Linksys SPA942, SPA962 Redundant Provisioning Servers, Retail Provisioning, Provisioning Basics

Provisioning Basics

Redundant Provisioning Servers

upgrades are required to reach a future upgrade state from an older release. .A profile resync is only attempted when the SPA9x2 is idle, because this may trigger a software reboot.

General purpose parameters are provided to help service providers manage the provisioning process. Each SPA9x2 can be configured to periodically contact a normal provisioning server (NPS). Communication wit the NPS does not require the use of a secure protocol because the updated profile is encrypted by a shared secret key. The NPS can be a standard TFTP, HTTP or HTTPS server.

Redundant Provisioning Servers

The provisioning server may be specified as an IP address or as a fully qualified domain name (FQDN). The use of a FQDN facilitates the deployment of redundant provisioning servers. When the provisioning server is identified through a FQDN, the SPA9x2 attempts to resolve the FQDN to an IP address through DNS. Only DNS A-records are supported for provisioning; DNS SRV address resolution is not available for provisioning. The SPA9x2 continues to process A-records until the first server responds. If no server associated with the A-records responds, the SPA9x2 logs an error to the syslog server.

Retail Provisioning

The SPA9x2 firmware includes an web UI that displays SPA9x2 internal configuration and accepts new configuration parameter values. The server also accepts a special URL command syntax for performing remote profile resync and firmware upgrade operations.

In a retail distribution model, a customer purchases a Linksys voice endpoint device, and subsequently subscribes to a particular service. The customer first signs on to the service and establishes a VoIP account, possibly through an online portal. Subsequently, the customer binds the particular device to the assigned service account.

To do so, the unprovisioned SPA9x2 is instructed to resync with a specific provisioning server through a resync URL command. The URL command typically includes an account PIN number or alphanumeric code to associate the device with the new account.

In the following example, a device at the DHCP-assigned IP address 192.168.1.102 is instructed to provision itself to the SuperVoIP service:

http://192.168.1.102/admin/resync?https://prov.supervoip.com/linksys-init/1234abcd

In this example, 1234abcd is the PIN number of the new account. The remote provisioning server is configured to associate the SPA9x2 that is performing the resync request with the new account, based on the URL and the supplied PIN. Through this initial resync operation, the SPA9x2 is configured in a single step, and is automatically directed to resync thereafter to a permanent URL on the server. For example:

https://prov.supervoip.com/linksys-init

For both initial and permanent access, the provisioning server relies on the SPA9x2 client certificate for authentication and supplies correct configuration parameter values based on the associated service account.