Automated establishment of addressability of a network device for a target network environment
First Claim
1. A method comprising:
- detecting, by a boot time process of a network device in a factory default configuration, the presence of a removable external storage device on a local internal communications bus connector containing therein addressability data that allows the network device to communicate and be addressable within a network environment in which it will be functioning, the addressability data including an IP address of a remote device configuration server;
after detecting the presence of the storage device, receiving at the network device the addressability data by using a protocol associated with the storage device to transport the addressability data from the storage device to the network device;
establishing addressability of the network device, by the boot time process, to enable it to communicate with and be addressed by other nodes in the network environment by configuring one or more address parameters of the network device based upon the addressability data; and
receiving configuration data from the remote device configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus and methods are provided for remote, automated, and secure network device provisioning over a pre-existing communications network. According to one embodiment, automated establishment of addressability of a network device is supported for a target network environment. A boot time process of a network device in a factory default configuration detects the presence of a storage device containing therein addressability data that allows the network device to communicate and be addressable within the target network environment. After detecting the presence of the storage device, the network device receives the addressability data from the storage device by using a communication protocol associated with the storage device. Finally, addressability of the network device is established to enable it to communicate with and be addressed by other nodes in the target network environment by configuring one or more address parameters of the network device based upon the addressability data.
-
Citations
60 Claims
-
1. A method comprising:
-
detecting, by a boot time process of a network device in a factory default configuration, the presence of a removable external storage device on a local internal communications bus connector containing therein addressability data that allows the network device to communicate and be addressable within a network environment in which it will be functioning, the addressability data including an IP address of a remote device configuration server; after detecting the presence of the storage device, receiving at the network device the addressability data by using a protocol associated with the storage device to transport the addressability data from the storage device to the network device; establishing addressability of the network device, by the boot time process, to enable it to communicate with and be addressed by other nodes in the network environment by configuring one or more address parameters of the network device based upon the addressability data; and receiving configuration data from the remote device configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising the steps of:
-
a step for establishing addressability of a network device that takes the network device during a boot time process from a factory default state to an initial operating state in which the network device can communicate and is addressable within a predetermined network environment using an external removable static storage device on a local internal communications bus connector containing addressability data that includes an IP address of a remote device configuration server; and a step, responsive to completion of the step for establishing addressability during the boot time process, for provisioning the network device that takes the network device from the initial operating state to a fully defined, functional state in which the network device is configured and ready to process network traffic in the predetermined network environment by acquiring remaining configuration data by way of one or more data transfers over a network from the remote device configuration server by receiving configuration data from the remote device configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel. - View Dependent Claims (19, 20)
-
-
21. A method comprising:
-
detecting, by a boot time process of a first virtual private network (VPN) device in a factory default configuration, the presence of a removable external hardware token coupled to a designated provisioning port on a local internal communications bus of the first VPN network device, the hardware token including a non-volatile, programmable memory having stored therein addressability data that allows the first VPN device to communicate and be addressable within a predetermined network environment; after detecting the presence of the hardware token, receiving at the first VPN device the addressability data by using a protocol associated with the hardware token to read the addressability data from the non-volatile, programmable memory of the hardware token; establishing addressability of the first VPN device, by the boot time process, to enable it to communicate with other network devices in the predetermined network environment by setting one or more address parameters of the first VPN device based upon the addressability data; transmitting a configuration request to a remote device configuration server from the boot time process, the configuration request including security data read from the hardware token or encrypted based upon the security data; receiving, in response to the configuration request, tunnel configuration data from the remote device configuration server, the tunnel configuration data including an Internet Protocol (IP) address of a second VPN device associated with the predetermined network environment; and causing a tunnel to be established between the first VPN device and the second VPN device through a transit network based upon the tunnel configuration data. - View Dependent Claims (22, 23, 24)
-
-
25. A network device provisioning system comprising:
-
a first network device to be placed in an initial operating configuration in which the first network device can communicate and be addressable within a predetermined network environment; a removable external hardware token to interface with a designated provisioning port on a local internal communications bus of the first network device, the hardware token including a non-volatile, programmable memory having stored therein addressability data for the first network device, the addressability data including an IP address of a remote device configuration server; wherein the first network device is to automatically initiate an addressability phase during a boot time process in response to detecting the presence of the hardware token on the designated provisioning port, during the addressability phase, the addressability phase including receiving the addressability data from the hardware token and transitioning from a current configuration to the initial operating configuration during the boot time process, and wherein the first network device is further to automatically initiate a configuration phase, the configuration phase including receiving configuration data from the remote device configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel. - View Dependent Claims (26, 27, 28)
