Enterprise Provisioning - Strategy Variations

Note: Following variations have not been tried out

Contents

[edit] Pincode based bootstrapping

A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical.

[edit] Components

Identical with strategy "Indirect enrollment, SMS based bootstrapping"

[edit] Firewall rules

Identical with strategy "Indirect enrollment, SMS based bootstrapping"

[edit] Security considerations

  • Requires using a fairly short pincode

[edit] Pros and cons

  • + No SMS gateway needed
  • - Tedious to user since they still need to key in Installation server URL and the pin code
  • - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy

[edit] Installation server at Internet

The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one.

Diagram of installation server on the public Internet
Figure 1: Installation server on the public Internet

Feasibility of this strategy likely requires flat 3G data transfer rates.

[edit] The process

Identical to the "Indirect enrollment, SMS based bootstrapping" strategy, but step 1 is not needed.

[edit] Components

Identical with "Indirect enrollment, SMS based bootstrapping" strategy.

[edit] Firewall rules

Identical with "Indirect enrollment, SMS based bootstrapping" strategy.

[edit] Security considerations

  • SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here.
  • The biggest security risk is the server being compromised. Servers facing public Internet are under constant attack. They have to be properly hardened and managed professionally
  • Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal

[edit] Pros and cons

  • + Very simple to use. As close to "single click install" as it can get
  • + Usable practically everywhere, including remote sites
  • - Probably slow
  • - Data transfer rates

[edit] Summary

Now we can either read about future prospects for provisioning or move onward to provisioning summary.