Cisco Crosswork Zero–Touch Provisioning Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Our customer businesses are growing, and their network footprint is expanding at very fast rates.
● This puts an increasing strain on the customer deployment teams as they run into an ever-increasing backlog of work to keep up with all the activity.
● The average truck roll for the provisioning of new equipment costs anywhere from $1200 to $3000.
A key customer request has been to automate the onboarding of new devices into their network, therefore reducing the need to send deployment teams on site for provisioning and onboarding and increasing the speed at which the equipment becomes available for use.
Cisco Crosswork™ Zero-Touch Provisioning (ZTP) allows customers to provision and onboard new Cisco® IOS XR devices automatically. Using a common GUI and API via the Crosswork infrastructure, the network administrator can define policies for the provisioning of new devices. The result is a simplified onboarding process translating to significant time and cost savings by automating the process across many thousands of devices.
Network operators are facing challenges to support the exponential growth of network devices. Providing a reliable way to automatically onboard these devices has become crucial to enable them to prepare for rapid expansion for 5G or other deployments. Access devices are often deployed in remote locations, which is often accompanied by the need for a truck roll to complete the provisioning, therefore increasing the need for automation. Cisco IOS XR7 software along with ZTP support enhances the entire customer experience of deploying new hardware and onboarding devices.
The Cisco Crosswork ZTP app provides an integrated turnkey solution to onboard a range of XR devices and enable faster time to deploy new hardware at a lower operating cost.
When a new device is powered up, ZTP provides the automated ability to download and apply the initial software load and configuration to complete the provisioning of this device. After applying the configuration, the app allows for downloading and executing additional scripts on the device. These scripts enable the operator to fetch additional RPMs (Linux binary packages) from the controller. ZTP simplifies the process of deploying a new device with Day 0 configuration and bringing it up to the desired state in an automated manner.
The fully integrated solution combines core capabilities from multiple innovative, industry-leading products—Cisco Network Services Orchestrator (NSO), Cisco Prime Network Registrar, and the Cisco Crosswork suite of applications—with common API and integrates with a common UI, providing control via a single pane of glass.
With the Cisco Crosswork ZTP application, customers can realize these outcomes:
● Bring up the device with customer-certified software or image and obtain its IP address from a DHCP server such as Cisco Prime Network Registrar.
● Download and apply an initial configuration.
● Download and execute a shell script.
● Manage the device family profile, device config, image, and scripts so that they are applied to the onboarded equipment in a unified manner based on customer preference.
● Automatically onboard the new devices to Crosswork Device Lifecyle Manager for Day 1 operation.
● Provide a turnkey automation solution to offer faster deployment of many new devices at machine speed, yielding ever-improving mean time to use as the savings compound across the larger numbers of devices over time.
The result? Increased profitability through faster deployment, optimized investments, and better OpEx utilization.
With release version 2.0, we have implemented Secure ZTP RFC8572. When Secure ZTP is enabled, certificate exchange mechanism is used, where the server and device certificates are validated before the image and configuration are downloaded.
A list of certificates used is shown in the table below:
| Certificate name |
Description |
Certificate type |
Cert Manager profile |
Store |
| Owner certificate |
Trusted pinned-domain-certificate |
SZTP Provisioning |
Trust profile |
Key store |
| Pinned-Domain-Certificate (PDC) |
Customer domain CA certificate |
SZTP Provisioning |
Trust profile |
Trust store |
| Owner private key |
Intermediate key for signing owner certificate |
SZTP Provisioning |
Trust profile |
Key store |
| Crosswork TLS certificate |
Crosswork CA cert (self-signed with Crosswork as CA) |
Secure ZTP TLS |
ZTP server profile |
Trust store |
| Cisco M2 CA cert (parent of all device SUDI certs) |
|
Secure ZTP TLS |
ZTP server profile |
Trust store |
Secure ZTP workflow
● The device sends SUDI certificate, and the ZTP server validates the device with SUDI root.
● The server responds with the ownership voucher and PDC.
● The device verifies the ownership voucher and extracts the owner certificate from the PDC.
● This establishes a way to trust the bootstrap data.
● A trusted HTTPS connection is established using the owner certificate.
● ZTP service generates bootstrap response containing onboarding information, which consists of download URL, pre-config, and post-config scripts. All artifacts shared through the secure connection are also encoded with the ownership voucher.
● On receiving the information, the device requests the image, downloads the image, reboots the device, and applies the pre- and post-config scripts.
● This completes the secure ZTP provisioning process, and the status is updated in the Crosswork ZTP server.
