Introduction

Welcome to Alpacon - secure server access that works for humans and machines alike.

One platform, two perfect experiences

Alpacon provides powerful server access optimized for how you work:

For humans: Secure browser-based terminal with multi-factor authentication

# Open terminal in your browser - no SSH client needed
# Strong MFA protection, session sharing, full audit trails
alpacon websh production

For machines: Simple API calls for complete automation

# Deploy with a single command in your CI/CD pipeline
alpacon websh production "deploy latest"

What is Alpacon?

Alpacon is a unified access platform that makes server access both human-friendly and machine-friendly. Engineers get a powerful web terminal with enterprise security. CI/CD pipelines get simple APIs. Everyone gets managed security - we handle authentication, authorization, audit logging, and compliance automatically.

The best of both worlds

🧑‍💻 Human-friendly features

Browser-based terminal: Full terminal access from any browser - supports vim, colors, special keys
Multi-factor authentication: Enterprise-grade security with TOTP/SMS
Session sharing: Collaborate in real-time for debugging or pair programming
Visual file transfer: Drag-and-drop files with WebFTP
Zero client setup: No SSH clients, no VPN software, works instantly

🤖 Machine-friendly features

Everything is an API: Every action available programmatically
CI/CD native: One-line integration with any pipeline
Bulk operations: Execute commands across multiple servers
Personal access tokens: Secure, revocable tokens for automation

🔐 Security for all

Whether accessed by humans or machines, Alpacon provides:

Zero-trust architecture: Every request verified
No exposed ports: Servers only make outbound connections
Complete audit trails: Every action logged with full context
Compliance-ready: Comprehensive logging and controls for regulatory requirements

Real-world scenarios

Morning standup: Human access

# Engineer opens browser, logs in with MFA
# Instantly access any authorized server
alpacon websh staging
 
# Share screen with team for debugging
alpacon websh --share production
 
# Transfer files with drag-and-drop
# No SFTP client needed

Midnight deployment: Machine access

# GitHub Actions runs automatically
- name: Deploy to production
  uses: alpacax/alpacon-websh-action@v1
  with:
    workspace-url: ${{ secrets.ALPACON_WORKSPACE_URL }}
    api-token: ${{ secrets.ALPACON_API_TOKEN }}
    target: production
    script: |
      docker pull myapp:latest
      docker-compose up -d

API integration for custom tools

// Your internal tools can use the same API
const response = await fetch('https://your-workspace.us1.alpacon.io/api/events/commands/', {
  method: 'POST',
  headers: {
    'Authorization': 'token="alpat-xxxxxxxxxxxxxxxxxx"',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    server: '7e3984de-49ab-4cc6-bcdf-21fbd35858b8',
    line: './deploy.sh',
    username: 'deploy'
  })
});

The problem we’re solving

Traditional server access wasn’t built for modern DevOps:

Traditional Approach	Alpacon Approach
Manual SSH key distribution	API tokens - Generate and revoke programmatically
VPN client configuration	No client needed - Works anywhere with HTTPS
Firewall rules and IP whitelisting	Zero-trust - Identity-based, not network-based
Manual security updates	Managed security - We handle patches and compliance
Scattered audit logs	Centralized logging - Every action tracked automatically
Complex automation	Native API/CLI - Built for automation from day one

How Alpacon works: triple-layer security, zero complexity

Alpacon implements an Independent Triple-Layer Security architecture that provides enterprise-grade security without the complexity:

Layer 1: Access Gateway

Reverse connection protocol: Servers connect out to Alpacon, eliminating exposed SSH ports
Cloud-based access: Reach any server from any browser, no VPN required
Built-in tools: Websh (terminal), WebFTP (file transfer), Deploy Shell (batch operations)
Zero attack surface: No inbound ports, no SSH brute-force attacks possible

Layer 2: Authentication Guard

Multi-factor authentication (MFA): Additional security layer for all access
Role-Based Access Control (RBAC): Three-tier permission system (User, Staff, Superuser)
Personal access tokens: Secure API authentication for CI/CD integration
Centralized identity: Single source of truth for all server access

Layer 3: Audit Trail

Complete activity logging: Every command, file transfer, and action recorded
Real-time monitoring: Server resource usage and status at a glance
Anomaly detection: Automatic alerts for suspicious activities
Compliance ready: Comprehensive logging and controls for regulatory requirements

The result: Managed security, zero overhead

You write simple commands. We handle all the complex security. No certificates to manage, no keys to rotate, no firewalls to configure.