-
-
29. A network device comprising:
-
a provisioning interface to receive addressability data from a removable external storage device on a local internal communications bus, the addressability data allowing the network device to communicate and be addressable within a target network environment, the addressability data including an IP address of a remote device configuration server; one or more flash memory modules having stored therein firmware to; check for the presence of the storage device during boot time processing, cause the addressability data to be received from the storage device using a protocol associated with the storage device if the storage device is present, establish addressability of the network device by configuring one or more address parameters of the network device based upon the addressability data; receive configuration data from the remote device configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel; and a processor coupled to the one or more flash memory modules to execute the firmware in response to reset or power up. - View Dependent Claims (30, 31, 32, 33)
-
-
34. A machine-readable medium having stored thereon data representing instructions that, if executed by a processor of a network device, cause the processor to:
-
detect, during a boot time process, the presence of a removable external static storage device on a local internal communications bus connector, the storage device containing therein addressability data that allows the network device to communicate and be addressable within a network environment in which it will be functioning, the addressability data including an IP address of a remote device configuration server; receive the addressability data by using a protocol associated with the Storage device to transport the addressability data from the storage device to the network device; establish addressability of the network device during the boot time process to enable it to communicate with and be addressed by other nodes in the network environment by configuring one or more address parameters of the network device based upon the addressability data; and receive configuration data from the remote device configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel. - View Dependent Claims (35, 36, 37)
-
-
38. A method of deploying a network device comprising:
-
providing a network device; providing a removable external hardware token to interface with a designated provisioning port on a local internal communication bus of the network device; programming a non-volatile memory of the hardware token with addressability data for the network device, which is capable of automatically initiating an addressability phase during a boot time process in response to detecting the presence of the hardware token on the designated provisioning port, the addressability phase causing the network device to receive the addressability data from the hardware token and transition from a current configuration to an initial operating configuration in which the network device can communicate and be addressable within a predetermined network environment; programming the non-volatile memory of the hardware token with an IP address of a remote device configuration server for a configuration phase, the configuration phase causing the network device to receive configuration data from the remote configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel; and
separately shipping the network device and the programmed storage device to a network site at which the network device will be installed within the predetermined network environment. - View Dependent Claims (39, 40, 41, 42, 43, 44)
-
-
45. A method of installing a network device comprising:
-
receiving delivery of a network device that is capable of automatically initiating an addressability phase during a boot time process in response to detecting the presence of a removable external hardware token on a designated provisioning port of a local internal communications bus of the network device and capable of automatically initiating a configuration phase in response to completion of the addressability phase; receiving delivery of the hardware token, the hardware token to interface with the designated provisioning port of the network device, the hardware token including a non-volatile, programmable memory having stored therein addressability data to place the network device in an initial operating State in which the network device can communicate and be addressable within a predetermined network environment, the addressability data including an IP address of a remote device configuration server; communicatively coupling the network device with the predetermined network environment; initiating the add ressability phase by coupling the hardware token to the designated provisioning port of the network device and causing the network device to boot, the addressability phase causing the network device to receive the addressability data from the hardware token and transition from a current configuration to the initial operating configuration during the boot time process; and initiating the configuration phase by receiving configuration data from the remote device configuration server, the configuration data including an IP address of a peer VPN device with which the network device may establish a tunnel. - View Dependent Claims (46, 47, 48, 49, 50, 51)
-
-
52. A method of delivering a network device comprising:
-
shipping a fully operational network device in a factory default configuration to a customer network site at which the network device will be installed within a predetermined network environment, the network device capable of automatically initiating an addressability phase in response to detecting the presence of a removable external smart hardware storage device on a designated provisioning port of a local internal communications bus of the network device, and capable of initiating a configuration phase in response to completion of the addressability phase; and if the customer has requested an automated provisioning feature, then programming a removable external smart hardware storage device with addressability data for the network device, the smart hardware storage device to interface with the designated provisioning port of the network device and cause the addressability phase to be initiated during a boot time process, the addressability phase causing the addressability data to be transferred from the smart hardware storage device to the network device and enabling the network device to transition from the factory default configuration to an initial operating configuration during a boot time process in which the network device can communicate and be addressable within the predetermined network environment, the addressability data including an IP address of a remote device Configuration server from which the network device may receive configuration including an IP address of a peer VPN device with which the network device may establish a tunnel, and shipping the programmed smart hardware storage device to the customer network site. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60)
-
Specification