/build/static/layout/Breadcrumb_cap_w.png

Java Deployment for Enterprise

Hello,

We are running into some challenges managing exception sites for users and we are unable to fully suppress warning even on approved sites. 
Oracle has been no help at at all, wondering if anyone has found a way to manage this without having to purchase the admin console at $30 a node. 

thanks  

1 Comment   [ + ] Show comment
  • Are you deploying your own exceptions? If so, why not include all sites that should be excepted, even if they are not relevant for a specific client.

    Phil - Pressanykey 8 years ago

Answers (1)

Posted by: taylor-madeak 8 years ago
Yellow Belt
1
We're in the midst of exactly the same kind of project, and here is an overview of how we're handling it for Windows systems:

  1. To solve your security prompts issue: Use a Deployment Rule Set to whitelist internal utilities that are currently being blocked or causing Java to throw security warnings.  Documentation here.  The ability to sign JAR files with a trusted certificate is required.  I use KACE K1000 for deploying and tracking rule sets as custom software inventory items, which requires the installation script for the rule set to create registry entries that KACE can read.

  2. Enable the Java usage tracker for versions that have implemented that feature (Java 7 and 8 free versions, Java 4, 5, 6 if you've paid for extended support) and use Splunk (if you have it) to track and analyze the data.  Usage tracker documentationHow to use it with Splunk.

  3. Use the Java deployment.properties and deployment.config files to limit what Java Control Panel options end users can play with.  Documentation here.  The presence of these files will also prevent users from upgrading Java on their own.

  4. Initial deployment will be handled with a PowerShell script that removes existing JRE installations, replaces them with our standard deployment configuration, installs the rule set and configuration files, and enables usage tracking for all installed JREs.

  5. Keeping Java 8 up to date is handled with K1000 patching.

I don't want to go into too much detail, as there is a lot of configuration and setup that went into this project, but this should give you some idea of what you can do to manage Java in the enterprise without buying Oracle's expensive AMC option.

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