***************
Getting Started
***************

Two distinct types of software must be installed to run Bowtie: the :doc:`client <client>` runs on your laptop or desktop and the :doc:`controllers <controller>` runs next to your private resources.
After setting up one or more :doc:`controllers <controller>`, you may then proceed to installing the :doc:`clients <client>` on your device.

Bowtie Controllers are network *appliances* that Bowtie provides pre-built images for. You provision a Controller by installing it in your on-premise infrastructure or public cloud presence and then performing a few short setup tasks. A Controller typically operates in an environment like the :abbr:`DMZ (demilitarized zone)` security group within EC2 on AWS that permits it to create routes originating from *outside* your network to *inside* a private network space.
Controllers may be clustered to scale horizontally and achieve a highly-available network control plane.
From a web interface, or API, you configure access to private resources, and any number of network :doc:`policies` that dictate access to members of your network to specific private resources.

Bowtie Client packages may be installed by users as a normal application (for example, as an App on OS X or an ``.deb`` on a Linux system). Alternatively, you may setup Client installations using fleet management tools like Active Directory, `Salt <https://saltproject.io/>`_ or `JAMF <https://www.jamf.com/>`_ in tandem with the provided Client packages. A Client may take the form of any supported network device, such as an employee laptop running OS X or a Windows desktop machine.

The diagram below illustrates what each of these roles looks like: clients connect to an available controller, which serves as an entry point into other resources in their networks. This diagram shows what this looks like for a single *site*, which is the term the Bowtie software uses for an organization network, such as a datacenter location:

.. image:: _static/one-network-diagram.png
   :class: white-background

Complete the following steps before proceeding to :doc:`using-bowtie` -- first, installing one or more *Controllers*, and then installing the *Client* on any machines that should be joined to the private Bowtie network.

.. toctree::
   :maxdepth: 2

   setup-controller
   ha-controller
   setup-client