Support for Secure Provisioning

Opengear OM2200 and OM1200 nodes may be activated as Secure Provisioning nodes.

Opengear ACM7000 or IM7200 nodes may also be activated as provisioning nodes, however not all features are available and there are some caveats to be aware of.

Features that are not available of ACM7000/IM7200 nodes:

• Secure boot and physical tamper resistance.

• Encryption of device resource files at rest.

• Centralized ZTP status logging.

• Device configuration templating.

• Ordered provisioning.

• Post-provisioning scripts.

Other ACM7000/IM7200 caveats:

• Secure Provisioning takes control of node DHCP, NTP, DNS services and overwrites system configuration.

• Secure Provisioning overwrites node Management LAN configuration.

Vendor Managed Devices Supported by Secure Provisioning

Secure Provisioning is vendor-neutral, with support for a broad range of network devices from multiple vendors.

The ZTP process used to provision devices is not standardized, and each vendor OS implements ZTP differently – for example, using differing DHCP options, or requiring an intermediary script to load files.

With Secure Provisioning, you upload configuration and/or firmware image files to create Resource Bundles, then select the vendor profile for that Resource Bundle. This automatically generates the vendor-appropriate ZTP configuration, simplifying the delivery of resources to target devices.

Secure Provisioning currently has built-in support for provisioning devices from these vendors:

• Cisco (IOS, IOS XR, IOS XE, NX-OS)

• Juniper

• Arista

• HPE/Aruba

• Huawei

• Cumulus

• Pica8

• Opengear

Advanced users may add support for additional devices using custom DHCP configuration.