Zero touch Provisioning (ZTP) in Cisco Viptela SDWAN
Zero touch provisioning or so called ZTP is the way to
automatic configuration on Cisco vEdge devices for which almost zero manual
intervention required. If we talk about the Zero touch provisioning, it relies
on services which are
vBond authenticate the device with the feature called Zero trust model (we will discuss zero trust model in another article) and redirects to the registered orchestration and also inform the registered orchestration node about the vEdge/cEdge.
- A license file provided by Cisco for overlay network.
- Marking of a device as valid or staging.
- The configuration template for the device.
To make the deployment simple and scalable, Cisco Viptela SD-WAN
adds zero-touch provisioning to facilitate deployment of the SD-WAN vEdge. The
goal of the activation is to allow a SD-WAN vEdge/cEdge to be registered to the
vManage Orchestrator such that any further device operations are centrally
managed by the Orchestrator layer of SDWAN solution.
How Zero touch provisioning works?
Once
you shipped the vEdge or cEdge to the remote site and connected to the WAN. The
end device (vEdge or cEdge) will send the query to ztp.viptela.com which is
redirected to vBond.
Fig 1.1- ZTP in Cisco SDWAN |
vBond authenticate the device with the feature called Zero trust model (we will discuss zero trust model in another article) and redirects to the registered orchestration and also inform the registered orchestration node about the vEdge/cEdge.
Now vEdge/cEdge begins the initial control communication
with vSmart/vManage (this is again done with the process of zero trust model
which I will soon talk in an article) through DTLS/TLS secure tunnels. Once
connection established and the device is recognized as valid device (smart
account- Company ID, Device Serial number required to be valid device on
vManage).
All initial configurations will be pushed through vManage to
vEdge/cEdge and the device is ready to communicate with other end devices which
is already registered on the vManage.
Once received initial configuration by vManage, the full
configuration will be pushed on the basis of template to the vEdge/cEdge and in
this way the device is configured with the zero touch provisioning.
Device Template in Cisco Viptela SDWAN Solution
Device template is important in order to push the configuration
to vEdges or cEdges. These device templates is help to ease the purpose of the
Zero touch provisioning. Each section in the template is made of independent features.
The device template required the following parameters
![]() |
Fig 1.2- Device Template in vManage |
- Basic Information: Host name, System-IP and Site-ID
- Transport and Management VPN information: VPN0 and VPN512
- Service VPN: The VPN dedicated to LAN side of the branch
- Additional Templates: Additional items such as Banners.