Add Windows Admin Connection

To add a remote Windows workstation that does not need the full ACSC functionality, but merely needs to be able to access a private ACSC network – like an administrative workstation that may need to access many different ACSC networks at different times – follow the steps below:

Set Up Host in Management UI

First, set up the host in the ACSC management UI, with the following steps:

  1. Log into the ACSC management UI, and switch to the appropriate organization.
  2. Click the Hosts link in the page header. This will take you to the Hosts page.
  3. Click the name of the Anti-Cloud Hub host. If you don’t see this host in the list, use the Filter by name… input at the top of the page to search for it by name. This will take you to the Anti-Cloud Hub host page.
  4. Click the hub link in the Interfaces panel. This will take you to the hub interface page.
  5. Click the Add icon on the Endpoints panel. This will take you to the Add Endpoint page.
  6. Select the Use guided set-up wizard option, then click the Next button. This will take you to the Type page of the Add Endpoint Wizard.
  7. Select the Hub-and-Spoke, Anti-Cloud Hub as Hub option, then click the Next button. This will take you to the Identity page.
  8. Click the New button of the Spoke Peer field. This will open the Add Peer dialog.
  9. Enter a name for the workstation in the Name field (eg “Admin One”).
  10. Click the Generate button. This will generate a new key pair for the workstation, filling in the Public Key and Private Key fields.
  11. Click the Add button. This will complete the Add Peer dialog, and create a new peer identity with the key pair.
  12. Click the New button of the Spoke Host field. This will open the Add Host dialog.
  13. Click the Add button. This will complete the Add Host dialog (but not yet create the host record).
  14. Edit the Spoke Interface field to generate a unique name for the network interface on the host (eg “customer123”). This name must be less than 16 characters, and must consist of only ASCII letters, numbers, dot ("."), dash ("-"), and lodash ("_") characters.
  15. Click the Next button. This will take you to the Transport page of the Add Endpoint Wizard.
  16. Click the Next button. This will take you to the Tunnel page of the Add Endpoint Wizard.
  17. Add any additional IP ranges in the Route via Anti-Cloud Hub on the left side of the page that you want to route through this connection.
  18. Adjust the IP address ranges listed in the Except for field on left side of the page to remove unnecessary exclusions that aren’t part of the ranges listed under Route via Anti-Cloud Hub.
  19. Click the Next button. This will take you to the Extras page of the Add Endpoint Wizard.
  20. Select Private for the Firewall Zone dropdown.
  21. Keep off the Use custom DNS settings when tunnel is up option.
  22. Click the Next button. This will take you to the Review page of the Add Endpoint Wizard.
  23. Click the Apply button. This will add the workstation to the ACSC network.
  24. Click the Download Interface Config icon on the Spoke panel on the right side of the page. This will take you to the Interface page for the workstation.
  25. Click the Download button.. This will download a .conf file that can be used by a generic WireGuard client; the name will match the interface name you selected above (eg customer123.conf).

Install Interface on Host

Next, to use a generic WireGuard client on the workstation to access the ACSC network, perform the following steps on the machine as the local Administrator user:

  1. If you have not yet installed WireGuard on the host, download the WireGuard for Windows MSI (Microsoft Installer) to the Windows machine, and execute it.
  2. Open the WireGuard client program, and click the Add Tunnel menu button at the bottom of the window; then click the Import tunnel(s) from file… menu item.
  3. Browse to and select the .conf file (eg customer123.conf) that you downloaded.
  4. Select the imported tunnel in the Tunnels panel; and click the Activate button in the Interface panel.

Test Connection on Host

Open a command prompt, and run the following command to check the status of the new WireGuard network interface:

> netsh interface show interface

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Connected      Dedicated        Ethernet
Enabled        Connected      Dedicated        customer123

Then try to access one of the other machines on the same ACSC network. For example, if the other machine allows ping (ie ICMP Echo Request) through its firewall, and the other machine’s ACSC address is 10.12.34.56, you can run the following in a command prompt on the first machine to ping the second:

> ping 10.12.34.56
Pinging 10.12.34.56 with 32 bytes of data:
Reply from 10.12.34.56: bytes=32 time=89ms TTL=128
Reply from 10.12.34.56: bytes=32 time=89ms TTL=128
Reply from 10.12.34.56: bytes=32 time=89ms TTL=128
Reply from 10.12.34.56: bytes=32 time=89ms TTL=128

Ping statistics for 10.12.34.56:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 89ms, Average = 89ms

Check Host in Management UI

Because no ACSC agent is running on the host, none of the changes you make in the ACSC management UI will be applied to to the workstation; and the host’s status will be listed as No Ping.

To check it, follow these steps:

  1. Log into the ACSC management UI, and switch to the appropriate organization.
  2. Click the Hosts link in the page header. This will take you to the Hosts page.
  3. Click the name of the Admin One host (or whatever you named the test host above). If you don’t see this host in the list, use the Filter by name… input at the top of the page to search for it by name. This will take you to the Admin One host page.

From the host page, you can mark the pending changes queued for the host as applied manually. To do so, follow these steps:

  1. Click on the interface name (eg customer123) to go to the main page for the interface.
  2. Scroll down to the Change Queue panel.
  3. Click the link in the Queued column for the oldest change (probably named interface changes).
  4. In the Queued Change panel, click the Applied Manually icon.
  5. Return back to the interface page, and do the same for the rest of the changes in the Change Queue panel.