Home » Blog » Zero touch provisioning: 3 drawbacks you need to know

Zero touch provisioning: 3 drawbacks you need to know

Zero Touch Provisioning (ZTP)

It’s Friday morning, and you’re bringing a new site online with zero touch provisioning. Your remote branch devices arrived the night before, and all you want the store manager to do is plug them in. A few minutes later, your job is finished and you’ve still got your entire day left. What are you going to do with all your free time?

This is the picture that’s commonly painted of zero touch provisioning. And why not? When compared to manual provisioning, zero touch brings drastic improvements and efficiency to deploying networks. Its biggest benefits include:

  • Helping you deploy sites fast, because it’s a plug ‘n play solution
  • Reducing manual work and errors, because it’s automatic
  • Supporting on-demand scaling without bogging down your resources

Business person using laptop connected to network users and services.

With zero touch, you don’t have to be on site for days or weeks manually configuring individual devices. You also shrink the risk of human error that can unwind all your deployment progress and force you to start over. And when it comes to scaling, it eliminates so many of the shipping costs and technician expenses, and instead lets you spin up new sites in a single day.

So what’s the problem with zero touch provisioning?

The trouble with zero touch provisioning is that it usually comes with hidden obstacles that vendors don’t tell you about. Zero touch promises to make deployments quick and easy, but these obstacles can eat up your time savings and make you vulnerable to attacks.

Here are 3 big drawbacks you need to know about zero touch provisioning.

Drawback: Zero touch provisioning is limited to one vendor

Imagine you’re on location setting up a plethora of devices from different vendors. You plug in your zero touch solution, but you still have to manually configure three other vendor devices that make up your stack. This is the first major drawback to zero touch provisioning.

For the most part, zero touch is limited to one vendor’s solutions and doesn’t extend to devices or solutions from other providers. This is usually to encourage purchasing multiple solutions from or standardizing on one vendor.

Why is this a drawback? This is just another approach to vendor lock-in. It limits your freedom when trying to leverage zero touch provisioning, which can be a major drawback especially in custom, multi-vendor environments. When you’re choosing a zero touch solution, consider how much of your stack it can actually automate and how much time you’ll still have to spend on manual provisioning.

Drawback: Zero touch provisioning isn’t secure

What happens if you set up your site with zero touch provisioning, only to discover that your network is already under attack? You wonder how it could have happened, but then you remember all of the preconfiguring required to make zero touch possible. This is another major drawback.

Most solutions do live up to the promise of being ‘zero touch,’ but only after you’ve performed extensive preconfiguring of your devices. This is a major security concern because you’re loading up your stack with sensitive information about your network. Recent reports show that ransomware claimed a victim every 10 seconds in 2020.

Why is this a drawback? With your network attack surface more distributed now, especially during the pandemic, it’s critical to minimize your exposure to threats. But having to preconfigure your devices for zero touch provisioning makes it easier for you to become a victim. Even if you can keep careful watch over your devices to ensure no physical attacks occur, hackers can easily exploit your systems through something like an open port that one of your employees forgot to close. In a nutshell, preconfiguring puts you at unnecessary risk.

Drawback: Zero touch provisioning limits orchestration

The ultimate goal of using zero touch provisioning is to add convenience to deployments and management. You want to save time and effort all around by eliminating manual work. But another major drawback to zero touch is that it puts a limit on how much and how many of your processes you can orchestrate.

Automation is when you can automate simple tasks, while orchestration is when you can automate entire processes and workloads. Most zero touch solutions allow you to implement a little bit of both automation and orchestration, but limit or simply lack support for orchestrating across devices and environments.

Why is this a drawback? The more manual work you have to perform, the less value you get out of zero touch provisioning. And most solutions require you to manually bootstrap VMs, activate service licenses, run Docker apps, and even update device firmware as new patches are released. Though zero touch might save you time and effort on initial setup, consider how these savings might evaporate in the long run.

Can you avoid these drawbacks?

Imagine you’re setting up a new network. Your environment is tailored specifically to your needs, which includes a custom-built monitoring application, Palo Alto NGFW, data thinning workloads, and a host of other solutions meant to optimize operations. And the best part is, you don’t have to worry about vendor lock-in, security gaps, or limited orchestration. All you need to do is plug in your devices, and the entire environment will build itself in just a matter of hours. Everything just works so you don’t have to.

That is what true zero touch provisioning feels like, and it’s something we’re passionate about at ZPE Systems. That’s why we’ve spent years building zero touch convenience features into our Nodegrid solutions. You don’t have to put up with these major drawbacks any longer.

Nodegrid’s zero touch provisioning extends across vendor solutions, even to devices that don’t support automation. This means that you can automate and push configurations to whatever you connect to Nodegrid — including legacy switches, routers, and other equipment.

Nodegrid’s zero touch provisioning also eliminates the need to preconfigure devices. ZPE Cloud serves as your repository for configuration files and allows you to remotely push these files to 100% factory-default devices. Physical attacks no longer pose a threat, while built-in security features and alerts automatically block and pinpoint attacks.

Because Nodegrid OS is Linux-based, it gives you the freedom to orchestrate across devices and environments, with a rich API library and your choice of tools like Ansible, Chef, Puppet, and REST. You can save time and effort on deployments and ongoing management. This means that you can implement a zero touch provisioning solution that automatically spins up VMs, deploys Docker containers, activates service licenses and configures service chaining, updates firmware, and carries out any number of workloads you need.

Get free resources to help you deploy zero touch provisioning

When you’re choosing a zero touch solution, carefully consider how these drawbacks will impact your deployment and management efforts. To help you, download The Definitive Guide to Zero Touch Provisioning, and when you’re ready to implement your solution, use our 4-Step Checklist for Setting Up Zero Touch Provisioning.

For regular updates to help you streamline enterprise networking, sign up for our newsletter using the form below.

ZPE Systems delivers innovative solutions to simplify infrastructure managment at the datacenter, branch, and edge. Learn how our Zero Pain Ecosystem can solve your biggest network orchestration pain points.  
Watch a Demo Contact Us