Editing Enterprise Provisioning
Warning: You are not logged in.
Your IP address will be recorded in this page's edit history.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
- | Here we describe some of the challenges related to provisioning, discuss the solutions and after looking into server side requirement briefly, continue to some tried-out provisioning strategies. We do not yet offer turnkey solutions or program code, excluding some snippets in the [[ | + | Here we describe some of the challenges related to provisioning, discuss the solutions and after looking into server side requirement briefly, continue to some tried-out provisioning strategies. We do not yet offer turnkey solutions or program code, excluding some snippets in the [[Enterprise_Provisioning_-_Appendix|Appendix]]. |
- | + | = Acronyms and definitions = | |
* Enterprise User Configuration File: EUF. A container for user-specific and enterprise-specific configuration values collected from various sources. | * Enterprise User Configuration File: EUF. A container for user-specific and enterprise-specific configuration values collected from various sources. | ||
* Enterprise Package: EP. It contains the Enterprise Configurator and also contains a reference to all other required packages. | * Enterprise Package: EP. It contains the Enterprise Configurator and also contains a reference to all other required packages. | ||
* Enterprise Configurator: Part of the <span style="color:#0000ff" title="Enterprise Package: Contains the Enterprise Configurator and also contains a reference to all other required packages.">EP</span>. It is an application which reads the <span style="color:#0000ff" title="Enterprise User Configuration File: A container for user-specific and enterprise-specific configuration values collected from various sources. ">EUF</span> and applies the configuration values into device and applications configuration. | * Enterprise Configurator: Part of the <span style="color:#0000ff" title="Enterprise Package: Contains the Enterprise Configurator and also contains a reference to all other required packages.">EP</span>. It is an application which reads the <span style="color:#0000ff" title="Enterprise User Configuration File: A container for user-specific and enterprise-specific configuration values collected from various sources. ">EUF</span> and applies the configuration values into device and applications configuration. | ||
- | * Content Type definitions: Using different Content Type definitions, the web browser can be made to either prompt the user to save a file or invoke the Application Manager. See the [[ | + | * Content Type definitions: Using different Content Type definitions, the web browser can be made to either prompt the user to save a file or invoke the Application Manager. See the [[Enterprise_Provisioning_-_Appendix|Appendix]] for more details about Content Type definitions. |
* Device: The user device that is being configured. | * Device: The user device that is being configured. | ||
- | + | = The Provisioning Process = | |
- | + | == The wireless challenge == | |
Accessing a company network usually requires some keys that are available only inside the network to be accessed. | Accessing a company network usually requires some keys that are available only inside the network to be accessed. | ||
Line 17: | Line 17: | ||
For illustration, picture a man standing at the courtyard of a house. Inside the house, all room doors are locked. In a hallway there is a strongbox with a combination lock. Inside strongbox are keys to all room doors. The man knows the strongbox lock combination. The only problem is that the front the door of the house is locked as well and the man does not have the key. The front door key is in the strongbox. This is roughly equal with the starting point of provisioning a wireless device. | For illustration, picture a man standing at the courtyard of a house. Inside the house, all room doors are locked. In a hallway there is a strongbox with a combination lock. Inside strongbox are keys to all room doors. The man knows the strongbox lock combination. The only problem is that the front the door of the house is locked as well and the man does not have the key. The front door key is in the strongbox. This is roughly equal with the starting point of provisioning a wireless device. | ||
- | + | == Additional challenges == | |
In addition to general problem, there is a set of features which create more challenges for the provisioning process. These include: | In addition to general problem, there is a set of features which create more challenges for the provisioning process. These include: | ||
- | * Currently | + | * Currently the device ships without any kind of enterprise configurator or pre-configurator. |
* The device is unable to handle SMS configuration messages. | * The device is unable to handle SMS configuration messages. | ||
* Application Manager has, in the default configuration, repositories which are located in the public Internet. If these repositories are not accessible from the network the device is connected to, the Application Manager halts completely for extremely long periods (around 30 minutes). We call this as "the Application Manager halting problem". | * Application Manager has, in the default configuration, repositories which are located in the public Internet. If these repositories are not accessible from the network the device is connected to, the Application Manager halts completely for extremely long periods (around 30 minutes). We call this as "the Application Manager halting problem". | ||
Line 27: | Line 27: | ||
The main source of these challenges is the consumer-oriented factory set-up of the (N-series) devices. Future firmware/software upgrades might address some of these issues. | The main source of these challenges is the consumer-oriented factory set-up of the (N-series) devices. Future firmware/software upgrades might address some of these issues. | ||
