Redundant provisioning servers, Retail provisioning, Provisioning basics – Linksys BUSINESS SPA922 User Manual

Linksys SPA9x2 Phone Administration Guide

58

Redundant Provisioning Servers

Provisioning Basics

upgrades are required to reach a future upgrade state from an older release. .A profile resync is
only attempted when the SPA9x2 is idle, because this may trigger a software reboot.

General purpose parameters are provided to help service providers manage the provisioning
process. Each SPA9x2 can be configured to periodically contact a normal provisioning server
(NPS). Communication wit the NPS does not require the use of a secure protocol because the
updated profile is encrypted by a shared secret key. The NPS can be a standard TFTP, HTTP or
HTTPS server.

Redundant Provisioning Servers

The provisioning server may be specified as an IP address or as a fully qualified domain name
(FQDN). The use of a FQDN facilitates the deployment of redundant provisioning servers. When
the provisioning server is identified through a FQDN, the SPA9x2 attempts to resolve the FQDN
to an IP address through DNS. Only DNS A-records are supported for provisioning; DNS SRV
address resolution is not available for provisioning. The SPA9x2 continues to process A-records
until the first server responds. If no server associated with the A-records responds, the SPA9x2
logs an error to the syslog server.

Retail Provisioning

The SPA9x2 firmware includes an web UI that displays SPA9x2 internal configuration and
accepts new configuration parameter values. The server also accepts a special URL command
syntax for performing remote profile resync and firmware upgrade operations.

In a retail distribution model, a customer purchases a Linksys voice endpoint device, and
subsequently subscribes to a particular service. The customer first signs on to the service and
establishes a VoIP account, possibly through an online portal. Subsequently, the customer
binds the particular device to the assigned service account.

To do so, the unprovisioned SPA9x2 is instructed to resync with a specific provisioning server
through a resync URL command. The URL command typically includes an account PIN number
or alphanumeric code to associate the device with the new account.

In the following example, a device at the DHCP-assigned IP address 192.168.1.102 is instructed
to provision itself to the SuperVoIP service:

http://192.168.1.102/admin/resync?https://prov.supervoip.com/linksys-init/1234abcd

In this example, 1234abcd is the PIN number of the new account. The remote provisioning
server is configured to associate the SPA9x2 that is performing the resync request with the new
account, based on the URL and the supplied PIN. Through this initial resync operation, the
SPA9x2 is configured in a single step, and is automatically directed to resync thereafter to a
permanent URL on the server. For example:

https://prov.supervoip.com/linksys-init

For both initial and permanent access, the provisioning server relies on the SPA9x2 client
certificate for authentication and supplies correct configuration parameter values based on the
associated service account.

1-5