CONTACT US
1-844-4ZPE-SYS
ZPE CLOUD

Providing Out-of-Band Connectivity to Mission-Critical IT Resources

Home » Streamline Deployments » Zero Touch Provisioning (ZTP) » Page 11

Zero Touch Deployment Cheat Sheet

by | Apr 19, 2023 | Consolidation, Data Center Management, DevOps, EdgeOps, Failover Connectivity, Network Automation, Remote Network Management, Scripting, SD-WAN, Secure Access Service Edge (SASE), Security Service Edge (SSE), Simplify Branch Infrastructure, Streamline Deployments, Vendor Neutral Platform, Virtualization, Zero Touch Provisioning (ZTP)

A zero touch deployment cheat sheet is visualized as a literal cheat sheet used by a student during an exam

Zero touch deployment is meant to make admins’ lives easier by automatically provisioning new devices. However, many teams find the reality of zero touch deployment much more frustrating than manual device configurations. For example, zero touch deployment isn’t always compatible with legacy systems, can be difficult to scale, and is often error-prone and difficult to remotely troubleshoot. This post provides a “cheat sheet” of solutions to the most common zero touch deployment challenges to help organizations streamline their automatic device provisioning.

Zero touch deployment cheat sheet

Zero touch deployment – also known as zero touch provisioning (ZTP) – uses software scripts or definition files to automatically configure new devices. The goal is for a team to be able to ship a new-in-box device to a remote branch where a non-technical user can plug in the device’s power and network cables, at which point the device automatically downloads its configuration from a centralized repository via the branch DHCP server.

In practice, however, there are a variety of common issues that force admins to intervene in the “zero touch” deployment. This guide discusses these challenges and advises how to overcome them to achieve truly zero touch deployments.

Zero touch deployment challenge: The solution:
Legacy systems don’t have native support for zero touch Extending zero touch to legacy systems using a vendor-neutral platform
Deployment errors result in costly truck-rolls Recovering from errors remotely with Gen 3 out-of-band (OOB) management
Securing remote deployments causes firewall bottlenecks Moving security to the edge with Zero trust gateways and Secure Access Service Edge (SASE)
Automating deployments at scale increases management complexity Maintaining control through centralized, vendor-neutral orchestration with version control

Extend zero touch to legacy systems with a vendor-neutral platform

Challenge Solution

While many new systems and networking solutions support zero touch deployment, sometimes there’s still a need to repurpose or reconfigure legacy systems that don’t come with native ZTP support.

Pre-staging these devices before shipping them to the branch is a security risk because the system could be intercepted in transit; plus, they’re likely already deployed at remote sites and need to be reconfigured in place. Without a way to extend zero touch deployment capabilities to those legacy systems, companies often have to pay for admins to travel to remote branches, negating any cost savings they were hoping to gain from reusing older devices.

One way to extend zero touch to legacy systems is with a vendor-neutral management platform. For example, a vendor-neutral serial console switch with auto-sensing ports can connect to modern and legacy infrastructure solutions in a heterogeneous branch deployment so they can all be managed from a single place.

From that unified management platform, admins can write and deploy configuration scripts to connected devices, including legacy systems that don’t support zero touch. Technically, this isn’t zero touch deployment because the system doesn’t automatically download and run its configuration file, but it’s still a way to turn an on-site, manual process into one that’s remotely activated and mostly automated.

Recover from deployment errors with Gen 3 OOB management

Challenge Solution

A new branch deployment almost never goes completely according to plan, and this is especially true when teams are using zero touch for the first time, or aren’t completely comfortable with software-defined infrastructure and networking. In the best-case scenario, when there’s a configuration error, the zero touch deployment aborts, and an admin is able to correct the problem and restart the process.

However, sometimes the deployment hiccup causes the device to hang, freeze, or get stuck in a reboot cycle. Or, even worse, an unnoticed error in the configuration could allow the deployment to finish successfully but then go on to affect other production dependencies and bring the entire branch network down. Either way, organizations must again deal with the expenses involved in sending a tech out to troubleshoot and fix the problem.

The best way to ensure continuous access to remote infrastructure is with out-of-band (OOB) management. An OOB solution, such as a serial console or all-in-one branch gateway, connects to the management ports on infrastructure devices so admins can remotely monitor and control every device from a single place without IP addresses.

