Computer Networks and Access
Computer networks are integral to any sort of individual or group organization on Outreach. Players from previous iterations may be familiar with the concept of faction or business networks, which computer networks supplant. Computer networks have an entire host of features, but the basics will be understandable by any interested player.
Setting up a network requires building a few stationary machines, although the exact number is variable per network. These machines can be seen in the image below.
The first step to setting up a network is constructing one or multiple routers. Routers come in wall-mounted and regular variants. Routers are the lynchpin that keeps a computer network up and running, and it isn't a bad idea to have multiple routers supporting one computer network. Below you can see the settings of the router itself
The most important thing to note on this screen is the Network ID. This is the unique identifier of your network, and what will be entered by any other user attempting to add a device to the network. Here you can also see a toggle for WiFi connections - if this is disabled, then connection to the network will be limited to wired connections. Wired connections are beyond the scope of this guide, but are useful for setting up secure networks such as for personal cloning sites. Clicking the network settings button will open a new window, one that can also be found on all other network devices.
This screen allows you to adjust the network ID and key for the network device in question. On the router, this entails changing the network ID and key for the entire network. While the network ID is publicly visible, the network key is the 'password' for the computer network, which must be entered by all devices wishing to connect. The network key is a good first barrier for defending your computer network, but it isn't perfect, and a single console left logged in by an unwitting user is enough to render it useless. Thankfully there are other methods of protecting your network from unauthorized use, which will be detailed later. It's also worth noting that devices remember both the network ID and key when connecting to the network, so changing either on the router means a lot of effort changing both on every other critical device.
Routers have a limited signal range, and devices beyond this range will operate slowly, or may not be able to connect to the computer network at all. This is where relays come in. Relays do not create a computer network by themselves, but extend the range of their connected network in an area around themselves. Like routers, relays come in wall-mounted variants as well. Long-range routers can also be constructed, which allow the extension of a computer network beyond the bounds of a z-level, but these are more expensive to produce.
While you can get a computer network up and running with only a router and a few relays, its functionality will be severely limited without the use of one or more Mainframes. Mainframes act as file repositories accessible by network devices, and many computer programs rely on them to function. Mainframes fulfill one or more server roles, seen below.
The purpose of each role is as follows:
- Account Servers hold user accounts, which allow players to communicate by email across the network, and provide access to players through their membership in various user groups. The full functionality of user accounts will be detailed in the access section of this guide.
- Log Servers hold automatically generated log files which are created when certain actions are taken on the network, such as changes to docking beacon access or modification to network settings. These can build up pretty quickly, but it's good to keep an eye on them in case they reveal a nefarious actor.
- Software Repositories hold the modular computer programs which are downloadable on the network. By default, mainframes will spawn with a suite of modular programs except for those not applicable for Outreach. In the future, programs may need to be obtained via research.
- Records Servers hold crew records which are viewable and modifiable using the crew records program. Crew Records are not as important on Outreach as they are on other servers, but they're still a good way to keep track of various characters and their personal information.
- File Servers are simply generic file holders accessible on the network. Reports, records, and other documents can be held on such servers to be accessed remotely.
Clearly, mainframes can and likely will contain sensitive information on your computer network. It's a good idea to secure mainframes individually depending on the precise requirements of their roles and contained files. You can have multiple mainframes fulfilling the same role on a network, but secured separately. This leads us directly into the final important network machine.
The network access controller is the primary way of securing your computer network, and through the use of network locks, machinery such as fabricators and airlocks. Network access is governed by the aforementioned user accounts, and their membership in groups. The primary purpose of the network access controller is to create and manage these groups, which can be seen in the UI below
Here you can see a single parent group, Engineering has been created, along its two child groups AtmosTechs and EngineTechs. The exact organization of parent and child groups is up to preference, but it may be useful to create parent groups associated with "departments", with individual assignments within that department as child groups. This is due to the option to allow parent group submanagement, visible on the UI screen above. When parent group submanagement is enabled, it allows any user account which has membership in a parent group to grant and remove membership in any of its child groups. For example, this may be useful if you have a chief engineer who you would like to make able to give new engineers membership in the EngineTechs child group, but to whom you don't want to give direct access to the ACL. If parent group submanagement is not enabled, then granting users membership in groups requires access to the ACL.
The other option on the ACL is parent account creation. Normally, creation of new user accounts requires access to one of the mainframes on the network with the account server role enabled. If parent account creation is enabled, however, then any user who is a member of any parent group will be permitted to create a new account.
Account creation and management of its membership in groups is done solely through the Account Management modular computer program. Most of the functions of the account management program are self-explanatory, but below we will show a quick video showing how it may be used.
2021-10-25_20-06-05.mp4
In this scenario, Bronte Lowe is the Chief Engineer of Corvetto Inc. His user account, with the login "bronte.lowe", has membership in the Engineering parent group, but not the Command parent group. Normally, he would not be able to access the network's ACL or the account servers on the network. However, because parent account creation and parent group submanagement are both enabled, he is easily able to create a new user account for the newly hired Atmospherics Technician John Briefly and add him as a member to the appropriate group.
The final piece of the access puzzle lies with network locks and network IDs. Both of these objects bridge the gap between the new network access system and the familiar ID based access system. Network locks are producible at a fabricator, and are a stock part. This means that they can be installed into almost any machine in order to restrict access based off group membership. The UI of network locks can be seen below.
Here we can see a few important options for access management. The default device state determines what the network lock will do if it loses connection to the network and can no longer verify access, either denying or allowing all access checks. The second option, membership requirement mode determines whether a checked account will require membership in all, or only one of the assigned groups. There is one important thing to note about assigning a parent group to a network lock - assigning a parent group to a network lock will permit any member of its child groups to access the lock, not only those who have direct membership in the parent group itself. In the example previously given, this means that a network lock with the parent group "Engineering" assigned would permit both Bronte Lowe and John Briefly to access the lock.
In order to work, a network lock must have an account to check membership against. For remote access, modular computers allow you to log in to your account at will, and so this works relatively simply. However, for checking access physically, such as with an airlock, players will require a network ID on hand. Network IDs can be created at fabricators, and can be logged into a specific network and account using the 'Adjust Settings' verb.
Once you have a network ID, simply place it into your ID slot and it'll work like any other ID. With this, your computer network has all the components you need to set up access for your station, ship, or inconveniently located Space Bar.
Ending on a few tips here to hopefully reduce frustration and keep things running smoothly
- Don't forget to lock your mainframes and ACL with a network lock once the basics of your setup are done. Enterprising criminals can do a lot of damage if you don't keep your secure files...secure
- Strike a balance between security and convenience. While networks can be made quite durable, power outages and sabotage can create a lot of chaos if every door on your station is locked by default. Make use of the ALLOW_ALL default option when you can.
- Be creative. Accounts can be created not only for characters, but abstract entities. Sending e-mails to your workers or faction members might be better handled from the Management Department account, rather than the personal account of your CEO/Warlord/Grand Poobah. Furthermore, money accounts and others will eventually be tied to computer network accounts, which makes abstract accounts all the more useful.
Computer Networks are still a work in progress. There's a lot of features I couldn't cover in depth here which I hope players explore, and which I and other folks at Nebula are looking forward to expanding. That said, if you encounter any bugs or unwieldy aspects of the system, please report them to NataKilar!