Revolutionizing RemoteApp Publishing: Secondary Broker Pools vs. Microsoft Collections - A Zero Trust Approach

Secondary Broker Pools: RemoteApp Publishing with a Zero Trust Application Access Approach – A Modern Alternative to Microsoft Collections


In an era where remote access to applications and desktops is essential, companies have traditionally relied on Remote Desktop Services (RDS) collections for desktops and apps publishing. This approach leveraged the compute power of Windows Server to provide cost-effective multi-session environments or leveraged Windows client for a virtual desktop infrastructure (VDI). However, the complexities, security concerns, and administrative overhead associated with Microsoft collections have led to a search for more streamlined solutions.

Enter Secondary Broker pools, particularly within the Thinfinity architecture, a modern alternative that revolutionizes RemoteApp publishing. This article explores how Secondary Broker pools can be leveraged to provide a better and more secure approach, focusing on Zero Trust Application Access (ZTAA), ease of management, and simplifying networking.

Secondary Broker Pools: An Overview

Secondary Broker pools consist of clusters of Secondary Brokers working together to create a load-balancing scenario, pooling applications across multiple servers. Unlike Microsoft collections, Secondary Broker pools offer a streamlined approach aligned with modern security principles such as ZTAA.

Security Advantages: Embracing ZTAA

Zero Trust Application Access (ZTAA)
Secondary Broker pools adhere to ZTAA principles, ensuring that access to applications is never implicitly granted. Continuous verification and authentication mechanisms enhance security, a stark contrast to traditional Microsoft collections.

No Inbound Ports Required
Secondary Broker pools eliminate the need to open inbound ports, reducing potential vulnerabilities and simplifying networking.

Encrypted Connections
All connections through Secondary Broker pools are encrypted, providing an additional layer of security beyond traditional Microsoft collections.
Simplicity to Manage and Administrate

Simplified Deployment
Secondary Broker pools can be deployed across various networks and locations with ease, unlike Microsoft collections, which may require detailed configuration.

Streamlined Administration
Managing Secondary Broker pools is more intuitive and less time-consuming compared to managing Microsoft collections, allowing IT managers to focus on other critical tasks.

Secondary Broker pools offer scalability tailored to organizational needs, providing a flexible solution that can grow with the business.

Comparison with Microsoft Collections

Microsoft collections, part of the Remote Desktop Services (RDS), have been a traditional method for publishing RemoteApps. They offer robust functionality but come with key differences compared to Secondary Broker pools:

Microsoft collections often require detailed configuration and ongoing management, which can be cumbersome for IT teams.
Security Concerns: While Microsoft collections can be secured, the process may not be as straightforward as with Secondary Broker pools, especially concerning Zero Trust principles.

Licensing and Costs
Depending on the scenario, Microsoft collections may involve additional licensing and costs, whereas Secondary Broker pools within the Thinfinity architecture may offer a more cost-effective solution.


Secondary Broker pools represent a modern, secure, and efficient alternative to traditional Microsoft collections for publishing RemoteApps to users. By embracing Zero Trust Application Access (ZTAA), simplifying networking, and offering a more streamlined management experience, they provide organizations with a compelling option that aligns with contemporary security and operational needs.

The shift from traditional Microsoft collections to Secondary Broker pools is not just a technological change but a strategic move towards a more secure and simplified remote application access environment. Organizations seeking to enhance their application virtualization strategy, reduce complexity, and adhere to modern security principles would do well to consider the integration of Secondary Broker pools into their existing infrastructure.