Ivanti Browser Management
Ivanti Browser Management allows IT administrators to simplify the management of web browsers across their end user computing estates.
It delivers important benefits:
•Control browser data generated
Browser Management introduces controls to manage browser generated data to ensure only relevant data is retained for each browser in an optimal manner. Policies are configured to remove unwanted data including cookies which have expired or cookies which are used solely for advertising or user behaviour tracking purposes.
•Ensures the appropriate browser is used for different web resources
Because different websites and web applications may require a specific browser to function correctly, enterprises often deploy multiple web browsers to their users. For example, websites may leverage ActiveX controls – and only function in Internet Explorer, or they may be designed to render correctly in certain browsers only. Browser Management addresses this requirement by redirecting web requests to a specific browser based on administrator-configured policies. The result ensures the appropriate browser is used for the web resource accessed, and helps ensure good user experience and productivity.
•Management of browser Bookmarks/Favorites
User created favorites/bookmarks can be shared across browsers providing users with a consistent experience in each browser they use. Browser Management also offers features to allow administrators to centrally deploy and manage favorites/bookmarks for users based on requirements.
Architecture
Agent
Browser Managementis installed and run on endpoints using an agent constructed as Windows Installer package (MSI). It is installed locally onto each endpoint requiring Browser Management features. The installer package can be installed manually or delivered using any suitable third-party deployment system. Both 32-bit and 64-bit Microsoft Installer packages are available.
Depending on the installation options selected for use by the installer Browser Management may install two Windows Services, and a file system filter driver along with other binaries.
When the Browser Management installers (x64.msi or x86.msi ) are imported into the Ivanti UWM Management Center and configured for deployment, all features are installed by default.
Agent Services
There are 2 services which may be installed by the Agent:
•Ivanti Browser Management Notification Service
•Ivanti Browser Management Network Service
The Ivanti Browser ManagementNotification Service runs as SYSTEM on each endpoint. The service is used for system level notifications for items such as user sessions, user logon and logoff events and browser process start and stop events. When the Ivanti Browser Management Notification Service is installed the file system filter driver is also installed.
Notification Service
The Ivanti Browser Management Notification Service serves multiple purposes:
•Provides a simple installation and execution mechanism - the service ensures the WebData Management component applies to any browser data prior to any profile management solutions and before the user profile is unloaded during the logoff of a user session.
•Enables the Browser Redirector feature to receive notifications for new sessions and ensures that browser requests are intercepted and redirected as required.
•Provides a session-based mechanism to allow the synchronization of Favorites/bookmarks to take place. The service handles all notifications for new sessions and ensures that the Favorites Synchronization is completed for any specified users.
•The Notification Service is not required for the WebData Management feature but is required for Browser Redirector and Favorites Synchronization. The behaviour of the notification service can be managed by policies as required.
•When the Notification Service is selected for use with the WebData Management feature, additional options are available for executing the data clean-up for the Google Chrome, Mozilla Firefox and Microsoft Edge (Chromium) browsers. WebData Management can be configured to perform the data management on the exit of the browser as well as during the logoff of a user session. If required, the automatic execution of WebData Management at logoff can be disabled so only the on browser exit processing is enabled.
Additional notes
The Ivanti Browser Management Network Service runs as SYSTEM on each endpoint. The service is used for network communications for automatic update purposes.
The Ivanti Browser Management Network Service is an option which can be selected as part of the installation. The Network Service will ensure that the latest definition files are downloaded automatically.
A Content Delivery Network hosted in Microsoft Azure is used to contain the latest Cookie Definition file. This Cookie definition file contains information relating to which tracking, advertising and analytics cookies which are to be removed by WebData Management.
The Network Service is not required for any of the other features to function and is only used to update the files which store the definitions for which tracking, advertising and analytics cookies are to be removed by WebData Management.
File System Filter Driver
When the Ivanti Browser Management Notification Service is installed the file system filter driver is also installed. The driver is responsible for notification of process start and stop events and provides information to the Ivanti Browser Management Notification Service about defined processes such as browsers and Windows taskhost processes.