Reference13r1:Concept Provisioning: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
Line 97: Line 97:


No reboot or config write is required
No reboot or config write is required
== Automatic provisioning ==
You can enable the automatic provisioning mechanism inside your Devices App in the domain settings.<br>
If you enter a security token here, devices can register with this token automatically.<br>
<br>
You then have to rollout a devices registration URL with URL parameters on your devices, which shall use this mechanism.<br>
The config cmd looks like this:<br>
!config change SYSCLIENT /sysadmin wss://.../sysclients?domain=domain.com&token=securityToken&category=categoryName
The following parameters are available and mandatory:
* domain: the domain name for the device
* token: a security token, which must be manually configured in the Devices App inside the domain settings
* category: the name of a provisioning category inside the given domain (it must be explicitly a provisioning category!)


=Related Articles=
=Related Articles=

Revision as of 13:26, 23 April 2020

Overview

In 13r1 provisioning of phones is done with Devices. From a user point of view a provisioning code is entered on a new phone and then the rest happens automatically. There are different kind of provisioning. A user who adds a new phone, an adminitrator who performs rollout for many phones and maybe more. The different types of provisioning are defined one after the other.

Requirements

  • HTTP/HTTPS-access to config.innovaphone.com (open port 80/443)
  • further required protocols/ports see here

User adding a new phone

From a user point of view this should work as follows:

  • The user unpacks the phone and connects it to the network (we assume 13r1 is on the phone already, but maybe an old build)
  • On the display a form requesting a provisioning code is displayed
  • The user opens myApps/Profile and selects to add a new phone
  • Drop down to select a category is provided
  • When the user has sent the request a provisioning code is displayed
  • The user adds the provisioning code on the phone and confirms with OK.
    Note for IP101/IP102: Confirmation is done by adding # to the provisioning code.
  • The phone is updated to the current version of the installation, configured, a device is added to the user in the PBX

Implementation

Setup
  • The Devices PBX app object must have a websocket connection flag.
  • The UsersAdmin PBX app object must have a websocket connection flag, the Services flag and the "devices-api" App.
User connects a 13r1 phone to the network
User selects to add a new phone on myApps/Profile
  • The Users instance asks Devices for a list of categories configured for provisioning
  • The Users Instance requests a provisioning code from Devices with selected category
  • Devices requests a provisioning code from config.innovaphone.com and supplies the devices URL to config.innovaphone.com
  • config.innovaphone.com generates a random provisioning code of 12 digists without any structure
  • config.innovaphone.com stores the provisioning code and URL in the database
  • Devices stores the provisioning code together with domain and category in the database
  • Users stores the provisioning code and with the requesting user in the database
The user enters the provisioning code
  • The code is sent to config.innovaphone.com
  • config.innovaphone.com configures the Devices URL of the customer
  • The phone connects to Devices and sends the provisioning code
  • Devices assigns the phone to a domain and category
  • Devices updates the phone
  • Devices configures the phone
  • Devices sends the mac address and provisioning code to a Users instance of matching domain. If no Users with matching domain is connected, the mac address is stored in the database so that the info can be sent, when a matching Users connects
  • Users configures a device for the user

Note: Due to security reasons, provisioning codes are valid for one week from date of issue. Upon validation expiry, they are deleted from the database and no more useable anymore.

Update Software functionality in Devices

A list of jobs is stored. This list contains domain and category of the devices to be updated. With a job the json which was current on the time of creation is stored. When a device registers it is updated according to the latest matching job.

Update Config functionality in Devices

A list of jobs is stored. This list contains doman, category and a type of config with related parameters. When a device registers it is updated according to the latest jobs of all types.

Rollout of many phones on UsersAdmin

On UsersAdmin under "Register phones" phones can be provisioned for many users at once.

To provision the phones:

  • Select new phone registrations and follow the steps.
  • On the first step the connection with Devices is stablished.
  • On the second step, the provisioning category (the categories are configured on Devices for a given domain) and the phone app are selected. A dropdown menu will be displayed if there is more than one option.
  • On the third step the users must be selected
  • On the fourth step the provisioning codes list is displayed. This list can also be downloaded as a CSV file. Every user must enter his code on his phone. After that, the state should change from "Pending" to "Registered".

Privacy

When using the online provisioning, following data/information are send to innovaphone config.innovaphone.com (46.232.228.0/26):

  • Devices APP
    • Websocket URL of your AP-Platform
  • Phone
    • Mac Address
    • Phone Model
    • Firmware Version
    • Bootcode version
    • Timestamp of the first connect to config.innovaphone.com
    • Entered Provisioning Code
    • Local IP

Offline Provisioning

There is also the possibility for offline provisioning: Reference13r1:Concept_Offline_Provisioning

Show provisioning code display on phones

You have to issue the following command to show the provisioning code display on phones again: !vars create UPDATE/PROVISIONING-CODE h prompt

No reboot or config write is required

Automatic provisioning

You can enable the automatic provisioning mechanism inside your Devices App in the domain settings.
If you enter a security token here, devices can register with this token automatically.

You then have to rollout a devices registration URL with URL parameters on your devices, which shall use this mechanism.
The config cmd looks like this:

!config change SYSCLIENT /sysadmin wss://.../sysclients?domain=domain.com&token=securityToken&category=categoryName

The following parameters are available and mandatory:

  • domain: the domain name for the device
  • token: a security token, which must be manually configured in the Devices App inside the domain settings
  • category: the name of a provisioning category inside the given domain (it must be explicitly a provisioning category!)

Related Articles