As well as zero touch provisioning (ZTP) services, the local node runs local services required to act as a bootstrap management LAN and secure WAN for managed devices, from day zero onwards.
When responding to a BOOTP/DHCP provisioning request from a device, the Operations Manager node hands out its own local address as:
Devices trying to reach to destinations on the central LAN that Lighthouse resides on are securely routed over Lighthouse VPN. This allows devices to reach, e.g. central NMS for monitoring, and central configuration systems for final service provisioning.
Requests to other remote destinations are masqueraded behind and routed out the node's built-in cellular WWAN, allowing devices to reach cloud provisioning services.
Note that device requests are masqueraded to Lighthouse's central IP and will appear to be originating from Lighthouse to hosts on the central LAN.
All traffic between remote node network and the central Lighthouse network is securely tunneled inside Lighthouse VPN.
DNS lookups from devices are securely proxied through Lighthouse VPN to the central DNS server(s) used by Lighthouse, allowing devices to resolve central hosts from day one.
Allows devices to set accurate time on first boot, e.g. for certificate verification and generation. By default, the node's NTP service uses its local hardware clock as time source.
Relays messages to a central LogZilla instance (thisis an optional extra module). This allows log collection from day zero, and analysis of the device ZTP process itself.