Provisioning Basics
Provisioning Capabilities
Cisco SPA 500 Series and WIP310 IP Phone Administration Guide
134
6
Provisioning Capabilities
The Cisco IP phones provide for secure provisioning and remote upgrade.
Provisioning is achieved through configuration profiles transferred to the device
via TFTP, HTTP, or HTTPS.
The Cisco IP phones can be configured to automatically resync their internal
configuration state to a remote profile periodically and on power up. The
automatic resyncs are controlled by configuring the desired profile URL into the
device.
The Cisco IP phones accept profiles in XML format, or alternatively in a proprietary
binary format, which is generated by a profile compiler tool, SIP Profile Compiler
(SPC),
available from Cisco. The Cisco IP phones support up to 256-bit symmetric
key encryption of profiles. For the initial transfer of the profile encryption key (initial
provisioning stage), the Cisco IP phones can receive a profile from an encrypted
channel (HTTPS with client authentication), or can resync to a binary profile
generated by the Cisco SIP profile compiler. In the latter case, the SIP profile
compiler can encrypt the profile specifically for the target Cisco IP phones,
without requiring an explicit key exchange.
Remote firmware upgrade is achieved via TFTP or HTTP or HTTPS (TFTP or
HTTP for WIP310). Remote upgrades are controlled by configuring the desired
firmware image URL into the Cisco IP phone via a remote profile resync.
Provisioning Configuration from Phone Keypad
Remote provisioning can be performed from a phone keypad. After the user enters
the IP address of the provisioning server, the unit resyncs to a known path name.
This feature enables service providers to allow VARs to install and provision Cisco
phones.