Skip to main content

NACS Overview

NACS (Network Access Control System)

The NACS service enables the validation and authorisation of both wired and wireless network clients on MOJ enabled networks.

User needs

Provides access to MOJ networks from suitably configured devices.

Principles

Enable onsite support staff to manage access of local devices such as printers e.g. Printer Mac Address reservation.

Use cloud first To meet point 5 of the Technology Code of Practice (TCoP) and the government’s cloud first policy.

Infrastructure as Code provides a complete audit of changes, versioning of cloud infrastructure and DNS server application, automated testing and redeployment of the service in the event of disaster.

Tools

The NACS service uses Freeradius containers running on AWS ECS Fargate, as well as a seperate ruby on rails admin portal.

We use Terraform and Infrastructure as Code to provide a complete audit of changes, versioning of components, automated testing and redeployment of the service in the event of disaster.

Diagram

High level diagram Source

Repositories

Repository Description
NACS admin portal Admin Portal for configuring clients, sites, policies and rules.
NACS server This repository contains the neccesary code to build the freeradius docker image.
NACS Infrastructure CI/CD This the shared infrastructure for the main account, named Shared Services. This account is used to host CI/CD pipelines.
NACS Integration Tests This repo contains a number of automated tests that should be run following changes to the freeradius server.
NACS Disaster Recovery This repo contains an interactive script which can be used to roll back a corrupt config or container version for the Network Access Control service.
Link Description
NACS Admin Portal(Live) Admin Portal for managing clients, sites, policies and rules. *Please note you need to be a member of the AzureAD group moj-[ENVIRONMENT_NAME]-network-access-control-admin-azure-app
NACS Radius Server Docs NACS Radius Server documentation
NACS Infrastructure Docs NACS Infrastructure documentation
Confluence Docs User guides, Engineering Manuals, Architecture and Wiki
Transit Gateway Connects the service to wider MoJ networks as a virtual WAN
Grafana Dashboard Link to the grafana dashboard for NACS.
This page was last reviewed on 15 April 2024. It needs to be reviewed again on 15 October 2024 .
This page was set to be reviewed before 15 October 2024. This might mean the content is out of date.