Web Filtering in Virtual Application Environments

Application virtualisation allows Windows applications to be accessed by individual users without the applications having to be installed on each end-user device. The applications are installed on a cluster of servers. Being centralised application virtualization simplies application deployment and management.

End users log in to application virtualization server to access the applications, thus the servers host multiple users simultaneosuly.

Application Virtualisation is widely deployed and products include Citrix XenApp, Parallels RAS, Microsoft App-V and VMWare.

This shared use of resources creates a challenge for certain web filtering approaches: all the user traffic appears from the same source IP address. This makes it very difficult to apply per-user policies or even get per-user web browsing activity for web filtering products based on DNS filtering.

Per-User Filtering & Monitoring

Proxy based filtering, such as that used by Rawstream Web Filtering, does not suffer from the problem. A local HTTP/S proxy running in each user’s instance can collect user browsing activity and apply policies per-user. Group-based policies are supported in Active Directory environments. A local web-proxy has the advantage of filtering on the server itself thus providing two additional advantages: unbeatable performance and full privacy.

Unbeatable Performance

With the browser connecting to a proxy running on the same machine, there is zero latancy and of course, no bandwidth limitations. The “extra hop” is local to the machine itself andm unlike cloud-based web proxies, does not add a network hop. With zero latency and smart local cachine, users’ web browsing experience is not affected.


With Rawstream’s proxy-based approach all traffic is processed on the device itself. Web traffic does not need to be sent to third-party servers, indeed never leaves the device itself, to be filtered. This ensures the maximum possible privacy for the organisation’s communications.

Small Footprint

With multiple user sessions running on a server it is imperative that the end-point agent does not consume memory or CPU resources. With many users on each server resource consumption can add up.

The Rawstream Web Filtering agent is a light-weight and resource-efficient web proxy enabling scores of instances to be running on each Remote Desktop service instance.

Related posts

Endpoint Agent: Heartbeat and Version Report

The Rawstream Web Filtering agent provides web security and filtering on end-point devices and runs on a variety of environments including Active Directory and Remote Desktop Services. You can use the User List report to find when an agent last called home, and to get the list of agents and...

Product Update: New Reporting for Rawstream Web Filtering

Rawtream Web FilteringĀ is a powerful web security solution for all your endpoints. A new report has been added that makes it very simple to track agent activity and deployed versions. Last Agent Activity The Last Seen column shows the last time each agent was active. Time is in the...

The Challenges of Working from Home

The Challenges of Working from Home

Rawtream Web FilteringĀ is a powerful web security solution for all your endpoints. Working from home has its advantages (no commute!), but presents its own challenges. Working in a office provides structure and routine. You may not stop for a lunch break, but colleagues getting up for a...