Contents
- Registering CPE devices
- Scenario: Automatic registration of a CPE device using the Zero Touch Provisioning technology.
- Scenario: Deploying a vCPE device on the VMware virtualization platform and registering it using the Zero Touch Provisioning technology
- Scenario: Re-registering a CPE device
- Resuming CPE device registration in case of an error
Registering CPE devices
The following scenarios exists for registering CPE devices:
- Automatic registration of a CPE device using the Zero Touch Provisioning (ZTP) technology. This scenario applies to new CPE devices that have not been previously registered.
- Deployment of a device on the VMware virtualization platform and automatic registration of a vCPE device. This scenario applies to virtual CPE devices that are deployed on virtual machines.
- Repeated registration of a CPE device. This scenario applies to previously registered CPE devices that have been deleted.
Registration does not require connecting to Kaspersky cloud services. If an error occurs during the registration of a CPE device, you can resume the registration of the CPE device.
Scenario: Automatic registration of a CPE device using the Zero Touch Provisioning technology.
You can register new CPE devices using Zero Touch Provisioning (ZTP). ZTP allows a CPE device to automatically connect to the orchestrator.
When using ZTP, you must generate an URL with the basic CPE device settings. Basic settings are those settings that are necessary to automatically connect a CPE device to the orchestrator. To complete the registration, you must connect the administrator device to the CPE device and visit the generated basic settings URL on the administrator device.
The ZTP registration scenario for a CPE device involves the following steps:
- Creating a CPE template
Create and configure a CPE template. For details on managing CPE templates, see Managing CPE templates. You can use the created CPE template to configure other CPE devices.
- Adding a CPE device
Add a CPE device. When adding the CPE device, assign the created CPE template to it and select whether the CPE device must automatically turn on after registration. The added CPE device has the Waiting status. For details on managing CPE devices, see Managing CPE devices.
- Two-factor authentication (optional step)
If you want to register your CPE device securely, use two-factor authentication.
- Generating an URL with basic settings
- Registering the CPE device
Do the following:
- Connect the administrator device to the LAN port of the CPE device.
The administrator device gets an IP address and the IP address of the default gateway via DHCP. The received IP address of the default gateway is the IP address of the CPE device.
- Visit the generated basic settings URL of the CPE device on the administrator device in one of the following ways:
- In the address bar of the browser, enter the basic settings URL of the CPE device and press Enter.
- Open the HTML file that you saved when generating the basic settings URL of the CPE device.
- On the opened page, click the Apply configuration button.
The CPE device automatically connects to the orchestrator, binds to the added CPE device in the orchestrator web interface, and registers itself. A registered CPE device has the Registered status and is in the Enabled or Disabled state.
- Connect the administrator device to the LAN port of the CPE device.
- Enabling the CPE device (optional step)
If, when adding the CPE device, you specified that it must not be enabled automatically, enable the CPE device. An enabled CPE device has the Registered status and is in the Enabled state.
- Enabling traffic encryption on the device (optional step)
If you need to use traffic encryption on the CPE device, enable it for the entire device or for a specific link.
Scenario: Deploying a vCPE device on the VMware virtualization platform and registering it using the Zero Touch Provisioning technology
You can deploy a vCPE device on the VMware virtualization platform using an OVF template, and then register the vCPE device using ZTP.
The OVF template is the knaas-cpe_<firmware version>.release.<solution version number>.combined.adm64-legacy.vKESR-M1-esxi.tar.gz archive that you can find in the /cpe directory of the distribution kit; the archive includes the following files:
- vKESR.mf contains the SHA256 hash of the OVF template files.
- vKESR.nvram contains the BIOS state of the virtual machine.
- vKESR.ovf is the descriptor containing information about the settings of the virtual machine.
- vKESR.vmdk is the disk image of the virtual machine.
You need to download the OVF template and extract it on your local device before performing this scenario.