This creates a separate (out-of-band) network that’s dedicated to management and troubleshooting, making it possible for teams to remotely recover devices that have failed the zero touch deployment process or brought down production LAN dependencies. Plus, the OOB gateway uses independent, redundant network interfaces to ensure admins still have remote access even if the production WAN or ISP link goes down.

To ensure full OOB management coverage of a heterogenous, mixed-vendor environment, the out-of-band solution should be completely vendor-neutral. An open OOB device also supports integrations with third-party solutions for automation, orchestration, and security. This kind of out-of-band platform is known as Gen 3 OOB. Gen 3 OOB management ensures that teams can remotely recover from zero touch deployment errors no matter what device is affected or how the production network is impacted.

Secure remote deployments with zero trust gateways and SASE

Challenge Solution

Organizations need to secure all devices at all remote sites using consistent policies and security controls. However, for smaller branches and IoT sites, it usually isn’t cost-effective to deploy a security appliance in each location.

Plus, adding more firewalls also adds more management complexity. That means traffic is usually backhauled through the main data center firewall, creating bottlenecks and causing network latency for the entire enterprise.

Using zero trust gateways and cloud-based security services, companies can move security to the branch without the cost and complexity of additional firewalls. An all-in-one, zero trust gateway solution combines SD-WAN, gateway routing, and OOB management in a single device. It also supports zero trust authentication technologies like SAML 2.0 and 2FA. A zero trust gateway also needs to support network micro-segmentation, which will allow the use of highly specific security policies and targeted security controls. Plus, by enabling software-defined wide area networking (SD-WAN), a zero trust gateway facilitates the use of SASE.

Secure Access Service Edge (SASE) is a cloud-based service that combines several enterprise security solutions into a single platform. Zero trust gateways use SD-WAN’s intelligent routing capabilities to detect branch traffic that’s destined for the cloud or web. This traffic is directed through the SASE stack for firewall inspection and security policy application, allowing it to bypass the main security appliance entirely. SASE helps reduce the load on the enterprise firewall, reducing bottlenecks and improving performance without sacrificing security.

Scale zero touch deployments with centralized orchestration

Challenge Solution
Zero touch deployments occur (at least in theory) without any admin intervention, but they still need to be monitored for failures. Keeping track of a handful of automatic deployments may seem easy enough, but as the number and frequency increases, it becomes more challenging. This is especially true when companies kick off large-scale expansions, deploying dozens of devices at once, all of which could be plugged in at any time to begin the automated provisioning process. Plus, different devices need different configuration files, and admins need a way to work together without overwriting each other’s code or duplicating each other’s efforts. A vendor-neutral orchestration platform provides a central hub for network and infrastructure automation across the entire enterprise. This platform uses the serial consoles and OOB gateways in each remote location to gain control over all the connected devices, so network teams can monitor and deploy all their zero touch configurations from one place. An orchestration platform is the single source of truth for all automation, so it needs to support version control. This ensures that admins can see who created or changed a configuration file and revert to a previous version when there’s a mistake.

Simplifying zero touch deployment with Nodegrid

Zero touch deployment can be a hassle, but using vendor-neutral management systems, Gen 3 OOB management, zero trust gateways, and centralized orchestration can help organizations overcome the most common hurdles. For example, a vendor-neutral Nodegrid branch gateway deployed at each remote site helps you extend automation to legacy systems, provides fast and reliable out-of-band access to recover from issues, enables zero trust security & SASE, and gives you unified orchestration through the Nodegrid Manager (on premises) and ZPE Cloud software.

Ready to learn more about zero touch deployment?

Nodegrid has a solution for every zero touch deployment challenge. Schedule a demo to see how Nodegrid’s vendor-neutral platform can simplify zero touch deployment for your enterprise.

Contact Us

Network Automation Tools To Offset the Tech Talent Shortage

by | Feb 24, 2023 | Data Center Resilience, Minimize Impact of Disruptions, Network Automation, Zero Touch Provisioning (ZTP)

network automation tools
As enterprise networks grow more complex, there’s a rising need for highly-specialized engineers to implement and maintain these complicated architectures. However, due to the Covid-19 pandemic, a global recession, and other world events beyond an organization’s control, it can be very difficult to recruit and retain these specialists. In fact, many companies are currently relying on smaller IT teams than usual to manage their vital network infrastructure. According to Gartner research, the tech talent shortage is one of the biggest barriers to the adoption of emerging technology like network automation.

