Table of Contents
Advertisement
Provisioning Cisco Small Business VoIP Devices
Provisioning Overview
Provisioning Overview
NOTE
Cisco Small Business IP Telephony Devices Provisioning Guide
Cisco Small Business provisioning solutions are designed for high-volume
residential deployment, where each IP Telephony Device typically resides in a
separate LAN environment that is connected to the Internet through a NAT device.
Configuration profiles can be generated by using common, open source tools that
facilitate integration into service provider provisioning systems. Cisco Small
Business IP Telephony devices support secure remote provisioning and firmware
upgrades. User intervention is not required to initiate or complete a profile update
or firmware upgrade. Supported transport protocols include TFTP, HTTP, and
HTTPS with a client certificate.
An IP Telephony device can be configured to resynchronize its internal
configuration state to a remote profile periodically and on power up. A 256-bit
symmetric key encryption of profiles is supported. In addition, an unprovisioned IP
Telephony device can receive an encrypted profile specifically targeted for that
device without requiring an explicit key. Secure first-time provisioning is provided
through a mechanism that uses SSL functionality.
Remote customization (RC) units are customized by Cisco so that when the unit is
started, it contacts the Cisco provisioning server to download its customized
profile.
Remote Firmware Upgrade
A remote firmware upgrade is achieved by using TFTP or HTTP, but not by using
HTTPS because the firmware does not contain sensitive information. The upgrade
logic is capable of automating multi-stage upgrades, if intermediate upgrades are
required to reach a current upgrade state from an older release. A profile resync is
only attempted when the IP Telephony device is idle, because the upgrade might
trigger a software reboot.
General purpose parameters are provided to help service providers manage the
provisioning process. Each IP Telephony device can be configured to periodically
contact a normal provisioning server (NPS). Communication with the NPS does not
require the use of a secure protocol because the updated profile is encrypted by
a shared secret key. The NPS can be a standard TFTP, HTTP, or HTTPS server.
1
9
Advertisement
Table of Contents
