Thinfinity Workspace Architecture

Porta d'ingresso

Thinfinity’s Gateway operates as a reverse gateway, providing a single point of access to the system while ensuring that internal resources remain invisible and secure from external threats. It can be hosted in a DMZ or deployed in any cloud environment, offering agnostic private access to your resources without exposing them to the internet.

The Gateway handles traffic routing between remote users and internal resources, ensuring SSL/TLS-encrypted communication for secure remote access. By preventing direct access to critical systems, Thinfinity’s Gateway optimizes traffic management while enhancing security, making it ideal for enterprises requiring high-performance and private access solutions.

Communication Gateways

Thinfinity’s Communication Gateway acts as a proxy, bringing remote connections as close as possible to the end user for optimal performance. By utilizing GEO IP or advanced redirection logic, the Gateway intelligently routes traffic to the nearest available server, creating an end-to-end connection that reduces latency and improves user experience.

This approach ensures that remote users can securely access resources regardless of their location, while the Communication Gateway handles the heavy lifting of managing the connection path. Whether connecting to virtual machines, physical resources, or cloud-based environments, Thinfinity’s Communication Gateway ensures that connections remain fast, reliable, and secure.

Broker

Thinfinity’s Broker operates within a microservices architecture, allowing for flexible deployment across multiple machines or a centralized Primary Broker. This architecture enables the Broker to manage essential services, such as RBAC (Role-Based Access Control), centralized identity management through integration with various Identity Providers (IdPs) and directory services, and Remote Privileged Access Management (RPAM) for Just-in-Time access.

The Broker is also responsible for running services like Audit Logging, User Analytics, and the Cloud Manager. Whether centralized on a Primary Broker or distributed across multiple machines, this design ensures high availability, load balancing, and fault tolerance. The Broker intelligently routes sessions, scales with demand, and provides administrators with real-time control and insights for managing secure remote access.

By leveraging its microservices-based architecture, Thinfinity’s Broker ensures that businesses can distribute or centralize workloads according to their specific requirements, offering scalability, performance optimization, and enhanced security.

Secondary Broker

Thinfinity’s Secondary Broker manages the virtualization process, establishing local connections and supporting multiple protocols, including RDC, RDP, VNC, SSH, Webdav and 3270/5250 emulation Avoiding IP connections within the network. This broker enables functionalities like Application Pooling (as a replacement for Microsoft’s Remote Desktop Session Collection) and Server Clustering, providing an efficient alternative to traditional MS collection environments.

The Secondary Broker also supports load balancing, optimizing resource distribution and server usage across multiple sessions. Additionally, it can act as a jump server, creating secure connections to any machine within the target network using the previously mentioned protocols. This ensures flexible and secure access for both internal and external systems.

Moreover, the Secondary Broker runs a Cloud Manager, allowing administrators to provision resources across various cloud environments or hypervisors, enabling easy scalability and deployment flexibility in hybrid infrastructures.

Virtualization Agent

Thinfinity’s Agent allows for one-to-one connections to both virtual machines (VMs) and physical resources, making it ideal for VDI deployments and accessing physical workstations. It also supports application pooling connections in session-based environments, which is perfect for dynamically scaling resources in the cloud. By assigning each Agent a unique agent ID, Thinfinity eliminates the need for IP-based connections, enhancing security and simplifying network management.

The Agent optimizes session initialization and improves performance, ensuring fast, reliable access to remote resources, whether in dynamic cloud environments or local infrastructures.

In loco

IT Networks with Universal ZTNA

Thinfinity’s architecture is designed to secure and streamline access across IT networks, integrating Universal Zero Trust Network Access (ZTNA) principles to ensure robust security. All components can be deployed within your private cloud or data center, providing flexible, secure access to resources spread across multiple domains.

The Gateway, deployed in the DMZ, ensures that no direct access to internal systems is exposed to external users. It provides a secure single point of entry while protecting critical IT infrastructure. The Broker, residing on the main domain, enforces Zero Trust by validating every session and user, allowing access only to authorized resources.

Thinfinity supports micro-segmentation, allowing administrators to isolate and manage access to specific segments within the IT network, improving security by reducing the attack surface. Additionally, Secondary Brokers and Agents enable one-to-one connections to resources like virtual desktops (VDI) or physical workstations, ensuring secure access without relying on IP connections.

With ZTNA enforced across the IT network, Thinfinity guarantees that every user and device undergoes authentication and authorization before accessing sensitive data or systems, enhancing overall security and operational efficiency.

