To perform Zero Touch provisioning, the device must be properly licensed, the license is always linked to a company's e-mail and to a UUID, this step is essential because the approval and confirmation of the provisioning is sent by e-mail, in addition because all provisioning is tied to the UUID of an appliance.
In addition, for Zero Touch provisioning to work, it is mandatory to have a valid link configured in order to reach the Blockbit license portal in order to validate this license..
Through the button “Create Device” it is possible to create a new device for provisioning. To access, follow the steps below:
1. Click on the “Create Device” option;
Provisioning – Create Device
2. The "Device" window is made up of the "General", "Network" and "Certificate" tab. When adding a device for provisioning fill the fields with the device settings, basically as if you were going to install a UTM normally. Complete the fields as shown below:
Create Device – Device - General
- Name: Device Name. Ex.: Provisioned Device;
- Company: Defines the company name. Ex.: Blockbit;
- User Admin: Enter the same administrator user that was registered during the installation of UTM. Ex.: admin;
- Password: Enter the password registered during the installation of UTM. This password must be at least eight characters long, contain upper and lower case letters and special characters. Ex.: q1W@e3R$;
- Device Template: Through this field, it is possible to add the templates created in Device Template for this device;
- Policy Package: Through this field, it is possible to add the policy packages created in Policy Package for this device;
- UUID: Enter the UTM's unique identification code, it can be found on the Dashboard - System in the widget license;
- Description: Device description. Ex .: Provisioned Device Settings.
3. After filling in the fields on the "General" tab, fill in the fields on the "Network" tab, as shown below:
Create Device – Device - Network
- Hostname: Defines the Hostname. It can be anyone as long as it complies with the FQDN - Fully Qualified Domain Name. Ex.: GSM;
- Language: Select the default language. Ex.: English;
- Timezone: Select the time zone. Ex.: America/Sao_Paulo;
- Gateway: Sets the default route for the network. Ex.: 220.127.116.11;
- Suffix DNS: Determines the domain of the network. Ex.: blockbit.com;
- DNS Server: Defines the network or internet DNS server. Ex.: 18.104.22.168;
- NTP Server 1: Sets the clock synchronization server. Ex.: a.ntp.br;
]: Activate the desired network interfaces by checking the checkbox;
- IP Address: Inform which network address the settings will be applied to;
- Net Mask: Inform which will be the netmask;
- Network zone: Determine the Network Zone. By default, the default options are: LAN, WAN and DMZ;
- DHCP Server[ ]: Enable this checkbox to distribute IP addresses as network devices request connection.
4. After completing the fields on the "Network" tab, complete the fields on the "Certificate" tab, as shown below:
Create Device – Device - Certificate
- Country: Defines the country. Ex.: BR;
- State: Sets the state. Ex.: Sao Paulo;
- City: Defines the city. Ex.: Sao Paulo;
- Organization: Defines the company name. Ex.: Blockbit;
- E-mail: Sets the administrator email. Ex.: user@blockbit;
- Organizational Unit: Defines the department. Ex.: QA;
- Expires (years): Defines the validity time of the certificate. Ex.: 10;
- Hostname: Sets the FQDN for the certificate. Ex.: utm.blockbit.com.
5. To save changes, click [.], otherwise click [ ] to close the window
When saving the settings, a confirmation email will be sent to the address that is registered on the Blockbit License Portal. You will need to click on the link that will appear in the body of the email to actually start provisioning itself.
Provisioning - Confirmation email
A confirmation email will be sent when authorizing provisioning, as shown below:
Provisioning - Provisioning confirmation
It is possible to track the progress of provisioning through the Status and Progress column in the Provisioning tab of the GSM, as shown below:
Provisioning - Provisioning progress
It is also possible to see the provisioning progress through the UTM interface that will be provisioned. As shown in the following image:
Provisioning - Provisioning in progress
If provisioning is completed successfully, an automatic redirection to the login screen will occur, as shown below:
Provisioning - Redirect
When directed to the Login screen, it will probably not be possible to access the system immediately thanks to the completion of the provisioning settings, wait until the access has been released. During this stage it is extremely important not to disconnect the device. If the settings are still being made, a notification will be displayed blocking access when trying to log in. For a more accurate view of the progress of provisioning, check the Status and Progress column on the Provisioning tab of the GSM.
If provisioning is successful, the device will be displayed in the Inventory tab, in the same way as a manually linked device.
Provisioning - Device moved to Inventory tab
Upon successful completion of Zero Touch Provisioning, UTM will also automatically have the license validated, being administered by GSM in Central Management, with the deployment of Device Templates and Policy Packages defined in GSM applied.
If provisioning is not completed successfully, a panel with two buttons will appear:
Provisioning - Configure Provisioning
If provisioning does not occur because the DNS is unable to provide a valid path to the Blockbit License Portal, click on the button  so that the panel illustrated below is displayed, it is possible to configure a valid IP so that the UTM can properly license.
Provisioning - Add a valid IP
Through the option [page.] it is possible to make the configuration manually, when selecting this option you will be directed to the standard Wizard. This will also happen if the license has expired or expired, the user will be notified and directed to the normal Wizard. For more information on how to configure it, see the UTM Wizard configuration
That done, it will be necessary to create a new provisioning for the machine that has gone through the rewizard.
After these steps, the process is the same.