Normal Provisioning Server
The Normal Provisioning Server (NPS) can be a TFTP, HTTP, or HTTPS server. A remote firmware upgrade
is achieved by using TFTP or HTTP, or HTTPS, because the firmware does not contain sensitive information.
Although HTTPS is recommended, communication with the NPS does not require the use of a secure protocol
because the updated profile can be encrypted by a shared secret key. For more information about utilizing
HTTPS, see Communication Encryption, on page 8. Secure first-time provisioning is provided through a
mechanism that uses SSL functionality. An unprovisioned phone can receive a 256-bit symmetric key encrypted
profile that is targeted for that device.
Configuration Access Control
The phone firmware provides mechanisms for restricting end-user access to some parameters. The firmware
provides specific privileges for sign-in to an Admin account or a User account. Each can be independently
password protected.
• Admin account—Allows the service provider full access to all administration web server parameters.
• User account—Allows the user to configure a subset of the administration web server parameters.
The service provider can restrict the user account in the provisioning profile in the following ways:
•
Indicate which configuration parameters are available to the user account when creating the configuration.
•
Disable user access to the administration web server.
•
Disable user access for LCD user interface.
•
Restrict the Internet domains accessed by the device for resync, upgrades, or SIP registration for Line
1.
Related Topics
Element Tag Properties, on page 12
Access Control, on page 14
Communication Encryption
The configuration parameters that are communicated to the device can contain authorization codes or other
information that protect the system from unauthorized access. It is in the service provider’s interest to prevent
unauthorized customer activity. It is in the customer’s interest to prevent the unauthorized use of the account.
The service provider can encrypt the configuration profile communication between the provisioning server
and the device, in addition to restricting access to the administration web server.
Phone Provisioning Practices
Typically, the Cisco IP Phone is configured for provisioning when it first connects to the network. The phone
is also provisioned at the scheduled intervals that are set when the service provider or the VAR preprovisions
Cisco IP Phone 6800 Series Multiplatform Phones Provisioning Guide
8
Deployment and Provisioning
Normal Provisioning Server
To Next Page
Loading...
Need help?
General
