Frequently asked questions

Find answers to common questions about Alpacon.

General

What is Alpacon?

Alpacon is a zero-trust server access platform that replaces traditional SSH key management with secure, browser-based access. It provides centralized access control, comprehensive audit logging, and eliminates the need for VPNs or exposed SSH ports.

How is Alpacon different from SSH?

Unlike SSH which requires managing keys across multiple servers, Alpacon provides:

• Centralized access management through a web dashboard
• Time-bound access tokens instead of permanent keys
• Complete audit trails of all commands and actions
• No need to expose SSH ports to the internet
• Individual user accountability instead of shared accounts

Is Alpacon a VPN replacement?

Yes, Alpacon can replace VPNs for server access. Unlike VPNs which provide network-level access, Alpacon provides application-level access with better security controls, audit trails, and no need for client software installation.

What platforms does Alpacon support?

Servers:

• Linux (Ubuntu, Debian, CentOS, RHEL, Rocky Linux, Fedora, Oracle Linux, Amazon Linux, SUSE, Alpine, Raspberry Pi OS)
• Windows Server (2016, 2019, 2022)
• macOS (for development environments)

Browsers:

• Chrome 90+
• Firefox 88+
• Safari 14+
• Edge 90+

Security

Is Alpacon secure?

Yes, Alpacon implements multiple security layers:

• Zero-trust architecture: No implicit trust, continuous verification
• No exposed ports: Servers initiate outbound connections only
• End-to-end encryption: All communications are encrypted
• Multi-factor authentication: Additional security layer for user access
• Command ACLs: Restrict which commands users can execute
• Comprehensive audit logs: Track every action for compliance

What security standards does Alpacon follow?

Alpacon is built with enterprise security in mind:

• Zero-trust architecture design
• End-to-end encryption for all communications
• Comprehensive audit logging for compliance readiness
• Security best practices aligned with industry standards

How does Alpacon handle authentication?

Alpacon uses a multi-layer authentication approach:

1. User authenticates to the Alpacon platform (password + MFA)
2. Platform issues time-bound JWT tokens
3. Agent validates tokens before granting access
4. All sessions are continuously monitored

Can I integrate with my SSO provider?

Yes, Alpacon supports SSO integration with:

• Okta
• Azure AD
• Google Workspace
• OneLogin
• Any SAML 2.0 provider

Technical

How does the reverse connection work?

Instead of servers exposing SSH ports, the Alpacon agent initiates an outbound HTTPS connection to the Alpacon platform. This means:

• No inbound firewall rules needed
• Works behind NAT without configuration
• No exposed attack surface
• Connections are persistent and encrypted

What ports does Alpacon use?

Alpacon only requires outbound HTTPS (port 443). No inbound ports need to be opened, significantly reducing your attack surface.

Does Alpacon require root/administrator access?

The Alpacon agent (alpamon) requires root/administrator privileges to:

• Manage user sessions
• Enforce access controls
• Collect audit logs
• Execute commands as different users

However, users accessing servers through Alpacon don’t need root unless explicitly granted.

How do I install the Alpacon agent?

The easiest way:

1. In your Alpacon workspace, go to Servers → Connect Server
2. Enter server details (name, platform)
3. Copy the generated installation script
4. Run it on your server

The script automatically detects your OS and installs the appropriate agent.

See the Installation guide for detailed instructions and manual installation options.

Can I use Alpacon for file transfers?

Yes, Alpacon includes WebFTP for browser-based file transfers. You can:

• Upload/download files through the web interface
• Drag and drop files directly
• Transfer files between servers
• Use the CLI for automated transfers

Operations

How do I handle emergency access?

Alpacon provides multiple emergency access methods:

1. Break-glass accounts: Pre-configured emergency access with enhanced logging
2. API tokens: Programmatic access that doesn’t require the web interface
3. Offline tokens: Time-limited tokens that work even if Alpacon is unavailable

See emergency access procedures for details.

What happens if Alpacon is down?

Alpacon has 99.99% uptime SLA, but if unavailable:

1. Existing sessions remain active for up to 4 hours
2. Emergency offline tokens can be used
3. Cloud console access remains available as backup
4. Status updates at status.alpacon.io

How are software updates handled?

Alpacon platform: Updates are applied automatically with zero downtime using rolling deployments.

Alpacon agent:

• Auto-updates can be enabled (recommended)
• Manual updates via package manager
• Updates don’t interrupt active sessions

Can I self-host Alpacon?

Self-hosted Alpacon is available for customers with specific requirements:

• Air-gapped environments
• Data sovereignty requirements
• Custom integration needs

Contact sales@alpacax.com for details.

Integration

Does Alpacon work with CI/CD pipelines?

Yes, Alpacon integrates with:

• GitHub Actions (official action available)
• GitLab CI
• Jenkins
• CircleCI
• Bitbucket Pipelines
• Azure DevOps

See integration guides for examples.

Can I use Alpacon with configuration management tools?

Alpacon provides APIs that can be integrated with various tools. You can use Alpacon’s REST API to execute commands from your configuration management workflows.

How do I monitor servers through Alpacon?

Alpacon provides:

• Built-in monitoring dashboard
• Prometheus metrics export
• CloudWatch integration
• Datadog integration
• Custom webhook alerts

Troubleshooting

Agent won’t connect to workspace

Check:

1. Outbound HTTPS (443) is allowed
2. System time is synchronized
3. Registration token is valid
4. DNS resolution works

See connection troubleshooting for detailed steps.

”Permission denied” errors

Verify:

1. User has appropriate role (User/Staff/Superuser)
2. Command ACLs allow the operation
3. Target server is in allowed group
4. Session hasn’t expired

Slow connection or lag

Possible causes:

1. Network latency (check ping to alpacon.io)
2. Server resource constraints
3. Browser performance issues
4. Proxy/firewall inspection

How do I get support?

• Documentation: https://docs.alpacax.com
• Discord community: https://discord.gg/wadWh8VsYB
• Email: support@alpacax.com

Migration

How long does migration take?

Typical migration timeline:

• Small team (< 10 servers): 1-2 days
• Medium team (10-100 servers): 1-2 weeks
• Large team (100+ servers): 2-4 weeks

See our migration guide for detailed planning.

Can I run SSH and Alpacon in parallel?

Yes, we recommend running both in parallel during migration:

1. Install Alpacon agent alongside SSH
2. Test all workflows through Alpacon
3. Gradually migrate users
4. Disable SSH once confident

Will migration cause downtime?

No, Alpacon agent installation and registration doesn’t require:

• Service restarts
• Configuration changes
• Downtime

You can migrate with zero disruption to running services.

More questions?

Can’t find what you’re looking for?

• 📧 Email: support@alpacax.com
• 💬 Discord community: https://discord.gg/wadWh8VsYB
• 📚 Documentation: https://docs.alpacax.com
• 🐛 Report issues: GitHub Issues