Thinfinity® Workspace Features

Connectivity

Remote Desktop Connection (RDC):

RDC is a proprietary Remote Desktop Protocol that enables secure remote access through an SSL/TLS 1.3 encrypted WebSocket tunnel, eliminating the need for inbound ports or public/private IPs. This makes deployment easier and more secure, ideal for remote work and IT support.

RDC offers both full desktop and RemoteApp sessions, ensuring high performance even for graphic-intensive applications. It supports features like bi-directional audio, file sharing, and device redirection, delivering a seamless remote experience. Its unique connectivity approach allows enterprises to simplify remote desktop management while securing internal systems without modifying firewall settings.

RDC’s unique approach to remote connectivity—eliminating the need for external IP addresses or open ports—makes it a powerful tool for enterprises looking to streamline remote desktop and virtual desktop management and ensure secure, scalable access to internal systems.

RDP (Remote Desktop Protocol):

Developed by Microsoft, RDP is a secure protocol that facilitates remote desktop connections to Windows systems. It uses SSL/TLS encryption to protect communication, making it a top choice for IT support, remote work, and collaboration.

In Thinfinity Workspace, RDP connections are established through a reverse gateway, allowing access via public or private IPs through a secure SSL tunnel, without requiring open inbound ports. This improves security and simplifies deployment.

RDP supports full desktop access and RemoteApp, letting users run specific applications remotely without accessing the full desktop, making it ideal for secure, high-performance remote desktop solutions for troubleshooting, remote management, and application delivery.

Knowledge Base article →

VNC (Virtual Network Computing):

VNC is a cross-platform remote desktop protocol that enables real-time control of another computer. It transmits the screen display from the host to the client, allowing the client to control the remote machine’s keyboard and mouse. Compatible with Windows, Linux, and Mac, it’s ideal for IT support and remote access.

Thinfinity Workspace enhances VNC by allowing connections to any VNC or RFB host directly via a web browser, eliminating the need for local software. This secure, web-based interface provides seamless access to remote desktops or applications.

VNC offers a direct connection to the physical display, providing full visibility and interaction with the remote system in real time, making it ideal for screen sharing in diverse environments

Knowledge Base article →

SSH (Secure Shell) and Console Access:

SSH is a secure network protocol that provides remote access to command-line interfaces (CLIs) on Windows, Linux, and Mac systems. Using public-key cryptography and symmetric encryption, SSH ensures secure communication for tasks like remote server management, file transfers, and console applications.

In Thinfinity Workspace, users can access any console-based application via a TLS 1.3 encrypted web browser connection. This simplifies secure access to administration tools, network routers, and cloud services without complex configurations. Thinfinity also supports popular SSH clients like PuTTY, OpenSSH, and KiTTY, enabling secure connections from any platform.

Knowledge Base article

Web Application Gateway (WAG):

WAG acts as an SSL reverse proxy, providing secure access to web or intranet applications via a TLS 1.3 encrypted tunnel. It protects internal servers by handling SSL decryption, ensuring secure connections without exposing the server’s IP address. This setup mitigates risks like DDoS attacks and unauthorized access.
WAG allows remote access through web browsers without the need for client software, making it ideal for remote workers, IT teams, and external partners to securely access corporate resources from anywhere.

Knowledge Base article

Web Link:

The Web Link feature in Thinfinity Workspace provides secure access to SaaS applications and websites through a centralized portal, leveraging Thinfinity’s authentication protocols and Role-Based Access Control (RBAC). This allows users to access corporate web apps without the need to manage individual logins for each service. By integrating RBAC, Web Link ensures that users only access resources aligned with their roles, enhancing both security and compliance.

Using SSL/TLS encryption for secure communications, Thinfinity also helps organizations enforce multi-factor authentication (MFA) and least privilege access policies to prevent unauthorized access to sensitive data. This setup is particularly valuable for businesses that rely heavily on SaaS applications, ensuring that access to websites and services can be controlled and audited efficiently​

Knowledge Base article

Thinfinity VNC:

Thinfinity VNC is a proprietary screen-sharing protocol offering faster and more secure remote access than traditional VNC solutions. Optimized for web-based access, it allows users to connect to Windows, macOS, and Linux desktops or specific applications using only an HTML5-enabled browser—no need for plugins, add-ons, or client applications.

