less RAM (500-800 MB) for the same people.

Matt
  • 433
  • 1
  • 5
  • 10
  • Even in my own personal usage I have to restart Firefox at least once a week to get it to release all of the memory that it's "using". – David Locke Jun 12 '09 at 19:34
  • Its called caching.. there is a setting where you can tell firefox how much it should cache... – Thomaschaaf Jun 15 '09 at 19:16
  • yeah I have heard about it, the problem is that I am un aware of a way to change the cache for every user I setup in my TS enviroment. Although that Firefox ADM may have the setting in there. Again, once tabs came along though I have seen no real reason to run firefox over IE. – Matt Jun 16 '09 at 05:44
2

Firefox can be widely deployed and managed in the enterprise, given enough resources - IBM deployed and managed baseline configuration defaults through their internal workstation management tool. I know people at "enterprisey" organizations that do this with Firefox as well because the benefits over IE outweigh the negatives.

However, the biggest barrier I've heard/seen with Firefox is that many internal web applications are simply IE only. ActiveX aside, the cost of updating the web app's content (or getting the vendor to) is too high. I'm talking about HTML/CSS/JavaScript presentation stuff that can be browser dependent, and of course the ActiveX, MS-specific development tools, whatever else makes sites 'IE only'.

Also mentioned was user education. People get used to a specific software application, be it IE, MS Word or Windows itself, and they dont want to change. Or training them to use something else is too costly. It doesn't matter if we technical people can switch between applications on a whim. It doesn't even matter if the new application is pixel-for-pixel the same program, some users see a different icon and their entire world explodes.

jtimberman
  • 7,511
  • 2
  • 33
  • 42
  • 1
    +1 on the point about IE only apps. "The great thing about standards is that there are so many to choose from." With IE having the vast majority of the marketshare developers are more focused on IE. IE and FF interpret and support some development standards completely differently. If it just happens to work in FF, then so much the better. If not, go get IE. It's free. Let the sysadmins worry about locking it down. Viva malware...... – squillman Jun 11 '09 at 14:41
1

The reasons I don't push Firefox in the enterprise are:

  • Why add an additional browser to the software you manage?
  • IE can be managed through Group Policy with the rest of the OS.
  • IE is patch managed along with the OS.

I use Firefox personally, but would prefer not to deploy it across a fleet. It doesn't add enough to justify the configuration and update management.

Neobyte
  • 3,177
  • 25
  • 29
  • 14
    "Why add an additional browser to the software you manage?" Security. – ceejayoz Jun 07 '09 at 02:33
  • Another 100x upvote. – squillman Jun 11 '09 at 14:37
  • 5
    Awesome. I will deploy IE, Firefox, Safari, Chrome and every other browser across my whole enterprise. Because apparently this provides me with better security than just using one browser, and patching it properly. Lucky I have so much time on my hands to support all these different updating mechanisms! – Neobyte Jun 11 '09 at 16:42
1

Management issues aside, I think the vast majority of non-technical users are simply just resistant to change. I've tried deploying Thunderbird and Firefox at one company, but a good proportion of the staff just couldn't get their head around the differences between Thunderbird and Outlook (no Exchange involved, just an IMAP server).

The company wasn't in a position to run training on Thunderbird (other than doing it myself there wasn't really anyone to get to do it), so the project got part implemented, with the can-do staff using one Terminal Server with Fx and Thunderbird, and the rest using another TS with Outlook and IE.

Daniel Lawson
  • 5,426
  • 21
  • 27
  • I'm not surprised that people are resistant to change when they don't understand it (you mention no training) and they (probably) see no benefit. To the average end user, Thunderbird is going to be just another email client like Outlook, except with less functionality. Depending on whether or not people use the outlook calendar, asking them to switch to Thunderbird is either asking them to learn something new for no net gain, or move for a loss. Not surprised you found that to be a tough sell. – Rob Moir Jun 06 '09 at 22:43
  • It wasn't really me selling it. Regardless, this was the point I was trying to make - it's not "just" features that are in the way (it's perhaps not even features at all) – Daniel Lawson Jun 07 '09 at 04:01
  • 1
    Fair enough dlawson, and I wasn't intending my comments as a personal dig at you (sorry if it came across that way), more than your post prompted me to think about those issues. It IS a fair point though. How do you sell Firefox to an end user who has IE and isn't one of the people asking for Firefox instead? "You know how you can use the internet now? Well you'll be able to use it with firefox too. Except that a lot of the stuff you've learnt about using your browser will no longer apply. Hope that's OK." – Rob Moir Jun 07 '09 at 10:29
1

A couple of years ago I would have deployed FireFox were it centrally manageable, but I am now past that. We are on IE7 now, soon to go to IE8, and the security is now acceptable. Since I don't want to manage two browsers, and IE isn't going away, we will stick with IE. It ain't perfect, but it does the job.

That said, to answer the question ... the features necessary to make FireFox a good candidate for enterprise adoption are in my opinion:

1- GPO control of settings
2- centralized update control
3- the ability to control add-ins and to centrally update them.
4- passing of windows credentials

I believe #1 and possibly #4 are available through third parties or add-ins.

tomjedrz
  • 5,964
  • 1
  • 15
  • 26
  • And there's that key word again "3rd party" and "add-in". Thats just more things to manage, more components to track and upgrade. – Mark Henderson Jun 18 '09 at 01:48
  • The 3rd party GPO control system looks not to have been update since May 2009. – Tubs May 13 '10 at 10:05
0

These enterprise issues are important but I have internal apps that will run 15 - 50 times faster on a newer browser firefox or IE8. To upgrade to IE8 we have to "certify" all apps will run on IE8, this is not a small effort so we have stayed on IE6. I am trying to pitch FireFox as a second choice to allow us to move forward in our development efforts. The push back I am getting from the software admin folks are the same mentioned above. Specificly the four by tomjedrz

1- GPO control of settings

2- centralized update control

3- the ability to control add-ins and to centrally update them.

4- passing of windows credentials

I believe #1 and possibly #4 are available through third parties or add-ins

ADMXPI for Firefox helps with issue one, what helps with issue four? Is there anything that can be done about two and three? From the enterprise management stand point is it a bad idea to get FF out there as a stop gap between now and when IE8 is deployed around here?

0

It's not about the shortcomings of Firefox, it's more about the lazy (or how is it said in a politically-correct way? "efficient"? hmm?) developers, that keep writing web apps, that, you know, give you that "Optimized for use with Microsoft Internet Explorer 6.0" message for years and years. Anything for job security, hmm?

Anyway, controlling FF settings via GPO would have been nice, but I don't see how it can happen.

shylent
  • 792
  • 10
  • 22