Zero Touch Provisioning

163 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

SkyHighTech

Uploaded on Jul 18, 2022

Category Technology

In this blog series, we will focus on zero-touch provisioning (ZTP) for uCPEs over a public network. In particular, we will discuss the two main challenges of security (parts 1 and 2) and licensing (part 3). Part 4 of this blog will explore RAD’s uCPE ZTP solution in detail. A device MAC address or manufacturer serial number are usually not considered, on their own, a secured-enough identity, as in many cases they can be forged quite easily.

Category Technology

Comments

                     Zero Touch Provisioning
                     Zero Touch 
Provisioning
In this blog series, we will focus on zero-
touch provisioning (ZTP) for uCPEs over 
a public network. In particular, we will 
discuss the two main challenges of 
security (parts 1 and 2) and licensing 
(part 3). Part 4 of this blog will explore 
RAD’s uCPE ZTP solution in detail. 
 A device MAC address or manufacturer 
serial number are usually not 
considered, on their own, a secured-
enough identity, as in many cases they 
can be forged quite easily.
Know More-Zero Touch Provisioning
Zero-touch provisioning has always been one of 
the key operational concerns for telecom service 
providers. It greatly simplifies operations when 
any new device that is being installed in the 
network, can miraculously find its way “home” 
and connect to the service provider’s network 
operations center or NOC, from which it can be 
further managed.
The increasing use of SD-WAN solutions has 
pushed the telecom devices far beyond the 
traditional boundaries of the service provider 
VPNs. More and more universal CPE (uCPE) 
devices, on-boarded with an SD-WAN function, 
are installed today at remote point of presence 
(PoP) locations with only the public network (i.e. 
internet) connecting the device to the service 
provider’s NOC.
Communicating over a public network is 
a completely different ball game as far 
as security is concerned. Whereas 
traditional ZTP solutions could rely on 
the SP’s VPN to protect them from the 
dangerous world outside, now the 
device itself is part of that world and 
must protect itself from it. 
uCPE is a relatively new telecom 
“creature”. A uCPE device is usually 
some commercially of the shelf (COTS) 
piece of hardware, also referred to as a 
White Box or WB (typically based on 
some multi-core x86 or ARM processor) 
that runs a Linux-based OS.
Unlike traditional telecom equipment, for 
which both hardware and software were 
provided by the same vendor, uCPE allows 
SPs to purchase the hardware from one 
vendor and the software (i.e. the uCPE 
OS) from another. As a result, service 
providers enjoy lower vendor dependency 
and better economies of scale. 
 However, these great merits introduce a 
new operational challenge in the form of 
software licensing. Each instance of this 
uCPE OS must be licensed before the 
uCPE can be made fully functional.
The first, is to make sure that no 
malicious party can penetrate the 
device, disrupt its functionality or implant 
malware within it. Thus, any device that 
is connected to the internet (including 
your PC at home) must follow some 
hardening best practices.