Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

Comment gérez-vous Java dans votre environnement Windows/Active Directory ?

ayi

Like I suppose a lot of people, we have a Windows/Active Directory environment et a lot of internal line of business apps that require Java. Our experience is that Java does pas play nice in such a corporate network environment. Initial installation is fine (at least il y a an MSI these days), mais keeping things ticking over can be assez a challenge.

Specific issues we encounter include:

Java has c'est own updater, et so it does pas tie into our internal patch management systems.
The lack of tout tools for management of Java settings via GPOs.
The requirement for users to manually configure certain settings.
Multiple Java runtimes on chaque machine (Oracle Jinitiator is a particular culprit here).
Critical settings files stored under le Program Files folder.

with us c'est mostly a batch of logon scripts et hacky workarounds, mais Je suis interested in hearing how autre people handle these items, et si there are tout autre things one needs to watch out for here.

ayi

To speak to chaque of votre concerns:

J'ai been deploying Java runtime environment releases for a peu de years now as software installation assignments depuis Group Policy. I disable updater functionality as a transform to le MSI et deploy updates, as necessary, through mandatory upgrades. If machines need to keep an older JRE (because certains application requires it), I use security groups to keep machines depuis receiving newer upgrades. (Fortunately, J'ai pas had to do this frequently.)

I build transforms to Sun's MSI using Microsoft's Orca tool. It might be nice to have a tool like Adobe's "Customization Wizard", mais I can do everything J'ai besoin de avec Orca.

I n'ont pas had occasion for users to "manually configure certain settings", mais J'aimerais handle it one of two ways. If c'est a matter of certains users needing certains settings that are différent that le "norm", J'aimerais soit deploy a Group Policy "preference" to set that setting (assuming c'est in le user portion of le registry), ou an Administrative Template to changez le setting (assuming c'est in le computer portion of le registry). If c'est requis that hte user be allowed to changez le setting on-demand, J'aimerais grudgingly alter le permissions on le regisessayez de allow le user (really, a security group containing le user) to do so. Grudgingly.

If an app requires its own JRE J'aimerais be apt to tie le installation of that JRE in avec le script / GPO that deploys le application et treat le two as a unit. C'est le simplest way I can think of to deal avec it.

Je suis having a hard time recalling what settings live under "Program Files", mais J'aimerais grudgingly grant permission to a security group containing user accounts that need to modify these settings, si that was required. J'aimerais probably aussi hold mon head in mon hands et curse Sun.

Until Sun gets leur act together re: enterprise deployment et management of le JRE, Je pense c'est likely that tous of us are going to have hacky workarounds to deal avec it. C'est frustrating, mais sadly typical. It seems like le vast majority developers have no concept of what c'est like to do sysadmin work. <sigh>