What makes Thinfinity VNC unique is its ability to handle graphic-intensive applications and offer RemoteApp-style experiences. Users can share a single application rather than the entire desktop, improving performance and bandwidth efficiency for remote work scenarios.

The connection is established via a TLS 1.3 encrypted socket tunnel, providing end-to-end encryption from the host machine to the end user. This setup eliminates the need for public or private IP addresses or opened ports on the host machine, significantly enhancing security by avoiding direct exposure to the internet.
Thinfinity VNC is the only centrally managed VNC solution optimized for browser-based access, making it a powerful and secure tool for modern enterprises requiring remote support or application delivery​.

Knowledge Base article →

Thinfinity VirtualUI:

Thinfinity VirtualUI is a robust development platform designed to enable the transformation of Windows desktop applications into web-based solutions with minimal code changes. At the core of this technology is a proprietary DLL that developers can integrate directly into their applications. This DLL injects a virtualization layer into the software, allowing it to run in HTML5-compatible web browsers, extending its accessibility across various platforms such as Windows, macOS, Linux, and mobile devices.

As a development tool, VirtualUI enables applications to retain their original GDI, GDI+, and DirectX capabilities while providing web functionality. This setup is crucial for modernizing legacy applications that require a shift to the cloud without needing extensive refactoring. The DLL acts as a bridge, enabling the rendering and management of legacy code in a secure, browser-based environment.

By integrating Thinfinity VirtualUI into the Thinfinity Workspace, organizations can centralize the deployment and management of these applications, ensuring secure TLS 1.3 encrypted connections and easy access for remote users. It supports multi-session environments and high-performance use cases, making it suitable for resource-intensive applications.

Knowledge Base article

3270/5250 Emulations:

3270 and 5250 emulation allows modern systems to mimic IBM mainframe and midrange terminal behavior, enabling interaction with IBM zSeries and iSeries systems. Thinfinity provides native HTML5 emulation for 3270/5250 terminals, allowing secure, browser-based access without client installation or hardware virtualization.

Thinfinity ensures secure data transmission via TLS 1.3 encryption and supports block-mode data transfer, essential for the high-volume transactional data of IBM systems. This simplifies access to legacy IBM environments, reducing complexity and cost while enhancing security.

Knowledge Base article

Web Folders:

Thinfinity Web Folders provide a secure, web-based interface for accessing shared or private drives using WebDAV (Web Distributed Authoring and Versioning), allowing users to manage files remotely through a web browser. This eliminates the need for any client-side installation, making it a lightweight and seamless solution for file management across various platforms.

By using WebDAV, Thinfinity enables users to upload, download, and modify files on remote servers as if they were working with a local folder. Web Folders operate via SSL/TLS encryption, ensuring all data is transferred securely. They support both private and shared access, making them ideal for collaborative environments where secure file sharing is critical.

The WebDAV protocol, used by Web Folders, supports efficient file operations such as locking files for editing and pipelining multiple transfers, offering more efficiency than traditional FTP-based solutions. This allows businesses to handle secure file transfers and remote file management without the firewall issues associated with legacy methods​.

Knowledge Base article →

Role-Based Access Control (RBAC)

Thinfinity implements RBAC to manage roles and permissions based on user identity, allowing organizations to control access to applications, files, and desktops according to user roles. This enhances security management by ensuring users have only the necessary access, streamlining compliance efforts.

With RBAC, Thinfinity simplifies access control across diverse environments, improving security and reducing administrative overhead. By aligning user access with defined roles, organizations can effectively manage permissions, meet compliance standards, and secure sensitive resources.

arquitecture_graphic_role_based

Identity Providers (IdP):

Thinfinity integrates with a wide range of Identity Providers (IdP) using modern authentication protocols such as OAuth 2.0, SAML 2.0, and RADIUS. These protocols enable Single Sign-On (SSO) and centralized user management, allowing secure and streamlined authentication for corporate environments. By leveraging these standards, Thinfinity supports a variety of identity providers, including Azure AD, Okta, OneLogin, Google Identity, ADFS, and Ping Identity.

