Workload Layer — VDI

The Workload Layer include the virtual desktop and application server infrastructure. Theses subnets constitute the execution environment, facilitating delivery of desktops, applications, and services to end users following authentication and authorization through Orchestration and Control.

Public IP Address Requirement: None. All external access is routed exclusively via Thinfinity Gateway and associated Load Balancers.

Segmentation: The Workload Layer is segmented based on environment or use case (e.g., production, development/QA, training, or support), enabling policy enforcement and minimizing lateral movement vectors.

Access Control: Connectivity is restricted to internal network pathways; brokered sessions originate solely from Thinfinity Gateways, ensuring secure, controlled access.

Purpose: Establishes scalable pools of virtual desktops and applications, segmented by specific functions or business requeriment, while supporting centralized orchestration, monitoring, and management.

Summary

In each Thinfinity Workspace deployment, Workload Layers are isolated to internal network segments without assigned public IP addresses. This architecture enforces Zero Trust model, minimizes the attack surface, and ensure that all user access is strictly managed and mediated by the Thinfinity Gateways and Brokers.