Enterprise Provisioning - Strategy Variations: Difference between revisions
From Maemo Wiki
Jump to navigationJump to search
imported>jpalko |
imported>amigadave wikify slightly |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
Note: Following variations have not been tried out | Note: Following variations have not been tried out | ||
= Pincode based bootstrapping = | == Pincode based bootstrapping == | ||
A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical. | A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical. | ||
== Components == | === Components === | ||
Identical with strategy "Indirect enrollment, SMS based bootstrapping" | Identical with strategy "Indirect enrollment, SMS based bootstrapping" | ||
== Firewall rules == | === Firewall rules === | ||
Identical with strategy "Indirect enrollment, SMS based bootstrapping" | Identical with strategy "Indirect enrollment, SMS based bootstrapping" | ||
== Security considerations == | === Security considerations === | ||
* Requires using a fairly short pincode | * Requires using a fairly short pincode | ||
== Pros and cons == | === Pros and cons === | ||
* + No SMS gateway needed | * + No SMS gateway needed | ||
| Line 23: | Line 23: | ||
* - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy | * - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy | ||
= Installation server at Internet = | == Installation server at Internet == | ||
The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one. | The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one. | ||
[[Image:EDG_Installation_server_at_public_Internet.png|900px | [[Image:EDG_Installation_server_at_public_Internet.png|thumb|900px|alt=Diagram of installation server on the public Internet|Figure 1: Installation server on the public Internet]] | ||
Feasibility of this strategy likely requires flat 3G data transfer rates. | Feasibility of this strategy likely requires flat 3G data transfer rates. | ||
== The process == | === The process === | ||
Identical | Identical to the "Indirect enrollment, SMS based bootstrapping" strategy, but step 1 is not needed. | ||
== Components == | === Components === | ||
Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | ||
== Firewall rules == | === Firewall rules === | ||
Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | Identical with "Indirect enrollment, SMS based bootstrapping" strategy. | ||
== Security considerations == | === Security considerations === | ||
* SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here. | * SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here. | ||
| Line 50: | Line 49: | ||
* Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal | * Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal | ||
== Pros and cons == | === Pros and cons === | ||
* + Very simple to use. As close to "single click install" as it can get | * + Very simple to use. As close to "single click install" as it can get | ||
| Line 57: | Line 56: | ||
* - Data transfer rates | * - Data transfer rates | ||
= Summary = | == Summary == | ||
Now we can either read about [[ | Now we can either read about [[Enterprise Provisioning - Future Prospects|future prospects for provisioning]] or move onward to [[Enterprise Provisioning Summary|provisioning summary]]. | ||
[[Category:Enterprise]] | |||
Latest revision as of 13:36, 21 January 2011
Note: Following variations have not been tried out
Pincode based bootstrapping
A variation of SMS based bootstrapping. Instead of using SMS, the user connects using the device to Installation server which prompts a pincode. Otherwise the process is identical.
Components
Identical with strategy "Indirect enrollment, SMS based bootstrapping"
Firewall rules
Identical with strategy "Indirect enrollment, SMS based bootstrapping"
Security considerations
- Requires using a fairly short pincode
Pros and cons
- + No SMS gateway needed
- - Tedious to user since they still need to key in Installation server URL and the pin code
- - As laborious to implement as "Indirect enrollment, SMS based bootstrapping" strategy
Installation server at Internet
The installation server could also be located in the public Internet. We present this alternative as a variation of the "Indirect enrollment, SMS based bootstrapping" strategy, since that is probably the most secure one.
Feasibility of this strategy likely requires flat 3G data transfer rates.
The process
Identical to the "Indirect enrollment, SMS based bootstrapping" strategy, but step 1 is not needed.
Components
Identical with "Indirect enrollment, SMS based bootstrapping" strategy.
Firewall rules
Identical with "Indirect enrollment, SMS based bootstrapping" strategy.
Security considerations
- SMS pincode can be set very long, and it is delivered using entirely different network than where it is used. No additional security considerations foreseen here.
- The biggest security risk is the server being compromised. Servers facing public Internet are under constant attack. They have to be properly hardened and managed professionally
- Likely, this option becomes feasible only in cases there is already a Internet-facing hardened and well-managed server at disposal
Pros and cons
- + Very simple to use. As close to "single click install" as it can get
- + Usable practically everywhere, including remote sites
- - Probably slow
- - Data transfer rates
Summary
Now we can either read about future prospects for provisioning or move onward to provisioning summary.