Through OAuth 2.0, Thinfinity allows secure token-based access to web applications, while SAML 2.0 enables seamless SSO by exchanging authentication and authorization data between identity providers and service providers. RADIUS provides an additional layer of security, often used for two-factor authentication (2FA) and integrating with legacy authentication systems.

This flexibility makes Thinfinity adaptable to various enterprise environments, ensuring compliance with security standards while simplifying user access to applications and desktops from anywhere

Knowledge Base article →

Directory Services:

Thinfinity offers full support for Active Directory (AD), LDAP, Thinfinity IDP, and local accounts, enabling seamless integration with existing enterprise identity solutions. This allows organizations to authenticate users and manage roles directly from corporate directories or local user databases.

  1. Active Directory (AD): Thinfinity integrates with Microsoft AD, providing centralized user authentication and role management. AD enables secure access to enterprise resources by validating credentials against corporate user databases.
  2. LDAP Accounts: Thinfinity supports Lightweight Directory Access Protocol (LDAP), facilitating user authentication from external directory services. LDAP simplifies access management by connecting to existing directory servers in diverse environments.
  3. Thinfinity IDP: Thinfinity’s built-in Identity Provider offers native support for user authentication, allowing administrators to manage credentials and roles within the platform.
  4. Workgroup and Local Accounts: Thinfinity also supports workgroup accounts and local user accounts for environments without centralized directory services, ensuring flexibility for smaller or standalone deployments.

Knowledge Base article →

Multi-Factor Authentication (MFA):

Thinfinity supports Multi-Factor Authentication through integration with providers like Duo and Google Authenticator, enhancing user access security by requiring additional verification. This ensures that only authenticated users can access sensitive resources, reducing the risk of unauthorized access.

For organizations without an external Identity Provider (IdP), Thinfinity offers native MFA functionality. It allows administrators to enforce MFA using Google or Microsoft Authenticator, thanks to its built-in HOTP/TOTP server. This enables secure two-factor authentication (2FA) without the need for third-party integrations, ensuring an extra layer of protection for corporate resources.

Conditional Access and Group Policy Integration:

Thinfinity enhances security by combining Conditional Access and Group Policy Integration. Administrators can enforce policies based on user location, device type, or time of access, ensuring that sensitive resources are accessed only under secure conditions.

Through Group Policy Integration, Thinfinity aligns with Active Directory, enabling centralized management of security protocols and granular control over permissions, device access, and session management for both local and remote users. Together, these features help maintain robust control and ensure compliance with security policies.

Knowledge Base article →

Access Hours & Restrictions:

Thinfinity allows administrators to set specific access hours, limiting when users can log in to corporate resources. By defining approved working hours, organizations can reduce risk and control access more effectively, ensuring that resources are only accessible during authorized times. This feature is particularly useful for maintaining security compliance, reducing unauthorized access, and protecting sensitive data during off-hours.

Knowledge Base article →

Security & Monitoring

Audit Logging:

Thinfinity provides robust audit logging features, allowing administrators to track user activity across the platform for enhanced security and compliance. These logs capture detailed information about user access, session activity, and any changes made within the system, ensuring comprehensive visibility into platform usage.

Thinfinity also integrates with SIEM (Security Information and Event Management) systems, enabling real-time monitoring, alerting, and analysis of security events. This integration allows organizations to centralize logging data from Thinfinity alongside other infrastructure components, making it easier to identify and respond to potential security incidents.

Knowledge Base article →

User Analytics:

Thinfinity offers comprehensive User Analytics features, providing administrators with real-time insights into user activity, session behavior, and resource usage. These analytics allow organizations to monitor login patterns, track resource access, and identify potential security risks, helping ensure compliance with corporate policies.

User Analytics includes detailed reports on session duration, user actions, and access times, offering valuable data for optimizing resource allocation and improving operational efficiency. By analyzing both remote and local user activity, administrators can make informed decisions to enhance security, streamline processes, and better manage infrastructure.

Knowledge Base article →

Session Recording:

Thinfinity provides powerful session recording capabilities, allowing administrators to capture and review user sessions for security, compliance, and training purposes. This feature records all user interactions during remote sessions, offering a complete audit trail of activity, including keystrokes, mouse movements, and screen changes.