- | + | == Provisioning phases == | |
- | [[Image:EDG_Phases_of_the_provisioning_process.png | + | [[Image:EDG_Phases_of_the_provisioning_process.png]] |
+ | <div style="margin-left:200px;">Figure 1: Phases of the provisioning process</div> | ||
- | + | === Enrollment === | |
Purpose of the enrollment phase is to | Purpose of the enrollment phase is to | ||
Line 43: | Line 44: | ||
* indirect: The user performs it by using some other method, for example, a desktop computer. | * indirect: The user performs it by using some other method, for example, a desktop computer. | ||
- | + | === Bootstrapping === | |
Purpose of the bootstrapping phase is to | Purpose of the bootstrapping phase is to | ||
Line 50: | Line 51: | ||
# Invoke the Application Manager for performing the installation phase. | # Invoke the Application Manager for performing the installation phase. | ||
- | In most cases, there are two alternative ways to deliver the <span style="color:#0000ff" title="Enterprise User Configuration File: A container for user-specific and enterprise-specific configuration values collected from various sources.">EUF</span>: | + | In most cases, there are two alternative ways to deliver the <span style="color:#0000ff" title="Enterprise User Configuration File: A container for user-specific and enterprise-specific configuration values collected from various sources. ">EUF</span>: |
* Via file | * Via file | ||
Line 57: | Line 58: | ||
** Deliver <span style="color:#0000ff" title="Enterprise Package: Contains the Enterprise Configurator and also contains a reference to all other required packages.">EP</span> install file to invoke Application Manager | ** Deliver <span style="color:#0000ff" title="Enterprise Package: Contains the Enterprise Configurator and also contains a reference to all other required packages.">EP</span> install file to invoke Application Manager | ||
** See Appendix for required content headers | ** See Appendix for required content headers | ||
+ | |||
* Via package | * Via package | ||
** Easy-to-use | ** Easy-to-use | ||
Line 64: | Line 66: | ||
** See Appendix for further instructions | ** See Appendix for further instructions | ||
- | + | === Installation === | |
Purpose of the installation phase is to | Purpose of the installation phase is to | ||
Line 71: | Line 73: | ||
# Execute Enterprise Configurator to apply the configurations on the device. | # Execute Enterprise Configurator to apply the configurations on the device. | ||
- | + | = Server setup = | |
- | + | == Server roles == | |
For provisioning, three kinds of server roles are required. Each role may have their own server, all roles may be executed in one server, or anything in between. | For provisioning, three kinds of server roles are required. Each role may have their own server, all roles may be executed in one server, or anything in between. | ||
Line 83: | Line 85: | ||
** Likely acts also as development/build server | ** Likely acts also as development/build server | ||
- | + | == Minimal requirements == | |
Enterprise application suite as such does not set requirements for the server hardware or operating system. Minimum functional requirements are: | Enterprise application suite as such does not set requirements for the server hardware or operating system. Minimum functional requirements are: | ||
Line 98: | Line 100: | ||
However, in order to keep things simple it is strongly advised to follow the recommendations below. | However, in order to keep things simple it is strongly advised to follow the recommendations below. | ||
- | + | == Practical recommendations == | |
Hardware requirements are fairly modest (it would take quite many of these tiny devices to overload a server) | Hardware requirements are fairly modest (it would take quite many of these tiny devices to overload a server) | ||
Line 112: | Line 114: | ||
The following table defines the recommended applications for each server role: | The following table defines the recommended applications for each server role: | ||
- | {| class="wikitable | + | {| class="wikitable" style="text-align: center;" border="2" |
- | + | ! !! Installation !! Enrollment !! Admin | |
- | + | ||
- | ! | + | |
|- | |- | ||
| Apache web server || yes || yes || no | | Apache web server || yes || yes || no | ||
Line 133: | Line 133: | ||
| OpenSSH server || yes || no || no | | OpenSSH server || yes || no || no | ||
|} | |} | ||
+ | |||
It is also recommended to purchase an SSL certificate for the provisioning server from a commercial CA, such as Verisign or Thawte. These certificates are readily installed on device. This removes one configuration step (accepting the certificate) from the device user. It also increases security (users usually blindly give approval to many questions during software installations). | It is also recommended to purchase an SSL certificate for the provisioning server from a commercial CA, such as Verisign or Thawte. These certificates are readily installed on device. This removes one configuration step (accepting the certificate) from the device user. It also increases security (users usually blindly give approval to many questions during software installations). | ||
- | + | = Summary = | |
As we can see, the requirements are quite similar to any Linux distribution mirror with added requirements to connectivity towards enterprise databases. Enabling the gathering of the necessary account information poses security considerations to the solution as well. | As we can see, the requirements are quite similar to any Linux distribution mirror with added requirements to connectivity towards enterprise databases. Enabling the gathering of the necessary account information poses security considerations to the solution as well. | ||
- | Now we can continue to [[ | + | Now we can continue to [[Enterprise_-_Tried_and_tested_provisioning_strategies|learn about tried and tested provisioning strategies]]. |
[[Category:Enterprise]] | [[Category:Enterprise]] |
Learn more about Contributing to the wiki.