Getting Started is Easy

We'll walk you through the simple steps below to spin up your first network.

 

1. PREREQUISITES

Sign up for an AWS account, then subscribe to the NetFoundry platform in the AWS Marketplace. If you don't have a NetFoundry account yet, sign up for one. These are all free.

Screenshot.png

Sign up for an AWS Account

Click Here

Subscribe in AWS Marketplace

Click Here

Sign up for NetFoundry

Click Here

2. CREATING A NETWORK

  • Log in to your NetFoundry Console at https://nfconsole.io/.
  • Once logged in, you will be prompted to create your network.
  • Give your network a name.
  • Hit Create My Network to commence the provisioning of your network.
  • It will take approximately 5-10 minutes for the network provisioning to complete. Once your network is ready, you will see the spinning globe icon turning green.

mceclip9.png

3. CREATING AN EDGE ROUTER

A. Adding a NetFoundry-hosted Edge Router

  • From your Network Dashboard page, navigate to Edge Routers.
  • Under the Manage Edge Routers tab, click on the + sign at the upper right to add an edge router.
  • Give your edge router a name.
  • Give your edge router a router attribute (optional). Router attributes are tags applied to a router. Apply the same tag to other routers to form a group of routers. For this demo, we will use #demopublic.
  • Select NetFoundry Hosted as your hosting type, and choose the Data Center region that is close to where your endpoints are located.
  • Hit Create to commence the provisioning of your edge router.
  • Once your edge router is registered, it will start accepting outbound fabric connections from a private-launched edge router, as well as from clients accessing the fabric.

mceclip10.png

mceclip11.png

B. Adding a Customer-hosted Edge Router

  • From your Network Dashboard page, navigate to Edge Routers.
  • Under the Manage Edge Routers tab, click on the + sign at the upper-right to add an edge router.
  • Give your edge router a name.
  • Give your edge router a router attribute (optional). Router attributes are tags applied to a router. Apply the same tag to other routers to form a group of routers. For this demo, we will use #demopublic.
  • Select Customer Hosted as your hosting type.
  • Hit Create to complete the process.
  • Copy your edge router registration key. You may also opt to save it as a JWT or a config file.
  • Download your VM here: https://netfoundry.io/resources/support/downloads/networkversion7/#zitirouters
mceclip12.png
mceclip13.png
mceclip14.png

C. Launching your Edge Router in AWS via CloudFormation

  • Click here to launch the AWS CloudFormation stack. This will automatically launch the AWS CloudFormation console (it will prompt you to sign in if you're not yet logged in). Check at the upper-left corner of your AWS Console that you are in the same region as with your edge router in the NetFoundry console.
  • Once logged in to the AWS CloudFormation console, you will notice the template is already filled in. Click Next to continue.
  • Paste your router registration key in the appropriate field, and then click Next to continue.
  • On the Configure Stack Options page, leave all as default. Click Next to continue.
  • From the Review page, click on Create Stack at the bottom to launch the stack.
  • This CloudFormation script will create a simple VPC, a subnet, a routing table, an internet gateway, and two EC2 instances, a (1) t2.micro for the Hello World webpage and a (2) t2.micro for the NetFoundry Zero Trust Networking Platform VM along with a security group, to allow port 80 (HTTP) from anywhere to the Demo App. 
  • Once the stack is launched, go to the CloudFormation "Output" section of the stack created. There you will find the internal IP address of the Demo App you will use for the next section. You may also test the external URL of the Demo App to ensure it is accessible. The internal URL will only work once the NFN network is complete (i.e. approximately 2-3 minutes).
  • The CloudFormation script will launch in the last region your account was signed in. If you would like to launch it in a different region, simply switch regions from the drop-down menu. Please be sure you are launching in the same region where your NetFoundry Edge Router is.

