Deploy 200 Workstations in Under 2 Minutes

Your company has 200 workstations across 5 departments in 2 offices. Each department needs its own isolated network segment. You need encrypted connectivity between all of them — today. With Ghost Networks and Helbind Keys, the entire rollout takes less than 2 minutes of admin time.

The Scenario

200 workstations, 5 departments (Engineering, Sales, HR, Finance, Operations), 2 cities. Each department gets its own Phantom Hub — devices can only see others in the same hub. The admin creates everything from the CLI.

💻

Engineering

40 devices

📈

Sales

40 devices

👥

40 devices

💰

Finance

40 devices

⚙

Operations

40 devices

Step 1: Create 5 Helbind Keys

One key per department. Each allows up to 40 devices and expires in 2 years. The admin runs 5 commands:

# Engineering

ghost-cli helbind create --hub hub_engineering \

--max-devices 40 --expires 730d --output key_eng.json

# Sales

ghost-cli helbind create --hub hub_sales \

--max-devices 40 --expires 730d --output key_sales.json

# HR

ghost-cli helbind create --hub hub_hr \

--max-devices 40 --expires 730d --output key_hr.json

# Finance

ghost-cli helbind create --hub hub_finance \

--max-devices 40 --expires 730d --output key_finance.json

# Operations

ghost-cli helbind create --hub hub_ops \

--max-devices 40 --expires 730d --output key_ops.json

5 commands. 5 JSON files. ~30 seconds.

Step 2: Write the Boot Script

Create a single script that downloads the Ghost Connector, installs it, and joins the network using the department's Helbind Key. This script runs once — on first boot or via Group Policy / Ansible / MDM.

# ghost_deploy.ps1 — Zero-touch Ghost onboarding

# Run as Administrator via GPO or SCCM

# Usage: .\ghost_deploy.ps1 -Dept engineering

param([Parameter(Mandatory)]
[string]$Dept)

$KeyUrl = "https://deploy.internal/keys/key_$Dept.json"

$InstallerUrl = "https://gh-o.net/d/win/install.ps1"

# Skip if already installed

if (Get-Service GhostConnector -ErrorAction SilentlyContinue) {

Write-Host "Ghost Connector already installed"

exit 0

}

# 1. Install Ghost Connector

Invoke-Expression (Invoke-WebRequest $InstallerUrl -UseBasicParsing).Content

# 2. Download department key

Invoke-WebRequest $KeyUrl -OutFile "$env:TEMP\helbind_key.json"

# 3. Join the network

ghost_connector setup --cert "$env:TEMP\helbind_key.json"

# 4. Cleanup

Remove-Item "$env:TEMP\helbind_key.json" -Force

Write-Host "Done. Device joined Ghost network ($Dept)"

Step 3: Distribute

Push the script to each department's machines. Use whatever deployment tool you already have:

Windows Group Policy — startup script

Ansible / Puppet / Chef — run on provisioning

MDM — push to managed devices

USB / PXE — include in boot sequence

Result

Machines boot up, run the script, and join the correct department hub automatically. No user interaction. No VPN client to configure. No firewall rules. Each device is immediately part of its encrypted mesh.

200

devices

hubs

manual steps

<2m

admin time

Bonus: Phone Home Script

Want to know which machines successfully joined? Add a phone-home call at the end of the script. Each machine reports its Ghost IP, hostname, and department to a simple endpoint running on your admin server.

Add to the end of your deploy script:

# 5. Phone home — report to admin

$GhostIP = (ghost_connector status 2>$null |

Select-String 'Address:\s+(\d[\d.]+)').Matches[0].Groups[1].Value

$Body = @{

ip = $GhostIP

hostname = $env:COMPUTERNAME

os = (Get-CimInstance Win32_OperatingSystem).Caption

department = $Dept

} | ConvertTo-Json

Invoke-WebRequest -Uri "http://172.16.0.1:9090/register" `

-Method POST -ContentType "application/json" -Body $Body

On your admin machine (inside the Ghost network), run a simple listener:

# admin_listener.py — receives device registrations

from http.server import HTTPServer, BaseHTTPRequestHandler

import json, csv, datetime

class Handler(BaseHTTPRequestHandler):

def do_POST(self):

length = int(self.headers['Content-Length'])

data = json.loads(self.rfile.read(length))

data['time'] = datetime.datetime.now().isoformat()

with open('inventory.csv', 'a') as f:

w = csv.DictWriter(f,

fieldnames=['time','ip','hostname','os','department'])

w.writerow(data)

print(f"+ {data['hostname']} ({data['department']})")

self.send_response(200)

self.end_headers()

HTTPServer(('0.0.0.0', 9090), Handler).serve_forever()

Now you have a live inventory of every machine that joined — with Ghost IP, hostname, OS, and department. All over the encrypted mesh.

The Numbers

Admin time: ~2 minutes (5 CLI commands + 1 script)

Devices: 200 workstations, zero-touch onboarded

Security: Ghost encryption, department isolation

Cleanup: Keys auto-expire in 2 years, no orphan access

Get Started with Ghost Networks or See Enterprise Plans