OT Networks with Universal ZTNA

Thinfinity provides secure, scalable access to Operational Technology (OT) networks by implementing Universal Zero Trust Network Access (ZTNA), ensuring that only authenticated and authorized users can interact with OT resources. Thinfinity’s architecture can be deployed in isolated OT networks without internet access, creating secure access to critical systems while maintaining air-gapped environments.

Thinfinity supports common OT applications such as SCADA (Supervisory Control and Data Acquisition), PLC (Programmable Logic Controllers), and ICS (Industrial Control Systems), widely used in industries like manufacturing, energy, transportation, and utilities. By leveraging Thinfinity’s ZTNA, organizations can connect to these systems remotely without compromising security, ensuring that OT assets remain safe and operational.

Additionally, Secondary Brokers and Agents can be deployed to handle one-to-one connections to specific OT resources or create a dynamic pool of connections for OT network scalability, ensuring secure, efficient access to mission-critical devices without exposing them to the internet.

IT and OT Networks with Reverse Connections

Thinfinity provides seamless, secure access to both IT and OT networks by leveraging its Agents and Secondary Broker architecture. This allows organizations to securely connect to virtual machines, physical workstations, and critical OT systems like SCADA, PLC, and ICS without compromising security. Thinfinity uses reverse connections, ensuring that no inbound ports need to be opened, which minimizes the attack surface and prevents exposure to external threats.

The Secondary Broker handles resource pooling and session management, ensuring efficient load balancing across IT and OT resources. Thinfinity’s Agents establish one-to-one connections with specific resources on both networks, allowing controlled access to devices while maintaining strict Zero Trust principles.

This architecture ensures that both IT and OT assets are securely managed, providing a unified solution for accessing critical resources across departments, ensuring performance and security for complex hybrid environments.

On-Premise Data Center Private Cloud VDI

Thinfinity enables businesses to deploy a Virtual Desktop Infrastructure (VDI) within their on-premise data center or private cloud, ensuring full control over data, security, and performance. This architecture allows organizations to centralize their VDI environments, ensuring data sovereignty and compliance with internal security policies.

Thinfinity’s flexible architecture supports multiple domains and integrates seamlessly with existing infrastructure, while utilizing secondary brokers and agents to provide secure, high-performance access to virtual desktops. With load balancing, session management, and resource optimization, Thinfinity ensures reliable performance and scalability for enterprises managing VDI environments in private cloud or data center setups.

Additionally, Thinfinity supports hybrid deployments, giving organizations the flexibility to expand their infrastructure while maintaining secure, in-house control over mission-critical resources.

Furry white cat sitting on a wall

Key Benefits

Enhanced Security and Reduced Risk

Thinfinity’s use of reverse connections eliminates the need for open inbound ports, significantly reducing the attack surface and ensuring secure access to both IT and OT resources. This strengthens protection against external threats and improves overall cybersecurity posture.

Increased Operational Efficiency

By unifying access to IT and OT environments under a single management platform, Thinfinity streamlines resource management and monitoring, resulting in greater operational agility and productivity for teams managing critical systems.

Improved Compliance and Governance

With Zero Trust Network Access (ZTNA), Thinfinity enforces strict compliance by ensuring that all users and devices are fully authenticated and authorized. This helps businesses meet regulatory standards and maintain robust security policies across both IT and OT networks.

Utilizzo ottimizzato delle risorse

The Secondary Broker efficiently manages session load balancing and distributes resources dynamically, reducing infrastructure strain and improving resource allocation across networks. This results in optimized performance and better cost management.

Scalable and Flexible Infrastructure

Thinfinity’s flexible architecture, powered by Agents and Secondary Brokers, allows businesses to scale dynamically in response to changing demands. This scalability enhances business resilience and adaptability in both cloud and on-premises environments.

Uninterrupted Access to Critical Systems

Thinfinity enables secure, reliable access to air-gapped OT networks, allowing organizations to maintain business continuity and uninterrupted operations in critical industries such as manufacturing, energy, and utilities, where OT systems are essential.

Ibrido

Hybrid Deployment

Thinfinity’s Hybrid Deployment architecture allows Gateways and Communication Gateways to reside in the cloud, while the Primary Brokers, Secondary Brokers, and Agents are located within the data center, private cloud, or target networks. This setup ensures secure, private connections through a Universal ZTNA approach, where brokers and agents connect reversely to the gateways without exposing internal resources.

By leveraging reverse connections, Thinfinity keeps all target resources invisible with no external footprint, providing secure access for both local and remote users. This deployment reduces latency, minimizes networking complexity, and ensures efficient, low-latency performance for distributed teams, allowing organizations to maintain a secure infrastructure without sacrificing accessibility.