Who uses Alpacon?

👩‍💻 Software Engineers

Access servers instantly from your browser:

Debug production issues with full terminal access
Share sessions with teammates for collaborative troubleshooting
Transfer files with simple drag-and-drop
No SSH keys to manage or VPN to connect

🔧 DevOps Engineers

Automate everything with APIs:

# GitHub Actions, GitLab CI, Jenkins - all work the same
- name: Deploy application
  run: |
    alpacon websh production "docker pull latest && docker-compose up -d"

🛡️ Security Teams

Sleep better with managed security:

Every access request goes through MFA (for humans) or secure tokens (for machines)
Complete audit trails for compliance
No exposed SSH ports or permanent credentials
Instant access revocation when needed

💼 IT Managers

Simplify operations:

Onboard new engineers in minutes, not days
Centrally manage access for all servers
Reduce help desk tickets (no more SSH key issues!)
Meet compliance requirements effortlessly

Core concepts

Alpacon is built on several key concepts. Here’s a quick overview - for detailed information, see our Key Concepts guide.

Workspace: Your organization’s isolated environment containing all servers, users, and configurations.

Alpamon agent: Lightweight software installed on your servers using reverse connection (outbound only) for maximum security.

Web-based tools: Websh (terminal), WebFTP (file transfer), and Deploy Shell (batch operations) - all accessible from your browser.

IAM (Identity and access management): Role-based access control with three tiers (User, Staff, Superuser) and flexible user groups.

Authentication & MFA: Enterprise-grade authentication powered by Auth0 with support for hardware security keys, biometric authentication, and TOTP apps.

→ Learn more in the Key Concepts guide

Use cases

Alpacon is perfect for:

Development teams

Accessing development and staging servers
Debugging production issues
Collaborative troubleshooting
Database administration

DevOps automation

CI/CD pipeline integration
Automated deployments
Infrastructure as code execution
Scheduled maintenance tasks

Managed service providers

Secure customer server access
Multi-tenant isolation
Audit trails for client compliance
Simplified engineer onboarding

Compliance requirements

Financial services (PCI DSS, SOX)
Healthcare (HIPAA)
Data protection (GDPR)
Government contractors (FedRAMP)

Getting started in 3 steps

Step 1: Register your server (1 minute)

In your Alpacon workspace, go to Servers → Register Server, enter server details, and run the generated installation script on your server.

See the Quickstart guide for detailed steps.

Step 2: Get API token (1 minute)

Create an API token in your workspace settings for programmatic access.

Step 3: Start using (immediate)

# CLI
alpacon websh myserver "ls -la"
 
# REST API
curl -X POST https://your-workspace.us1.alpacon.io/api/events/commands/ \
  -H "Authorization: token=\"alpat-xxxxxxxxxxxxxxxxxx\"" \
  -H "Content-Type: application/json" \
  -d '{"server": "7e3984de-49ab-4cc6-bcdf-21fbd35858b8", "line": "ls -la", "username": "ubuntu"}'

That’s it. No SSH keys to generate. No VPN to configure. Just simple, secure access.

Architecture overview

Alpacon uses a unique reverse-connection architecture:

Servers connect out to Alpacon, not the other way around. This means:

No firewall changes needed
Works behind NAT
No exposed ports
Automatic failover

The Alpacon difference

Traditional tools weren’t built for automation

SSH: Manual key management, no programmatic control
VPN: Network-level access, not application-aware
Bastion hosts: Another server to manage and secure

Alpacon is API-first by design

Everything is programmable: Every action available via API/CLI
Machine-friendly: Built for automation, not just humans
Security is managed: We handle the complex security, you just use simple commands
DevOps native: Integrates with your existing tools and workflows

Next steps

Now that you understand what Alpacon is and how it works, continue with:

Installation guide - Set up Alpamon on your servers
Key concepts - Deep dive into Alpacon components
Quickstart tutorial - Get hands-on in 5 minutes

Questions?

Check our FAQ for quick answers
Join our Discord community for real-time help
Review troubleshooting guides for common issues
Email support at support@alpacax.com

Welcome to the future of server access management. Let’s get started!