Add Acronis Windows Guide

src/pages/how-to/acronis-windows-netbird-integration.mdx

@@ -0,0 +1,160 @@
+# Deploying NetBird in Windows with Acronis Cyber Protect
+
+Acronis Cyber Protect serves as the centralized management hub for Managed Service Providers (MSPs) and enterprise IT departments, delivering comprehensive cybersecurity and data protection through a unified platform. Acronis' Remote Monitoring and Management (RMM) functionality enables IT professionals to efficiently oversee client networks, automate maintenance tasks, and remotely deploy software across Windows machines at scale. This software deployment capability becomes particularly powerful when MSPs need to install security solutions, such as NetBird, across multiple client environments without requiring manual intervention on each endpoint.
+
+NetBird offers a WireGuard-based overlay network with Zero Trust Network Access capabilities, integrating seamlessly with RMM deployment workflows. Once Acronis RMM handles the automated installation and initial configuration, NetBird delivers secure network connectivity through its peer-to-peer private network infrastructure with zero ongoing manual configuration requirements. This integration creates a streamlined operational approach where:
+
+- **Acronis Cyber Protect** automates NetBird installation, manages updates, and maintains deployment compliance across client networks
+- **NetBird** establishes secure network pathways with granular access controls and direct encrypted connections
+- **Combined solution** delivers automated Zero Trust networking deployment with centralized management capabilities
+
+This approach allows MSPs to deploy comprehensive Zero Trust security solutions efficiently while maintaining centralized control over both installation processes and ongoing network access policies.
+
+In this hands-on tutorial, you'll learn how to use Acronis Cyber Protect software deployment capabilities to install and configure NetBird across Windows machines, creating secure, manageable network environments for distributed teams.
+
+## Prerequisites
+
+Before beginning this tutorial, ensure you have the following prerequisites in place:
+
+- A [NetBird account](https://app.netbird.io) with administrative permissions to create and manage access policies.
+- The NetBird Windows EXE installer downloaded from the [NetBird installation documentation](https://docs.netbird.io/how-to/installation#windows)
+- An active [Acronis Cyber Protect Cloud](https://www.acronis.com/en-us/products/cloud/cyber-protect/) subscription like [Cyber Protect Advanced](https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/index.html#editions-and-licensing.html).
+- Acronis Cyber Protect Agent [installed and registered on all target Windows machines](https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/index.html#installation-overview.html).
+- Administrative access to the Acronis Cyber Protect Console with [permissions to manage software deployment and device policies](https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/index.html#adding-administrators-acronis-account.html).
+- At least one Windows machine is listed in the **All devices** screen in Acronis Protect Cloud.
+
+## Setting Up NetBird Access Policies for Team-Specific Permissions
+
+[NetBird's Access Control Policies](https://docs.netbird.io/how-to/manage-network-access) let you implement a zero-trust security approach alongside Acronis Cyber Protect. They enable you to define precise permissions based on user groups and resource categories, ensuring that team members can only access what they need for their specific roles. This granular approach aligns with MSP requirements for managing multiple client environments with distinct access requirements.
+
+These policies work in tandem with Acronis RMM's monitoring and management capabilities. While Acronis monitors system compliance and maintains device health, NetBird enforces network-level access restrictions based on predefined group memberships.
+
+For example, to create a policy that enables the `IT Administrators` team to access the `Windows Workstations` group:
+
+- Log in to your NetBird management dashboard with administrative credentials
+- Navigate to `Access Control > Policies` and click the `Add Policy` button in the upper right corner.
+- Set the source group to `IT Administrators` and the destination group to `Windows Workstations`
+- Configure the protocol and port settings based on required access patterns (e.g., TCP 22 for SSH access to servers, TCP 80 for web servers, etc.)
+
+![Access Control Policy settings](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-01.png)
+
+Provide a descriptive name for the policy, such as "IT to Windows machines" that indicates its purpose, and click `Save` to create and activate the policy.
