Remote Browser Isolation technical security overview
Remote Browser Isolation (formerly Secure Browser service) is a SaaS product managed and operated by Citrix. It allows access to web applications via an intermediate web browser hosted in the cloud.
The Citrix Remote Browser Isolation service consists of web browsers running on Virtual Delivery Agents (VDAs) along with the management console used to manage and connect users to these VDAs. Citrix Cloud manages the operation of these components, including the security and patching of operating systems, web browsers, and Citrix components.
While using Remote Browser Isolation service, hosted web browsers track the user’s browsing history and perform caching of HTTP requests. Citrix uses mandatory profiles and ensures that this data is deleted when the browsing session ends.
Remote Browser Isolation service is accessed with a HTML5-compatible web browser. The service does not provide any downloadable clients. All traffic between the browser being used and the cloud service is encrypted using industry-standard TLS encryption. Remote Browser Isolation supports TLS 1.2 only.
Egress traffic for Remote Browser Isolation uses specific IP addresses to protect the internal network. For the list of accepted IP addresses, see Knowledge Center article CTX286379.
Citrix Remote Browser Isolation is used to deliver web applications owned by the customer or a third party. The owner of the web application is responsible for its security, including patching the web server and application against vulnerabilities.
Security of the traffic between Remote Browser Isolation and the web application depends on the encryption settings of the web server. To protect this traffic as it flows over the Internet, administrators publish HTTPS URLs.
See the following resources for more security information:
- Citrix Security site: https://www.citrix.com/security
- Citrix Cloud documentation: Secure Deployment Guide for the Citrix Cloud Platform