Finish website section

source/website/devices/creating.rst

@@ -0,0 +1,40 @@
+Adding Devices
+==============
+
+Adding devices within UH VPN can be done by clicking the "Add New Device" button
+at the bottom of a person's page within a UH VPN group. After clicking, one will then
+be presented with a list of fields to fill in as follows:
+
+* **Name** : Name for the device in question, e.g. macOS, iOS, Android or Windows.
+* **Expiry Date** : If device expiry is desired, one can specify an expiry date here.
+  If a date is not specified, the device will never expire until manual revocation
+  occurs via deletion.
+* **Expiry Time** : If an expiry date is specified, the time can also be specified
+  to provide an increased granularity with respect to expiry. All times should be entered
+  in 24 hour format and will be taken as GMT.
+
+Upon device submission, the above fields will be validated and submitted. If submission
+succeeds, the person in question will be sent an email containing a one-time-passcode (OTP)
+for entry into a UH VPN client application. Once this code is entered, all relevant configurations
+such as server information, cryptography and app branding information is securely sent to the device.
+Secure dynamic updates will occur automatically for UH VPN clients allowing administrators to change
+server settings, group parameters and more without any impact to end clients, thus simplifying VPN
+deployments hugely.
+
+Once a user has redeemed their OTP code, the OTP field for the device in question on the person's page
+will change from |pending_otp| to |ok_otp|. If redemption fails to occur within the time period
+set by the group's "device registration timeout", the OTP icon will change to |failed_otp| and the device
+will need to be deleted and a new one created.
+
+.. note::
+    If using custom branding on premium groups, UH VPN device enrollment emails are custom branded
+    to your specification.
+
+.. |pending_otp| image:: /_static/icons/primitive-dot-orange.svg
+  :alt: Pending OTP
+
+.. |ok_otp| image:: /_static/icons/check_green.svg
+  :alt: Redeemed OTP
+
+.. |failed_otp| image:: /_static/icons/x_red.svg
+  :alt: Failed OTP

source/website/devices/deleting.rst

@@ -0,0 +1,12 @@
+Revoking Devices
+================
+
+UH VPN supports instant device revocation to aid situations where devices need to be revoked prior
+to their expiry date. To do so, administrators simply need to click the |delete_icon| icon next
+to the device in question. Once a device is deleted it cannot be undone and all authentications
+for the device in question will immediately fail. Moreover, dynamic configuration updates for the
+device profile will also fail and the end user will be informed of revocation by their UH VPN
+client application.
+
+.. |delete_icon| image:: /_static/icons/trashcan.svg
+  :alt: Delete Icon

source/website/devices/export.rst

@@ -0,0 +1,31 @@
+Static Profile Export
+=====================
+
+UH VPN has the ability to export UH VPN device profiles in an OpenVPN compatible format to allow
+administrators to cater for users running more exotic operating systems where UH VPN client
+applications don't exist.
+
+To export an OpenVPN profile click the |export_icon| icon next to the device in question. One will
+then be presented with a modal prompt with two fields:
+
+* **Server** : The server to link the static VPN profile to. Static profiles can't utilise multi-server
+  selection and thus have to be bound to a single server. Select the appropriate one from the list.
+* **Auto Add Credentials** : Certain OpenVPN applications permit credentials being auto-filled by
+  the configuration profile, select this option if the client application supports this.
+
+When the download button is pressed, a compressed zip file will be downloaded. Once extracted the file
+structure is as follows:
+
+* **README.txt** : Details instructions on how to import the VPN profile.
+* **OpenVPN Profile** : OpenVPN config file to be utilised by an OpenVPN application. It is named to
+  indicate the group, server, person and device in question.
+* **credentials.txt** : File containing the username (first line) and password (second line) to use
+  when prompted by OpenVPN for credentials.
+
+.. |export_icon| image:: /_static/icons/cloud-download.svg
+  :alt: Export Icon
+
+.. warning::
+    Only use this feature if absolutely necessary! Clients using these profiles will not benefit
+    from dynamic secure updates, custom branding or enhanced performance. Use this feature at
+    your own risk!

source/website/devices/index.rst

@@ -1,3 +1,27 @@
 *******
 Devices
 *******
+
+As the name suggests, UH VPN Devices represent devices that people own. This could be a mobile phone,
+laptop, tablet and so on. Devices authenticate directly onto UH VPN servers and a VPN connection is then
+established between a device (UH VPN client application) and a server (UH VPN Server software).
+
+Devices are managed through the `website`_ and are contained within people to facilitate easy association
+between people and their hardware.
+
+Devices are immutable objects (cannot be modified once instantiated). This improves security by ensuring
+that there is a one-to-one mapping between UH VPN devices and physical devices a person owns. The OTP field
+on the person's device page indicates whether the OTP code has been redeemed by a client application.
+
+..  toctree::
+    :maxdepth: 1
+
+    creating
+    deleting
+    export
+
+.. note::
+    Billing for UH VPN is based solely on device usage. Free groups are granted usage for up to two devices
+    whilst premium groups are allowed an unlimited number of devices billed at £1 +VAT per device per month.
+
+.. _website: https://uh-vpn.com