Documentation
The administration console
The web console is the cockpit of your workspace: from this single interface you create your networks, enroll and manage machines, write the access policy, observe the topology in real time, review the audit and supervise your relays. There is nothing else to install on the administration side — the client is installed on the machines, but operating the mesh happens entirely here. This page walks through the main areas you manage there and points to each one's dedicated page.
Overview: a single cockpit
A workspace is managed from a single web console. You do not have one tool for machines, another for security and a third for monitoring: everything is gathered in one place, applied to the same workspace, with the same login identity. This choice limits back-and-forth and keeps the administration view from drifting away from the actual state of the mesh.
The console does not carry your application data: it describes intent (who belongs to the network, who talks to what, which routes are approved) and observes state (who is online, which paths are elected). The traffic between your machines, however, never goes through it. It remains the control plane; data flows directly peer to peer or through a blind relay.
- Create and organize networks and subnet routes.
- Enroll, approve, rename, suspend and revoke machines.
- Write and publish the access policy (ACL) and version its changes.
- Observe the real-time topology: online nodes and elected paths.
- Review the audit log of administration actions.
- Supervise the fleet of relays (vigies) attached to the workspace.
The main areas
Administration work falls into a few main areas. Each has its dedicated page in this documentation; the cards below give its role and the reference.
Networks & devices
Create networks, attach machines to them, manage their lifecycle (active, suspended, revoked, expired) and their internal MagicDNS name. See /en/docs/config-reseaux and /en/docs/console-devices.
Policy & ACL
Describe who talks to what with ordered rules, published as signed, verifiable generations. The route opens the path; the ACL decides who takes it. See /en/docs/config-acl.
Topology
Observe in real time the graph of online nodes and the paths elected between them, with a freshness on the order of thirty seconds. See /en/docs/console-topologie.
Audit
Find out who did what and when on the administration side: enrollments, ACL changes, revocations, route approvals. See /en/docs/console-audit.
Relay fleet
Supervise the vigies attached to the workspace: structurally blind relays that provide the immediate connection and the fallback when the direct path is not available. See /en/docs/vigie-privee.
Multi-tenant and roles
A single console can serve several isolated workspaces. Each workspace has its own networks, its own machines, its own policy and its own audit: nothing leaks from one workspace to another. You choose the active workspace, and every action applies to it alone.
Inside a workspace, people do not all have the same rights: administering networks, approving enrollments, changing the ACL or merely viewing state are distinct permissions. Giving each person the right role limits the surface for error and keeps the audit readable. Roles and their permissions are covered in detail in /en/docs/console-roles.