Edge Layer —Perimeter Security and Load Balancing

At the network ingress point, user traffic is first processed by a network firewall, which is a fundamental component in all environments used to enforce network-level security policies.

Optionally, depending on the company's security policies, a Web Application Firewall (WAF) may also be deployed for specialized, application-layer traffic inspection. If used, it is positioned after the network firewall. Deploying the WAF at this Edge Layer (proximal to the user source) is a best practice as it reduces latency and facilitates early traffic inspection.

A load balancer is a critical component required for any High Availability (HA) deployment that utilizes more than one Thinfinity® Gateway. It is positioned after these initial security layers (firewall and optional WAF). The load balancer performs SSL/TLS termination on port 443, centrally manages digital certificates, and distributes incoming sessions across the multiple gateway instances.

This architecture ensures scalability, load distribution, and maintains high availability for the critical access services.

User Access Considerations

Users can establish connectivity to the Thinfinity® Workspace environment in two primary mechanisms: through a web browser or utilizing the Thinfinity Workspace native client. Both methods are fully supported.

Empirical data from prior deployments indicates that the Windows native client generally delivers superior performance metrics and higher user adoption rates.

In addition to performance advantages, users exhibit greater familiarity and comfort with the native client interface, which closely aligns with traditional remote desktop protocols. This results in improved input responsiveness, enhanced peripheral device support (including local printing and device redirection), and a user experience that closely replicates a standard desktop environment—capabilities that are limited or unavailable within browser-based access.