Session Workflow
Each user authenticates to the isolation appliance using their device. As soon as the user launches a potentially vulnerable application — such as a browser — the isolation appliance assigns them a pre-provisioned app box. A clean, malware-free version of the application (app image) is loaded into this box, along with the user's associated data (e.g., browser history).
This is where the cycle begins.
- User input
- Transmission of input to the browser
- Internet communication
- Writing to the screen buffer; downloaded files are stored in a designated folder if applicable
- Screen buffer is read out pixel by pixel
- Pixel stream is transmitted to the user
- Client software renders the pixel stream on the display of the user's device
Once the user closes the browser, their session history is stored outside the app box, and the app box is then deleted.
In Development
All app boxes (containers) belonging to a user are encapsulated within a user box (VM) to enhance system security while also optimizing performance and memory usage.
When a user launches their first potentially vulnerable application — such as a browser — the isolation appliance assigns them a pre-provisioned user VM. Within this user-specific VM, a separate container is created for each application that is started. A clean, malware-free version of the application is loaded into the container, along with the user’s associated data (e.g., browser history). Once the user closes the browser, the user’s history is stored outside the user VM, and the app container is deleted. When the user closes all applications within the VM, the entire user VM is deleted as well.