However, network automation tools can actually help understaffed organizations ensure the continued availability and performance of enterprise networks by streamlining workflows and reducing manual intervention. In this blog, we’ll discuss how four different types of network automation tools can be used to solve major problems caused by the tech talent shortage.

Problem Solution
You lack the staff required to efficiently deploy, monitor, and manage network configurations. Automated network configuration management solutions like SolarWinds Network Configuration Manager (NCM) and Micro Focus Network Automation Software.
You need to extend DevOps automation to networking without purchasing additional solutions or hiring network automation experts. DevOps configuration management solutions that can be used for server and network automation like RedHat Ansible and Puppet.
You want to improve network reliability and performance while reducing management complexity. Software-defined networking (SDN) and software-defined wide area networking (SD-WAN) solutions like Palo Alto Prisma and Cisco Meraki.
You lack full-coverage network security, so you’re unsure where your vulnerabilities are or how efficiently you can respond to incidents. Network security automation solutions like Palo Alto’s Next-Generation Firewall (NGFW) and Datadog AIOps security and monitoring.

 

To learn more about using automation technology to ensure network resilience, click here to download the Network Automation Blueprint from ZPE Systems.

 

Network automation tools to offset the tech talent shortage

The following categories of network automation tools are designed to simplify network management workflows to ensure optimal performance and 24/7 availability.

Automated network configuration management

Network configuration management refers to the ongoing process of creating, deploying, and maintaining configurations for network devices and logic. Some of the tasks involved in network configuration management include device discovery, provisioning, and software and firmware updates. In addition, network configurations are monitored to ensure they don’t drift away from documented standards (configuration shift), and if needed, unauthorized changes are rolled back. This reduces the risk that an undocumented configuration tweak will introduce an unnoticed security vulnerability (such as the recent Fortinet authentication bypass exploit) and ensures consistent quality across the entire network architecture.

However, manual network configuration management is complicated and time-consuming, especially when so many network operations teams are overworked and understaffed. An automated network configuration management solution handles many of these tasks without the need for human intervention. Admins can create network configuration policies and playbooks which are used to automatically deploy new devices and update network dependencies, saving time and reducing human error. In addition, automated configuration management uses these policies to continuously monitor for and correct configuration drift. In the case of the Fortinet CVE, for example, automatic configuration management could have helped teams instantly roll back to the last known good config to close the vulnerability.

Examples of network automation tools for network configuration management include SolarWinds Network Configuration Manager and Micro Focus Network Automation.

DevOps IaC configuration management

Many organizations have adopted the DevOps methodology, which seeks to dissolve the barriers between the software development and IT operations teams to improve efficiency. On the Ops side, this often involves a practice called IaC, or Infrastructure as Code. IaC uses software code and machine-readable definition files to automatically provision servers and manage configurations. IaC enables Ops teams to spin up resources at the velocity required for fast-paced DevOps software projects. It also means that infrastructure configuration code can be stored, managed, and deployed from the same platform as software code, facilitating easy collaboration between developers and sysadmins.

With the recession forcing many IT teams to downsize, organizations are looking for ways to extend the efficiency provided by DevOps automation tools to the networking side of the house without purchasing additional solutions. Plus, many network admins lack the expertise required to operate network automation solutions, and the tech talent shortage makes recruiting such specialized engineers difficult. Luckily, some IaC configuration management tools like RedHat Ansible and Puppet can also be used for network configurations, which helps teams automate without any special programming skills.

That also means admins can deploy, monitor, and manage configurations for network devices and systems across the entire architecture from a single platform, saving money and reducing operational complexity. This convergence of DevOps and network management is known as NetDevOps or NetOps, and it’s empowering organizations to improve efficiency even during the recession and talent shortage.

Software-defined networking and SD-WAN

Enterprise networks are typically highly distributed and very complex. An organization could have 500 branch offices around the world, each of which uses slightly different networking hardware and software solutions. Each of these vendor solutions might have its own management platform for admins to configure, manage, and continuously monitor. Things grow more challenging when an organization uses a hybrid cloud infrastructure, which requires WAN (wide area networking) orchestration across multiple public and private clouds. This complexity makes it challenging for overworked network administrators to maintain optimal performance and 24/7 availability.

