Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
com
TR-069 enables remote and safe configuration of network devices called CPE. Configuration is managed by a central
server called an ACS.
Term Explanation
How to connect a device A proper connection between a device and the ACS requires few
to the ACS? parameters to be configured on the device:
ACS URL - an Internet address of the ACS, which is accessible from this
device,
What does the communication The connection between the device and the ACS is not permanent.
between the device and the The device establishes the connection with the ACS only at specific
ACS look like? points in time. It usually lasts several seconds, just enough to exchange all
necessary messages between CPE and the ACS. This short exchange of
messages is called a provisioning session.
Session initialization
Authentication
Device identification
When the device is identified and its communication part ends, a key
phase of the session starts - the ACS orders various tasks on the
device. These might include reading or saving parameters, performing
diagnostics, rebooting or ordering file transfers.
Session closure
When all planned tasks have been ordered, the device closes the
session. Any further tasks need initialization of a new session.
www.avsystem.com
When does the device start The device contacts the ACS in the following situations:
a session with the ACS?
The ACS URL is saved or changed on the device or the device is reset
to factory settings (the device communicates it as BOOTSTRAP).
During one of the previous sessions the ACS ordered the device to
initiate the contact with ScheduleInform command (the device
communicates it as SCHEDULED).
The manufacturer of the device can add custom events that will also make
the device connect to the ACS. It is worth noting that the device can list a
few reasons for session initialization at the same time.
Why should I be aware of reasons Knowing why the device connected to the system is useful for at least
for session initialization? two reasons:
You can analyze reasons for last visits and find out abnormalities
regarding device’s activities.
www.avsystem.com
Can the ACS initialize a session No, it cannot. The session can be started only by the device. However,
with the device? the ACS can send a request to establish connection, that is Connection
Request, which makes the device contact the ACS if it is properly
implemented. Connection Request is used when changes in the
configuration require to be deployed immediately. Instead of waiting for the
device to connect, the ACS can in advance inform the device about a need
of connecting to the server, and introduce changes when it happens.
Is TR-069 secure? Yes, it is. TR-069 provides several mechanisms that guarantee robust
security.
Authentication
Device authentication uses username and password (by default HTTP
Digest so the password is not sent publicly).
SSL/TLS certificates can be used to mutually verify ACS' and device's
identities.
Usage of unique usernames per device as well as random and
individual passwords can significantly improve security.
Communication
Usage of HTTPS is highly recommended (whole communication with
the ACS will be encrypted and resistant to eavesdropping).
Other
A proper strict configuration of the device's firewall can improve the
security (a range of IP addresses that perform Connection Request
should be limited to a safe pool).
What are the benefits It offers a greater control over devices’ settings in comparison to
of managing devices via TR-069? managing them using configuration files.