Table of Contents
Advertisement
Provisioning Overview
The ATA must be configured to match the account service parameters for the individual customer. Also,
configuration may need to be modified because of newly introduced service provider features,
modifications in the service provider network, or firmware upgrades in the endpoint.
This customized, ongoing configuration is supported by the following features of Linksys ATAs:
•
•
•
Remote Endpoint Control
The service provider must be able to modify configuration parameters in the ATA after the unit has been
deployed to the customer premises. The service provider must also be able to upgrade the endpoint
firmware remotely, and both of these operations must be reliable.
In a residential deployment, the endpoint itself is typically connected in a local network, and accesses
the Internet through a router using network address translation (NAT). For enhanced security, the router
may attempt to block unauthorized incoming packets by implementing symmetric NAT, a packet
filtering strategy which severely restricts the packets that are allowed to enter the protected network
from the Internet.
Communication Encryption
The configuration parameters communicated to the endpoint may contain authorization codes or other
information should not be revealed to the customer. This may be required to protect the service provider
from unauthorized activity by the customer. It is also necessary to protect the customer from
unauthorized use of the account by other customers.
For this reason, the service provider may wish to encrypt the configuration profile communication
between the provisioning server and the endpoint, in addition to restricting access to the ATA
administration web server.
Provisioning Overview
Linksys VoIP products support secure remote provisioning and firmware upgrades. Configuration
profiles can be generated using common, open source tools, facilitating integration into service provider
provisioning systems. Supported transport protocols include TFTP, HTTP, and HTTPS with client
certificates. Linksys provisioning solutions are designed for high-volume residential deployment, where
each SPA typically resides in a separate LAN environment connected to the Internet with a NAT device.
This Provisioning Guide is intended to supplement the product administration guides, which provide
Note
definitions and usage guidelines for each parameter available for a specific device.
The SPA can be configured to resync its internal configuration state to a remote profile periodically and
on power up. Starting with firmware release 2.0, 256-bit symmetric key encryption of profiles is
supported. In addition, an unprovisioned SPA can receive an encrypted profile specifically targeted for
that device without requiring an explicit key. Release 2.0 supports a secure first-time provisioning
mechanism using SSL functionality.
Linksys SPA Provisioning Guide
1-2
Reliable remote control of the endpoint,
Encryption of the communication controlling the endpoint,
Streamlined endpoint account binding.
Chapter 1
Provisioning Linksys VoIP Devices
Version 3.0
- Quick Links:
- Provisioning Overview
- Initial Provisioning
Hide quick links:
Advertisement
Table of Contents
