Skip to content

Commit b4a99ff

Browse files
sechmannsechmann
committed
update uml
1 parent c349e7c commit b4a99ff

File tree

2 files changed

+27
-24
lines changed

2 files changed

+27
-24
lines changed

nais-device.png

10.9 KB
Loading

nais-device.puml

+27-24
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
actor developer as "Developer"
44
participant device as "NAIS Device"
5-
participant dnca as "NAIS Device Client Agent"
5+
participant ndca as "NAIS Device Client Agent"
66
participant aad as "Azure Active Directory"
77
participant kolide as "Kolide"
88
participant nds as "NAIS Device Server"
@@ -11,17 +11,16 @@ collections vpnserver as "VPN Server"
1111
collections ndga as "NAIS Device Gateway Agent"
1212

1313
==Enroll==
14-
developer -> dnca: enroll device
15-
dnca -> device: install kolide-agent
14+
developer -> ndca: enroll device
15+
ndca -> device: install kolide-agent
1616
device -> kolide: register
17-
dnca -> aad: login
18-
aad -> dnca: token
19-
dnca -> device: get serial
20-
device -> dnca: serial
21-
dnca -> nds: HTTP POST /register {token, serial}
22-
nds -> aad: validate token
17+
ndca -> aad: login
18+
aad -> ndca: token
19+
ndca -> device: get serial
20+
device -> ndca: serial
21+
ndca -> nds: HTTP POST /device/register {token, serial}
2322
nds -> ndsdb: add db entry {serial, email}
24-
nds -> dnca: response
23+
nds -> ndca: response
2524

2625
==Kolide==
2726
loop
@@ -38,23 +37,30 @@ loop every x minutes
3837
nds -> nds: update database entries with status
3938
end
4039

40+
==Healthcheck VPN==
41+
ndca->vpnserver: establish tcp connection
42+
loop every second:
43+
ndca -> vpnserver: send byte
44+
vpnserver -> ndca: send byte
45+
end
46+
ndca -> ndca: if no byte response, trigger Connect to VPN
47+
ndca->ndca: close tcp connection
48+
ndca->ndca: restart healthcheck
49+
4150
==Connect to VPN==
42-
dnca -> nds: HTTP GET /psk {token, public key, serial}
43-
nds -> nds: validate token
51+
ndca -> ndca: if no cached token, login
52+
ndca -> nds: HTTP GET /device/vpn/config {token, public key, serial}
4453
nds -> ndsdb: is device ok?
4554

4655
nds -> ndsdb: get {psk, ip, routes, server-configs}
47-
nds -> dnca: {psk, ip, routes, server-configs}
56+
nds -> ndca: {psk, ip, routes, server-configs}
4857

49-
dnca -> device: ip dev add / ifconfig add / netsh add device
50-
dnca -> device: wg set psk, private key, ip
51-
dnca -> device: route add
58+
ndca -> device: ip dev add / ifconfig add / netsh add device
59+
ndca -> device: wg set psk, private key, ip
60+
ndca -> device: route add
5261

5362
==Enroll VPN Server==
54-
ndga -> aad: login
55-
aad -> ndga: token
56-
ndga -> nds: HTTP POST /gateway/register {token, server-id, public ip}
57-
nds -> nds: validate token
63+
ndga -> nds: HTTP POST /gateway/register {token, public key, public ip}
5864
nds -> ndsdb: write server config
5965
nds -> ndga: response
6066

@@ -66,10 +72,7 @@ end
6672

6773
==Configure VPN Server (runs every minute or more)==
6874
loop every minute
69-
ndga -> aad: login
70-
aad -> ndga: token
71-
ndga -> nds: HTTP GET /peers {token, server-id}
72-
nds -> nds: validate token
75+
ndga -> nds: HTTP GET /gateway/peers {token, public key}
7376
nds -> ndsdb: get peers
7477
nds -> ndga: {peers}
7578
end

0 commit comments

Comments
 (0)