The scenario for the deployment on the VMware virtualization platform and ZTP registration of a vCPE device involves the following steps:
- Creating a vCPE template
Create and configure a vCPE template. For details on managing vCPE templates, see Managing vCPE templates. You can use the created vCPE template to configure other vCPE devices.
- Adding a vCPE device
Add a vCPE device. When adding a vCPE device:
- Specify the created vCPE template.
- Select whether you want the vCPE device to be powered on automatically after registration.
- Specify a temporary DPID of the vCPE device, for example,
temporary DPID.
The added vCPE device has the Waiting status. For details on managing vCPE devices, see Managing CPE devices.
- Two-factor authentication (optional step)
If you want to register your vCPE device securely, use two-factor authentication.
- Generating an URL with basic settings
- Deploying a vCPE device on the VMware virtualization platform
In the web interface of the VMware virtualization platform, create a virtual machine for deploying the vCPE device. Make sure that the virtual machine you are creating satisfies the hardware and software requirements. When creating the virtual machine:
- Select how you want to create the virtual machine, using the OVF standard or an OVA file.
- When selecting VDMK files, specify the files of the OVF template extracted on the local device.
- When configuring advanced settings, specify the generated URL with basic settings.
For details about creating virtual machines, please refer to the official VMware documentation.
If the settings are applied successfully, the vCPE device automatically connects to the orchestrator and is displayed in the orchestrator web interface with the Unknown status.
- Registering a vCPE device
Change the temporary DPID that you specified when adding the vCPE device to the actual DPID of the vCPE device. The actual DPID of the vCPE device is the host name of the virtual machine on which the vCPE device is deployed. The host name of the virtual machine is displayed in the web interface of the VMware virtualization platform.
The vCPE device binds to the added vCPE device in the orchestrator web interface, and registers itself. A registered vCPE device has the Registered status and is in the Enabled or Disabled state.
- Enabling the vCPE device (optional step)
If, when adding the vCPE device, you specified that it must not be enabled automatically, enable the vCPE device. An enabled vCPE device has the Registered status and is in the Enabled state.
Scenario: Re-registering a CPE device
If you delete a CPE device, the basic settings are kept on it. Such a CPE device can be re-registered without using the basic settings URL.
When re-registering a CPE device, you cannot use two-factor authentication. If you want to use two-factor authentication, automatically register the CPE device.
The CPE device re-registration scenario involves the following steps:
- Restoring the CPE device firmware to the initial condition
Restore the CPE device firmware to the initial condition:
- Connect to the CPE device over SSH. To connect over SSH, specify the IP address and enter the credentials of the CPE device.
- Run the following command:
firstboot && reboot
- Creating a CPE template
Create and configure a CPE template. For a description of CPE template tabs, see the Managing CPE templates section. You can use the created CPE template to configure other CPE devices.
- Connecting the CPE device to the orchestrator
Disconnect and reconnect the CPE device power cable to have the CPE device reset and connect to the orchestrator. If the connection is successful, the CPE device is displayed in the orchestrator web interface with the Unknown status.
- Manually registering a CPE device
Manually register the CPE device. When manually registering the CPE device, assign the created CPE template to it and select whether the CPE device must automatically turn on after registration. A registered device has the Registered status and is in the Enabled or Disabled state. For a description of CPE device tabs, see the Managing CPE devices section.
- Enabling the CPE device
If, when manually registering the CPE device, you specified that it must not be enabled automatically, turn on the CPE device. An enabled CPE device has the Registered status and is in the Enabled state. This step is optional.
Resuming CPE device registration in case of an error
If an error occurs when registering a CPE device, the status of the CPE device changes to Suspended and registration is not completed. You can click the CPE device status in the CPE device table to open the service request log. You can click the step at which the error occurred to view information about possible causes, as well as the steps to correct the error.
After completing the steps to correct the error, click Resume to resume the registration of the CPE device. In some cases, the CPE device needs to be restarted after resuming the registration process. If you want to cancel the registration of the CPE device, click Cancel.
If you are unable to register a CPE device, we recommend contacting Kaspersky Technical Support.