mirror of
https://github.com/netbirdio/docs.git
synced 2026-04-18 08:26:35 +00:00
Peer approval for remote worker access (#241)
This commit is contained in:
Damaso Sanoja
@@ -64,6 +64,10 @@ export const docsNavigation = [
|
|||||||
title: 'Access from Kubernetes',
|
title: 'Access from Kubernetes',
|
||||||
href: '/how-to/access-internal-resources-from-autoscaled-environments'
|
href: '/how-to/access-internal-resources-from-autoscaled-environments'
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
title: 'Peer Approval for Remote Access',
|
||||||
|
href: '/how-to/peer-approval-for-remote-worker-access'
|
||||||
|
},
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -21,7 +21,7 @@ Let's dive into the process of using NetBird to manage network access in an auto
|
|||||||
To replicate this use case, you'll need:
|
To replicate this use case, you'll need:
|
||||||
|
|
||||||
* A [NetBird account](https://app.netbird.io/)
|
* A [NetBird account](https://app.netbird.io/)
|
||||||
* [NetBird](https://docs.netbird.io/how-to/installation) installed on your local machine
|
* [NetBird](/how-to/installation) installed on your local machine
|
||||||
* A Kubernetes cluster (local or cloud-based)
|
* A Kubernetes cluster (local or cloud-based)
|
||||||
* `kubectl` installed and configured on your local machine
|
* `kubectl` installed and configured on your local machine
|
||||||
* [Kubernetes metrics server](https://github.com/kubernetes-sigs/metrics-server)
|
* [Kubernetes metrics server](https://github.com/kubernetes-sigs/metrics-server)
|
||||||
@@ -40,7 +40,7 @@ This process will demonstrate how NetBird simplifies secure network access in au
|
|||||||
|
|
||||||
## 1. Creating a NetBird Setup Key for Kubernetes
|
## 1. Creating a NetBird Setup Key for Kubernetes
|
||||||
|
|
||||||
The first step in this process is [creating a NetBird setup key](https://docs.netbird.io/how-to/register-machines-using-setup-keys) for your Kubernetes cluster. This setup key serves as a secure authentication token, allowing your cluster's pods to join your NetBird network seamlessly.
|
The first step in this process is [creating a NetBird setup key](/how-to/register-machines-using-setup-keys) for your Kubernetes cluster. This setup key serves as a secure authentication token, allowing your cluster's pods to join your NetBird network seamlessly.
|
||||||
|
|
||||||
To create an appropriate setup key for this use case:
|
To create an appropriate setup key for this use case:
|
||||||
|
|
||||||
@@ -113,7 +113,7 @@ Once you save your policy, it is a good practice to disable or modify the defaul
|
|||||||
|
|
||||||
This tailored access policy ensures that only authorized devices (your local machine) can communicate with the Kubernetes cluster, significantly improving your network's security posture. As your environment scales, this policy will automatically apply to new pods, maintaining consistent access control.
|
This tailored access policy ensures that only authorized devices (your local machine) can communicate with the Kubernetes cluster, significantly improving your network's security posture. As your environment scales, this policy will automatically apply to new pods, maintaining consistent access control.
|
||||||
|
|
||||||
For more detailed information on configuring access policies, refer to the [NetBird Access Policies documentation](https://docs.netbird.io/how-to/manage-network-access).
|
For more detailed information on configuring access policies, refer to the [NetBird Access Policies documentation](/how-to/manage-network-access).
|
||||||
|
|
||||||
## 4. Deploying a Sample Application with NetBird Agent
|
## 4. Deploying a Sample Application with NetBird Agent
|
||||||
|
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ This guide introduces NetBird's Peer Approval as a robust solution for secure re
|
|||||||
* **Enhancing Access Control**: Offering granular control over network resources, allowing organizations to tailor access based on user roles and device status.
|
* **Enhancing Access Control**: Offering granular control over network resources, allowing organizations to tailor access based on user roles and device status.
|
||||||
* **Improving Scalability**: Facilitating easy onboarding and offboarding of remote workers, including freelancers, without compromising network security.
|
* **Improving Scalability**: Facilitating easy onboarding and offboarding of remote workers, including freelancers, without compromising network security.
|
||||||
|
|
||||||
Let's explore the step-by-step process of implementing [Peer Approval with NetBird](https://docs.netbird.io/how-to/approve-peers) to ensure that only trusted devices can access your network.
|
Let's explore the step-by-step process of implementing [Peer Approval with NetBird](/how-to/approve-peers) to ensure that only trusted devices can access your network.
