Linksys SPA921 Cisco Small Business IP Telephony Devices Provisioning Guide - Page 14

Provisioning Overview - firmware download

Get Linksys SPA921 - Cisco - IP Phone PDF manuals and user guides
UPC - 745883570799
View all Linksys SPA921 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

Provisioning Cisco Small Business VoIP Devices Provisioning Overview 1 Provisioning Overview The Cisco Small Business IP Telephony Devices support secure remote provisioning and firmware upgrades. Configuration profiles can be generated by by using common, open source tools that facilitate integration into service provider provisioning systems. Supported transport protocols include TFTP, HTTP, and HTTPS with a client certificate. Cisco Small Business provisioning solutions are designed for high-volume residential deployment, where each IP Telephony Device typically resides in a separate LAN environment that is connected to the Internet with a NAT device. An IP Telephony Device can be configured to resynchronize its internal configuration state to a remote profile periodically and on power up. A 256-bit symmetric key encryption of profiles is supported. In addition, an unprovisioned IP Telephony Device can receive an encrypted profile specifically targeted for that device without requiring an explicit key. Secure first-time provisioning is provided through a mechanism that uses SSL functionality. NOTE Remote customization (RC) units are customized by Cisco so that when the unit is started, it tries to contact the Cisco provisioning server to download its customized profile. User intervention is not required to initiate or complete a profile update or firmware upgrade. Remote firmware upgrade is achieved via TFTP or HTTP, but not using HTTPS because the firmware does not contain sensitive information that can be read by a customer. The upgrade logic is capable of automating multistage upgrades, if intermediate upgrades are required to reach a future upgrade state from an older release. A profile resync is only attempted when the IP Telephony Device is idle, because this may trigger a software reboot. General purpose parameters are provided to help service providers to manage the provisioning process. Each IP Telephony Device can be configured to periodically contact a normal provisioning server (NPS). Communication with the NPS does not require the use of a secure protocol because the updated profile is encrypted by a shared secret key. The NPS can be a standard TFTP, HTTP or HTTPS server. Cisco Small Business IP Telephony Devices Provisioning Guide 12

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
Provisioning Cisco Small Business VoIP Devices
Provisioning Overview
Cisco Small Business IP Telephony Devices Provisioning Guide
12
1
Provisioning Overview
The Cisco Small Business IP Telephony Devices support secure remote
provisioning and firmware upgrades. Configuration profiles can be generated by
by using common, open source tools that facilitate integration into service
provider provisioning systems. Supported transport protocols include TFTP, HTTP,
and HTTPS with a client certificate. Cisco Small Business
provisioning solutions
are designed for high-volume residential deployment, where each IP Telephony
Device typically resides in a separate LAN environment that is connected to the
Internet with a NAT device.
An IP Telephony Device can be configured to resynchronize its internal
configuration state to a remote profile periodically and on power up. A 256-bit
symmetric key encryption of profiles is supported. In addition, an unprovisioned IP
Telephony Device can receive an encrypted profile specifically targeted for that
device without requiring an explicit key. Secure first-time provisioning is provided
through a mechanism that uses SSL functionality.
NOTE
Remote customization (RC) units are customized by Cisco so that when the unit is
started, it tries to contact the Cisco provisioning server to download its customized
profile.
User intervention is not required to initiate or complete a profile update or
firmware upgrade. Remote firmware upgrade is achieved via TFTP or HTTP, but
not using HTTPS because the firmware does not contain sensitive information that
can be read by a customer. The upgrade logic is capable of automating multi-
stage upgrades, if intermediate upgrades are required to reach a future upgrade
state from an older release. A profile resync is only attempted when the IP
Telephony Device is idle, because this may trigger a software reboot.
General purpose parameters are provided to help service providers to manage
the provisioning process. Each IP Telephony Device can be configured to
periodically contact a normal provisioning server (NPS). Communication with the
NPS does not require the use of a secure protocol because the updated profile is
encrypted by a shared secret key. The NPS can be a standard TFTP, HTTP or
HTTPS server.