Defined Networking's Managed Nebula makes it easy to set up a secure, high performance Nebula network in a few steps. This guide will walk you through the process of creating your Managed Nebula account, configuring your network, and getting your devices (hosts) communicating with each other.
1. Create an account
To create your free account with support for up to 100 hosts, visit admin.defined.net/signup and provide an email address. This email address will be the primary login for the account and can be used to set up SSO to give access to other administrators at your company.
When you submit the signup form you'll receive an email with a "magic link" which will allow you to take the next step of registration—creating a two-factor authentication key. The use of email and a time-based one-time code is more secure than a username/password combination or SMS-based authentication methods. You will need an authenticator app such as Duo Mobile, Authy, or Google Authenticator. After clicking the magic link in the email, scan the QR code with your authenticator app and enter the 6-digit code from the app to verify your registration. Note that you can create additional authenticators as backups in your account settings after logging in.
2. Choose a network range
Before you can start to add hosts to your Managed Nebula account, you'll need to set up the private network that they will communiate on. The Managed Nebula service will assign IP addresses within the range you choose and cannot currently be changed without reaching out to support and re-enrolling all hosts in the network, so there are some important factors to consider when selecting this range.. See Choosing a CIDR for more details and guidance.
3. Add a Lighthouse
A lighthouse is a special type of host that is used by the Managed Nebula network to help other hosts discover each other. You will need at least one lighthouse for your network to operate. The lighthouse does not need to be a powerful machine—in fact, the smallest Digital Ocean droplets often suffice for home users. It will need outbound access for fetching configuration updates as well as the ability to allow inbound UDP traffic on a static IP address and port. After creating the lighthouse in the Managed Nebula admin panel (using the "Lighthouse" role when creating it), you will be shown a page with instructions for downloading and installing dnclient onto the lighthouse machine. For more details, reference the Enrolling a Lighthouse guide.
4. Create and enroll more hosts
Once you have a lighthouse created and running, you can start to add additional hosts. While you do, it's good to consider what function or role these hosts will play in your network. Firewall rules are associated with roles in Managed Nebula. By default, new roles allow
ping requests between hosts, but no other communication. You can edit roles and add rules to allow connections from your other hosts (all hosts or only certain other roles) as needed. See our in-depth guide on Creating Firewalls Using Roles.
After creating each host, follow the steps shown to install
dnclient and enroll the host into your Managed Nebula network. Each host will need to have a connection to the internet for the Managed Nebula service to communicate with them and send configuration updates as needed. If you are experiencing any trouble with the hosts, you can check the dnclient logs for details on their status.
And with that, your Managed Nebula network is up and running! Going forward, to ensure your network runs at peak performance and to gain access to new features as we release them, be sure to keep your dnclient updated and keep an eye on our blog for announcmenets.
We also have a powerful API that you can use to automate host creation, manage roles, access audit logs, and more. See our guide on Automating Host Creation, or the full API reference for more information.
Lastly, we would love to hear from you! What problems is Managed Nebula solving for you? Are there features that you would like us to build? Do you need any help? Use our contact form to get in touch!