Software-defined networking (SDN) and software-defined wide area networking (SD-WAN) help to reduce the complexity of enterprise networks by abstracting network configurations and workflows as software code that’s decoupled from the underlying hardware. Codifying network configurations makes it easier to use technology like automated configuration management, which reduces the burden on overworked admins and reduces human error. SDN and SD-WAN also facilitate the use of centralized network orchestration platforms, which give admins a single pane of glass from which to control the entire network architecture.

This holistic coverage makes it possible for small teams to efficiently monitor and manage large, complex networks, reducing the risk of fatigue, human error, or negligence affecting performance. Plus, SDN and SD-WAN solutions employ automation to continuously monitor and adjust routing configurations as needed to ensure optimal performance. That means these solutions are often able to detect and remediate issues with latency and site availability much faster than a human admin could, ensuring optimal performance and reliability.

Examples of SDN and SD-WAN solutions include Cisco Meraki SDN and Palo Alto Prisma SD-WAN.

Network security automation

With the quantity, sophistication, and cost of cybersecurity attacks rising every year, network security is more important than ever. According to the Sophos State of Ransomware 2022 survey, 66% of organizations were hit by ransomware, a massive increase from 2020 in which only 37% of organizations were attacked.

However, the tech talent shortage and ongoing recession have left many organizations with gaps that increase both the risk that a breach will occur and the time it will take to recover. For example, IBM estimated in 2021 that unpatched vulnerabilities accounted for at least one-third of all data breaches. However, staying on top of patch management for large, diverse, and distributed network infrastructures is difficult when teams are overworked and understaffed.

Plus, when networking and security teams are spread so thin, it can take them much longer to detect a breach that has already occurred, even if the hacker is actively exfiltrating data or changing system configurations. Remediation is also slowed down by the need to manually investigate logs, isolate affected systems, and implement fixes.

Network security automation can help bridge these gaps by reducing the need for human analysts to perform the more tedious and repetitive – but highly vital – tasks involved in ongoing cybersecurity management. Automated security solutions use technology like AIOps and machine learning to manage software and firmware updates, analyze network traffic for threats, and even perform remediation steps like quarantining infected systems and blocking compromised accounts.

Popular examples of network security automation tools include Palo Alto Network’s Next Generation Firewall (NGFW) and Datadog AIOps Security and Monitoring.

Using a vendor-neutral platform to deploy network automation tools

The goal of automation is to make it easier for network admins to maintain and optimize the enterprise network. However, if admins need to learn, configure, deploy, and manage a bunch of additional automation solutions, you could end up increasing the complexity of their jobs rather than reducing it.

The Nodegrid platform can help by directly hosting all of the network automation tools listed above, reducing the need for additional hardware to manage. Deploying Nodegrid boxes in all your data centers and remote sites gives you the ability to extend automation to every corner of your network and manage it all from behind a single pane of glass. Hosting your network automation on a vendor-neutral platform like Nodegrid gives your team an easy way to orchestrate automated workflows across your entire enterprise architecture.

Network automation tools help to bridge the gaps caused by the tech talent shortage, ensuring the reliability and resilience of enterprise networks. To get step-by-step instructions for how to implement the network automation solutions mentioned above, click here to download the Network Automation Blueprint from ZPE Systems.

Ready to learn more?

To learn more about deploying network automation tools with Nodegrid, contact ZPE Systems today.

Contact Us

Vapor IO: Re-architecting the Internet

by | Feb 21, 2023 | Case Studies, Consolidation, Pillar 1 - Data Center Infrastructure Management, Pillar 2 - Critical Remote, Zero Touch Provisioning (ZTP)

ZPE Systems – Vapor IO thumbnail

Automating edge deployments & lights-out management for Vapor® IO

Vapor IO provides autonomous network and data center infrastructure at the network edge. Their goal is to re-architect the traditional Internet into a distributed, ubiquitous, edge-to-edge web that serves end users with SLA-backed routing, up to twelve-nines reliability, 100-microsecond latency, and terabits-per-second bandwidth.

