Team

Manage your teams to implement access control policies.

What is Team?

Team is a identity defined by the user. It is used to implement access control policies. When a packet is destinated to any local networks (destination IP address is not within public IP address range) arrives on a VeilNet Conflux instance, the sender instance must share at least one valid Team Identity.

Otherwise, the packet will be dropped. To learn more about how Team Identity is verified, please refer to the Packet Level Authentication (PLA) section.

How Team works?

Each Team has its own Team Identity, which will be distributed to Conflux instances as affinity tag. Conflux instances will silently drop all packets either on control channel or data channel if the packet does not share at least one common Team Identity.

By default, VeilNet access control follows the following rules:

Zero-Trust Access: All your own Conflux instances will have your User Identity only by default. This means only another Conflux instance owned by you will be able to communicate with your Conflux instances for any traffic dedstinated to non-public networks.
Affinity Access: To allow traffic destinated to non-public networks between Conflux instances belong to different users, they must share at least one common Team Identity.
Real Time Modification: You can modify the associated Team Identity for a Conflux instance at any time. Any change will be applied within 10 seconds. You do not have to restart the Conflux instance to apply the change.
Maintain Last State: If VeilNet infrastructure is down, the Conflux instance will maintain the last state of the Team Identity until the infrastructure is back online.

Create a Team

Create a Organisation

To create a team, click the Organisation & Teams tile in the navigation menu. If you do not have a organisation yet, you will be prompted to create a new organisation. At the moment, the organisation is simply used to group your teams together. You can input any name, websiite or email address.

After the organisation is created, you will be able to the epxand the newly created organisation, and click the Teams section. Then, simply input the name and email (purely for display purpose) of the team, and click the Create button.

Create a Team

Note: You can create multiple teams within an organisation.

Note: You can not delete the Owner team. Any user within the Owner team will be considered as the owner of the organisation, and can modify the teams within the organisation.

Invite a User to a Team

To invite a user to a team, simply expand the team tile, then expand the Team Members section. You will see a list of all the users in the team. To invite a user, simply input the email address of the user, and click the Invite button.

All your team invitations will be shown in the Team Invitations on the left. You will also see all invitations sent to you by other users.

Invite a User to a Team

Note: You can cancel an invitation if the user has not accepted it yet.

Note: You can reject an invitation if you do not want to join the team. If an invitation is rejected, the owner of the team will be notified. You can not change the decision once the invitation is rejected. A new invitation must be sent to you again.

Remove a User from a Team

The team owner can remove a user from the team. Simply expand the team tile, then expand the Team Members section. You will see a list of all the users in the team. To remove a user, simply click the Remove button next to the user.

Remove a User from a Team

Warning: Removing a user from the team will not also disconnect their Conflux instances under the associated Private Plane. However, if the team is associated with a Community Plane, the Conflux instances will not be disconnected but they will no longer be able to access networks accessible by your Conflux instances.

Delete a Team

To delete a team, simply click the Trash icon button next to the team tile.

Warning: Deleting a team will also remove the associated Team Identity from all Conflux instances. Additionally, if the Private Plane is shared with other users via this team only, their Conflux instances will be disconnected from the Private Plane.

One usage for team is to share a Private Plane with your team members. To do so, simply create a team, and associate it to the Private Plane you want to share. Then, your team members will be able to deploy Conflux instances under the associated Private Plane.

To associate a team to a Private Plane, simply expand the Team tile, select the Plane you want to share in the dropdown list, and click the Associate button.

Associate a Team to a Conflux Instance

To associate a team to a Conflux instance, head back to the main navigation menu, and click the Conflux tile. Then, expand the Your VeilNet Confluxes section, and find the Conflux instance you want to associate the team to.

Then, expand the Conflux instance title, and your teams will be shown as selectable chips. Simply click the team you want to associate, and it will be associated to the Conflux instance. To unassociate a team, simply click the team chip again.

Note: You can associate multiple teams to a single Conflux instance.

Warning: Sharing at least one Team Identity will allow traffic all accessible networks by the Conflux instance. At the moment, we do not support blocking a specific subnet yet. This feature will be available in the future.

Packet Level Authentication (PLA)

Triple Factor Authentication (TFA) with Packet Level Authentication (PLA), VeilNet is impossible to be breached.

Team Policy

Team policy allows you to control the access to specific networks by team members.