Skip to content

What is DC CORE

DC CORE is a zero-exposure infrastructure platform.

It allows systems to be accessed, managed, and operated without ever being exposed to the internet.

No open ports.
No inbound firewall rules.
No public attack surface.


The Problem with Traditional Infrastructure

Modern infrastructure still relies on outdated assumptions:

  • Services are exposed via public IPs
  • Firewalls are used as the primary defence layer
  • VPNs are required for “secure” access
  • Every open port is a permanent risk

In reality:

Every exposed service is a potential entry point.

Even with:

  • Reverse proxies
  • IP whitelisting
  • VPNs

You are still:

  • Discoverable
  • Routable
  • Attackable

The DC CORE Model

DC CORE replaces this model entirely.

Instead of exposing services:

Everything connects outbound into a controlled mesh.

Core Principles

  • Outbound-only connectivity
    Devices initiate connections. Never accept them.

  • Relay-mediated access
    All traffic flows through controlled relay infrastructure.

  • End-to-end encrypted sessions
    Communication is secured at the session layer — not just TLS.

  • No direct network exposure
    Devices are never publicly addressable.


How It Works (High Level)

  1. A device runs the DC CORE runtime
  2. It establishes an outbound connection to the relay network
  3. The control plane (Central) authorises access
  4. Sessions are created and encrypted end-to-end
  5. Traffic flows through the mesh — never directly exposed

No inbound ports.
No direct IP access.
No traditional perimeter.


Core Components

Central (Control Plane)

  • Session orchestration
  • Authentication & policy
  • Key management
  • Device coordination

Central is the only authority that can establish secure sessions.


Relays (Network Layer)

  • Global mesh of entry points
  • Stateless routing layer (L0)
  • Session-aware encrypted channels (L1)
  • Intelligent routing & caching

Relays do not terminate trust — they only transport encrypted data.


Agents (dcc_runtime)

  • Runs on devices
  • Establishes outbound connections
  • Executes remote operations
  • Handles file, terminal, and desktop sessions

Agents are the execution layer of the platform.


Sessions (L1)

  • Ephemeral, encrypted communication channels
  • Established via Central
  • Rekeyed dynamically
  • Fully end-to-end encrypted

Even relays cannot inspect session contents.


What This Replaces

DC CORE is not an addition — it’s a replacement layer.

Traditional ComponentDC CORE Equivalent
VPNEncrypted mesh sessions
Port forwardingRelay-mediated access
Bastion hostsCentral + session model
Public ingressControlled relay entry
Firewall exposureNo exposure at all

Security Model

DC CORE is built on a zero-exposure architecture:

  • No inbound access paths
  • No public services to scan
  • No IP-level trust assumptions
  • Cryptographic session enforcement

Access is defined by:

  • Identity
  • Session authorisation
  • Key ownership

Not by:

  • Network location
  • IP address
  • Open ports

Performance Characteristics

Despite the additional security layer:

  • Persistent connections reduce latency
  • Intelligent relay routing optimises paths
  • Session reuse eliminates repeated handshakes

In many cases:

Time-to-first-byte matches or exceeds traditional public setups.


Why It Matters

Infrastructure has been built around the idea of defending exposed systems.

DC CORE flips that model:

Systems should not be exposed in the first place.

This changes everything:

  • Attack surface becomes near-zero
  • Lateral movement is eliminated
  • Access becomes fully controlled and auditable
  • Infrastructure becomes portable and location-independent

Who It’s For

DC CORE is designed for:

  • Infrastructure providers
  • MSPs and managed environments
  • Security-conscious organisations
  • Developers building distributed systems

In One Sentence

DC CORE is a platform that lets you run infrastructure without ever exposing it to the internet.


Next Steps