Resourceschevron right
VPN
chevron right
Server Deployment

Server Deployment

Posted by
Alex Feiszli
published
May 29, 2024
TABLE OF CONTENTS

In this section of the field guide, we discuss deployment options for your Netmaker Server. In Part 2, we provide a helpful flowchart for determining what deployment you need. We will discuss this in more detail here, as well as best practices for deploying and configuring your Netmaker server instance.

Determine SaaS vs. On Prem

We’ll begin by discussing the options of SaaS and On-Prem. At a high level, here are the differences.

It is important to note that you can deploy multiple servers of either SaaS or On-Prem. If you are a B2B company that provides IT Services, you may want to create a tenant per-customer, which can be done via the portal. This also allows you to have both SaaS and On-Prem tenants, depending on the use case.

Netmaker SaaS Netmaker On-Prem
Recommended for most use cases. The easiest way to get started and manage Netmaker, because we manage the Netmaker server for you. Recommended for IT Administrators deploying Netmaker who require enhanced data privacy, server customizations, custom Oauth integration, or metrics exporting capabilities.

In this guide we rely on several Pro features, so will assume you are not using the Community version of Netmaker.

Primary Considerations for SaaS vs On-Prem

You should default to assuming you will use the SaaS version, unless you have a particular need for On-Prem. Here are a few reasons you may need to deploy On-Prem

White Labelling, Custom Domain

Netmaker On-Prem allows you to use a custom domain for your server, e.g. “netmaker.mycompany.com”. Additionally, you can customize the color scheme, labels, and logos in the On-Prem version to match your business.

OAuth Integration

Netmaker On-Prem allows you to integrate with any OIDC-compliant Oauth provider such as Auth0, Azure AD, and more. This can allow you to integrate your in-house auth provider, or provide a more generic authentication mechanism that integrates several different sources like Google, Microsoft, etc.

Data Controls

For companies that have heightened data control policies, On-Prem may be necessary. For instance, companies requiring GDPR compliance may need to use Netmaker’s On-Prem edition. The only data exported to Netmaker on-prem is licensing and billing information.

Additionally, you may need to add security enhancements to your server, such as whitelisting and blacklisting IP addresses, or making it only accessible from within a particular environment.

Metrics Exports

Netmaker On-Prem allows you to export traffic metrics via Prometheus, which can be helpful for monitoring your networks.

Creating and Managing Server Instances

Netmaker’s account management portal allows you to create and manage multiple instances of Netmaker, referred to as “Tenants”, for both SaaS and On-Prem.

If you are a B2B company that provides IT Services, you may want to create a tenant per-customer, which can be done via the portal. This also allows you to have both SaaS and On-Prem tenants, depending on the use case.

To create a tenant, you first need to sign up at account.netmaker.io. You must provide valid billing details, and then you can create both SaaS and On-Prem instances. Your first instance will include a 2-week free trial.

After you have created a tenant, you can either sign in directly to your dashboard (SaaS) or retrieve your deployment keys (On-Prem).

SaaS Tenants: An actual server instance is created for you

On-Prem Tenants: A license key is created that is valid for your server deployment

Multiple Tenants or Single Tenant

You may want to create multiple tenants depending on your use case and business needs. You should default to assuming you only need one tenant. Here are some reasons you might need multiple Tenants:

You Manage Multiple Customers: If you are managing Netmaker for multiple customers, the best practice would be to deploy a tenant per-customer. You can also segment your customers using multiple networks within your instance, but in most cases, this is a cleaner approach.

You Have a Test/Staging Environments: If you have test or staging environments for your in-house operations, you may want to have Test and Staging instances of Netmaker as well.

You Have Global Operations: If you have widely dispersed operations, it may be better to have multiple instances of Netmaker to improve performance.. 

3.a. Deploying Netmaker With SaaS

Deploying Netmaker SaaS is very simple. Once you create an account, you just need to click to create a new SaaS tenant. It will take 1-3 minutes to provision, and you will then be able to log in.

3.b. Deploying Netmaker On-Prem

Deploying Netmaker On-Prem can be straightforward or complex, depending on your requirements. To start, once you create an account, click to create a new On-Prem tenant. You can then go to the dashboard for your instance and retrieve the license keys necessary to deploy your server.

On-Prem Deployment Considerations

Deploying on-prem can be done in many ways and highly customized for your environment, but here are some primary considerations.

Single Instance vs. Highly Available

Netmaker can be deployed on a single VM or in HA-mode using Kubernetes. To deploy HA you should have an existing Kubernetes cluster you can use. For most use cases, we recommend a single-instance. The server is fairly resilient and your networks will continue to function even if there is a server failure. HA should only be considered for large-scale deployments.

Deploying on a Single VM: https://docs.netmaker.io/manual-install.html 

Deploying HA on Kubernetes: https://docs.netmaker.io/server-installation.html#hainstall 

OAuth integration

If you have an OIDC-compliant auth provider you would like to use with Netmaker, you can integrate that provider using the following steps: https://docs.netmaker.io/oauth.html 

White Labeling

If you would like to customize the colors and logo of your deployment, and replace Netmaker with your company name, you can do so with the following steps: https://docs.netmaker.io/pro/pro-branding.html 

Other Server Customizations

In some cases you may wish to perform some other server customizations:

Whitelist IPs to Restrict Server Access: https://docs.netmaker.io/server-installation.html#security-settings 

Use Nginx instead of Caddy Reverse Proxy: https://docs.netmaker.io/server-installation.html#nginx-proxy-manager-setup 

Deploy Prometheus and Grafana for Metrics Exports: https://docs.netmaker.io/pro/pro-setup.html#optional-setup-your-server-for-prometheus-and-grafana 

Next Steps

Once your server is deployed and configured, you can then proceed to setting up your Networks.

More posts
July 2, 2024
What Is A VPN Concentrator? (When Do You Need One?)
VPN
Security
July 2, 2024
SD-WAN vs VPN: Which One Is Better & In Which Contexts
VPN
Software Defined Networking (SDN)
July 1, 2024
RDP VPN: Achieving Remote, Secure Access to Office Desktops
VPN
Security

GET STARTED

A WireGuard® VPN that connects machines securely, wherever they are.
Get Started
Request Demo

WireGuard is a registered trademark of Jason A. Donenfeld.

Star us on GitHub
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept