zero-touch provisioning (ZTP)

What is zero-touch provisioning?

Zero-touch provisioning (ZTP) is a method of setting up devices that automatically configures the device using a switch feature. ZTP helps IT teams quickly deploy network devices in a large-scale environment, eliminating most of the manual labor involved with adding them to a network.

ZTP can be found in devices and tools such as network switches, routers, wireless access points and firewalls. The goal is to enable IT personnel and network operators to install networking devices without manual intervention. Manual configuration takes time and is prone to human error -- especially if many devices must be configured at scale. ZTP is faster in this case, reduces the chance of error and ensures configuration consistency.

Zero-touch provisioning is also used to automate the system updating process. Using scripts, ZTP connects configuration management platforms and other tools for configuration or updates.

How does zero-touch provisioning work?

The zero-touch provisioning process may vary from setup to setup; however, the basic requirements include the following:

  • a network device with ZTP;
  • a Dynamic Host Configuration Protocol (DHCP) or Trivial File Transfer Protocol (TFTP) server; and
  • a file server.

When a ZTP-enabled device is powered on, it runs a boot file that sets up the device's configuration parameters. Then a network switch sends out a request through DHCP or TFTP to get the location of its centrally stored image and configuration, which it downloads and runs. The port configuration and IP address are automatically provisioned based on the location requirements. The protocol used -- DHCP, for example -- provides the gateway address, the domain name and the server location.

ZTP carries out the basic configuration, after which the switch can be deployed in an environment where custom configuration changes are made. ZTP can use a user-provided script to connect to a configuration management platform, such as Puppet, CFEngine, Chef or a custom tool. 

Basic zero-touch provisioning process
See how the basic zero-touch provisioning process works.

What are zero-touch provisioning use cases?

Zero-touch provisioning automates steps like updating operating systems, deploying patches or bug fixes, and implementing added features prior to connection. Automation is most useful in large environments with a lot of devices to update or configure. For example, it is more efficient to use ZTP to configure hundreds of routers than to manually configure every single device. Likewise, if each of those routers needs updating, then ZTP would be the more efficient option.

ZTP is also useful in situations where an organization must scale up its devices and IT resources. Adding many devices at once requires that each device be configured. ZTP makes that task easier, saving time and money, by automatically provisioning devices.

Network switches that are individually configured take more time and effort to connect. This means IT staff must spend more time in a command-line interface, configuring each system or switch. Most data centers will have tens or hundreds of switches to provision and configure, taking a significant amount of time.

What are the advantages of ZTP?

There are several advantages to using zero-touch provisioning. They include the following:

  • automated setup of network devices;
  • less time spent on manual jobs, as IT teams only need to perform simple tasks like connecting the power and network cables or booting the device;
  • reduced time to get network devices operational;
  • cut costs from less time being spent on manual tasks;
  • easier and quicker updates; and
  • fewer opportunities for human errors.

What are the disadvantages of ZTP?

There are two significant potential downsides to zero-touch provisioning:

  • Misconfiguration. Configuration problems can occur if the configuration files are not debugged before being deployed. And, if ZTP is used to configure many devices, then a large number of misconfiguration issues may occur. This situation can lead to security flaws that could compromise connected devices.
  • Security issues. Strong security is needed with ZTP. Remote devices may have less security than other devices but equal access to the network and data. If a device is compromised, a man-in-the-middle attack could be used to take control of a remote device.
Diagram of man-in-the-middle attack
Learn how a man-in-the-middle attack is set up.

What is the difference between zero-touch provisioning and one-touch provisioning?

Not all low-touch provisioning is zero touch; some devices and tools support one-touch provisioning (OTP). Here is how ZTP and OTP differ:

  • ZTP automatically configures a network device. Implementation is easy, as IT personnel only must worry about physically connecting a device to a network and powering it on. ZTP is used in situations where one or many network devices need to be configured or updated.
  • OTP automatically configures a network device, except for one point in the configuration process. Like ZTP, the implementation steps may differ from organization to organization. The one additional point of contact could be a step such as changing the default password or entering an IP address.

OTP is often used in situations where ZTP would need additional configuration. For example, if there is a virtual LAN configuration required, Point-to-Point Protocol over Ethernet credentials must be entered or static addressing needs to be done.

OTP is also used when an organization requires static IPv4 addresses and a specific configuration for switchports.

Vendors and tools that offer zero-touch provisioning

Here are some example of tools that support ZTP:

  • Arista ZTP. This tool for configuring switches uses Arista's Extensible Operating System. It is typically used for deploying scalable clouds and data centers. The tool loads the startup configuration file and populates its contents into a system database. However, when startup configuration is not available, Arista ZTP will switch into a ZTP process.
  • Digi Remote Manager. Digi's offering is a cloud-based service and tool that automates the configuration process of IoT devices. It automates initial provisioning, firmware updates and updates to individual devices with unique configurations.
  • StableNet Config Generator. This resource management and network configuration tool can be used to enable workflows with complex initial device configurations. The tool touts the benefits of ZTP, such as fewer errors, improved scalability and automatic provisioning of network devices. It also offers a configuration generator, vulnerability management and policy management

ZTP is an effective method for provisioning and updating network devices. Learn more about the role of automation in network provisioning.

This was last updated in May 2021

Continue Reading About zero-touch provisioning (ZTP)

Dig Deeper on Systems automation and orchestration

Software Quality
App Architecture
Cloud Computing
Data Center