Create Java Deployment Rule Sets and manage Java Exception Site lists using PolicyPak

PolicyPak On-Prem and Cloud now closes the loop on one of the hardest problems to solve in the Enterprise: How do you deal with multiple versions of Java?

If you have Website ABC with a Java applet that requires Java 7 U 51, and Website DEF with a Java applet that requires Java 8 or later, then how can you ensure that each website uses the RIGHT version of Java?

Now it’s easy: PolicyPak’s Java Rules Manager component automates the creation and management of Java’s built in Deployment Rule Sets.

(Note: PolicyPak has already been able to manage Java Exception Site lists for years! But this is a “better together story” and here’s why!)

Using PolicyPak Application Manager’s Java Paks to set Java Site List Exceptions helps reduce that would normally be blocked by security checks. That’s great. No one likes Java prompts.

But PolicyPak’s Java Rules Manager takes this to the next level and “teaches” Java what version to use, based upon website, Java RIA Application Name, or Java RIA Application Certificate hash. PolicyPak Java Rules Manager doesn’t “trick” Java; it uses the built-in (though quite complex) Java Deployment Rule Sets. It can be a real bear to do this yourself manually: You have to create the XML, sign it, get it into a JAR file, and get it deployed to your endpoints. And, oh yeah, do that process again and again when sites need updates and changes.

But with PolicyPak Java Rules Manager, it couldn’t be easier: It’s just point and shoot, and you can use Group Policy, SCCM, your own on-prem system or PolicyPak cloud to deploy PolicyPak Java Rules Manager rules.



Again, here’s some videos of PolicyPak Java Rules Manager:

You can be up and running in about 5 minutes.

PS: Here’s an interesting article from TODAY from Infoworld explaining that Java will stop honoring MD5 signed Java applets.

And what’s the best way to deal with this problem? Here’s the short version from the article:

“In cases where the vendor is defunct or unwilling to re-sign the application, administrators can disable the process that checks for  signed applications (which has serious security implications), set up custom Deployment Rule Sets for the application’s location, or  maintain an Exception Site List, [Erik] Costlow [From Oracle says].”