Gateway cloud

Thinfinity offers Private ZTNA by providing Gateways and Communication Gateways as a service, ensuring secure, Universal Zero Trust Network Access (ZTNA) for enterprises. Unlike traditional ZTNA solutions that share resources between multiple customers, Thinfinity delivers dedicated, private gateways and communication gateways, ensuring that no resources are shared across customers. This unique approach guarantees exclusive, secure connections with no compromise on privacy or security.

By utilizing reverse connections, Thinfinity’s Private ZTNA keeps internal resources invisible and unexposed, minimizing the attack surface. This setup offers secure access to both local and remote users while maintaining low latency and reducing networking complexity. Thinfinity’s private infrastructure ensures that businesses retain full control over their resources, providing high-performance remote access with no shared environments.

Bring Your Own Cloud

Azzurro

Thinfinity integrates seamlessly with Microsoft Azure, allowing businesses to deploy Gateways, Communication Gateways, Brokers, and Agents directly within their Azure infrastructure. This setup gives organizations full control over their data and security while managing VDI and session-based resources within Azure.

Thinfinity can also be deployed over Azure Virtual Desktop (AVD), enhancing security through Universal Zero Trust Network Access (ZTNA) and optimizing costs by leveraging automated scale sets. These scale sets dynamically adjust resource allocation based on demand, ensuring cost-efficiency without sacrificing performance. Whether using plain Azure or AVD, Thinfinity’s reverse connections keep internal resources hidden from external threats, while providing secure and scalable remote access.

AWS

Thinfinity supports a full integration into Amazon Web Services (AWS), allowing businesses to deploy Gateways, Communication Gateways, Brokers, and Agents within their AWS infrastructure. This provides organizations with the flexibility to manage their VDI and session-based resources within their private AWS environment, ensuring that they maintain full control over data and security.

By leveraging Universal Zero Trust Network Access (ZTNA), Thinfinity ensures that all connections are secure and private, while taking advantage of AWS scalability and reliability. Thinfinity’s reverse connection technology ensures that internal resources remain hidden and protected from external threats, without the need to open inbound ports. This BYOC approach provides organizations with the benefits of AWS infrastructure while maintaining tight security control.

Ionos Cloud

Thinfinity is the only certified provider with native integration to Ionos Cloud, enabling organizations to deploy fully-fledged VDI, DaaS, and session-based environments directly within Ionos infrastructure. This unique integration allows businesses to harness Thinfinity’s secure and scalable architecture in Ionos Cloud, providing seamless Universal Zero Trust Network Access (ZTNA) for enhanced security.

With Thinfinity, users can leverage Ionos’s robust infrastructure to optimize and automate VDI and DaaS deployments, ensuring secure access to both virtual and session-based environments. The platform supports reverse connections, ensuring internal resources remain protected from external threats, while automation and dynamic scaling improve cost-efficiency and operational flexibility.

GCP

Thinfinity offers native integration with Google Cloud Platform (GCP) for provisioning VDI and session-based hosts, providing the same automation and scale set capabilities that businesses can achieve with on-premises or Azure Virtual Desktop (AVD) deployments. This integration allows organizations to leverage GCP’s powerful cloud infrastructure for secure, scalable VDI and remote session environments.

With Universal Zero Trust Network Access (ZTNA), Thinfinity ensures that all resources remain private and secure through reverse connections, keeping critical systems hidden from external threats. The platform supports dynamic scaling and automated provisioning, optimizing cost and performance while offering flexible resource management for enterprises.

Huawei Cloud

Thinfinity provides native integration with Huawei Cloud, enabling businesses to provision VDI and session-based hosts directly within their Huawei Cloud infrastructure. Offering the same automation and scale set capabilities found in on-premises or Azure Virtual Desktop (AVD) environments, Thinfinity ensures flexible and scalable remote access solutions on Huawei Cloud.

By leveraging Universal Zero Trust Network Access (ZTNA) and reverse connections, Thinfinity keeps internal resources secure and invisible to external threats, while dynamically managing resources for cost efficiency and performance optimization. This integration with Huawei Cloud allows enterprises to scale and manage their remote desktop infrastructure with ease while maintaining the highest security standards.

Oracle Cloud

Thinfinity supports seamless deployment on Oracle Cloud, allowing businesses to provision and manage VDI and session-based environments with a high level of security and automation. Thinfinity’s architecture ensures that you can use Oracle Cloud Infrastructure (OCI) to host your Gateways, Communication Gateways, Brokers, and Agents, providing secure access to resources with Universal Zero Trust Network Access (ZTNA) principles.