+
+![Access Control Policy name](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-02.png)
+
+This access policy will automatically apply to all devices managed by Acronis Cyber Protect that belong to users in the `IT Administrators` group, providing them secure access to designated resources while preventing lateral movement to unauthorized systems. The policy enforcement occurs at the network level, complementing Acronis Cyber Protect's device-level monitoring and management capabilities.
+
+![Access Control Policy list](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-03.png)
+
+Moreover, users will only gain this network access when their devices are actively monitored and maintained through Acronis Cyber Protect, creating a comprehensive security approach where device health monitoring and network access controls work together. This combination ensures that only properly managed and compliant devices can establish secure network connections to protected resources.
+
+> **Note**: For maximum security, create separate policies rather than overly broad policies for each distinct access requirement. This approach minimizes your attack surface by ensuring precise access controls aligned with job responsibilities and reducing complexity in multi-client MSP environments.
+
+With these access policies configured, you can now proceed to use Acronis' software deployment capabilities to install NetBird across your managed Windows machines, ensuring that all team members have the required secure connectivity client automatically deployed and configured.
+
+## Deploying NetBird in Windows using Acronis
+
+This section demonstrates how to create a software package in Acronis Cyber Protect Cloud and deploy NetBird across your managed Windows machines using automated installation commands.
+
+### Adding the NetBird Installer Package to Acronis
+
+Log in to Acronis Cyber Protect Cloud, navigate to `SOFTWARE MANAGEMENT > My packages` and click the `Add package` button:
+
+![Add package](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-04.png)
+
+In the `General information` tab, provide a descriptive name for the package (e.g., "NetBird EXE Installer") and specify the vendor name. Optionally, add a package description and select the appropriate license type from the dropdown menu. Click `Next` to continue.
+
+![General information](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-05.png)
+
+In the `Upload package` tab, enter the installer version (required field) and select the target architecture type. Click the `+ Upload` button in the top right corner to upload the NetBird installer package.
+
+![Upload package](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-06.png)
+
+Select the NetBird installer file from your local system. Once the upload completes, click `Next` to proceed.
+
+![Upload package](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-07.png)
+
+In the `Install / Uninstall commands` tab, configure the silent installation parameters by entering the following commands:
+
+- **Installation options:** `"{{full_path}}" /S`
+- **Uninstallation options:** `{{uninstall_cmd}} /S`
+
+The `/S` parameter ensures silent installation without user prompts for NetBird's EXE installer, while `{{full_path}}` and `{{uninstall_cmd}}` are Acronis variables that automatically resolve to the correct paths during deployment. Click `Next` when ready.
+
+> **Note**: If you're using NetBird's MSI installer instead of the EXE installer, use `/qn` in the **Installation options** field instead of `"{{full_path}}" /S`. The **Uninstallation options** field remains the same (`{{uninstall_cmd}} /S`) for both installer types. The `/qn` parameter provides quiet installation with no user interface for MSI packages.
+
+![Install / Uninstall commands](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-08.png)
+
+In the `Summary` tab, review all package configuration details for accuracy. Check the required boxes to confirm your settings and accept the End User License Agreement (EULA) terms. Click `Next` to proceed.
+
+![Summary](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-09.png)
+
+The `Digital signature check` tab provides security verification options for the uploaded package. Enable digital signature checking to ensure package integrity and authenticity—this represents a security best practice for enterprise deployments. Click `Add package` to complete the package creation process.
+
+![Digital signature check](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-10.png)
+
+Acronis will perform the digital signature verification automatically. Once completed, you'll see a `Verified` status next to the NetBird package in your software library.
+
+![My packages list](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-11.png)
+
+With the NetBird package successfully added to your Acronis software library, you can now proceed to deploy it across your managed Windows machines.
+
+### Deploying the NetBird Package to Windows Endpoints
+
+Acronis Cyber Protect Cloud provides multiple deployment methods for installing NetBird across your managed Windows machines, allowing you to choose the approach that best fits your operational workflow and scheduling requirements.
