scottk/wlan-docs
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-docs.git synced 2025-11-02 11:47:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

GitBook: [master] 25 pages and 4 assets modified

Browse Source
This commit is contained in:
Chris Busch
2021-05-06 15:41:30 +00:00
committed by gitbook-bot
parent 0318b71614
commit b2a336110d
7 changed files with 61 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.gitbook/assets/image (1).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
.gitbook/assets/image (2).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

BIN
.gitbook/assets/image (3).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 120 KiB

BIN
.gitbook/assets/image (4).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

1
SUMMARY.md
View File

@@ -3,6 +3,7 @@
* [Open Wi-Fi](README.md)
* [Ordering Open Wi-Fi APs](ordering-open-wi-fi-aps.md)
* [Getting Started](getting-started/README.md)
* [Device and Cloud Keys](getting-started/device-and-cloud-keys.md)
* [Cloud SDK Installation](getting-started/controller-installation/README.md)
* [AWS Install](getting-started/controller-installation/aws-install.md)
* [MicroK8s Install](getting-started/controller-installation/microk8s-install.md)

12
getting-started/README.md
View File

@@ -16,3 +16,15 @@ Ensure the following are known before beginning installation:
* 6640
* 6643
### Cloud Discovery
All TIP Open Wi-Fi devices implement discovery of the cloud SDK through a Zero Touch Provisioning design based on the unique signed certificate present on each device.
Each device contacts the Certificate Authority \(CA\) using its certificate credentials to lookup the current value of the cloud SDK.
Once the configured cloud is returned from CA to the device, a connection is created to the cloud SDK where provisioning of the device will occur.
For more information on cloud discovery, devices and obtaining keys please proceed to the next section.
For questions on how to obtain keys or support related to certificates please contact: licensekeys@telecominfraproject.com

48
getting-started/device-and-cloud-keys.md Normal file
View File

@@ -0,0 +1,48 @@
---
description: Root Certificate Trust
---
# Device and Cloud Keys
## Device and Cloud Certificates
TIP Open Wi-Fi program ensures unique identity of all devices, encryption of traffic to and from the management cloud, discovery of management cloud, and ability to change device to cloud service discovery. TIP model ensures worldwide Zero Touch Provisioning, unique identity of all device and cloud conversation with no vendor lock in.
![TIP CA Cloud & ODM Partners](../.gitbook/assets/image%20%283%29.png)
TIP device and cloud partners in Open Wi-Fi are uniquely managed members within a division of the Telecom Infra Project CA within DigiCert.
### Device Onboarding
TIP ODM partners have the ability to generate signed certificates from the TIP Root Certificate Authority. This is done during manufacture for any TIP SKU product using signed certificates.
Each ODM partner will use the Manufacturer name, device MAC address, and optionally a value for Redirector and Model of device when requesting a new certificate.
The Redirector value is what determines cloud discovery and may be empty for example if the devices being manufactured do not yet have a cloud service provider assigned, for example a retail distribution model. Alternatively the value of the Redirector may be set at the same time as the certificate generation occurs.
TIP provides an automated script to perform the device certificate request.
### Cloud Onboarding
TIP Cloud partners have the ability to generate signed certificates for the cloud SDK.
Similar to device onboarding, TIP provides a script to automate this process. For the cloud components the Operator name and a Fully Qualified Domain Name of the cloud are sent with each cloud key request. In addition, local configuration files are set in the request script to generate certificates matched to the operating name of certain services such as the opensync-controller and the mqtt-broker.
### Cloud Discovery
Each device on initial startup or when factory reset will connect to the Certificate Authority using its unique device credentials requesting its current 'cloud' value. This functions both as cloud discovery as well as redirector in the event the device owner wishes to change the cloud or cloud service provider relationship with their device.
![TIP Device Cloud Discovery](../.gitbook/assets/image%20%282%29.png)
### Configuration without Internet Connection
In certain situations, a connection to the cloud or the root authority may not be possible. When this occurs, each TIP Open Wi-Fi Access Point device on factory boot presents an initial configuration Wi-Fi Management SSID called 'Maverick'. Connecting to Maverick presents a web page where updating WAN interface settings and the fully qualified domain name of the cloud may be entered.
![Cloud and WAN Setup without Internet Access](../.gitbook/assets/image%20%281%29.png)
When the device is a PoE Ethernet switch, a local management interface exists where the same configuration of cloud and WAN are possible.
![Local Configuration either via Wi-Fi Web GUI or LAN CLI ](../.gitbook/assets/image%20%284%29.png)