Managing Servers#

Evon Hub provides a Bootstrap script that will connect a server to your Hub. The Bootstrap script can be downloaded via your Hub’s Web UI via the Bootstrap menu, or by using a curl command that you can paste on your server to download directly.

Server connections are resilient and will automatically reconnect to the Hub in case of temporary network connectivity or system outages. Servers obtain a static IPv4 address in the 100.x.y.z range, and also obtain a DNS domain name as soon as they connect.

Once a server is connected, users and other servers will be able to communicate with it provided a Policy allows it. This guide explains how to connect new servers to your Hub.

Connecting a Server#

Log in to your Hub Instance and click Bootstrap from the nav menu. Linux and Windows servers are supported, and a Docker version of bootstrap is available for Linux servers.

Follow the on-screen instructions in your Web UI to install the bootstrap script on your server and connect it to your Hub.

Note that if you wish to connect a system that does not run Windows or Linux system to your Hub, connect as a User and share your device via the users -> device settings page.

All servers obtain a UUID value, visible in the Web UI and API by superusers only. UUID’s can be used in blacklists/whitelists (defined within the Hub’s Configuration) to explicitly allow/deny the system connectivity to the Hub. See the Settings and Configuration section for more info on UUID management.

Requirements for Connectivity#

Your server needs to be able to connect to your Hub on TCP/443 either directly or via a HTTPS proxy for Bootstrap to run successfully. The Bootstrap page of the Web UI includes help regarding proxy setup, as well as uninstallation and other options.

Server Groups#

Servers can be groups into Server Groups by a superuser via the Web UI or API. Groups can be sources or targets of Rules and Policies that govern which hosts a Server can communicate with.

Security#

When Bootstrap is run, it makes an API request via HTTPS to your Hub that must be authenticated using a currently valid API token owned by the deployer user or a superuser. The response will contain the OpenVPN private key used to make the connection. Thus, distributing the bootstrap script alone will is not sufficient to join new systems to your Hub as it can only be used with a current API Token. API tokens can be changed or deleted as needed on your Hub and are managed via the Tokens option in the Web UI nav menu. Their use is described in the Bootstrap page in the Web UI as well as within the API documentation for making other API calls.

Communicating with Connected Servers#

The first time a new server connects to your Hub it will appear in the Servers page in the Web UI. The server will by default will not be accessible by any other system on the hub until a Rule or Policy allows it. If you setup a rule and policy that applies to the built-in “All Server” group, then that rule/policy will govern which hosts can be reached and are reachable by the new server the moment it connects.

After connecting, the server will permanently reside in the Servers list, and it’s connectivity status will be visible in the Web UI and via the server_list API endpoint. It can be added to a Server Group, Rule or Policy that will govern its permissions on the overlay network. See the documentation about Rules and Policies for more information.

Bootstrap Customisation#

The source code of bootstrap.sh contains a custom section near the top of the file that can be edited and used to execute arbitrary commands during install time. A typical operation is to install a common SSH public key into a user’s authorized_keys file so that you can easily SSH to your servers the moment they come online in Evon. Example code exists for adding an SSH public key for your convenience, including explanatory comments.

Listing Connected Servers#

Servers are visible by users either in the Hub’s Web UI or via the API. When a user logs into the Web UI, they will see an aggregated list of servers that they are permitted to use by way of Rules and Policies setup by an admin. Similarly, if a user uses the API with their own API token, they will see a similar list of servers.

Superusers will see a list of all servers on the hub, whether or not they are permitted to connect to them by way of Rules or Policies. The API response for the server_list endpoint will contain an accessible boolean property indicating whether or not such a Rule/Policy exists allowing access.

Example scripts in Bash, Powershell and Python are provided in the Web UI for users who wish to list servers from their CLI.