6.3.1 Primary Brokers

The primary Broker it is the operational core of the Thinfinity Workspace. It integrates with Identity Providers, manages user sessions and ensures users are directed to the correct resources based on their credentials and permissions, among other functions. Also, it is responsible for managing and routing virtualization workloads, ensuring optimal performance and resource utilization.

Key Roles and Responsibilities of the Primary Broker

Authentication and Authorization

The Primary Broker is central to user authentication and authorization, ensuring integration with external identity providers. It manages user authentication, validates user credentials against Identity Providers (IdPs) or through Multi-Factor Authentication (MFA), and integrates with platforms such as Microsoft Active Directory, OAuth, and SAML.

It also enforces access control, including policy-based access control and role-based permissions, to ensure users can only access authorized resources.

User Session Handling

It is responsible for managing user sessions, orchestrating session initiation, and coordinating session logistics. It handles user requests and directs them to appropriate application pools or resources.

Resource Allocation and Management

It allocates resources and manages resource distribution. Dynamically allocates resources based on real-time demand and availability.

It manages traffic and directs user requests to the appropriate application pools or VPCs. Optimizes the performance of virtual desktops and applications by managing the virtualization process.

Interaction with Gateway

It works in conjunction with the Gateway. The Gateway forwards authentication requests to the Primary Broker, and the Primary Broker participates in secure reverse connections to the Gateway.

Interaction with Secondary Brokers

The Primary Broker works alongside optional Secondary Brokers for enhanced scaling and networking. It manages connection routing and load balancing for internal and external users, working with Secondary Brokers to allocate remote resources. The Primary Broker monitors the activity of Secondary Brokers and performs load balancing among them.

Security Features

The Primary Broker is integral to Thinfinity's Zero Trust Network Access (ZTNA) architecture. It enforces the principle of least privilege access, emphasizes continuous authentication by validating credentials and monitoring sessions, and embodies policy-based access control by coordinating the security policies. Does not require inbound port openings on internal networks and communicates with the Gateway via outbound WebSockets and TLS 1.3 encryption.

Deployment Location

It is typically located within the target or internal network. However, in some configurations, it can also be located in the DMZ or Cloud. It can be installed on the same host as the Gateway for simpler deployments, or on a separate host in a distributed deployment.