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
@@ -24,7 +24,7 @@ To replicate this use case, you'll need the following prerequisites:
|
|||||||
|
|
||||||
* An main [NetBird account](https://app.netbird.io/) with administrative privileges.
|
* An main [NetBird account](https://app.netbird.io/) with administrative privileges.
|
||||||
* A secondary email address not linked to any NetBird account to simulate the freelancer's email.
|
* A secondary email address not linked to any NetBird account to simulate the freelancer's email.
|
||||||
* [NetBird installed](https://docs.netbird.io/how-to/installation) on the main device.
|
* [NetBird installed](/how-to/installation) on the main device.
|
||||||
|
|
||||||
With these prerequisites in place, you're ready to simulate granting network access to a temporary remote worker using NetBird's Peer Approval feature by:
|
With these prerequisites in place, you're ready to simulate granting network access to a temporary remote worker using NetBird's Peer Approval feature by:
|
||||||
|
|
||||||
@@ -37,19 +37,19 @@ With these prerequisites in place, you're ready to simulate granting network acc
|
|||||||
|
|
||||||
## 1. Setting Up NetBird's Access Control Policies For Enhanced Security
|
## 1. Setting Up NetBird's Access Control Policies For Enhanced Security
|
||||||
|
|
||||||
Before onboarding remote workers, ensure your organization has appropriate [access control policies](https://docs.netbird.io/how-to/manage-network-access) in place. Adhering to zero-trust principles, create or modify policies to grant new users access only to necessary resources.
|
Before onboarding remote workers, ensure your organization has appropriate [access control policies](/how-to/manage-network-access) in place. Adhering to zero-trust principles, create or modify policies to grant new users access only to necessary resources.
|
||||||
|
|
||||||
Navigate to `Access Control > Policies` in the NetBird admin console, then click `Add Policy` or edit an existing one to define these restrictions. Here's a sample policy that grant any member of the `Freelancers` group access to the resources in the group `On-Premise-DB`.
|
Navigate to `Access Control > Policies` in the NetBird admin console, then click `Add Policy` or edit an existing one to define these restrictions. Here's a sample policy that grant any member of the `Freelancers` group access to the resources in the group `On-Premise-DB`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
If necessary, you can also set [posture checks](https://docs.netbird.io/how-to/manage-posture-checks) for this policy.
|
If necessary, you can also set [posture checks](/how-to/manage-posture-checks) for this policy.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Moreover, it is a best practice to disable the `Default` policy to enforce only restrictive, custom-defined access controls.
|
Moreover, it is a best practice to disable the `Default` policy to enforce only restrictive, custom-defined access controls.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
With appropriate access policies in place, you're ready to enable NetBird's Peer Approval feature.
|
With appropriate access policies in place, you're ready to enable NetBird's Peer Approval feature.
|
||||||
|
|
||||||
@@ -57,7 +57,7 @@ With appropriate access policies in place, you're ready to enable NetBird's Peer
|
|||||||
|
|
||||||
To enable peer approval, go to `Settings > Authentication` and activate the `Peer approval` toggle, then click `Save Changes`.
|
To enable peer approval, go to `Settings > Authentication` and activate the `Peer approval` toggle, then click `Save Changes`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
With `Peer Approval` activated, new members will see an `Approval required` message when joining. Administrators must grant access, ensuring only vetted users enter the NetBird network, thus enhancing overall security.
|
With `Peer Approval` activated, new members will see an `Approval required` message when joining. Administrators must grant access, ensuring only vetted users enter the NetBird network, thus enhancing overall security.
|
||||||
|
|
||||||
@@ -65,47 +65,47 @@ With `Peer Approval` activated, new members will see an `Approval required` mess
|
|||||||
|
|
||||||
To invite a new user to join your NetBird network, go to `Team > Users` and click the `Invite User` button.
|
To invite a new user to join your NetBird network, go to `Team > Users` and click the `Invite User` button.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
A pop-up window appears for new user registration. Enter the user's name, email address, and select the `Freelancers` group from the dropdown menu. NetBird's auto-assignment feature instantly links the new user to the `Freelancers` group upon network entry, automatically applying the associated access policy you just created.
|
A pop-up window appears for new user registration. Enter the user's name, email address, and select the `Freelancers` group from the dropdown menu. NetBird's auto-assignment feature instantly links the new user to the `Freelancers` group upon network entry, automatically applying the associated access policy you just created.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
After clicking `Send Invitation`, you'll return to the `Users` dashboard. Here, the new user appears with a `Pending` status, awaiting their acceptance of the invitation and any required approvals.
