thewebgeek Posted July 1, 2018 Posted July 1, 2018 Hello! Like many organizations, we are now disallowing the installation of the JRE on our systems without exception. The ISY admin console is one of the last applications that I have to remediate. Do you have versions available that have been run through something like ikvmc and converted to .NET, or an executable that has the required java elements packaged? Thanks in advance!
mwester Posted July 1, 2018 Posted July 1, 2018 Alas, no such thing exists -- if you truly cannot install a JRE, you'll have to do without the Admin Console. I've yet to encounter an organization that didn't allow exceptions, although they may make it extraordinarily painful to obtain that exception... There's just too much enterprise/business software that needs JREs to run. Perhaps it's as simple as putting the JRE on a Raspberry Pi, and calling it an "ISY User Access Appliance". Or perhaps a Docker container or a virtual machine, locked down and isolated, that can do nothing but access the ISY.
thewebgeek Posted July 1, 2018 Author Posted July 1, 2018 8 minutes ago, mwester said: Alas, no such thing exists -- if you truly cannot install a JRE, you'll have to do without the Admin Console. Maybe I'm reading too much into your comment, but isn't the admin console the only way to administer and configure the ISY994? I was thinking not being able to use the admin console meant getting rid of the ISY994 for something with less functionality with a HTML5 or non-java administration tool.
larryllix Posted July 1, 2018 Posted July 1, 2018 (edited) 1 hour ago, thewebgeek said: Maybe I'm reading too much into your comment, but isn't the admin console the only way to administer and configure the ISY994? I was thinking not being able to use the admin console meant getting rid of the ISY994 for something with less functionality with a HTML5 or non-java administration tool. Correct. Without JRE there is no ISY994i setup or editing programs. Edited July 1, 2018 by larryllix
paulbates Posted July 1, 2018 Posted July 1, 2018 Put java and the AC on a minimalist vm, or AWS or azure vm and spin it up when you need it. Is the attack surface of a "recompiled" java app any smaller than regular java? Paul
thewebgeek Posted July 2, 2018 Author Posted July 2, 2018 Thanks for the responses! It looks like we will be going the route of installing it on a VM with limited user/network access as a short term solution until we can further isolate it or migrate to something else (nothing exists today with feature parity to the ISY). I am also looking into the docker route. The GUI piece was throwing me for a loop, but I did find this post that I want to look into further when I get more time https://blog.sebastian-daschner.com/entries/java_web_start_in_docker_sandbox While I agree that JAVA is still very prevalent in the enterprise, I am seeing it become more prevalent as EE running on servers, and used less and less for endpoint applications. After taking a hard look at the environment, we found that for the most part, there wasn't anything mission critical that we couldn't easily replace with a non-java version or an alternate vendor. I think that given the choice, none of us would choose to install and maintain the JRE on endpoints if we didn't have to. Its just one less thing to have to worry about patching and updating.
akss Posted October 31, 2018 Posted October 31, 2018 (edited) I know this is a bit old, but last time I posed the question, the UDI folks said it takes a lot to rebuild that UI (which I can agree with, testing being a huge bear) and that it's just not as high a priority as other things in the queue (risk/reward-wise, and they have a LOT in the queue compared to developer time). We can all agree that at some point they'll need to bite the bullet and do it. And they'll need to do it before some competitor(s) erode their position beyond recovery. I don't say that as posturing - I love my ISY - but it's just a reality and having zero knowledge of their internal priorities, finances, etc, I can make blind statements like "it worries me when this doesn't get more attention." UX is a pretty critical selling point these days. Having your product's usability saved by the virtualization afforded by your customer's surplus processing power isn't a good thing. Managing containers/VMs is yet another barrier to entry for casual adopters. I loathe having to install crapware on my machine, and as a former enterprise IT developer and manager, JRE has been in that category for well over ten years (not trying to offend anyone, it is what it is). It seems to me that this would be ripe for open-sourcing. I don't know how much the software accounts for UDI's IP and value vs the hardware device, but I really wonder if they've seriously considered this option. Developer resources are scarce, I get it. But open source it - even if your code is dirty and embarrassing - let the community submit candidate updates, do testing, etc., and UDI can still control what's "official". They'll probably still be the main contributor, but if the community can help them get an alternative interface kicked up, that's gotta be a great thing. Edited October 31, 2018 by akss Inserted link, corrected company name
Michel Kohanim Posted November 1, 2018 Posted November 1, 2018 @akss, We are working on it. With kind regards, Michel 1 1
akss Posted November 1, 2018 Posted November 1, 2018 6 hours ago, Michel Kohanim said: @akss, We are working on it. With kind regards, Michel Stop teasing me Michel! ? Are you guys working dumping JRE requirement or opening the source or both?
Recommended Posts