-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Setup keys access internal resources autoscaled env (#242)
- Loading branch information
1 parent
42a4342
commit 0f1ca88
Showing
38 changed files
with
479 additions
and
0 deletions.
There are no files selected for viewing
Binary file added
BIN
+130 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-0-01.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+111 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-0-02.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+133 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-0-03.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+126 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-01.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+126 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-02.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+165 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-03.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+150 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-04.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+146 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-05.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+50.4 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-06.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+75.7 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-07.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+171 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-08.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+147 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-09.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+56.4 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-10.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+78.5 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-11.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+142 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-12.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+78.4 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-13.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+50.5 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-14.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+69.6 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-15.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+96.6 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-16.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+193 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-17.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+122 KB
...s-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-18.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+606 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-01.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+327 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-02.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+577 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-03.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+462 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-04.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added
BIN
+464 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-05.png
Oops, something went wrong.
Binary file added
BIN
+263 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-06.png
Oops, something went wrong.
Binary file added
BIN
+538 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-07.png
Oops, something went wrong.
Binary file added
BIN
+458 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-08.png
Oops, something went wrong.
Binary file added
BIN
+286 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-09.png
Oops, something went wrong.
Binary file added
BIN
+276 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-10.png
Oops, something went wrong.
Binary file added
BIN
+315 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-11.png
Oops, something went wrong.
Binary file added
BIN
+361 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-12.png
Oops, something went wrong.
Binary file added
BIN
+344 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-13.png
Oops, something went wrong.
Binary file added
BIN
+280 KB
...to-guides/setup-keys-access-internal-resources-autoscaled-env/autoscaled-14.png
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
331 changes: 331 additions & 0 deletions
331
src/pages/how-to/access-internal-resources-from-autoscaled-environments.mdx
Large diffs are not rendered by default.
Oops, something went wrong.
144 changes: 144 additions & 0 deletions
144
src/pages/how-to/peer-approval-for-remote-worker-access.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,144 @@ | ||
# Peer Approval for Remote Worker Access with NetBird | ||
|
||
For organizations embracing remote work, ensuring secure network access for distributed teams is a paramount challenge. Traditionally, VPNs and remote desktop solutions have been the standard for granting access to company resources. However, these methods often fall short in today's dynamic work environment, especially when dealing with freelancers and temporary workers. | ||
|
||
The conventional approach to remote worker access presents several security and operational challenges: | ||
|
||
* **Increased Security Risks**: Granting blanket access to network resources can expose sensitive data to potential breaches, especially when dealing with external collaborators. | ||
* **Device Management Complexity**: Ensuring that only authorized and secure devices connect to the network becomes increasingly difficult as the number of remote workers grows. | ||
* **Lack of Granular Control**: Traditional solutions often lack the flexibility to implement fine-grained access policies based on user roles and device trust levels. | ||
* **Scalability Issues**: As teams expand and contract, managing access for a fluctuating workforce can become a time-consuming and error-prone process. | ||
|
||
This guide introduces NetBird's Peer Approval as a robust solution for secure remote worker access by: | ||
|
||
* **Implementing Zero-Trust Principles**: Ensuring that every device and user is verified before granting network access, regardless of their location. | ||
* **Simplifying Device Trust Management**: Providing a streamlined process for approving and managing trusted devices within the network. | ||
* **Enhancing Access Control**: Offering granular control over network resources, allowing organizations to tailor access based on user roles and device status. | ||
* **Improving Scalability**: Facilitating easy onboarding and offboarding of remote workers, including freelancers, without compromising network security. | ||
|
||
Let's explore the step-by-step process of implementing [Peer Approval with NetBird](https://docs.netbird.io/how-to/approve-peers) to ensure that only trusted devices can access your network. | ||
|
||
## Prerequisites | ||
|
||
To replicate this use case, you'll need the following prerequisites: | ||
|
||
* An main [NetBird account](https://app.netbird.io/) with administrative privileges. | ||
* A secondary email address not linked to any NetBird account to simulate the freelancer's email. | ||
* [NetBird installed](https://docs.netbird.io/how-to/installation) on the main device. | ||
|
||
With these prerequisites in place, you're ready to simulate granting network access to a temporary remote worker using NetBird's Peer Approval feature by: | ||
|
||
1. Setting up NetBird's access control policies for enhanced security | ||
2. Enabling peer approval | ||
3. Inviting users to join your network | ||
