Secure Provisioning's Device Provisioning feature centrally orchestrates the distribution of managed device configuration files and firmware images, and the node provisioning (ZTP) services required to deliver the files to managed devices.
Device Provisioning is configured by defining the resources to provision managed devices with, and defining how these resources should be distributed around your network.
- Device Resource Bundles contain the files needed to provision one or many managed devices
- i.e. Configuration File, Script File and/or Image Files
- Each Resource Bundle has a defined Device Type
- When a Resource Bundle is distributed to a node, any ZTP request matching the Device Type are provisioned with the bundled resources
- This may be restricted to specific devices by specifying one or more device MAC Addresses (range and reverse match supported) or Serial Numbers (not supported by all vendors)
- Resource Distribution policies are defined by Node Inventory Lists
- A Static Node Inventory List is a predefined, static list of nodes to distribute to
- A Dynamic Node Inventory List evaluates a Smart Group each time resources are distributed
- This allows you automatically tag certain nodes with Enrollment Bundles, e.g. by region or site class, to help automate resource distribution to newly enrolled nodes in that region
Device Resource Bundle and Resource Distribution configuration are supplied to Lighthouse using the web UI or CLI (git) method. The Web UI configuration method creates an underlying YAML configuration the same as created using the git method, it is effectively a front end to the git method.
A git push to the Lighthouse repository or clicking the UI Push Now/Push Resources button triggers a resource push:
- A git post-commit hook triggers an Ansible playbook on Lighthouse
- The playbook copies resources down to nodes, securely over Lighthouse VPN
- The playbook start or restarts ZTP services on nodes