Enterprise Provisioning - Strategy Variations
Note: Following variations have not been tried out
Contents |
[edit] Pincode based bootstrapping
A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical.
[edit] Components
Identical with strategy "Indirect enrollment, SMS based bootstrapping"
[edit] Firewall rules
Identical with strategy "Indirect enrollment, SMS based bootstrapping"
[edit] Security considerations
- Requires using a fairly short pincode
[edit] Pros and cons
- + No SMS gateway needed
- - Tedious to user since they still need to key in Installation server URL and the pin code
- - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy
[edit] Installation server at Internet
The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one.
Feasibility of this strategy likely requires flat 3G data transfer rates.
[edit] The process
Identical to the "Indirect enrollment, SMS based bootstrapping" strategy, but step 1 is not needed.
[edit] Components
Identical with "Indirect enrollment, SMS based bootstrapping" strategy.
[edit] Firewall rules
Identical with "Indirect enrollment, SMS based bootstrapping" strategy.
[edit] Security considerations
- SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here.
- The biggest security risk is the server being compromised. Servers facing public Internet are under constant attack. They have to be properly hardened and managed professionally
- Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal
[edit] Pros and cons
- + Very simple to use. As close to "single click install" as it can get
- + Usable practically everywhere, including remote sites
- - Probably slow
- - Data transfer rates
[edit] Summary
Now we can either read about future prospects for provisioning or move onward to provisioning summary.
- This page was last modified on 21 January 2011, at 13:36.
- This page has been accessed 7,284 times.