Zero Touch Deployment Using Autoinstallation and Junos Space Network Management Platform on ACX Series and SRX Series Firewall
Zero-touch deployment means that you can deploy new Juniper Networks ACX Series and SRX Series Firewalls in your network automatically, without manual intervention. When you physically connect a device to the network and boot it with a default factory configuration, the device attempts to upgrade the Junos OS software automatically and autoinstall a configuration file from the network. Zero-touch deployment of devices that are discovered to Junos Space Platform can be performed by using the built-in autoinstallation feature in case of ACX Series routers or SRX Series Firewalls or by using the Model and Activate devices feature in Junos Space Platform.
Zero-touch deployment provides the following benefits:
The device can be sent from the warehouse to the deployment site without any preconfiguration steps.
The procedure required to deploy the device is simplified, resulting in reduced operational and administrative costs.
You can roll out large numbers of these devices in a very short time.
Autoinstallation provides automatic configuration for a new device that you connect to the network and turn on, or for any existing device configured for autoinstallation. This autoinstallation mechanism allows the new device to configure itself out-of-the-box with no manual intervention, using the configuration available on the network, locally through USB storage media, or a combination of both. Autoinstallation takes place automatically when you connect a device to the network and power on the device. The autoinstallation feature enables you to deploy multiple devices from a central location in the network.
The autoinstallation process begins when a device is powered on and cannot locate a valid configuration file in the CompactFlash card. Typically, a configuration file is unavailable when a device is powered on for the first time, or if the configuration file is deleted from the CompactFlash card. For the autoinstallation process to work, you must store one or more host-specific or default configuration files on a configuration server in the network and have a service available—typically, Dynamic Host Configuration Protocol (DHCP)—to assign an IP address to the device. To simplify the process, you can explicitly enable autoinstallation on a device and specify a configuration server, an autoinstallation interface, and a protocol for IP address acquisition.
The autoinstallation process operates in three modes:
Network Mode—Autoinstallation triggers IP address acquisition mechanism (the device sends out Dynamic Host Configuration Protocol [DHCP] or Reverse Address Resolution Protocol [RARP] requests on each connected interface simultaneously) to obtain an IP address. After the device has an IP address, the device sends a request to the specified configuration server and downloads and installs the configuration.
USB mode—Autoinstallation obtains the required configuration from the configuration file saved in an external USB storage device plugged into the device. The USB-based autoinstallation process overrides the network-based autoinstallation process. If the device detects a USB storage device containing a valid configuration file during autoinstallation, the device uses the configuration file on the USB storage device instead of fetching the configuration from the network. For more information, refer to USB Autoinstallation on ACX Series Routers.
Hybrid mode—Autoinstallation obtains partial configuration from an external USB storage device and uses that configuration to obtain the complete configuration file in network mode. This mode is a combination of USB mode and Network mode.
For more information about the prerequisites for the autoinstallation and the autoinstallation process, refer to the following topics:
ACX Series router autoinstallation overview—ACX Series Autoinstallation Overview
SRX Series Firewall autoinstallation overview—SRX Series Autoinstallation Overview
Prerequisites for autoinstallation on an ACX Series router—Before You Begin Autoinstallation on an ACX Series Router
Autoinstallation on an SRX Series Firewall—Configuring Autoinstallation on SRX Series Devices
To make sure that you have the default factory configuration
loaded on the device, issue the request system zeroize
command
on the device that you want to deploy.
This topic contains the following sections:
Zero-Touch Deployment Using the Autoinstallation and Model and Activate Devices Features
For zero-touch deployment using the autoinstallation and the Model and Activate devices features, you can create connection profiles and configlets from the Junos Space Platform UI. The configlets should be deployed on the devices in the network topology by using a USB storage device. You can modify the configuration of a modeled device by using the Device Templates feature from the Junos Space Platform UI, before deploying the configlets to the device. You can use the Model and Activate devices feature to install Junos OS software on different devices with minimal manual supervision.
The Model and Activate Devices feature comprises the following operations:
(Optional) Creating connection profiles (see Creating a Connection Profile)
Creating modeled instances (see Creating a Modeled Instance)
Performing configuration changes on a device (see Modifying the Configuration on the Device)
Activating the model device (see Activating a Modeled or Cloned Device in Junos Space Network Management Platform)
Zero-Touch Deployment Using the Autoinstallation Feature and the Configuration Server
You can use a configuration server with scripts, configuration files, and the DHCP feature enabled, and the autoinstallation feature for zero-touch deployment. In this case, you need not use Junos Space Platform to update the configuration and Junos OS software on the device. The device uses information that you configure on a configuration server (DHCP server) to locate the necessary Junos OS software image and configuration files on the network. If you do not configure the configuration server to provide this information, the device boots with the preinstalled software and the default factory configuration.
Zero-touch deployment using autoinstallation comprises the following operations:
(Optional) Creating connection profiles (see Creating a Connection Profile)
Creating modeled instances (see Creating a Modeled Instance and Activating a Modeled or Cloned Device in Junos Space Network Management Platform)
Downloading configlets (see Viewing and Copying Configlet Data and Downloading a Configlet)
Deploying configlets on devices at the network site (see Activating Devices by Using Configlets)