Architecture Components

Thinfinity® Workspace architecture consists of three key components that can be combined to create a variety of Deployment Scenarios to meet the specific needs of each company. Here are the components and their main functionalities:

The Gateway

Typically positioned in a Demilitarized Zone (DMZ) or in a public cloud, the gateway serves as a reverse gateway and first line of defense. It acts as the entry point for all incoming client connections by initiating only reverse-encrypted connections to the target resources, minimizing the attack surface and reducing network exposure. It securely routes all traffic to Thinfinity Workspace nodes — and through them, to the selected internal network resources — and vice versa.

Key Responsibilities:
- Routes traffic securely.
- Protects the access to internal network resources.

The Primary Broker:

Integrates with Identity Providers, enforces role-based permissions, and manages session handling, ensuring users are directed to the correct resources based on their credentials and configurations, among other functions. Also, it is responsible for managing virtualization workloads, ensuring optimal performance and resource utilization.

Key Responsibilities:
- Handles session management.
- Allows users to connect to resources.
- Ensures integration with identity providers.
- Manages the virtualization process.
- Optimizes performance of virtual desktops and applications.
Security Considerations:
- No inbound ports required.
- Communicates with the Gateway via outbound WebSockets and TLS 1.3 encryption.

The Secondary Broker

Provides a secure and scalable deployment model, ensuring seamless access for both remote and local users. It optimizes resource distribution and performance across multiple Secondary Brokers. When a Secondary Broker is implemented, the workload of the Primary Broker decreases as tasks are delegated. This division of responsibilities designates the Primary Broker as the component responsible for authenticating users, while the Secondary Broker manages connections between registered users and end resources, maintaining constant communication with the Gateway.

Key Responsibilities
- Manages connections between registered users and end resources.
- Optimizes resource distribution and performance.
- Maintains constant communication with the Gateway.

PreviousAbout this Document NextLoad Balancing

Last updated 14 days ago

Was this helpful?