Skip to content
Browsium Documentation Portal Browsium

Administration Best Practices

You completely control the Ion experience. No rules are included ‘out of the box’. There is nothing hidden from you and Ion does not make any decisions for you. We can, however, provide some guidance on writing rules that might work effectively for your organization.

For security and performance purposes, we have designed Ion not to interfere with content that fails to match a declared rule. This opt-in model prevents unwanted content from being displayed using anything other than the standard Internet Explorer experience. While the Ion design increases security and protects both systems and users from inadvertently loading malicious content, unmatched rule content can still be displayed.

Recommendations for Writing Rules that Work Well

Section titled “Recommendations for Writing Rules that Work Well”

Ion was designed so users browsing the web are unaware anything ‘special’ about the content they are viewing and to remove from users the burden of ensuring line-of-business applications ‘just work’. This is the key to a successful experience. Users should not be concerned with the browser rendering engine that they are using with line-of-business applications and websites. Anything else can disrupt and interfere with workflow and efficiency. When writing rules with Ion Configuration Manager, there are some things to take into consideration that can help your users have a better experience.

Any browser upgrade requires an organization to begin the process by assessing which applications and websites are incompatible with the newer (target) version of Internet Explorer. Without a detailed review of which applications need remediation, organizations may look at building broad sets of rules. Most internal web applications are accessed using only a few defined hostnames. At first, you may want to write a rule that covers all hostnames. This will help ensure that all your internal web applications render as they have in previous versions of Internet Explorer. Over time, you can build a library of rules that cover the specific web applications which either do not work with later versions of the browser or still need to be tested. Then, you can remove the overarching hostname rule so that the specific rules apply.

Ion Rules Behavior

Section titled “Ion Rules Behavior”

Since Ion uses a rule-based opt-in model, the ordering of rules is critical to ensure web applications function properly. The Ion design allows an organization to manage configurations in either centralized or distributed models. If a centralized team manages the configuration, there is less likelihood of overlapping configurations.

Organizations which choose to distribute configuration settings to various business units or web application teams may encounter conflicting configurations. In these instances Ion will always use the ‘Last In, First Out’ (LIFO) method, meaning that newer configuration values will overwrite previously read values for the same name. These conflicts can be avoided by using your organizations defined change control process or appointing a release manager to verify configurations prior to deploying in production. Ion Configuration Manager does not offer a mechanism to validate or rationalize multiple configuration files to look for overlapping conditions or errors.

Why Users Can’t Create Their Own Rules

Section titled “Why Users Can’t Create Their Own Rules”

Only administrative installs of Ion can create Profiles and rules. The justification for this design boils down to a simple reason: security.

Older web applications and ActiveX controls were not designed with modern exploits in mind and may not be updated as frequently as their newer counterparts (or at all, in the case of end-of-life software). That’s why it’s important to run modern, up-to-date software for normal, everyday web browsing. Ion helps organizations do just that, allowing them to migrate to the latest platforms while continuing to use the legacy software on an as needed basis.

A user faced with an incompatible web application might be tempted to use Ion excessively or even exclusively. But running Ion to render like IE6 and exposing outdated ActiveX Controls to the Internet just isn’t a good idea.

Compatibility problems are frustrating and incur a cost to users’ productivity. Since users are not given a way to enable Ion manually to ‘fix’ something that appears to be broken, we encourage companies to use existing support feedback mechanisms, such as helpdesk or support escalation systems, to give users ways to provide feedback and get new sites added to the Ion rules lists.

Ion does not install any legacy Internet Explorer components that may be exploited by a malicious site or application. Installing Ion will not add any potentially exploitable legacy Internet Explorer software. The Ion design simply manages how Internet Explorer and Edge Internet Explorer Mode renders content and the environment in which it runs. If a web application requires removing or lowering security settings present in the newer version of Internet Explorer or Edge Internet Explorer Mode you are running, those changes will be restricted to the pages loaded by sites that are defined by rule.

*\