Skip to main content

Network Management

Building centrally managed private access with Netsody involves two key components: a controller that manages, distributes, and monitors the desired network state, and agents that apply that state on each device.

While the connectivity layer establishes encrypted paths between devices, it does not decide which devices should participate in a network, who owns them, which groups they belong to, who may communicate with whom, or how traffic should reach private resources and services. That administrative state belongs in the Netsody controller.

If you are new to Netsody, start with Get Started and the Networks page.

Each Netsody network is managed by the controller. It includes the IP subnet, participating devices, hostnames, groups, access control policies, and optional resources. The controller checks which known nodes may participate in which networks and distributes only the state relevant to each node. Agents reconcile the local system with that desired state and report status back to the controller, so network administrators can see configuration compliance: whether the expected state was applied and remains in place.

With the controller handling network state and the agent handling local enforcement, each device has enough information to join and maintain the overlay network. Each device knows which peers it can reach, which traffic is permitted, and which resources it may use. See the Netsody agent page for more details.

The example above shows two physical networks: a home network and an office network. Within these networks, four nodes participate in the Netsody overlay: a personal notebook, a smart home server, an office workstation, and a file server. Despite firewalls in both environments, the nodes can communicate securely as if they were part of the same local network.

Notice that no Netsody agent is running on the file server. Nevertheless, it is reachable through the overlay network because the office workstation acts as a gateway, as defined by a controller-managed resource. Access policies further control which Netsody nodes are allowed to communicate and which are permitted to use the gateway to reach external systems like the file server.