Provisioning, Provisioning capabilities, Configuration profile – Cisco Linksys SPA9000 User Manual
Page 56
2-26
Linksys SPA9000 Administrator Guide
Document Version 3.01
Chapter 2 Getting Started
Advanced Methods of Configuration
Note
The SPA9000 reboots only when it is idle.
Provisioning
This section describes the provisioning functionality of the SPA9000. This section includes the
following topics:
•
Provisioning Capabilities, page 2-26
•
Configuration Profile, page 2-26
For detailed information about provisioning the SPA9000, refer to the LVS SPA Provisioning Guide.
Provisioning Capabilities
The SPA9000 provides for secure provisioning and remote upgrade. Provisioning is achieved through
configuration profiles transferred to the device via TFTP, HTTP, or HTTPS.
The SPA9000 can be configured to automatically resync its internal configuration state to a remote
profile periodically and on power up. The automatic resyncs are controlled by configuring the desired
profile URL into the device.
The SPA9000 accepts profiles in XML format, or alternatively in a proprietary binary format, which is
generated by a profile compiler tool available from Linksys. The SPA9000 supports up to 256-bit
symmetric key encryption of profiles. For the initial transfer of the profile encryption key (initial
provisioning stage), the SPA9000 can receive a profile from an encrypted channel (HTTPS with client
authentication), or it can resync to a binary profile generated by the Linksys-supplied profile compiler.
In the latter case, the profile compiler can encrypt the profile specifically for the target SPA9000, without
requiring an explicit key exchange.
Remote firmware upgrade is achieved via TFTP or HTTP (firmware upgrades using HTTPS are not
supported). Remote upgrades are controlled by configuring the desired firmware image URL into the
SPA9000 via a remote profile resync.
For further information about remote provisioning refer to the LVS SPA Provisioning Guide. For further
information about certificate generation for use with an HTTPS server, contact [email protected].
Configuration Profile
The SPA9000 configuration profile can be either an XML file or a binary file with a proprietary format.
The XML file consists of a series of elements (one per configuration parameter), encapsulated within
the element tags <flat-profile> … </flat-profile>. The encapsulated elements specify values for
individual parameters. Here is an example of a valid XML profile:
<flat-profile>
<Admin_Passwd>some secret</Admin_Passwd>
<Upgrade_Enable>Yes</Upgrade_Enable>
</flat-profile>
Binary format profiles contain SPA9000 parameter values and user access permissions for the
parameters. By convention, the profile uses the extension .cfg (for example, spa2000.cfg). The Linksys
Profile Compiler (SPC) tool compiles a plain-text file containing parameter-value pairs into a properly