|
After clicking `Send Invitation`, you'll return to the `Users` dashboard. Here, the new user appears with a `Pending` status, awaiting their acceptance of the invitation and any required approvals.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## 4. Installing NetBird On The Remote Worker Device
|
## 4. Installing NetBird On The Remote Worker Device
|
||||||
|
|
||||||
Access the secondary email account used to mimic the freelancer. In the inbox, locate the invitation email from NetBird. This email contains a secure link to join your organization's NetBird network, initiating the freelancer's onboarding process.
|
Access the secondary email account used to mimic the freelancer. In the inbox, locate the invitation email from NetBird. This email contains a secure link to join your organization's NetBird network, initiating the freelancer's onboarding process.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
After clicking the invitation link, you'll be directed to NetBird's secure account creation page. Follow the on-screen instructions to create a new password.
|
After clicking the invitation link, you'll be directed to NetBird's secure account creation page. Follow the on-screen instructions to create a new password.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Upon logging in, you'll arrive at NetBird's Peers dashboard. Locate and click the `Add Peer` button to initiate the [Getting Started](https://docs.netbird.io/how-to/getting-started) Wizard, which guides you through the process of adding a new device to the network.
|
Upon logging in, you'll arrive at NetBird's Peers dashboard. Locate and click the `Add Peer` button to initiate the [Getting Started](/how-to/getting-started) Wizard, which guides you through the process of adding a new device to the network.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
The wizard will detect your operating system and provide detailed step-by-step instructions on how to [install NetBird](https://docs.netbird.io/how-to/installation).
|
The wizard will detect your operating system and provide detailed step-by-step instructions on how to [install NetBird](/how-to/installation).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
During your initial connection to NetBird, a system dialog will appear requesting authorization. This prompt asks for permission to access your profile and email information, which is necessary for NetBird to establish your account and network access.
|
During your initial connection to NetBird, a system dialog will appear requesting authorization. This prompt asks for permission to access your profile and email information, which is necessary for NetBird to establish your account and network access.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
After completing the installation, your device will appear in the Peers dashboard. Hover over the `+1` in the `Assigned Groups` column to confirm the device has automaticaclly assigned to the `Freelancers` group as expected.
|
After completing the installation, your device will appear in the Peers dashboard. Hover over the `+1` in the `Assigned Groups` column to confirm the device has automaticaclly assigned to the `Freelancers` group as expected.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## 5. Approving Peers
|
## 5. Approving Peers
|
||||||
|
|
||||||
Back to your primary account, you'll notice the newly added user's status is now displayed as `Active` in the `Users` dashboard. This status update confirms that the device has successfully added to the NetBird network and is ready for secure communication.
|
Back to your primary account, you'll notice the newly added user's status is now displayed as `Active` in the `Users` dashboard. This status update confirms that the device has successfully added to the NetBird network and is ready for secure communication.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
However, your approval is required before the user's device can fully connect to the NetBird network. To grant network access:
|
However, your approval is required before the user's device can fully connect to the NetBird network. To grant network access:
|
||||||
|
|
||||||
@@ -114,15 +114,15 @@ However, your approval is required before the user's device can fully connect to
|
|||||||
* Click the `Approve` button next to the device
|
* Click the `Approve` button next to the device
|
||||||
* Confirm the action when prompted
|
* Confirm the action when prompted
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
After approval, the device is granted full access to network resources allocated to the `Freelancers` group. The freelancer can now view all accessible network resources in their `Peers` dashboard:
|
After approval, the device is granted full access to network resources allocated to the `Freelancers` group. The freelancer can now view all accessible network resources in their `Peers` dashboard:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Likewise, as an administrator, you can click on the user's device to see which resources and peers the freelancer has access to.
|
Likewise, as an administrator, you can click on the user's device to see which resources and peers the freelancer has access to.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## 6. Automating Peer Approval with EDR Integration (optional)
|
## 6. Automating Peer Approval with EDR Integration (optional)
|
||||||
|
|
||||||
@@ -137,8 +137,8 @@ Key aspects of NetBird's EDR integration:
|
|||||||
|
|
||||||
To activate this feature, navigate to `Integrations > EDR` and activate the CrowdStrike integration toggle.
|
To activate this feature, navigate to `Integrations > EDR` and activate the CrowdStrike integration toggle.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
For more information regarding NetBird's EDR integration, refer to the [documentation](https://docs.netbird.io/how-to/endpoint-detection-and-response)
|
For more information regarding NetBird's EDR integration, refer to the [documentation](/how-to/endpoint-detection-and-response)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user