With 36 (and counting) major U.S. markets, and their recent expansion into Barcelona, Spain, Vapor IO needs to run operations as lean as possible. However, as they continued to scale, the complexity of their own management infrastructure stood in the way of achieving this goal.

See why they required eight hours of setup time at each site, and discover which Nodegrid technologies helped significantly streamline not only new installations, but operations and overhead as well. Download the case study for full details.

Problems and Gaps

Vapor IO’s ultimate goal for operations is to deploy lights-out data centers all over the world and minimize the number of staff required to maintain these sites. Crucial to this goal is having the ability to collect billions of data points at each location, which allows teams to monitor and control physical and virtual devices. But their existing management infrastructure was complex and outdated, and consisted of:

  • Cellular modem with third-party
  • Subscription out-of-band router
  • Out-of-band switch
  • Out-of-band serial console
  • Out-of-band laptop/compute node
20221216_113845

One of the company’s core values is to further business goals by making constructive changes and avoiding unnecessary complexity. This management infrastructure only added complexity and would require additional staff to maintain it. To solve this, Vapor IO would have to be proactive in closing several significant gaps:

  • Each edge data center required at least five separate management devices that were not integrated together. Deployments required a skilled technician to be on site for an entire workday. This time sink would multiply in direct correlation to the total number of new sites to deploy.
  • The ability to lease rackspace directly translates to revenue. But each site required Vapor IO to use at least 5RU for its own devices. As demand increased, this dead space would translate to millions in lost revenue, on top of additional power and cooling costs.
  • Having disparate solutions not only increased the total points of failure, but also meant more devices to manage. This increased the likelihood of failures/outages that would require truck rolls, and also increased the ongoing operational workload required to keep many management devices running.
  • A multi-vendor environment meant added overhead and rigidity that complicated procurement, project planning, and development of new designs. This made it difficult to adapt to different use cases and customer requirements.

Solution

Vapor IO deployed the modular Nodegrid Net SR. This appliance provided the capabilities they needed to automate deployments and support lights-out management. The LTE module allows staff to remotely connect to sites and bring resources online, while the SFP module allows each site to connect to their nationwide fiber backbone.

Frank Basso

“Nodegrid keeps our costs down and extends everyone’s capabilities. The automation lets our support teams do specialized jobs, so our engineers can devote more time to delivering customer value.” — Frank Basso, EVP of Operations, Vapor IO

Download the Case Study

Watch agile networking in action with these Nodegrid demos

by | Dec 16, 2021 | Modernize Legacy Environments, NetDevOps, Network Automation, Out of Band Management, Power Management, Streamline Deployments, Uncategorized, Zero Touch Provisioning (ZTP)

title_demoreel

Watch agile networking in action with these Nodegrid demos

 

ZPE® Systems Network Solutions Architect Rene Neumann shows you how easy it is to enable agile networking. See Nodegrid and ZPE Cloud first hand with our collection of demo videos. You’ll learn how to:

 

  • Use true zero touch for automatic deployments
  • Fully set up environments using rich orchestration
  • Remotely configure and manage edge workloads

Demo: Deploy Networks Fast with ZPE Cloud’s Zero Touch Provisioning

Demo: Fully Provision Edge Network Workloads with Nodegrid

Demo: Orchestrate Branch Network Devices Using Nodegrid

 

View More Videos    Schedule a Demo

HEAnet: providing network uptime for education

by | Nov 15, 2021 | Case Studies, Failover Connectivity, Increase Productivity, Out of Band Management, Pillar 2 - Critical Remote, Zero Touch Provisioning (ZTP)

 

HEAnet logo

If there’s one sector that relies on network uptime more than ever before, it’s the education sector. For both in-person and virtual learning, students and staff connect to crucial resources around the world to share information. The infrastructure that enables this connectivity is critical, and in the country of Ireland, this infrastructure is deployed and maintained by HEAnet.

As the national education and research network, HEAnet is a provider who must adhere to stringent service levels in order to keep entire education communities online. But they recently faced a few major challenges as their out-of-band (OOB) management solution neared its end-of-life (EOL) date. This system was crucial to maintaining network uptime, as it gave engineers remote access to their 50+ nationwide locations. They needed to quickly roll out a new solution, but they were faced with a second challenge — limited staff.

It seemed HEAnet was stuck between a rock and a hard place. They would surely need to outsource the job, and that’s when they turned to Rahi, the world-renowned MSP who introduced them to ZPE Systems’ Nodegrid.