Administrators can access these recordings to investigate suspicious activity, ensure adherence to security policies, and provide training for new users. Recorded sessions can be stored securely and played back for analysis, enabling real-time monitoring or post-session reviews to enhance operational oversight.

Session Management:

Thinfinity offers advanced session management features that allow administrators to monitor, restrict, or terminate sessions for both remote and local users. This capability is essential for maintaining control over access to corporate resources, ensuring security policy compliance, and safeguarding sensitive data.

Administrators can oversee real-time user activity, enforce session timeouts, or impose restrictions based on user roles, whether the session is initiated locally or remotely. Thinfinity’s session management tools provide granular control, enabling IT teams to quickly intervene in cases of unauthorized access or policy violations, ensuring robust remote access security for both environments.

Allow and Deny IP List:

Thinfinity provides Allow and Deny IP list management to enhance security by controlling which IP addresses can access the platform. Administrators can define specific IP addresses or ranges that are permitted or blocked, ensuring that only trusted sources can connect to resources. This feature helps prevent
unauthorized access and restricts remote access to designated networks, adding a crucial layer of protection.

By combining IP filtering with other security measures like Conditional Access, Thinfinity ensures comprehensive control over network security for both local and remote sessions.

Brute-force Detection:

Thinfinity incorporates brute-force detection to automatically identify and block repeated unauthorized login attempts. By monitoring login patterns and identifying suspicious activity, Thinfinity can detect potential brute-force attacks and take action by temporarily blocking IP addresses.

This feature helps protect user accounts and sensitive resources from brute-force hacking attempts, ensuring stronger account security and reducing the risk of unauthorized access.

User Experience

Multi-Monitor:

Thinfinity enables seamless management of multiple monitors, allowing users to work across several screens as if they were a single interface. This feature boosts productivity by minimizing the need to switch between applications and monitors. It is supported without client installation, providing easy access and functionality through a web browser, ensuring a streamlined user experience for both local and remote environments.

Clipboard Redirection:

Thinfinity enables seamless clipboard redirection, allowing users to transfer files and data between local and remote machines using the clipboard. This functionality provides a smooth user experience, supporting bidirectional transfer of text, rich text, images, and files. Clipboard file transfer is critical for enhancing remote desktop productivity, as it simplifies file sharing without requiring additional steps like drive redirection or email attachments.

This feature is supported across multiple platforms, providing real-time synchronization between local and remote sessions, ensuring that clipboard data is securely transferred without the need for client-side software installation​.

Multitouch Redirection on iOS:

Thinfinity supports multitouch redirection on iOS devices, allowing users to interact with remote desktops using multitouch gestures like zoom, swipe, and pinch directly from their iPhones or iPads. This feature works seamlessly in both client-based and clientless environments, providing full multi touch functionality without needing additional software.

Clientless users can enjoy multitouch through an HTML5 browser, while client-based users can interact with remote session using the Thinfinity Native IOS application.

Session Sharing:

Thinfinity allows users to easily share their remote sessions with others, such as IT admins or colleagues, by generating a one-time session URL and password. This link and password will expire once the session ends, ensuring security while simplifying tech support and collaboration without needing third-party software. It provides a seamless way to troubleshoot or collaborate in real-time, allowing multiple users to view or control the same session remotely.

Session sharing eliminates the need for external tools, making support and collaboration efficient and secure.

Bidirectional Audio and Video (RTAV):

Thinfinity supports Real-Time Audio and Video (RTAV) redirection, allowing seamless use of microphones and webcams from the local machine in remote sessions. Users can conduct audio and video conferencing within virtual desktops without leaving the VDI environment. This feature works with both client-based and clientless setups, enabling efficient remote access to real-time applications such as Skype, Teams, and Zoom.

RTAV is designed to consume minimal bandwidth, providing high-quality streaming while minimizing latency, allowing businesses to maintain productivity during video meetings in remote or virtualized environments. It supports multiple devices, and users can select their preferred audio and video input from the remote session.

Knowledge Base article →

GPU Optimization:

Thinfinity supports GPU-accelerated performance for both client-based and clientless setups, optimizing graphic-intensive applications like 3D modeling, video editing, and engineering simulations. By utilizing technologies like H.264 for video compression and GPU offloading, Thinfinity ensures high-quality streaming and low-latency performance, even in remote virtual desktop environments.

