High-Level Design – Infini-Connect

{: .doc-audience-internal}

Design Overview

Infini-Connect is organised into eight planes:

1. Access Plane – VPN, WireGuard, Jumpbox-mediated access
2. Identity Plane – AD/LDAP/OIDC, RBAC, temporal privileges
3. Config Plane – Inventory, config pulls, baselines, drift detection
4. Security Plane – Vulnerability scanning, pentests, segmentation tests
5. Change Plane – Ticketing, approvals, maker/checker, CAB workflows
6. Documentation Plane – Diagrams, flows, PCI evidence packs
7. Infra Plane – GitOps / IaC for firewall rules, jumpboxes, VMs
8. Visibility Plane – Logs, metrics, SIEM, alert correlation

---

Privileged Access – High-Level Sequence

```mermaid sequenceDiagram title Infini-Connect Privileged Access Workflow (HLD) %% audience: internal autonumber participant U as User (Engineer) participant UI as Infini-Connect UI participant CH as Change Service (ic-change) participant AC as Access Service (ic-access) participant IDP as IdP / AD participant AG as Node Agent (on Rack) participant JB as Jumpbox participant SIEM as SIEM / Logger

U->>UI: Submit Change Request (target systems, time window) UI->>CH: Create Change Ticket CH->>CH: Apply workflow (risk, CAB, approvals) CH-->>UI: Ticket Approved

UI->>AC: Request Access Window for Ticket AC->>IDP: Enable JIT admin account / group AC->>AG: Push Access Policy (who, what, when) AG->>JB: Apply RDP/SSH ACLs & local rules AC->>SIEM: Log "Access Window Opened"

U->>UI: Launch remote session via Jumpbox UI->>JB: SSO / RDP / SSH JB->>SIEM: Stream session metadata / audit logs

U->>UI: Mark Change Complete UI->>AC: Close Access Window AC->>IDP: Disable admin account / revert groups AC->>AG: Remove ACLs from Jumpbox AC->>SIEM: Log "Access Window Closed"

CH->>SIEM: Attach evidence (logs, configs, screenshots) CH-->>UI: Ticket Closed with full audit trail