Model Based Zero-Touch Provisioning
| Feature |
Benefit |
| Crosswork ZTP app |
● Provides a turnkey solution for Day 0 ZTP of new devices
|
| Image repository |
● Provides an image server where images used for provisioning devices are stored
|
| Config repository |
● Provides a config repository where device configs for the new devices are stored
|
| Device profile management |
● Provides ability to create and manage device profiles consisting of hostname, serial number, and device family and type
|
| Provisioning profile |
● Provides ability to create and manage provisioning profile
|
| Single pane of glass |
● Crosswork platform provides unified UI for ZTP to manage the entire operation from a single pane of glass
|
| Northbound API |
● An open and programmable framework enables network operators to develop their own applications based on API and integration into existing toolset
|
| Flexible consumption |
● 1-year, 3-year, and 5-year subscription licenses
|
| Product family |
Platforms supported |
IOS images (feature sets) supported |
| NCS |
8000, 5001, 5002, 5501, 5502, 5504, 5508, 5516, 55A1, 55A2, 540, 1001 |
XR 7.3.1 or later |
| Cisco 8000 Series |
8800 Fixed Mode supports both Secure ZTP and Classic ZTP |
|
| DDI |
Solution tested using the PNR DHCP server from Cisco |
Version 10.1 or later |
Platform support: Classic ZTP only
| Product family |
Platforms supported |
IOS images (feature sets) supported |
| ASR |
9001, 9901, 9904, 9906, 9912, 9922 |
XR 6.6.3, 7.0.1, 7.0.2, 7.0.12, or later |
| Cisco 8000 Series |
8800 distributed mode only supports Classic ZTP |
|
| DDI |
Solution tested using the PNR DHCP server from Cisco |
Version 10.1 or later |
Crosswork ZTP licenses are available via Smart Licensing for a 36- or 60-month term.
| License level: ZTP sessions |
| 2000-99,999 |
The Cisco Crosswork ZTP application is designed for simultaneous provisioning of multiple devices and simplifying onboarding of new devices. Please refer to the table below for supported scale and simultaneous sessions
| Scale supported |
Details |
| Overall Crosswork scale |
For release 4.0, the Crosswork scale is 25,000 devices. |
| ZTP application scale |
ZTP application supports 200 devices for simultaneous image and configuration downloads. |
The Cisco Crosswork ZTP app follows the same guidelines as the Crosswork Change Automation/Health Insights setup. Please refer to the data sheet for CA/HI.
Contact your Cisco account representative for details on how to order the Cisco Crosswork ZTP app.
The Cisco Crosswork ZTP App is covered by the following warranty: https://www.cisco.com/c/en/us/products/warranties/warranty-doc-c99-740620.html.
Cisco environmental sustainability
Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.
Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:
| Sustainability topic |
Reference |
| Information on product-material-content laws and regulations |
|
| Information on electronic waste laws and regulations, including products, batteries, and packaging |
Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.
Customer Experience (CX) Services
Implementation and optimization services
Drive internal efficiencies and speed to market with Cisco CX Services Crosswork Professional Services. Leverage our implementation experience across multiple customer environments and best practices. Cisco uses an agile delivery methodology to deploy Crosswork ZTP in your environment. Working with your team on acceptance testing, we’ll start making sure your team adopts the use cases. We’ll continue to stand by you, delivering knowledge transfer and upgrade services for the Crosswork ZTP Controller components. This ensures your team understands, adopts, and operationalizes the Crosswork ZTP use cases.
Solution support
Maximize performance, reliability, and ROI of your Cisco Crosswork Zero-Touch Provisioning with Cisco Solution Support. You get access to a team of Cisco solution experts who are your primary point of contact, delivering centralized support across your deployment. Whether you have an issue with a Cisco product or one from another vendor—or are just looking for guidance and assurance on your new solution—simply contact us. We’ll take it from there and remain accountable for your case, from first call to resolution. Note: If issues are identified as being due to third-party vendor devices, we expect you to engage the third-party vendor. Cisco will work with you to provide triage information to the third party.
For more information, visit https://www.cisco.com/go/services.
Flexible payment solutions to help you achieve your objectives
Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.
For more information on Cisco's network automation portfolio for Service Providers please visit https://www.cisco.com/go/crosswork. To learn more about Cisco Crosswork Zero-Touch Provisioning or to schedule a demonstration contact your Cisco sales representative.
| New or Revised Topic |
Described In |
Date |
| Created data sheet - version 1 (draft) |
Data sheet |
Mar 13, 2020 |
| Updated data sheet - version 2 |
Data sheet |
Apr 3, 2020 |
| Updated data sheet for Secure ZTP - version 3 |
Data sheet |
Mar 29, 2021 |