Clientless users can benefit from enhanced graphics without installing additional software, while client-based users experience maximum performance for demanding workloads. This makes Thinfinity ideal for enterprises running VDI environments that require smooth, high-performance access to resource-intensive applications.

Knowledge Base article →

Device and Peripheral Integration

Printing Redirection:

Thinfinity supports clientless printing as well as agent-based printing from remote machines to local printers. Users can redirect print jobs seamlessly to any local or network printer, ensuring a smooth workflow in both VDI and session-based environments. With clientless printing, there’s no need to install local drivers, as printing is handled entirely through a web browser. Thinfinity also supports agent-based printing, which allows for direct, high-performance printing with additional control over print settings such as paper type and tray usage.

In addition, network printing mapping is available, allowing users to connect to network printers as if they were local, enhancing flexibility for organizations with distributed infrastructures. Whether printing directly to POS printers, Label printers or network-based devices, Thinfinity ensures secure and efficient print redirection with minimal setup.

Documentation Link

Drag & Drop File Transfer and Direct File Transfer:

Thinfinity supports drag-and-drop file transfers between local and remote machines, allowing users to easily share files in real-time. This functionality is complemented by direct file transfer, which enables fast, secure file transfers between virtual environments and host machines without needing third-party applications.

For added flexibility, Thinfinity offers access to local drives through both clientless and client-based solutions. This means users can access and transfer files from their local machines to remote sessions without installing additional software, or they can map local drives directly to the remote session for continuous access during the session.

This multi-method approach ensures seamless file sharing in VDI and session-based environments, improving user experience while maintaining security and compliance with enterprise standards.

USB Redirection:

Thinfinity enables USB redirection, allowing remote applications to access and use USB devices connected to the local machine. This feature works seamlessly in both VDI and session-based environments, enabling users to interact with devices like printers, scanners, storage devices, and smart cards remotely.

Thinfinity supports both clientless USB redirection—which requires no additional software installation—and agent-based redirection for high-performance needs, ensuring compatibility with a wide range of USB devices. The network mapping feature further allows users to connect to network-based USB devices as if they were local, optimizing flexibility in enterprise setups.

Clientless redirection is limited to browser and device capabilities.

Accessibility

Pure HTML5:

Thinfinity’s Pure HTML5 enables remote access from any HTML5-compliant browser without requiring client installation. Users can access desktops and applications on Windows, macOS, Linux, iOS, or Android devices directly through their browser. This clientless solution eliminates the need for additional software, offering seamless access and compatibility across a wide range of platforms and devices.

PWA (Progressive Web App):

Thinfinity offers full support for Progressive Web Apps (PWA), allowing users to install web applications directly from any HTML5-compliant browser, without needing to go through an app store. PWAs in Thinfinity provide an app-like experience, including features like offline access, push notifications, and faster loading times. These apps work across platforms (Windows, macOS, iOS, Android) while requiring minimal storage on devices, making them ideal for both mobile and desktop environments.

PWAs offer several key benefits, including seamless updates, improved performance through caching, and enhanced device integration, providing users with a responsive, reliable experience, similar to native apps.

Windows Client:

Thinfinity offers a dedicated Windows client designed to optimize performance in VDI and session-based environments. The Windows client provides seamless support for GPU acceleration, USB redirection and peripheral management, allowing users to fully leverage local devices like printers, storage, and monitors.

One key advantage of the Windows client is its compatibility with thin clients, providing enterprises with a lightweight, cost-effective way to run powerful applications without requiring local processing power. This setup is ideal for organizations using VDI on premises on hypervisors VMware, Hyper-v, or Proxmox or Cloud VDI where centralized management, security, and long lifecycle hardware are critical. Thinfinity’s Windows client also supports dual monitor setups, multimedia redirection, and enhanced security measures like encryption and policy management.

iOS and Android Clients:

Thinfinity offers dedicated iOS and Android clients that enable seamless access to remote desktops and applications directly from mobile devices. These clients are optimized for VDI environments, providing a smooth user experience, complete with support for multitouch gestures, push notifications, and device integration such as camera and microphone redirection. The mobile clients allow users to connect to virtual desktops without the need for a full desktop environment, making it ideal for on-the-go productivity.