+
+**Method 1: Direct Installation from Package Library**
+
+To install NetBird from the available packages, navigate to `SOFTWARE MANAGEMENT > My packages` and click the three-dot menu next to the NetBird package. Select `Install` from the dropdown options.
+
+![Install NetBird from My packages](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-12.png)
+
+In the `Deploy software` window, click `+ Add workloads` and select your target machines from the available endpoints.
+
+![Add workloads](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-13.png)
+
+For this example, we selected a single endpoint called `Windows-11`. Click the `Install now` button to begin the immediate deployment process.
+
+![Windows-11 Workload](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-14.png)
+
+Monitor the installation progress by navigating to `MONITORING > Activities`, where you can track the deployment status across all selected machines.
+
+![Activities menu](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-15.png)
+
+Verify successful installation by navigating to `SOFTWARE MANAGEMENT > Software inventory`, where NetBird should appear in the installed software list for each target machine.
+
+![Software inventory](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-16.png)
+
+**Method 2: Bulk Selection from Device Management**
+
+Alternatively, navigate to `DEVICES > All devices` and select the checkboxes for all target endpoints you want to include in the deployment. Click on any selected device to open the right sidebar, then select `Deploy software`. This approach opens the same `Deploy software` interface with your pre-selected workloads ready for deployment.
+
+![Install NetBird from All devices](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-17.png)
+
+**Method 3: Scheduled Deployment Plans**
+
+For more advanced deployment control, use Acronis' deployment plans feature. Navigate to `MANAGEMENT > Software deployment plans` and click `+ Create plan` in the upper right corner.
+
+![Software deployment plans](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-18.png)
+
+In the `Create software deployment plan` window, click the pencil icon to customize the plan name, select either `Install` or `Uninstall` under Action, and click `Select software` to add the NetBird package. Configure your preferred deployment schedule by setting the specific date and time for automated execution.
+
+![Create software deployment plan](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-19.png)
+
+After configuring the plan parameters, click `Create` to save the plan for future use, or click `+ Add workloads` to immediately select target endpoints and execute the deployment.
+
+![Selecting workloads](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-20.png)
+
+The advantage of deployment plans is that they enable scheduled, repeatable installations across multiple client environments, allowing MSPs to standardize NetBird deployments during designated maintenance windows while maintaining consistent configuration management across all managed endpoints.
+
+## Confirming Windows Endpoint Registration in NetBird
+
+While Acronis Cyber Protect handles the automated deployment of NetBird clients to your Windows endpoints, client authentication operates independently through NetBird's identity provider integration system. NetBird [supports major Identity Providers (IdP)](https://docs.netbird.io/how-to/add-users-to-your-network#identity-provider-id-p-sync), including Microsoft Entra ID, Google Workspace, Okta, and others, allowing organizations to maintain their existing authentication infrastructure.
+
+For example, organizations using Microsoft 365 can use the [NetBird-Microsoft Entra ID integration](https://docs.netbird.io/how-to/microsoft-entra-id-sync#get-started-with-net-bird-entra-id-integration) to automatically authenticate and synchronize users and groups from Entra ID to NetBird. This integration eliminates manual user provisioning by automatically syncing organizational structure, including group memberships and user access permissions. Once synchronized, users automatically inherit the corresponding Access Control Policies created in the initial configuration section (`IT Administrators` group has access to the `Windows Workstations` group), ensuring that network access permissions align with their organizational roles.
+
+To confirm that your Acronis-deployed Windows endpoints successfully joined NetBird, navigate to the `Peers` menu in your NetBird dashboard. Successfully registered endpoints will appear in the peers list with their device names, connection status, and assigned IP addresses within your NetBird network. 
+
+This verification step ensures that your automated deployment process has completed successfully and that devices are ready to enforce the access control policies configured for your organization's security requirements.
+
+![Windows 11 Peer](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-21.png)