diff --git a/README.md b/README.md
index 215adaa..a4d59d3 100644
--- a/README.md
+++ b/README.md
@@ -2,14 +2,18 @@ These Ansible roles set up servers running various Linux distributions to partic
 
 # Setup
 
-Each server should have the following information recorded in NetBox:
+Each physical server should have the following information recorded in NetBox:
 
   - network interfaces `mgmt*`: used for management (Ansible) access; must define MAC and IP address
   - network interfaces `lan*`: used for BGP routing; must define MAC address
   - network interface `lo`: must define the IP address to announce over BGP, also serves as router ID
 
+For virtual machines, network interfaces should be named as in the hypervisor. In Proxmox, this is typically `net*`.
+
 MAC addresses are used to rename interfaces in the host OS. Prefix for the management IP address should define the `gateway` custom field.
 
+For Windows hosts the platform must be defined in NetBox to configure connection parameters.
+
 # Run
 
 Create a read-only token in NetBox. Define required variables:
diff --git a/roles/facts/tasks/main.yml b/roles/facts/tasks/main.yml
index beb6d93..18aca24 100644
--- a/roles/facts/tasks/main.yml
+++ b/roles/facts/tasks/main.yml
@@ -1,21 +1,21 @@
 # Read secrets and keys.
-- name: Get SSH keys
+- name: Get public SSH keys for root login
   delegate_to: localhost
   check_mode: false
   run_once: true
   block:
-    - name: Get GPG key IDs
+    - name: Read GPG key IDs from secret store
       shell: cat ${PASSWORD_STORE_DIR:-~/.password-store}/.gpg-id
       changed_when: false
       register: gpg_ids
 
-    - name: Export public SSH keys
+    - name: Retrieve public SSH keys from GPG keyring
       shell: echo "$(gpg --export-ssh-key {{ item }} | cut -d ' ' -f 1,2) $(gpg --list-keys --with-colons {{ item }} | sed -n 's@uid:.*<\(.*\)>.*@\1@p')"
       loop: '{{ gpg_ids.stdout_lines }}'
       changed_when: false
       register: ssh_export
 
-    - name: Set SSH keys to deploy on servers
+    - name: Store a list of SSH keys
       set_fact:
         ssh_keys: '{{ ssh_export.results | map(attribute="stdout") }}'
       failed_when: not ssh_keys # something must be terribly wrong so let’s not lock everyone out
@@ -52,23 +52,13 @@
 
 # Set host-specific connection parameters.
 - name: Set SSH connection username
-  delegate_to: localhost
   set_fact:
     ansible_ssh_user: "{{ password.user }}"
   when: password.user is defined
 
-- name: Check if the host is running Windows
-  win_ping:
-  vars:
-    ansible_shell_type: powershell
-  failed_when: false
-  ignore_errors: true
-  ignore_unreachable: true
-  register: result
-
 - name: Set connection parameters for Windows
   set_fact:
     ansible_shell_type: powershell
     ansible_become_method: runas
     ansible_become_flags: ""
-  when: result.ping|default("") == "pong"
+  when: platform == "windows"
diff --git a/setup.yml b/setup.yml
index 946cd8d..febdae9 100644
--- a/setup.yml
+++ b/setup.yml
@@ -1,19 +1,18 @@
 # common stuff
-- hosts: '*'
+- name: Get NetBox and other data
+  hosts: '*'
   gather_facts: false
   roles:
     - facts
 
-- hosts: '*'
+- name: Set up base system
+  hosts: '*'
   roles:
     - { role: alpine, when: ansible_distribution == 'Alpine' }
     - { role: debian, when: ansible_distribution == 'Debian' }
     - { role: windows, when: ansible_os_family == 'Windows' }
 
 # hosts
-- hosts: mgmt-gw
-  roles:
-
 - hosts: ceph-*
   roles:
     - frr