Zero-touch configuration process
Auto configuration or “zero-touch” deployment is a recurring customer requirement, especially for remote-office deployments. New devices introduced inside a private network require management tools be co-located to configure them or update firmware, or require manual intervention to do configuration. TR-069 allows managing devices that reside in a private network via HTTP(S), enabling a new set of deployment and management models today, not possible using SNMP.
The client side, when configured, will contact the server at a predefined URL, using HTTP or HTTPS as protocol. After authentication, the ACS is able to perform the following basic operations:
Update CPE Configuration.
Update CPE TR-069 parameters.
Update CPE firmware.
Reboot CPE (backup, startup, and running configurations)
Run CPE ping diagnostics.
Reset CPE to factory default.
Get periodic Status (several parameters can be retrieved depending on what is supported).
Since TR-069 uses HTTP, it can be used across a WAN. If the CPE can reach the URL, it can be managed. TR-069 is mostly a push protocol where the client periodically sends information without server requests. This allows for greater scalability over traditional SNMP based tools, which are also bounded to work within the LAN, while TR-069 can offer management to remote offices.
Zero-touch configuration for Campus networks
In this example, the following steps to configure CPEs for a Campus Network environment.
Pre-configuration for all CPEs in BIMS.
CPEs get BIMS parameters from DHCP server.
CPEs initiate a connection to BIMS, then BIMS deploys the pre-configuration to CPEs.
Zero-touch configuration for Branch networks
In this example, the following steps to configure CPEs for a Branch network environment.
Create the basic configuration for your spoke device manually, using the username/password from ISP and BIMS URL.
The IPSec VPN configuration is generated by IVM and deployed by BIMS.
The IPSec VPN tunnel is automatically created.
The device in the branch private network can DHCP relay to HQ to continue the zero touch configuration.