Enterprise Provisioning - Strategy Variations
(wikify slightly) |
|||
Line 1: | Line 1: | ||
Note: Following variations have not been tried out | Note: Following variations have not been tried out | ||
- | = Pincode based bootstrapping = | + | == Pincode based bootstrapping == |
A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical. | A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical. | ||
- | == Components == | + | === Components === |
Identical with strategy "Indirect enrollment, SMS based bootstrapping" | Identical with strategy "Indirect enrollment, SMS based bootstrapping" | ||
- | == Firewall rules == | + | === Firewall rules === |
Identical with strategy "Indirect enrollment, SMS based bootstrapping" | Identical with strategy "Indirect enrollment, SMS based bootstrapping" | ||
- | == Security considerations == | + | === Security considerations === |
* Requires using a fairly short pincode | * Requires using a fairly short pincode | ||
- | == Pros and cons == | + | === Pros and cons === |
* + No SMS gateway needed | * + No SMS gateway needed | ||
Line 23: | Line 23: | ||
* - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy | * - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy | ||
- | = Installation server at Internet = | + | == Installation server at Internet == |
The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one. | The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one. | ||
- | [[Image:EDG_Installation_server_at_public_Internet.png|900px | + | [[Image:EDG_Installation_server_at_public_Internet.png|thumb|900px|alt=Diagram of installation server on the public Internet|Figure 1: Installation server on the public Internet]] |
- | + | ||
Feasibility of this strategy likely requires flat 3G data transfer rates. | Feasibility of this strategy likely requires flat 3G data transfer rates. | ||
- | == The process == | + | === The process === |
- | Identical | + | Identical to the "Indirect enrollment, SMS based bootstrapping" strategy, but step 1 is not needed. |
- | == Components == | + | === Components === |
Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | ||
- | == Firewall rules == | + | === Firewall rules === |
Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | ||
- | == Security considerations == | + | === Security considerations === |
* SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here. | * SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here. | ||
Line 50: | Line 49: | ||
* Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal | * Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal | ||
- | == Pros and cons == | + | === Pros and cons === |
* + Very simple to use. As close to "single click install" as it can get | * + Very simple to use. As close to "single click install" as it can get | ||
Line 57: | Line 56: | ||
* - Data transfer rates | * - Data transfer rates | ||
- | = Summary = | + | == Summary == |
- | Now we can either read about [[ | + | Now we can either read about [[Enterprise Provisioning - Future Prospects|future prospects for provisioning]] or move onward to [[Enterprise Provisioning Summary|provisioning summary]]. |
[[Category:Enterprise]] | [[Category:Enterprise]] |
Latest revision as of 13:36, 21 January 2011
Note: Following variations have not been tried out
Contents |
[edit] Pincode based bootstrapping
A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical.
[edit] Components
Identical with strategy "Indirect enrollment, SMS based bootstrapping"
[edit] Firewall rules
Identical with strategy "Indirect enrollment, SMS based bootstrapping"
[edit] Security considerations
- Requires using a fairly short pincode
[edit] Pros and cons
- + No SMS gateway needed
- - Tedious to user since they still need to key in Installation server URL and the pin code
- - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy
[edit] Installation server at Internet
The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one.
Feasibility of this strategy likely requires flat 3G data transfer rates.
[edit] The process
Identical to the "Indirect enrollment, SMS based bootstrapping" strategy, but step 1 is not needed.
[edit] Components
Identical with "Indirect enrollment, SMS based bootstrapping" strategy.
[edit] Firewall rules
Identical with "Indirect enrollment, SMS based bootstrapping" strategy.
[edit] Security considerations
- SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here.
- The biggest security risk is the server being compromised. Servers facing public Internet are under constant attack. They have to be properly hardened and managed professionally
- Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal
[edit] Pros and cons
- + Very simple to use. As close to "single click install" as it can get
- + Usable practically everywhere, including remote sites
- - Probably slow
- - Data transfer rates
[edit] Summary
Now we can either read about future prospects for provisioning or move onward to provisioning summary.
- This page was last modified on 21 January 2011, at 13:36.
- This page has been accessed 7,197 times.