In virtual desktop environments, host computers may execute a plurality of virtual machines that can be accessed as a service by end users for traditional desktop computing tasks. These users may login to the service via end user devices and, in response to the login, be provided with a virtual machine to accomplish desired tasks. Once the user logs out of the service or the virtual machine, the service may allocate the same virtual machine to a new requesting user.
Although this service model allows multiple users to access virtual machines and the applications available thereon, each of the users may require a different set of applications. For example, an engineer of an organization may require a different set of applications than a financial officer of the same organization. To provide the required applications, the service may identify applications required for a user, and attach application volumes to the virtual machine allocated to the user to make the applications executable from the storage volumes. An application volume may be considered a containerized, or virtualized, application stored in a virtual disk. When the virtual disk is attached to the virtual machine, an agent running on the virtual machine overlays the containerized application on the native file structure so that the containerized application appears to be natively installed onto the disk of the virtual machine. In some implementations, this attachment process may modify any required registry information of the virtual machine to make the applications executable from the application volumes.
Once the application volumes are attached, the user may execute the applications located in the attached volumes as if the applications were locally installed on the virtual machine. However, although applications may be attached via application volumes, it is often difficult to manage the inbound and outbound network traffic associated with the virtual machine. In particular, because different applications may be attached and made available on a virtual machine based on the current user allocated to the virtual machine, it is often difficult to configure firewall and network management resources for the particular applications.