Oracle Cloud is known for supporting enterprise applications such as Oracle ERP, EPM, and HCM systems, making Thinfinity’s integration ideal for businesses managing complex workflows. Thinfinity allows enterprises to dynamically scale their infrastructure using automated provisioning and scale sets, optimizing costs and performance while ensuring secure, private access to all resources. Thinfinity leverages reverse connections, ensuring that internal resources remain hidden from external threats, thus enhancing security for critical systems.

IBM Cloud

Thinfinity enables organizations to securely deploy VDI, session-based hosts, and access to traditional IBM workflows, such as AS/400 (IBM i) and mainframe environments, within their IBM Cloud infrastructure. By integrating with IBM’s powerful cloud solutions, businesses can support critical applications, such as ERP, SCM, and CRM, while ensuring secure, Universal Zero Trust Network Access (ZTNA) for sensitive resources.

Thinfinity’s architecture provides reverse connections, keeping legacy systems like IBM iSeries (AS/400) and mainframes securely hidden from external threats while maintaining seamless access. Through automated provisioning and dynamic scaling, Thinfinity helps enterprises manage workloads and scale their infrastructure as needed, optimizing performance and ensuring secure access to IBM’s legacy and modern applications in the cloud.

Completamente in hosting

Completamente in hosting

Thinfinity provides a complete fully hosted solution, offering Gateways, Communication Gateways, Primary and Secondary Brokers, as well as VDI and session-based host servers as a service, all within a secure private cloud deployment. This approach allows organizations to leverage Thinfinity’s full infrastructure without needing to manage or deploy any components on-premises.

With Universal ZTNA built into the architecture, Thinfinity ensures secure, private access to all resources, protecting sensitive data while offering high-performance remote access for both VDI and session-based environments. The fully hosted model eliminates the complexity of managing hardware, scaling infrastructure, or configuring networks, as Thinfinity handles all aspects of load balancing, session management, and resource allocation.

This turnkey solution provides enterprises with a highly secure, scalable, and efficient remote access environment, all managed in Thinfinity’s private cloud.

fully host graphic

Desktop as a Service (Daas)

Thinfinity’s Desktop as a Service (DaaS) solution, branded as Thinfinity Virtual Desktops, enables businesses to securely deploy and manage virtual desktops from the cloud. Supporting both VDI and session-based desktops, Thinfinity Virtual Desktops can be hosted on multiple cloud platforms, such as AWS, Azure, Ionos Cloud, and Google Cloud, providing seamless access for remote users and distributed teams.

This DaaS offering incorporates Universal Zero Trust Network Access (ZTNA), ensuring that all connections are secure and private through reverse connections, keeping internal resources hidden from external threats. With automated provisioning and dynamic scaling, Thinfinity Virtual Desktops optimizes resource allocation, allowing businesses to scale on-demand while reducing costs. Whether it’s for corporate desktops, remote workforces, or supporting legacy applications, Thinfinity Virtual Desktops provides a secure, scalable, and high-performance virtual desktop solution.

Preferenze per i cookie
Politiche sulla privacy e sui cookie
Cybele Software attua politiche specifiche per migliorare la vostra esperienza di navigazione nel rispetto della vostra privacy. Quando visitate il sito web di Cybele Software, il sito utilizza dei cookie per personalizzare la vostra esperienza. Questi piccoli file ricordano le preferenze dell'utente e i dettagli delle sue visite ripetute, in linea con la politica sulla privacy di Cybele.

L'utente ha il controllo completo sui cookie utilizzati durante la visita:
- Accettare tutti i cookie: Potete accettare l'uso di tutti i cookie facendo clic su "Accetta tutti". In questo modo si ottiene un'esperienza più fluida e integrata.
- Personalizzare le impostazioni dei cookie: Se preferite gestire le vostre preferenze, potete cliccare su "Impostazioni dei cookie". In questo modo è possibile fornire un consenso controllato selezionando i tipi di cookie che si accettano di attivare.
- Rinuncia: Avete anche la possibilità di rinunciare completamente ai cookie non essenziali. È importante notare che la scelta di questa opzione potrebbe influire sulla vostra esperienza sul sito web, limitando potenzialmente alcune funzionalità e caratteristiche.
Queste caratteristiche garantiscono la possibilità di personalizzare la navigazione in base alle preferenze personali e alla privacy dell'utente.