The rest is history, and for a deep dive into that lesson, download the full HEAnet case study below.

But before you do, here’s a quick refresher on critical infrastructure and why network uptime can be difficult to maintain.

Critical infrastructure and network uptime

Critical infrastructure is made up of the systems that connect sites to each other and to the rest of the world. The data center is an obvious example of where critical infrastructure is deployed. Points-of-presence (POPs) and colocations are other somewhat obvious examples. All of these house components, such as servers, switches, and routers, which are essential to handling data and traffic that organizations rely on.

Here are more examples of where critical infrastructure is commonly found:

  • Warehouses: servers, routers, and Wi-Fi access points help humans and their automated counterparts track inventories, fulfill orders, and communicate with vendors.
  • Manufacturing plants: operationalized technology like sensors and IoT devices collect data from gauges, robots, and machining equipment to ensure accurate measurements, maintain quality control, and streamline fabrication processes.
  • Cellular base stations: compute, storage, and failover devices process signals, store data, and provide backup connectivity for critical cell site components.

Organizations must maintain high levels of network uptime for their critical infrastructure, since it supports the lifeblood of everything they do. But this can be a challenge because these components are not always located within convenient reach of skilled engineers.

Why can network uptime be so challenging to maintain?

Maintaining network uptime can be challenging even for fully-staffed locations. This difficulty is amplified — quite dramatically — when organizations have to recover and maintain sites that are located far off the beaten path.

Imagine this: you’re responsible for monitoring and troubleshooting critical infrastructure for a network of college campuses in your region. One of your most remote sites, which serves more than one thousand students and faculty on any given day, experiences sudden disruptions and eventually goes offline. It’ll take close to four hours for you to put skilled staff on site to recover the network, which puts you at risk of breaching your SLA. You and your team are stressed out and scrambling, while students and teachers have no option but to cancel some or all of their activities.

Now imagine that you have a tool that allows you to respond instantly and restore the network before anyone even notices. That’s the kind of power you can achieve with a deep, robust out-of-band management solution, which is one of the tools HEAnet deployed to keep disruptions from reaching users.

There’s more that can go wrong, however. Your sites could suffer an ISP outage, leaving locations in the dark if they don’t employ any wireless backup connections. Or if your customer has a multi-vendor MSP solution that you’re part of, the other vendor’s components may be to blame, and you need a tool that can help you quickly diagnose the root cause.

Download the HEAnet case study

To see more challenges you might face when maintaining network uptime, download the HEAnet case study. You’ll also discover how Nodegrid gave them seamless backup connectivity and allowed a single Rahi engineer to deploy two sites in a single day. Get the case study now.

Zero touch provisioning: 3 drawbacks you need to know

by | Aug 30, 2021 | Zero Touch Provisioning (ZTP)

It’s Friday morning, and you’re bringing a new site online with zero touch provisioning. Your remote branch devices arrived the night before, and all you want the store manager to do is plug them in. A few minutes later, your job is finished and you’ve still got your entire day left. What are you going to do with all your free time?

This is the picture that’s commonly painted of zero touch provisioning. And why not? When compared to manual provisioning, zero touch brings drastic improvements and efficiency to deploying networks. Its biggest benefits include:

  • Helping you deploy sites fast, because it’s a plug ‘n play solution
  • Reducing manual work and errors, because it’s automatic
  • Supporting on-demand scaling without bogging down your resources

Business person using laptop connected to network users and services.

With zero touch, you don’t have to be on site for days or weeks manually configuring individual devices. You also shrink the risk of human error that can unwind all your deployment progress and force you to start over. And when it comes to scaling, it eliminates so many of the shipping costs and technician expenses, and instead lets you spin up new sites in a single day.

So what’s the problem with zero touch provisioning?

The trouble with zero touch provisioning is that it usually comes with hidden obstacles that vendors don’t tell you about. Zero touch promises to make deployments quick and easy, but these obstacles can eat up your time savings and make you vulnerable to attacks.

Here are 3 big drawbacks you need to know about zero touch provisioning.

Drawback: Zero touch provisioning is limited to one vendor

Imagine you’re on location setting up a plethora of devices from different vendors. You plug in your zero touch solution, but you still have to manually configure three other vendor devices that make up your stack. This is the first major drawback to zero touch provisioning.

