Web Filtering in Virtual Application Environments

Application virtualisation allows Windows applications to be accessed by individual users without the applications having to be installed on each end-user device. The applications are installed on a cluster of servers. Being centralised application virtualization simplies application deployment and management.

End users log in to application virtualization server to access the applications, thus the servers host multiple users simultaneosuly.

Application Virtualisation is widely deployed and products include Citrix XenApp, Parallels RAS, Microsoft App-V and VMWare.

This shared use of resources creates a challenge for certain web filtering approaches: all the user traffic appears from the same source IP address. This makes it very difficult to apply per-user policies or even get per-user web browsing activity for web filtering products based on DNS filtering.

Per-User Filtering & Monitoring

Proxy based filtering, such as that used by Rawstream Web Filtering, does not suffer from the problem. A local HTTP/S proxy running in each user’s instance can collect user browsing activity and apply policies per-user. Group-based policies are supported in Active Directory environments. A local web-proxy has the advantage of filtering on the server itself thus providing two additional advantages: unbeatable performance and full privacy.

Unbeatable Performance

With the browser connecting to a proxy running on the same machine, there is zero latancy and of course, no bandwidth limitations. The “extra hop” is local to the machine itself andm unlike cloud-based web proxies, does not add a network hop. With zero latency and smart local cachine, users’ web browsing experience is not affected.


With Rawstream’s proxy-based approach all traffic is processed on the device itself. Web traffic does not need to be sent to third-party servers, indeed never leaves the device itself, to be filtered. This ensures the maximum possible privacy for the organisation’s communications.

Small Footprint

With multiple user sessions running on a server it is imperative that the end-point agent does not consume memory or CPU resources. With many users on each server resource consumption can add up.

The Rawstream Web Filtering agent is a light-weight and resource-efficient web proxy enabling scores of instances to be running on each Remote Desktop service instance.

Related posts

Track Desktop Applications

Content filtering products limit themselves to reporting websites browsed. Not Rawstream! We track desktop applications used and the time spent in them. This is valuable data for at two reasons: license management, and tracking shadow IT. Rawstream's Application Usage data help you...

Content Filtering for Managed Chrome Devices and Browsers

Rawstream for Chrome is a CIPA compliant web filter for Chromebooks and managed Chrome browsers. Flexible policies allow you to block content by category, time of day, and time quota. Nearly unlimited Block and Allow lists are supported if you need to control access to specific...

Endpoint Agent: Heartbeat and Version Report

The Rawstream Web Filtering agent provides web security and filtering on end-point devices and runs on a variety of environments including Active Directory and Remote Desktop Services. You can use the User List report to find when an agent last called home, and to get the list of agents and...