First Launch¶
This page walks you through everything that happens the first time you start ntkDeploy: database initialisation, the navigation shell, initial Settings configuration, environment selection, and verifying that the Policy Server connection is healthy before you begin work.
Prerequisites¶
- ntkDeploy installed — see Installation.
- The hostname or URL of your Policy Manager V2 server.
- Paths to the mTLS client certificate, client key, and CA certificate files used to connect to the Policy Server.
- Network connectivity from the administrator machine to the Policy Server and to at least one UNC deployment share.
Step 1 — Launch the application¶
Open the Start menu, search for ntkDeploy, and click the tile.
On first run the application initialises the local SQLite database inside the Windows app-data directory. A brief loading indicator is shown. Once complete, the main window appears with the navigation shell.
Note: No internet connection is required. All data is stored locally; the only outbound connections are to your intranet Policy Server and to the UNC/SMB shares you configure as deployment targets.
Step 2 — Understand the navigation shell¶
The navigation shell is the persistent chrome surrounding every screen. Familiarise yourself with its key areas before continuing:
| Area | Description |
|---|---|
| Sidebar (left) | Primary navigation — Dashboard, Profiles, Device Groups, Deployment, Providers, Policies, Audit Log, Settings |
| Environment switcher | Located in the sidebar; switches the active environment (Development, Staging, Production). Lists and grids automatically filter to the selected environment. |
| Global search | Accessible from the header or via keyboard shortcut; searches across profiles, device groups, and paths regardless of the active environment |
| Policy status badge | Persistent indicator in the header showing connected, degraded, disconnected, or connecting. Hover for details. |
Step 3 — Open Settings and configure server endpoints¶
Before running any preflight check or deployment, you must configure the Policy Server connection.
- Select Settings from the left sidebar.
- Locate the Policy Server section and fill in the following fields:
| Field | Description | Example |
|---|---|---|
| Conductor Address | gRPC address of the ntkDrive conductor service | xdrive.dev:9010 |
| Base URL | HTTPS base URL of the Policy Manager V2 API | https://policy.example.com:8443 |
| CA Certificate Path | Local path to the CA certificate (.pem or .crt) used to verify the server |
C:\certs\ca.pem |
| Client Certificate Path | Local path to the mTLS client certificate | C:\certs\client.crt |
| Client Key Path | Local path to the mTLS client private key | C:\certs\client.key |
| Signing Key (hex) | Ed25519 signing key in hexadecimal, used to sign deployment snapshots | (paste from secure vault) |
| Public Key (hex) | Corresponding Ed25519 public key | (paste from secure vault) |
Values are saved automatically as you type — there is no explicit Save button in this section.
- Still in Settings, review the Deployment defaults section:
| Field | Description | Recommended starting value |
|---|---|---|
| Default concurrency | Maximum simultaneous per-device deployment jobs | 10 |
| Default backup strategy | What to do with existing configs before overwrite | Backup |
- Optionally adjust the Artifacts section:
- Retention days (1–120) — how long locally generated deployment artifact files are kept.
- Artifacts directory — override the default output folder by clicking Change.
Step 4 — Select your default environment¶
Use the Environment switcher in the sidebar to select the environment you will work in first. For initial setup, choose Development to avoid accidentally targeting production device groups.
For a detailed explanation of the environment model see Environments.
Step 5 — Verify Policy Server connectivity¶
Once Settings are saved, return to any screen and observe the policy status badge in the header.
| Badge state | Meaning |
|---|---|
connected |
/capabilities and /readyz both succeeded — the gate is open and deployments are enabled |
connecting |
The startup gate is still running its checks |
degraded |
/healthz failed but the gate is still open (/capabilities and /readyz succeeded) — monitor but can proceed |
disconnected |
/capabilities or /readyz failed — the gate is closed; deployment is blocked until resolved |
Important: The deployment path is fail-closed. If the badge shows
disconnected, verify your Policy Server settings (URL, certificates, keys) and confirm the server is reachable from your machine before attempting any deployment. See Connectivity Issues if you cannot get aconnectedstate.
Step 6 — (Optional) Configure the appearance¶
In Settings → Appearance, set Theme mode to Light, Dark, or System according to your preference.
What was set up¶
After completing the steps above:
- The local SQLite database is created and ready.
- The Policy Server connection is configured and healthy.
- A default deployment environment is selected.
- Deployment defaults (concurrency, backup strategy, artifact retention) are in place.
You are now ready to create your first profile and run a deployment.
Next Steps¶
- Quick Start — Create a profile, assign it to a device group, run preflight, deploy, and verify in the audit log.
- Environments — Understand how Development, Staging, and Production environments are managed.