OpenStage WL3 V1R1 Content Easy Deployment
The Wiki of Unify contains information on clients and devices, communications systems and unified communications. - Unify GmbH & Co. KG is a Trademark Licensee of Siemens AG.
Easy Deployment in Detail
This is a short introduction to the OpenStage WL3 V1R1 Feature Easy deployment
The easy deployment process consists of three phases:
- WLAN discovery
- Device Manager (DM) discovery
- Parameter download
1.) WLAN discovery
The WLAN discovery process is initiated when a handset starts up and does not have any WLAN systems configured (none of the four WLAN systems have a SSID filled in). In this case, it will try to connect to a predefined WLAN with the following configuration:
- SSID: AWS-INIT
- Security key: WPA-PSK / WPA2-PSK
- WPA-PSK passphrase: AWS-INIT
All other network parameters are at their default settings, which mean:
- DHCP mode: On
- 802.11 protocol: 802.11b/g/n
- 802.11b/g/n channels: 1,6,11
- World mode regulatory domain: World mode (802.11d)
If the handset has not successfully connected to this WLAN within ten seconds, it will instead try to connect to an unsecured network for ten seconds. If this also fails, it will continue to try these two alternatives for ten seconds each until one succeeds. This process can also be interrupted by configuring the handset either through the handset menu or through the Device Manager. As soon as one of the Networks A-D has a SSID filled in, probing of AWS-INIT will stop.
2.) Device manager discovery
A handset that has a working WLAN connection (has acquired an IP address) but does not have a Device Manager IP address configured, will enter step 2 of the Easy deployment process: Device manager discovery.
2.1.) Using DHCP
WSG server discovery through DHCP requires that the DHCP server is configured to return a valid Device manager IP address as part of the DHCP response sent to the handset. The WSG IP address is sent using DHCP Option 43 (vendor specific data). A DHCP request from a handset that supports Easy deployment will use DHCP option 60, Vendor class identifier, to identify itself to the DHCP server. Therefore the DHCP server can be configured to return a Device manager IP address only to those clients that expect it.
2.2.) Service Discovery Protocol
If the DHCP response did not contain a valid Device manager IP address, the handset will instead try to find a DM using the Service Discovery Protocol (SDP). For this purpose, a SDP discovery message will be sent using UDP to the broadcast IP address, containing the following information:
- Client class: PP
- Client family: WLAN
- Client name: <MAC address of the handset>
- Service family: “”
- Service name: WGW
A Device manager server that receives this message, supports SDP and is properly configured will respond with an SDP offer as a unicast UDP message sent to the handset. If more than one response is received by the handset, a single response will be randomly selected. If no responses are received, new SDP request will be retransmitted periodically while the Device manager IP address remains unconfigured.
3.) Parameter download
Once the handset has acquired a Device manager IP address, it will open the login screen in order to allow the user to enter the login details (i.e. endpoint number) to be used when logging in to the DM. If valid configuration for the entered endpoint number has been stored in the DM, the login will be successful and the handset configuration will be synchronised from the DM to the handset. Any certificates needed for WLAN authentication or SIP/TLS will also be downloaded as a part of this process. If a Device manager IP address is specified in the downloaded configuration, that DM will be used subsequently. If not, the Device manager discovery procedure will be used for each time the handset is started. The downloaded configuration should also contain a new network configuration, which will cause the handset to disconnect from the AWS-INIT SSID, which concludes the Easy deployment procedure.
Deployment device manager, Security considerations
There are different ways to setup the deployment system, based on what security level that is required. Here are two proposed solutions.
Two device managers
Use two Device Managers for strongest security. Setup a system with AWS-INIT and a System deployment manager for download of new network configuration to the handsets. The Device manager for normal operation is completely isolated from the deployment system.
One device manager
This setup requires only one Device manager, for deployment and normal use. Setup fixed routing for AWS-INIT to the Device Manager only. All parameters are synchronized including the network configuration.
You can find more details including sample configuration in the OpenStage WL3 Administrator Documentation.
Please look here: OpenStage WL3, WLAN Handset, Administrator Documentation Appendix C "Easy Deployment"