What is DC CORE
DC CORE is a zero-exposure infrastructure platform.
It allows systems to be accessed, managed, and operated without ever being exposed to the internet.
No open ports.
No inbound firewall rules.
No public attack surface.
The Problem with Traditional Infrastructure
Modern infrastructure still relies on outdated assumptions:
- Services are exposed via public IPs
- Firewalls are used as the primary defence layer
- VPNs are required for “secure” access
- Every open port is a permanent risk
In reality:
Every exposed service is a potential entry point.
Even with:
- Reverse proxies
- IP whitelisting
- VPNs
You are still:
- Discoverable
- Routable
- Attackable
The DC CORE Model
DC CORE replaces this model entirely.
Instead of exposing services:
Everything connects outbound into a controlled mesh.
Core Principles
Outbound-only connectivity
Devices initiate connections. Never accept them.Relay-mediated access
All traffic flows through controlled relay infrastructure.End-to-end encrypted sessions
Communication is secured at the session layer — not just TLS.No direct network exposure
Devices are never publicly addressable.
How It Works (High Level)
- A device runs the DC CORE runtime
- It establishes an outbound connection to the relay network
- The control plane (Central) authorises access
- Sessions are created and encrypted end-to-end
- Traffic flows through the mesh — never directly exposed
No inbound ports.
No direct IP access.
No traditional perimeter.
Core Components
Central (Control Plane)
- Session orchestration
- Authentication & policy
- Key management
- Device coordination
Central is the only authority that can establish secure sessions.
Relays (Network Layer)
- Global mesh of entry points
- Stateless routing layer (L0)
- Session-aware encrypted channels (L1)
- Intelligent routing & caching
Relays do not terminate trust — they only transport encrypted data.
Agents (dcc_runtime)
- Runs on devices
- Establishes outbound connections
- Executes remote operations
- Handles file, terminal, and desktop sessions
Agents are the execution layer of the platform.
Sessions (L1)
- Ephemeral, encrypted communication channels
- Established via Central
- Rekeyed dynamically
- Fully end-to-end encrypted
Even relays cannot inspect session contents.
What This Replaces
DC CORE is not an addition — it’s a replacement layer.
| Traditional Component | DC CORE Equivalent |
|---|---|
| VPN | Encrypted mesh sessions |
| Port forwarding | Relay-mediated access |
| Bastion hosts | Central + session model |
| Public ingress | Controlled relay entry |
| Firewall exposure | No exposure at all |
Security Model
DC CORE is built on a zero-exposure architecture:
- No inbound access paths
- No public services to scan
- No IP-level trust assumptions
- Cryptographic session enforcement
Access is defined by:
- Identity
- Session authorisation
- Key ownership
Not by:
- Network location
- IP address
- Open ports
Performance Characteristics
Despite the additional security layer:
- Persistent connections reduce latency
- Intelligent relay routing optimises paths
- Session reuse eliminates repeated handshakes
In many cases:
Time-to-first-byte matches or exceeds traditional public setups.
Why It Matters
Infrastructure has been built around the idea of defending exposed systems.
DC CORE flips that model:
Systems should not be exposed in the first place.
This changes everything:
- Attack surface becomes near-zero
- Lateral movement is eliminated
- Access becomes fully controlled and auditable
- Infrastructure becomes portable and location-independent
Who It’s For
DC CORE is designed for:
- Infrastructure providers
- MSPs and managed environments
- Security-conscious organisations
- Developers building distributed systems
In One Sentence
DC CORE is a platform that lets you run infrastructure without ever exposing it to the internet.