4. Installing NetBird on the remote worker device | ||
5. Approving peers | ||
6. Automating peer approval with EDR integration (optional) | ||
|
||
## 1. Setting Up NetBird's Access Control Policies For Enhanced Security | ||
|
||
Before onboarding remote workers, ensure your organization has appropriate [access control policies](https://docs.netbird.io/how-to/manage-network-access) in place. Adhering to zero-trust principles, create or modify policies to grant new users access only to necessary resources. | ||
|
||
Navigate to `Access Control > Policies` in the NetBird admin console, then click `Add Policy` or edit an existing one to define these restrictions. Here's a sample policy that grant any member of the `Freelancers` group access to the resources in the group `On-Premise-DB`. | ||
|
||
![NetBird Freelancer Access Control Policy](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-0-01.png) | ||
|
||
If necessary, you can also set [posture checks](https://docs.netbird.io/how-to/manage-posture-checks) for this policy. | ||
|
||
![NetBird Freelancer Posture Check](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-0-02.png) | ||
|
||
Moreover, it is a best practice to disable the `Default` policy to enforce only restrictive, custom-defined access controls. | ||
|
||
![NetBird Access Policy View](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-0-03.png) | ||
|
||
With appropriate access policies in place, you're ready to enable NetBird's Peer Approval feature. | ||
|
||
## 2. Enabling Peer Approval | ||
|
||
To enable peer approval, go to `Settings > Authentication` and activate the `Peer approval` toggle, then click `Save Changes`. | ||
|
||
![NetBird Freelancer Device Dashboard](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-02.png) | ||
|
||
With `Peer Approval` activated, new members will see an `Approval required` message when joining. Administrators must grant access, ensuring only vetted users enter the NetBird network, thus enhancing overall security. | ||
|
||
## 3. Inviting Users to Join Your Network | ||
|
||
To invite a new user to join your NetBird network, go to `Team > Users` and click the `Invite User` button. | ||
|
||
![NetBird Invite Users](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-03.png) | ||
|
||
A pop-up window appears for new user registration. Enter the user's name, email address, and select the `Freelancers` group from the dropdown menu. NetBird's auto-assignment feature instantly links the new user to the `Freelancers` group upon network entry, automatically applying the associated access policy you just created. | ||
|
||
![NetBird Invite User Pop Up](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-04.png) | ||
|
||
After clicking `Send Invitation`, you'll return to the `Users` dashboard. Here, the new user appears with a `Pending` status, awaiting their acceptance of the invitation and any required approvals. | ||
|
||
![NetBird New User Pending](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-05.png) | ||
|
||
## 4. Installing NetBird On The Remote Worker Device | ||
|
||
Access the secondary email account used to mimic the freelancer. In the inbox, locate the invitation email from NetBird. This email contains a secure link to join your organization's NetBird network, initiating the freelancer's onboarding process. | ||
|
||
![Email NetBird Invitation](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-06.png) | ||
|
||
After clicking the invitation link, you'll be directed to NetBird's secure account creation page. Follow the on-screen instructions to create a new password. | ||
|
||
![NetBird Login](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-07.png) | ||
|
||
Upon logging in, you'll arrive at NetBird's Peers dashboard. Locate and click the `Add Peer` button to initiate the [Getting Started](https://docs.netbird.io/how-to/getting-started) Wizard, which guides you through the process of adding a new device to the network. | ||
|
||
![NetBird Freelancer Peers Dashboard](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-08.png) | ||
|
||
The wizard will detect your operating system and provide detailed step-by-step instructions on how to [install NetBird](https://docs.netbird.io/how-to/installation). | ||
|
||
![NetBird Freelancer Install Client](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-09.png) | ||
|
||
During your initial connection to NetBird, a system dialog will appear requesting authorization. This prompt asks for permission to access your profile and email information, which is necessary for NetBird to establish your account and network access. | ||
|
||
![NetBird Authorize App](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-10.png) | ||
|
||
After completing the installation, your device will appear in the Peers dashboard. Hover over the `+1` in the `Assigned Groups` column to confirm the device has automaticaclly assigned to the `Freelancers` group as expected. | ||
|
||
![NetBird Freelancer Peers Listed](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-11.png) | ||
|
||
## 5. Approving Peers | ||
|
||
Back to your primary account, you'll notice the newly added user's status is now displayed as `Active` in the `Users` dashboard. This status update confirms that the device has successfully added to the NetBird network and is ready for secure communication. | ||
|
||
![NetBird Peers Dashboard](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-12.png) | ||
|
||
However, your approval is required before the user's device can fully connect to the NetBird network. To grant network access: | ||
|
||
* Navigate to the `Peers` dashboard | ||
* Locate the newly added device | ||
* Click the `Approve` button next to the device | ||
* Confirm the action when prompted | ||
|
||
![NetBird Approve New Peer](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-13.png) | ||
|
||
After approval, the device is granted full access to network resources allocated to the `Freelancers` group. The freelancer can now view all accessible network resources in their `Peers` dashboard: | ||
|
||
![NetBird Freelancer Peers View](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-16.png) | ||
|
||
Likewise, as an administrator, you can click on the user's device to see which resources and peers the freelancer has access to. | ||
|
||
![NetBird Main Account Peers View](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-17.png) | ||
|
||
## 6. Automating Peer Approval with EDR Integration (optional) | ||
|
||
NetBird's EDR (Endpoint Detection and Response) integration enhances network security by restricting access to devices managed by your organization's IT department. This feature synchronizes the list of devices managed by the EDR platform via API and verifies the presence of the EDR agent on each device. If the agent is not installed, access to the network is blocked. | ||
|
||
Key aspects of NetBird's EDR integration: | ||
|
||
* Supports [CrowdStrike Falcon](https://www.crowdstrike.com/products) | ||
* Allows selective application of EDR checks to specific device groups | ||
* Automates peer approval process for trusted devices | ||
* Available only in the cloud version of NetBird | ||
|
||
To activate this feature, navigate to `Integrations > EDR` and activate the CrowdStrike integration toggle. | ||
|
||
![NetBird EDR Integration](/public/docs-static/img/how-to-guides/peer-approval-for-remote-worker-access/peer-a-18.png) | ||
|
||
For more information regarding NetBird's EDR integration, refer to the [documentation](https://docs.netbird.io/how-to/endpoint-detection-and-response) | ||
|
||
|