Zero-touch provisioning

Zero-touch provisioning (ZTP), or zero-touch enrollment,^[1] is the process of remotely provisioning large numbers of network devices such as switches, routers and mobile devices without having to manually program each one individually.^[2] The feature improves existing provisioning models, solutions and practices in the areas of wireless networks, (complex) network management and operations services, and cloud based infrastructure services provisioning.^[3]

ZTP saves configuration time while reducing errors.^[2] The process can also be used to update existing systems using scripts.^[2] Research has shown that ZTP systems allow for faster provisioning versus manual provisioning.^[4] The global market for ZTP services was estimated to be $2.1 Billion in 2021.^[5]

In April 2019, the Internet Engineering Task Force published RFC 8572 Secure Zero Touch Provisioning (SZTP) as a Proposed Standard.^[6]

The FIDO Alliance published FIDO Device Onboard version 1.0 in December 2020, and followed up with a FIDO Device Onboard version 1.1 in April 2022. Several FDO "app notes" augment this specification. FIDO Device Onboard is also a ZTP type protocol.

Applications

One application of the technology is to improve delivery of cloud computing services.^[7] The concept has been particularly influential for information technology when paired with mobile device management.^[8] Repetitive processes that can be automated and streamlined include configuring settings; collecting inventory details; deploying apps; managing licenses; and implementing security policy, including password management and wiping remote devices.^[9]

System architecture

A basic ZTP system requires a network device that supports ZTP, a server that supports Dynamic Host Configuration Protocol (DHCP) or Trivial File Transfer Protocol (TFTP), and a file server.^[2] When a ZTP-enabled device is powered on, the device's boot file sets up configuration parameters. A switch then sends a request using DHCP or TFTP to get the device's configuration file from a central location. The file then runs and configures ports, IP addresses and other server parameters for each location.^[2]

Similar concepts

A similar concept is the zero-touch network, which integrates zero-touch provisioning with automation, artificial intelligence and machine learning.^[8]

Standards activity

In December 2017, the European Telecommunications Standards Institute (ETSI) formed the Zero-touch network and Service Management group (ZSM) to accelerate development and standardization of the technology.^[10] In the summer of 2019, the group published a series of documents defining ZSM requirements, reference architecture and terminology.^[10]

In April 2019, the Internet Engineering Task Force published RFC 8572 Secure Zero Touch Provisioning (SZTP) as a Proposed Standard.^[6]