An enhanced network element and method for configuring and deploying computer network elements is disclosed. A customer orders a network element from an equipment provider. Upon receipt of the unconfigured network element, a Trusted Configuration Device (TCD) is shipped from a network provider to the customer. The TCD transmits information to the NE that enables it to download a configuration file from a Provisioning Server (PS) via a secure channel.
A method and apparatus for automatically generating a configuration for a network device is disclosed, comprising the computer-implemented steps of receiving a partial configuration for a network device, wherein the partial configuration comprises a plurality of configuration commands, wherein each of one or more of the configuration commands is associated with one of a plurality of user interface elements; parsing the partial configuration to identify the user interface elements; generating a user interface page based on the user interface elements; receiving one or more configuration parameter values via the user interface page; and substituting the configuration parameter values into the partial configuration to result in creating a complete configuration for the device.
A method for securely provisioning a device for operation within a service provider infrastructure over an open network comprises the device establishing physical and data link layer network connections for communication on at least a subnet of the open network and obtaining a network configuration data such as an IP address and a subnet mask from a provisioning server that responds to a network configuration broadcast request. A device establishes a secure hypertext transport protocol connection to a first provisioning server that corresponds to one of: i) and IP address and port number; and ii) a fully qualified domain name stored in a non-volatile memory of the device. After mutual authentication, the first provisioning server provides at least one of: i) a configuration file; and ii) identification of a second provisioning server and a cipher key through the secure connection. If the first provisioning server provided identification of a second provisioning server, the device establishes a transport connection to the identified second provisioning server. The second provisioning server provides an encrypted file which, when decrypted using the cipher key yields the configuration information needed by the device for operation with the service provider infrastructure.