Integrations & API Development

OT URL:

Thinfinity allows users to create disposable URLs with customized parameters for secure session sharing or integration. These temporary URLs provide flexibility for time-limited access, ensuring both security and convenience. Whether sharing access for collaboration or integrating with third-party systems, the OT URL feature simplifies the process by allowing users to generate secure, one-time-use links that expire once the session concludes.

Knowledge Base article | Documentation Link

REST API:

Thinfinity provides a robust RESTful API that facilitates seamless integration with third-party applications and systems. This API offers comprehensive automation capabilities, enabling organizations to streamline their remote access management and workflows.

With Thinfinity’s REST API, you can:

  • Automate profile creation and user management.
  • Create and destroy sessions programmatically, giving administrators full control over session lifecycles.
  • Define roles and permissions, ensuring secure and controlled access to resources.
  • Customize sessions based on user needs or security policies.
  • Automate RPAM (Remote Privileged Access Management) workflows, allowing organizations to manage Just-in-Time (JIT) access and approve temporary privileged sessions for secure, time-limited access to sensitive systems.

Thinfinity’s REST API empowers businesses to integrate remote access solutions with their existing IT infrastructure, ensuring flexibility, security, and automation in managing privileged access.

Directory Services REST API:

Thinfinity’s Directory Services REST API allows organizations to centralize user identity management across multiple sources of authentication. This API enables integration with Active Directory (AD), supporting multiple domains, as well as databases like SQL, Firebird, and Firebase. By leveraging this API, administrators can seamlessly manage user identities and authentication from various identity providers, simplifying the process of granting secure access across complex environments.

This capability is particularly useful for enterprises that require flexible multi-domain or database-based authentication, ensuring that Thinfinity integrates with a wide range of identity management systems, improving efficiency and scalability.

Licensing API:

Thinfinity’s Licensing API provides full control over license management, allowing administrators to create, destroy, and assign licenses programmatically. This API is essential for enterprises and Managed Service Providers (MSPs) that need to efficiently manage licenses across multiple users or customers. By automating the license lifecycle, organizations can streamline provisioning, control access, and ensure compliance, all from a centralized interface.

The Licensing API simplifies complex licensing operations, making it easy to scale deployments and manage resources dynamically based on real-time demand.

OEM – White Labeling

Custom Themes:

costume themes

Thinfinity allows full customization of the web portal, enabling administrators to create multiple themes based on specific users or user groups. This feature supports multi-tenant identity management, making it ideal for enterprises with multiple teams or Managed Service Providers (MSPs) managing different customers. Each identity or user group can have its own branding, theme, and style, providing a personalized experience while maintaining a unified deployment.

The ability to manage multiple identities on a single deployment streamlines operations for organizations with diverse teams, clients, or departments, ensuring efficient and consistent remote access management while enhancing user experience.

OEM:

Thinfinity’s OEM package enables organizations to integrate Thinfinity with larger on-premises systems, supporting scalability and deep integration with enterprise infrastructure. This package is designed for companies that require extensive backend management and need to tailor Thinfinity to meet complex operational needs. With OEM integration, businesses can deploy Thinfinity as part of their internal systems while maintaining full control over customization, security, and resource management.

This capability allows enterprises to leverage Thinfinity’s features while integrating seamlessly with existing solutions, ensuring flexibility and scalability for growing operational demands.

Cookie Preferences
Privacy and Cookie Policies
Cybele Software implements specific policies to enhance your browsing experience while respecting your privacy. When you visit Cybele Software's website, the site uses cookies to personalize your experience. These small files remember your preferences and the details of your repeated visits, aligning closely with Cybele's Privacy Policy.

You have complete control over the cookies used during your visit:
- Accepting All Cookies: You can agree to the use of all cookies by clicking “Accept All.” This provides a smoother, more integrated experience.
- Customizing Cookie Settings: If you prefer to manage your preferences, you can click on "Cookie Settings." This allows you to give controlled consent by selecting which types of cookies you agree to activate.
- Opting Out: You also have the option to opt-out entirely from non-essential cookies. It's important to note that choosing this option might impact your experience on the website, potentially limiting certain functionalities and features.
These features ensure that you can tailor your browsing according to your personal preferences and privacy concerns.