For the most part, zero touch is limited to one vendor’s solutions and doesn’t extend to devices or solutions from other providers. This is usually to encourage purchasing multiple solutions from or standardizing on one vendor.

Why is this a drawback? This is just another approach to vendor lock-in. It limits your freedom when trying to leverage zero touch provisioning, which can be a major drawback especially in custom, multi-vendor environments. When you’re choosing a zero touch solution, consider how much of your stack it can actually automate and how much time you’ll still have to spend on manual provisioning.

Drawback: Zero touch provisioning isn’t secure

What happens if you set up your site with zero touch provisioning, only to discover that your network is already under attack? You wonder how it could have happened, but then you remember all of the preconfiguring required to make zero touch possible. This is another major drawback.

Most solutions do live up to the promise of being ‘zero touch,’ but only after you’ve performed extensive preconfiguring of your devices. This is a major security concern because you’re loading up your stack with sensitive information about your network. Recent reports show that ransomware claimed a victim every 10 seconds in 2020.

Why is this a drawback? With your network attack surface more distributed now, especially during the pandemic, it’s critical to minimize your exposure to threats. But having to preconfigure your devices for zero touch provisioning makes it easier for you to become a victim. Even if you can keep careful watch over your devices to ensure no physical attacks occur, hackers can easily exploit your systems through something like an open port that one of your employees forgot to close. In a nutshell, preconfiguring puts you at unnecessary risk.

Drawback: Zero touch provisioning limits orchestration

The ultimate goal of using zero touch provisioning is to add convenience to deployments and management. You want to save time and effort all around by eliminating manual work. But another major drawback to zero touch is that it puts a limit on how much and how many of your processes you can orchestrate.

Automation is when you can automate simple tasks, while orchestration is when you can automate entire processes and workloads. Most zero touch solutions allow you to implement a little bit of both automation and orchestration, but limit or simply lack support for orchestrating across devices and environments.

Why is this a drawback? The more manual work you have to perform, the less value you get out of zero touch provisioning. And most solutions require you to manually bootstrap VMs, activate service licenses, run Docker apps, and even update device firmware as new patches are released. Though zero touch might save you time and effort on initial setup, consider how these savings might evaporate in the long run.

Can you avoid these drawbacks?

Imagine you’re setting up a new network. Your environment is tailored specifically to your needs, which includes a custom-built monitoring application, Palo Alto NGFW, data thinning workloads, and a host of other solutions meant to optimize operations. And the best part is, you don’t have to worry about vendor lock-in, security gaps, or limited orchestration. All you need to do is plug in your devices, and the entire environment will build itself in just a matter of hours. Everything just works so you don’t have to.

That is what true zero touch provisioning feels like, and it’s something we’re passionate about at ZPE Systems. That’s why we’ve spent years building zero touch convenience features into our Nodegrid solutions. You don’t have to put up with these major drawbacks any longer.

Nodegrid’s zero touch provisioning extends across vendor solutions, even to devices that don’t support automation. This means that you can automate and push configurations to whatever you connect to Nodegrid — including legacy switches, routers, and other equipment.

Nodegrid’s zero touch provisioning also eliminates the need to preconfigure devices. ZPE Cloud serves as your repository for configuration files and allows you to remotely push these files to 100% factory-default devices. Physical attacks no longer pose a threat, while built-in security features and alerts automatically block and pinpoint attacks.

Because Nodegrid OS is Linux-based, it gives you the freedom to orchestrate across devices and environments, with a rich API library and your choice of tools like Ansible, Chef, Puppet, and REST. You can save time and effort on deployments and ongoing management. This means that you can implement a zero touch provisioning solution that automatically spins up VMs, deploys Docker containers, activates service licenses and configures service chaining, updates firmware, and carries out any number of workloads you need.

Get free resources to help you deploy zero touch provisioning

When you’re choosing a zero touch solution, carefully consider how these drawbacks will impact your deployment and management efforts. To help you, download The Definitive Guide to Zero Touch Provisioning, and when you’re ready to implement your solution, use our 4-Step Checklist for Setting Up Zero Touch Provisioning.

For regular updates to help you streamline enterprise networking, sign up for our newsletter using the form below.