Zero-touch provisioning (ZTP)

What is zero-touch provisioning?

Zero-touch provisioning (ZTP) is a method of setting up devices that automatically configures the device using a?switch?feature. ZTP helps IT teams quickly deploy network devices in a large-scale environment, eliminating most of the manual labor involved with adding them to a network.

ZTP can be found in devices and tools such as network switches,?routers, wireless access points and firewalls. The goal is to enable IT personnel and network operators to install networking devices without manual intervention. Manual configuration takes time and is prone to human error -- especially if many devices must be configured at scale. ZTP is faster in this case, reduces the chance of error and ensures configuration consistency.

Zero-touch provisioning is also used to automate the system updating process. Using?scripts, ZTP connects configuration management platforms and other tools for configuration or updates.

How does zero-touch provisioning work?

The zero-touch provisioning process may vary from setup to setup; however, the basic requirements include the following:

• a network device with ZTP;
• a Dynamic Host Configuration Protocol (DHCP) or Trivial File Transfer Protocol (TFTP) server; and
• a file server.

When a ZTP-enabled device is powered on, it runs a boot file that sets up the device's configuration parameters. Then a network switch sends out a request through DHCP or TFTP to get the location of its centrally stored image and configuration, which it downloads and runs. The port configuration and IP address are automatically provisioned based on the location requirements. The protocol used -- DHCP, for example -- provides the gateway address, the domain name and the server location.

ZTP carries out the basic configuration, after which the switch can be deployed in an environment where custom configuration changes are made. ZTP can use a user-provided script to connect to a?configuration management?platform, such as?Puppet,?CFEngine,?Chef?or a custom tool.?

What are zero-touch provisioning use cases?

Zero-touch provisioning automates steps like updating operating systems, deploying?patches?or?bug?fixes, and implementing added features prior to connection. Automation is most useful in large environments with a lot of devices to update or configure. For example, it is more efficient to use ZTP to configure hundreds of routers than to manually configure every single device. Likewise, if each of those routers needs updating, then ZTP would be the more efficient option.

ZTP is also useful in situations where an organization must scale up its devices and IT resources. Adding many devices at once requires that each device be configured. ZTP makes that task easier, saving time and money, by automatically provisioning devices.

Network switches that are individually configured take more time and effort to connect. This means IT staff must spend more time in a command-line interface, configuring each system or switch. Most data centers will have tens or hundreds of switches to provision and configure, taking a significant amount of time.

What are the advantages of ZTP?

There are several advantages to using zero-touch provisioning. They include the following:

• automated setup of network devices;
• less time spent on manual jobs, as IT teams only need to perform simple tasks like connecting the power and network cables or booting the device;
• reduced time to get network devices operational;
• cut costs from less time being spent on manual tasks;
• easier and quicker updates; and
• fewer opportunities for human errors.

What are the disadvantages of ZTP?

There are two significant potential downsides to zero-touch provisioning:

• Misconfiguration.?Configuration problems can occur if the?configuration files?are not debugged before being deployed. And, if ZTP is used to configure many devices, then a large number of misconfiguration issues may occur. This situation can lead to security flaws that could compromise connected devices.
• Security issues.?Strong security is needed with ZTP. Remote devices may have less security than other devices but equal access to the network and data. If a device is compromised, a?man-in-the-middle attack?could be used to take control of a remote device.