Zero Touch Provisioning with Security in Silver-Peak SDWAN Solution

As we discuss earlier on the Silver-Peak SDWAN solution where we discussed about the basics and the architecture of the SDWAN solution offered by Silver-Peak. In this article we are going to talk about the Zero touch provisioning of the SDWAN solution. 

Before we start with the Zero touch provisioning make sure you are aware of the components of the Silver-Peak SDWAN solution. Let's go through it once again.

Unity EdgeConnect physical or virtual appliances: deployed in branch offices to create a secure, virtual network overlay. One single appliance/or VNF provides with routing, security, SD-Wan and WAN Optimization (Unified Platform)

Unity Orchestrator: included with EdgeConnect, provides unprecedented visibility into both legacy and cloud applications with the unique ability to centrally assign policies based on business intent to secure and control all WAN traffic

Unity Boost WAN Optimization :is an optional WAN Optimization performance pack that combines Silver Peak WAN optimization technologies with EdgeConnect to create a unified high-performance SD-WAN solution. Consumed on demand, where and when it is needed

Silver-Peak SDWAN Zero Touch Provisioning
Let’s start with Zero Touch Provisioning. ZTP is a secure process that actually mimics widely accepted, standardized certificate authentication procedures.

Fig 1.1- Silver-Peak SDWAN Zero Touch Provisioning with Security 

Silver Peak’s Cloud Portal and Orchestrator are trusted entities. Both use SSL certificates and secure connections to execute a two-step authentication and authorization procedure whenever a new appliance is deployed.

The Cloud Portal contains the account key, authorized serial numbers, and licensing information for the customer account. 

Via the Orchestrator, customer administrators have the ability to approve and authorize devices that want to join the network.  

Once authenticated and authorized, secure tunnels are created using symmetric AES-256 bit encryption.

Finally, to prevent against rogue devices, the customer administrator has the ability to revoke access through the Orchestrator. Unauthorized devices cannot pass traffic and cannot download configuration information.