 

4. CREATING AN ENDPOINT

  • From your Network Dashboard page, navigate to Endpoints.
  • Under the Manage Endpoints tab, click on the + sign at the upper right to add an endpoint.
  • Give your endpoint a name.
  • Give your edge router an endpoint attribute. Endpoint attributes are tags applied to an endpoint. Apply the same tag to other services to form a group of endpoints. For this demo, we will add #demouser.
  • Hit Create to complete the process.
  • You may download your registration key in .jwt file format or scan the client registration key QR code.
  • Download an installer for your operating system here: https://netfoundry.io/resources/support/downloads/networkversion7/#zititunnelers

mceclip0.png

 

5. CREATING AN EDGE ROUTER POLICY

  • From your Network Dashboard page, navigate to Edge Routers.
  • Under the Manage Edge Routers Policies tab, click on the + sign at the upper right to add a policy. An Edge Router Policy allows a specific endpoint or group of endpoints to have access to a specific edge router or group of edge routers.
  • Give your edge router policy a name.
  • In the Edge Router Attributes field, specify the edge routers to be associated with this policy. For this demo, we will add the #demopublic router attribute to select all edge routers having that router attribute.
  • In the Endpoint Attributes field, specify the endpoints to be associated with this policy. For this demo, we will add the #demouser endpoint attribute to select all endpoints having that endpoint attribute.
  • Hit Create to complete the process.

mceclip2.png

6. CREATING A SERVICE

  • From your Network Dashboard page, navigate to Services.
  • Under the Manage Services tab, click on the + sign at the upper right to add a service.
  • Choose the type of your service. Clicking on Advanced Services allows you to create services with IP/Port ranges. For this demo, we will use Simple Service as the service type.
  • Give your service a service attribute (optional). Service Attributes are tags applied to a service. Apply the tag to other services to form a group of services. For this demo, we will add #demoservice.
  • In the Edge Router Attributes field, specify the edge routers participating in this service. If all edge routers, then leave this field blank. 
  • In the Client Configuration box, type in mydemoapp.ziti for the Intercept Host Name/IP field and 80 for the Port field.
  • Toggle the Native Application SDK Based to No.
  • In the Host Configuration box, select Endpoint Hosted as your service host.
  • Select the associated endpoints capable of accepting connections from clients.
  • Select TCP for the Protocol Type.
  • In the Host Name/IP field, enter the IP address for the demo server. This is the internal IP address from the AWS CloudFormation stack output.
  • Use 80 for the Port field.
  • Hit Create to complete the process.

mceclip4.png

 

7. CREATING AN AppWAN

  • From your Network Dashboard page, navigate to Services.
  • Under the Manage AppWANs tab, click on the + sign at the upper right to add an AppWAN.
  • Give your AppWAN a name.
  • In the Service Attributes field, specify the services or service groups to be associated with this AppWAN. For this demo, we will add the #demoservice service attribute to select all services having that service attribute.
  • In the Edge Router Attributes field, specify the edge routers to be associated with this policy. For this demo, we will add the #demopublic router attribute to select all edge routers having that router attribute.
  • In the Endpoint Attributes field, specify the endpoints to be associated with this policy. For this demo, we will add the #demouser endpoint attribute to select all endpoints having that endpoint attribute.
  • Hit Create to complete the process.

mceclip5.png

 

8. INSTALLING A ZITI EDGE CLIENT

Note: You must have an endpoint already created for you via the NetFoundry console. If not, follow all the instructions laid out in CREATING AN ENDPOINT section above before proceeding in this section.

  • Download an installer for your operating system here: https://netfoundry.io/resources/support/downloads/networkversion7/#zititunnelers
  • Run the .exe file and complete the installation process.
  • Confirm that your Ziti Desktop Edge Client is in Start mode before adding your JWT (registration key). In case you deleted or failed to download your JWT, you may download one by going back to Manage Endpoints > click on your endpoint > hit Download Key.
  • Click on Add Identity and select your recently downloaded JWT (registration key). Please know that registration keys are for one-time use only. Once registered, it cannot be reused.
  • After few seconds, your Ziti Edge Client should now be enabled and running.

9. TEST CONNECTION WITH THE HELLOW WORLD WEBPAGE

  • Open your web browser and go to http://mydemoapp.ziti.
  • The Hello World webpage should come up for the webserver which concludes this demo.
  • Congratulations! You have successfully accessed a private service via the NetFoundry network.

10. REMOVAL OF AWS RESOURCES

Once the demo is complete, you may now remove your AWS resources. From the AWS console, select the service CloudFormation. Select the NFNDemo stack from the list, and then click Delete to complete the process.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.